Asterisk
/
asterisk
mirror of https://github.com/asterisk/asterisk
1
0
Fork 0
Code Issues Releases Wiki Activity

Add SQL_ESC to allow single ticks to be escaped

Browse Source 
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@7642 65c4cc65-6c06-0410-ace0-fbb531ad65f3
1.4
Tilghman Lesher 20 years ago
parent 63ed37defd
commit dd161bec3b
2 changed files with 40 additions and 3 deletions
Show Stats Download Patch File Download Diff File

11
configs/func_odbc.conf.sample
Unescape View File

@ -12,6 +12,11 @@
; In addition, for write statements, you have ${VAL1}, ${VAL2} ... ${VALn} ; In addition, for write statements, you have ${VAL1}, ${VAL2} ... ${VALn}
; parsed, just like arguments, for the values. In addition, if you want the ; parsed, just like arguments, for the values. In addition, if you want the
; whole value, never mind the parsing, you can get that with ${VALUE}. ; whole value, never mind the parsing, you can get that with ${VALUE}.
;
;
; If you have data which may potentially contain single ticks, you may wish
; to use the dialplan function SQL_ESC() to escape the data prior to its
; inclusion in the SQL statement.
; ODBC_SQL - Allow an SQL statement to be built entirely in the dialplan ; ODBC_SQL - Allow an SQL statement to be built entirely in the dialplan
@ -22,11 +27,11 @@ read=${ARG1}
; ODBC_ANTIGF - A blacklist. ; ODBC_ANTIGF - A blacklist.
[ANTIGF] [ANTIGF]
dsn=mysql1 dsn=mysql1
read=SELECT COUNT(*) FROM exgirlfriends WHERE callerid='${ARG1}' read=SELECT COUNT(*) FROM exgirlfriends WHERE callerid='${SQL_ESC(${ARG1})}'
; ODBC_PRESENCE - Retrieve and update presence ; ODBC_PRESENCE - Retrieve and update presence
[PRESENCE] [PRESENCE]
dsn=mysql1 dsn=mysql1
read=SELECT location FROM presence WHERE id='${ARG1}' read=SELECT location FROM presence WHERE id='${SQL_ESC(${ARG1})}'
write=UPDATE presence SET location='${VAL1}' WHERE id='${ARG1}' write=UPDATE presence SET location='${SQL_ESC(${VAL1})}' WHERE id='${SQL_ESC(${ARG1})}'

32
funcs/func_odbc.c
Unescape View File

@ -351,6 +351,35 @@ acf_out:
return buf; return buf;
} }
static char *acf_escape(struct ast_channel *chan, char *cmd, char *data, char *buf, size_t len)
{
char *in, *out = buf;
for (in = data; *in && out - buf < len; in++) {
if (*in == '\'') {
*out = '\'';
out++;
}
*out = *in;
out++;
}
*out = '\0';
return buf;
}
struct ast_custom_function escape_function = {
.name = "SQL_ESC",
.synopsis = "Escapes single ticks for use in SQL statements",
.syntax = "SQL_ESC(<string>)",
.desc =
"Used in SQL templates to escape data which may contain single ticks (') which\n"
"are otherwise used to delimit data. For example:\n"
"SELECT foo FROM bar WHERE baz='${SQL_ESC(${ARG1})}'\n",
.read = acf_escape,
.write = NULL,
};
static int init_acf_query(struct ast_config *cfg, char *catg, struct acf_odbc_query **query) static int init_acf_query(struct ast_config *cfg, char *catg, struct acf_odbc_query **query)
{ {
char *tmp; char *tmp;
@ -477,6 +506,7 @@ static int odbc_load_module(void)
} }
ast_config_destroy(cfg); ast_config_destroy(cfg);
ast_custom_function_register(&escape_function);
out: out:
ast_mutex_unlock(&query_lock); ast_mutex_unlock(&query_lock);
return res; return res;
@ -507,6 +537,8 @@ static int odbc_unload_module(void)
free(lastquery); free(lastquery);
queries = NULL; queries = NULL;
ast_custom_function_unregister(&escape_function);
ast_mutex_unlock(&query_lock); ast_mutex_unlock(&query_lock);
return 0; return 0;
} }

Write Preview
Loading…
Cancel
Save