From: Jonathan McDowell Date: Sat, 26 Dec 2009 12:16:02 +0000 (+0000) Subject: Change PostgreSQL backend to use PQescapeStringConn X-Git-Url: https://git.sommitrealweird.co.uk/onak.git/commitdiff_plain/d060a4874d44c3cbe0681db81fca0e7e892f3537?ds=inline Change PostgreSQL backend to use PQescapeStringConn While the PostgreSQL backend is not known to be in use anywhere we were using an older escaping function (PQescapeString) which does not have knowledge of the connection character encoding and so has potential problems. Switch to using PQescapeStringConn, which does have this knowledge. --- diff --git a/keydb_pg.c b/keydb_pg.c index 25881c0..812e5d7 100644 --- a/keydb_pg.c +++ b/keydb_pg.c @@ -218,7 +218,7 @@ static int pg_fetch_key_text(const char *search, newsearch = malloc(strlen(search) * 2 + 1); memset(newsearch, 0, strlen(search) * 2 + 1); - PQescapeString(newsearch, search, strlen(search)); + PQescapeStringConn(dbconn, newsearch, search, strlen(search), NULL); snprintf(statement, 1023, "SELECT DISTINCT onak_keys.keydata FROM onak_keys, " "onak_uids WHERE onak_keys.keyid = onak_uids.keyid " @@ -408,8 +408,8 @@ static int pg_store_key(struct openpgp_publickey *publickey, bool intrans, safeuid = malloc(strlen(uids[i]) * 2 + 1); if (safeuid != NULL) { memset(safeuid, 0, strlen(uids[i]) * 2 + 1); - PQescapeString(safeuid, uids[i], - strlen(uids[i])); + PQescapeStringConn(dbconn, safeuid, uids[i], + strlen(uids[i]), NULL); snprintf(statement, 1023, "INSERT INTO onak_uids "