diff options
author | zuul <zuul@gerrit.asterisk.org> | 2017-02-21 06:26:30 -0600 |
---|---|---|
committer | Gerrit Code Review <gerrit2@gerrit.digium.api> | 2017-02-21 06:26:30 -0600 |
commit | 144b09ab41274498637a6cd8601f653658ecca8b (patch) | |
tree | 3d591d97e10cc18e3adfc88748fc7cb0ae32b19b /addons | |
parent | 50e984115dead1c500903a5f8767b463a1bcd88c (diff) | |
parent | e93f2a5142d1056dc223c37872c25b2a0d2c6778 (diff) |
Merge "realtime: Fix LIKE escaping in SQL backends"
Diffstat (limited to 'addons')
-rw-r--r-- | addons/res_config_mysql.c | 54 |
1 files changed, 41 insertions, 13 deletions
diff --git a/addons/res_config_mysql.c b/addons/res_config_mysql.c index bf38a4e69..f2ef949fc 100644 --- a/addons/res_config_mysql.c +++ b/addons/res_config_mysql.c @@ -303,6 +303,11 @@ static char *decode_chunk(char *chunk) return orig; } +#define IS_SQL_LIKE_CLAUSE(x) ((x) && ast_ends_with(x, " LIKE")) + +/* MySQL requires us to escape the escape... yo dawg */ +static char *ESCAPE_CLAUSE = " ESCAPE '\\\\'"; + static struct ast_variable *realtime_mysql(const char *database, const char *table, const struct ast_variable *rt_fields) { struct mysql_conn *dbh; @@ -315,6 +320,7 @@ static struct ast_variable *realtime_mysql(const char *database, const char *tab char *stringp; char *chunk; char *op; + char *escape = ""; const struct ast_variable *field = rt_fields; struct ast_variable *var=NULL, *prev=NULL; @@ -345,20 +351,29 @@ static struct ast_variable *realtime_mysql(const char *database, const char *tab /* Create the first part of the query using the first parameter/value pairs we just extracted If there is only 1 set, then we have our query. Otherwise, loop thru the list and concat */ - if (!strchr(field->name, ' ')) - op = " ="; - else + if (!strchr(field->name, ' ')) { + op = " ="; + } else { op = ""; + if (IS_SQL_LIKE_CLAUSE(field->name)) { + escape = ESCAPE_CLAUSE; + } + } ESCAPE_STRING(buf, field->value); - ast_str_set(&sql, 0, "SELECT * FROM %s WHERE %s%s '%s'", table, field->name, op, ast_str_buffer(buf)); + ast_str_set(&sql, 0, "SELECT * FROM %s WHERE %s%s '%s'%s", table, field->name, op, ast_str_buffer(buf), escape); while ((field = field->next)) { - if (!strchr(field->name, ' ')) - op = " ="; - else + escape = ""; + if (!strchr(field->name, ' ')) { + op = " ="; + } else { op = ""; + if (IS_SQL_LIKE_CLAUSE(field->name)) { + escape = ESCAPE_CLAUSE; + } + } ESCAPE_STRING(buf, field->value); - ast_str_append(&sql, 0, " AND %s%s '%s'", field->name, op, ast_str_buffer(buf)); + ast_str_append(&sql, 0, " AND %s%s '%s'%s", field->name, op, ast_str_buffer(buf), escape); } ast_debug(1, "MySQL RealTime: Retrieve SQL: %s\n", ast_str_buffer(sql)); @@ -416,6 +431,7 @@ static struct ast_config *realtime_multi_mysql(const char *database, const char char *stringp; char *chunk; char *op; + char *escape = ""; const struct ast_variable *field = rt_fields; struct ast_variable *var = NULL; struct ast_config *cfg = NULL; @@ -462,17 +478,29 @@ static struct ast_config *realtime_multi_mysql(const char *database, const char /* Create the first part of the query using the first parameter/value pairs we just extracted If there is only 1 set, then we have our query. Otherwise, loop thru the list and concat */ - if (!strchr(field->name, ' ')) + if (!strchr(field->name, ' ')) { op = " ="; - else + } else { op = ""; + if (IS_SQL_LIKE_CLAUSE(field->name)) { + escape = ESCAPE_CLAUSE; + } + } ESCAPE_STRING(buf, field->value); - ast_str_set(&sql, 0, "SELECT * FROM %s WHERE %s%s '%s'", table, field->name, op, ast_str_buffer(buf)); + ast_str_set(&sql, 0, "SELECT * FROM %s WHERE %s%s '%s'%s", table, field->name, op, ast_str_buffer(buf), escape); while ((field = field->next)) { - if (!strchr(field->name, ' ')) op = " ="; else op = ""; + escape = ""; + if (!strchr(field->name, ' ')) { + op = " ="; + } else { + op = ""; + if (IS_SQL_LIKE_CLAUSE(field->name)) { + escape = ESCAPE_CLAUSE; + } + } ESCAPE_STRING(buf, field->value); - ast_str_append(&sql, 0, " AND %s%s '%s'", field->name, op, ast_str_buffer(buf)); + ast_str_append(&sql, 0, " AND %s%s '%s'%s", field->name, op, ast_str_buffer(buf), escape); } if (initfield) { |