diff options
| author | Denys Vlasenko <vda.linux@googlemail.com> | 2010-06-30 11:58:28 +0200 |
|---|---|---|
| committer | Denys Vlasenko <vda.linux@googlemail.com> | 2010-06-30 11:58:28 +0200 |
| commit | 842d1a6d7ab1fe62c6e9bce6d776b0d73dab0e23 (patch) | |
| tree | f59748398960260fd054417410a66e60b8ef9deb /lib/Plugins | |
| parent | 254a8f7bd6af10906b7f99c51da7fcdae96192ff (diff) | |
| download | abrt-842d1a6d7ab1fe62c6e9bce6d776b0d73dab0e23.tar.gz abrt-842d1a6d7ab1fe62c6e9bce6d776b0d73dab0e23.tar.xz abrt-842d1a6d7ab1fe62c6e9bce6d776b0d73dab0e23.zip | |
abrt_rh_support: improve error messages a bit more.
Also, allow " in saved messages.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Diffstat (limited to 'lib/Plugins')
| -rw-r--r-- | lib/Plugins/SQLite3.cpp | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/Plugins/SQLite3.cpp b/lib/Plugins/SQLite3.cpp index 74d2dcdb..499346f4 100644 --- a/lib/Plugins/SQLite3.cpp +++ b/lib/Plugins/SQLite3.cpp @@ -52,7 +52,7 @@ static bool is_string_safe(const char *str) // it does not unescape escaped ones - I see lines ending with \ when I do it. // I wonder whether this is a bug in SQLite, and whether using unescaped // newlines is a danger with other SQL servers. -// For now, I disabled newline escaping... +// For now, I disabled newline escaping, and also allowed double quote. const char *p = str; while (*p) { @@ -63,7 +63,7 @@ static bool is_string_safe(const char *str) // continue; // } if ((c < ' ' && c != '\n') - || strchr("\\\"\'", c) + || strchr("\\\'", c) //was: "\\\"\'" ) { error_msg("Probable SQL injection: '%s'", str); return false; |