diff options
-rw-r--r-- | lib/Plugins/SQLite3.cpp | 4 | ||||
-rw-r--r-- | lib/Utils/abrt_rh_support.cpp | 4 |
2 files changed, 3 insertions, 5 deletions
diff --git a/lib/Plugins/SQLite3.cpp b/lib/Plugins/SQLite3.cpp index 74d2dcdb..499346f4 100644 --- a/lib/Plugins/SQLite3.cpp +++ b/lib/Plugins/SQLite3.cpp @@ -52,7 +52,7 @@ static bool is_string_safe(const char *str) // it does not unescape escaped ones - I see lines ending with \ when I do it. // I wonder whether this is a bug in SQLite, and whether using unescaped // newlines is a danger with other SQL servers. -// For now, I disabled newline escaping... +// For now, I disabled newline escaping, and also allowed double quote. const char *p = str; while (*p) { @@ -63,7 +63,7 @@ static bool is_string_safe(const char *str) // continue; // } if ((c < ' ' && c != '\n') - || strchr("\\\"\'", c) + || strchr("\\\'", c) //was: "\\\"\'" ) { error_msg("Probable SQL injection: '%s'", str); return false; diff --git a/lib/Utils/abrt_rh_support.cpp b/lib/Utils/abrt_rh_support.cpp index d8216964..a162a437 100644 --- a/lib/Utils/abrt_rh_support.cpp +++ b/lib/Utils/abrt_rh_support.cpp @@ -461,11 +461,9 @@ send_report_to_new_case(const char* baseURL, errmsg = find_header_in_abrt_post_state(atch_state, "Strata-Message:"); if (!errmsg || !errmsg[0]) errmsg = atch_state->curl_error_msg; - if ((!errmsg || !errmsg[0]) && atch_state->body && atch_state->body[0]) - errmsg = atch_state->body; if (atch_state->body && atch_state->body[0]) { - if (errmsg + if (errmsg && errmsg[0] && strcmp(errmsg, atch_state->body) != 0 ) /* both strata/curl error and body are present (and aren't the same) */ allocated = errmsg = xasprintf("%s. %s", |