[icinga-checkins] icinga.org: icinga-core/master: modify string escaping again for mysql, pgsql

git at icinga.org git at icinga.org
Thu Apr 29 16:25:22 CEST 2010


Module: icinga-core
Branch: master
Commit: 0a98462f01f6cdf7b4fda3ad0b78e0c8658f5761
URL:    https://git.icinga.org/?p=icinga-core.git;a=commit;h=0a98462f01f6cdf7b4fda3ad0b78e0c8658f5761

Author: Michael Friedrich <michael.friedrich at univie.ac.at>
Date:   Thu Apr 29 16:25:04 2010 +0200

modify string escaping again for mysql, pgsql

needs a rewrite though. the actual solution is not acceptable anymore.

fixes #384

---

 Changelog                |    1 +
 module/idoutils/src/db.c |   49 +++++++++++++++++++++++++++++++++++++++++++++-
 2 files changed, 49 insertions(+), 1 deletions(-)

diff --git a/Changelog b/Changelog
index 8483920..acd0d5c 100644
--- a/Changelog
+++ b/Changelog
@@ -20,6 +20,7 @@ FIXES
 * idoutils: Host DB inserts use string 'NULL\n' instead of NULL (William Preston)
 * idoutils: ndo2db_get_object_id fails to return existing IDs (William Preston)
 * idoutils: fix postgres wrong type in service_object_id
+* idoutils: modify string escaping again (mysql, pgsql), needs a full rewrite though
 
 
 1.0.1 - 03/03/2010
diff --git a/module/idoutils/src/db.c b/module/idoutils/src/db.c
index d542cff..439bf7b 100644
--- a/module/idoutils/src/db.c
+++ b/module/idoutils/src/db.c
@@ -1813,11 +1813,57 @@ char *ndo2db_db_escape_string(ndo2db_idi *idi, char *buf) {
 
 	z = strlen(buf);
 
+	/* escape characters */
+#ifndef USE_ORACLE /* everything else will be libdbi */
+	/* allocate space for the new string */
+
+        if ((newbuf = (char *) malloc((z * 2) + 1)) == NULL)
+                return NULL;
+
+        for (x = 0, y = 0; x < z; x++) {
+
+                if(idi->dbinfo.server_type==NDO2DB_DBSERVER_MYSQL){
+
+                         if(buf[x]=='\'' || buf[x]=='\"' || buf[x]=='*' || buf[x]=='\\' || buf[x]=='$' || buf[x]=='?' || buf[x]=='.' || buf[x]=='^' || buf[x]=='+' || buf[x]=='[' || buf[x]==']' || buf[x]=='(' || buf[x]==')')
+                                newbuf[y++]='\\';
+                }
+                else if(idi->dbinfo.server_type==NDO2DB_DBSERVER_PGSQL){
+
+			if (buf[x] == '\'' || buf[x] == '[' || buf[x] == ']' || buf[x] == '(' || buf[x] == ')')
+				newbuf[y++] = '\\';
+
+                	/* should be fixed with binding values */
+			/* if(buf[x]=='\'' )
+                               newbuf[y++]='\''; */
+		}
+		else {
+
+                       if(buf[x]=='\'' )
+                               newbuf[y++]='\'';
+
+		}
+
+                newbuf[y++] = buf[x];
+        }
+
+        /* terminate escape string */
+        newbuf[y] = '\0';
+
+        ndo2db_log_debug_info(NDO2DB_DEBUGL_PROCESSINFO, 2, "ndo2db_db_escape_string(%s) end\n", newbuf);
+        return newbuf;
+
+        //size_t res = dbi_conn_quote_string(idi->dbinfo.dbi_conn, &buf);
+ 
+        //ndo2db_log_debug_info(NDO2DB_DEBUGL_PROCESSINFO, 2, "ndo2db_db_escape_string(%s) end\n", buf);
+        //return buf;
+
+#else /* Oracle ocilib specific */
+
 	/* allocate space for the new string */
 	if ((newbuf = (char *) malloc((z * 2) + 1)) == NULL)
 		return NULL;
 
-	/* escape characters */
+
 	for (x = 0, y = 0; x < z; x++) {
 
                 if(buf[x]=='\'' )
@@ -1825,6 +1871,7 @@ char *ndo2db_db_escape_string(ndo2db_idi *idi, char *buf) {
 
 		newbuf[y++] = buf[x];
 	}
+#endif /* Oracle ocilib specific */
 
 	/* terminate escape string */
 	newbuf[y] = '\0';





More information about the icinga-checkins mailing list