diff options
author | Ted Trask <ttrask01@yahoo.com> | 2013-06-18 19:02:32 +0000 |
---|---|---|
committer | Ted Trask <ttrask01@yahoo.com> | 2013-06-18 19:02:32 +0000 |
commit | 7e108028ef8a40295bb7535d29779d5f80e11bec (patch) | |
tree | 86bc8e188eb9715923ea53c00932d1eb943b84fe | |
parent | 8f3961970e5c2d88a8e4bb960ad341ede67bc98d (diff) | |
download | acf-kamailio-7e108028ef8a40295bb7535d29779d5f80e11bec.tar.bz2 acf-kamailio-7e108028ef8a40295bb7535d29779d5f80e11bec.tar.xz |
Add some more escape calls
Fix for alpine linux bug #2103
-rw-r--r-- | kamailio-model.lua | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/kamailio-model.lua b/kamailio-model.lua index b015c35..1ba7956 100644 --- a/kamailio-model.lua +++ b/kamailio-model.lua @@ -458,7 +458,7 @@ function update_table_entry(self, entry, action, create) if create then sql = "INSERT INTO "..escape(entry.value.table.value).." ("..table.concat(names, ", ")..") VALUES('"..table.concat(values, "', '").."')" else - sql = "UPDATE "..entry.value.table.value.." SET ("..table.concat(names, ", ")..") = ('"..table.concat(values, "', '").."') WHERE id='"..escape(entry.value.id.value).."'" + sql = "UPDATE "..escape(entry.value.table.value).." SET ("..table.concat(names, ", ")..") = ('"..table.concat(values, "', '").."') WHERE id='"..escape(entry.value.id.value).."'" end runsqlcommand(sql) end @@ -547,7 +547,7 @@ function search_database(id, value, comparison) retval.result = cfe({type="structure", value={}, label="List of Rows", seq=4 }) local table, column = string.match(id, "^([^.]*)%.(.*)") if table then - local sql = "SELECT * FROM "..table.." WHERE "..column..comparison.."'"..value.."'" + local sql = "SELECT * FROM "..escape(table).." WHERE "..escape(column)..escape(comparison).."'"..escape(value).."'" retval.result.value = getselectresponse(sql) end end |