]> git.sommitrealweird.co.uk Git - onak.git/commitdiff
cscvs to tla changeset 7
authorJonathan McDowell <noodles@earth.li>
Mon, 31 May 2004 23:46:56 +0000 (23:46 +0000)
committerJonathan McDowell <noodles@earth.li>
Mon, 31 May 2004 23:46:56 +0000 (23:46 +0000)
Author: noodles
Date: 2002/09/08 10:30:32
Changing over to use PQescapeString to escape SQL string data.

keydb_pg.c

index 3f519bc88aa5664e4ad7949f48dc38953c7dca7a..b09c692408627dff5b23e42903322642fb598bb6 100644 (file)
@@ -206,34 +206,22 @@ int fetch_key_text(const char *search, struct openpgp_publickey **publickey)
        int i = 0;
        int numkeys = 0;
        Oid key_oid;
        int i = 0;
        int numkeys = 0;
        Oid key_oid;
-       char *dodgychar = NULL;
+       char *newsearch = NULL;
 
        result = PQexec(dbconn, "BEGIN");
        PQclear(result);
 
 
        result = PQexec(dbconn, "BEGIN");
        PQclear(result);
 
-       /*
-        * TODO: We really want to use PQescapeString, but this isn't supported
-        * by the version of Postgresql in Debian Stable. Roll on Woody and for
-        * now kludge it.
-        */
-       dodgychar = strchr(search, '\'');
-       while (dodgychar != NULL) {
-               *dodgychar = ' ';
-               dodgychar = strchr(search, '\'');
-       }
-       dodgychar = strchr(search, '\\');
-       while (dodgychar != NULL) {
-               *dodgychar = ' ';
-               dodgychar = strchr(search, '\\');
-       }
-
-       
+       newsearch = malloc(strlen(search) * 2 + 1);
+       memset(newsearch, 0, strlen(search) * 2 + 1);
+       PQescapeString(newsearch, search, strlen(search));
        snprintf(statement, 1023,
                        "SELECT DISTINCT onak_keys.keydata FROM onak_keys, "
                        "onak_uids WHERE onak_keys.keyid = onak_uids.keyid "
                        "AND onak_uids.uid LIKE '%%%s%%'",
        snprintf(statement, 1023,
                        "SELECT DISTINCT onak_keys.keydata FROM onak_keys, "
                        "onak_uids WHERE onak_keys.keyid = onak_uids.keyid "
                        "AND onak_uids.uid LIKE '%%%s%%'",
-                       search);
+                       newsearch);
        result = PQexec(dbconn, statement);
        result = PQexec(dbconn, statement);
+       free(newsearch);
+       newsearch = NULL;
 
        if (PQresultStatus(result) == PGRES_TUPLES_OK) {
                numkeys = PQntuples(result);
 
        if (PQresultStatus(result) == PGRES_TUPLES_OK) {
                numkeys = PQntuples(result);
@@ -285,7 +273,7 @@ int store_key(struct openpgp_publickey *publickey, bool intrans, bool update)
        int fd;
        char **uids = NULL;
        char *primary = NULL;
        int fd;
        char **uids = NULL;
        char *primary = NULL;
-       char *dodgychar = NULL;
+       char *safeuid = NULL;
        int i;
 
        if (!intrans) {
        int i;
 
        if (!intrans) {
@@ -335,30 +323,29 @@ int store_key(struct openpgp_publickey *publickey, bool intrans, bool update)
        uids = keyuids(publickey, &primary);
        if (uids != NULL) {
                for (i = 0; uids[i] != NULL; i++) {
        uids = keyuids(publickey, &primary);
        if (uids != NULL) {
                for (i = 0; uids[i] != NULL; i++) {
-                       /*
-                        * TODO: We really want to use PQescapeString, but this
-                        * isn't supported by the version of Postgresql in
-                        * Debian Stable. Roll on Woody and for now kludge it.
-                        */
-                       dodgychar = strchr(uids[i], '\'');
-                       while (dodgychar != NULL) {
-                               *dodgychar = ' ';
-                               dodgychar = strchr(uids[i], '\'');
+                       safeuid = malloc(strlen(uids[i]) * 2 + 1);
+                       if (safeuid != NULL) {
+                               memset(safeuid, 0, strlen(uids[i]) * 2 + 1);
+                               PQescapeString(safeuid, uids[i],
+                                               strlen(uids[i]));
+
+                               snprintf(statement, 1023,
+                                       "INSERT INTO onak_uids "
+                                       "(keyid, uid, pri) "
+                                       "VALUES ('%llX', '%s', '%c')",
+                                       get_keyid(publickey),
+                                       safeuid,
+                                       (uids[i] == primary) ? 't' : 'f');
+                               result = PQexec(dbconn, statement);
+
+                               free(safeuid);
+                               safeuid = NULL;
                        }
                        }
-                       dodgychar = strchr(uids[i], '\\');
-                               while (dodgychar != NULL) {
-                               *dodgychar = ' ';
-                               dodgychar = strchr(uids[i], '\\');
+                       if (uids[i] != NULL) {
+                               free(uids[i]);
+                               uids[i] = NULL;
                        }
 
                        }
 
-                       snprintf(statement, 1023,
-                               "INSERT INTO onak_uids (keyid, uid, pri) "
-                               "VALUES ('%llX', '%s', '%c')",
-                               get_keyid(publickey),
-                               uids[i],
-                               (uids[i] == primary) ? 't' : 'f');
-                       result = PQexec(dbconn, statement);
-
                        if (PQresultStatus(result) != PGRES_COMMAND_OK) {
                                fprintf(stderr, "Problem storing key in DB.\n");
                                fprintf(stderr, "%s\n",
                        if (PQresultStatus(result) != PGRES_COMMAND_OK) {
                                fprintf(stderr, "Problem storing key in DB.\n");
                                fprintf(stderr, "%s\n",
@@ -369,6 +356,8 @@ int store_key(struct openpgp_publickey *publickey, bool intrans, bool update)
                         */
                        PQclear(result);
                }
                         */
                        PQclear(result);
                }
+               free(uids);
+               uids = NULL;
        }
 
        if (!intrans) {
        }
 
        if (!intrans) {