diff options
| author | geniusdex geniusdex@31f1291d-b8d6-0310-a050-a5561fc1590b <geniusdex geniusdex@31f1291d-b8d6-0310-a050-a5561fc1590b@5417fbe8-f217-4b02-8779-1006273d7864> | 2006-10-16 15:05:00 +0000 |
|---|---|---|
| committer | geniusdex geniusdex@31f1291d-b8d6-0310-a050-a5561fc1590b <geniusdex geniusdex@31f1291d-b8d6-0310-a050-a5561fc1590b@5417fbe8-f217-4b02-8779-1006273d7864> | 2006-10-16 15:05:00 +0000 |
| commit | 2db88fcaf25e6cfb37aa33fb7478676c3d30889f (patch) | |
| tree | 59c5f60d11b2a43e273625d3b1a7e36b19af578d /src/nickserv.c | |
| parent | 6e77a5d94d554398b2d6965597da9d94bdb3a8f5 (diff) | |
BUILD : 1.7.16 (1175) BUGS : 612 NOTES : Fixed a number of MySQL/RDB-related functions which did not correctly escape their arguments
git-svn-id: svn://svn.anope.org/anope/trunk@1175 31f1291d-b8d6-0310-a050-a5561fc1590b
git-svn-id: http://anope.svn.sourceforge.net/svnroot/anope/trunk@896 5417fbe8-f217-4b02-8779-1006273d7864
Diffstat (limited to 'src/nickserv.c')
| -rw-r--r-- | src/nickserv.c | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/src/nickserv.c b/src/nickserv.c index 1c46a76c6..cb51c47b8 100644 --- a/src/nickserv.c +++ b/src/nickserv.c @@ -1406,6 +1406,7 @@ static int delcore(NickCore * nc) int i; #ifdef USE_RDB static char clause[128]; + char *q_display; #endif /* (Hopefully complete) cleanup */ cs_remove_nick(nc); @@ -1425,17 +1426,18 @@ static int delcore(NickCore * nc) #ifdef USE_RDB /* Reflect this change in the database right away. */ if (rdb_open()) { - - snprintf(clause, sizeof(clause), "display='%s'", nc->display); + q_display = rdb_quote(nc->display); + snprintf(clause, sizeof(clause), "display='%s'", q_display); rdb_scrub_table("anope_ns_access", clause); rdb_scrub_table("anope_ns_core", clause); rdb_scrub_table("anope_cs_access", clause); /* I'm unsure how to clean up the OS ADMIN/OPER list on the db */ /* I wish the "display" primary key would be the same on all tables */ snprintf(clause, sizeof(clause), "receiver='%s' AND serv='NICK'", - nc->display); + q_display); rdb_scrub_table("anope_ms_info", clause); rdb_close(); + free(q_display); } #endif @@ -1509,6 +1511,7 @@ int delnick(NickAlias * na) { #ifdef USE_RDB static char clause[128]; + char *q_nick; #endif /* First thing to do: remove any timeout belonging to the nick we're deleting */ clean_ns_timeouts(na); @@ -1552,10 +1555,11 @@ int delnick(NickAlias * na) #ifdef USE_RDB /* Reflect this change in the database right away. */ if (rdb_open()) { - - snprintf(clause, sizeof(clause), "nick='%s'", na->nick); + q_nick = rdb_quote(na->nick); + snprintf(clause, sizeof(clause), "nick='%s'", q_nick); rdb_scrub_table("anope_ns_alias", clause); rdb_close(); + free(q_nick); } #endif |