From 52ae74a76253d6f2580c4002f5c7c0c0a78ae32b Mon Sep 17 00:00:00 2001
From: Ted Trask <ttrask01@yahoo.com>
Date: Mon, 1 Jun 2015 16:16:35 -0400
Subject: Provide SQL escape function to scripts

---
 config/update_device_params.lua | 2 +-
 provisioning-model.lua          | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/config/update_device_params.lua b/config/update_device_params.lua
index ee7034a..25048da 100644
--- a/config/update_device_params.lua
+++ b/config/update_device_params.lua
@@ -11,7 +11,7 @@ local function findip(mac)
 	if not mac or mac == "" then
 		return nil
 	end
-	local ipaddr = functions.getselectresponse("SELECT ip FROM provisioning_requests WHERE mac~*'"..mac.."'")
+	local ipaddr = functions.getselectresponse("SELECT ip FROM provisioning_requests WHERE mac~*'"..functions.escape(mac).."'")
 	if ipaddr and ipaddr[1] then
 		return ipaddr[1].ip
 	end
diff --git a/provisioning-model.lua b/provisioning-model.lua
index 2d08f0b..65fc87f 100644
--- a/provisioning-model.lua
+++ b/provisioning-model.lua
@@ -500,6 +500,7 @@ end
 functions = {
 	getselectresponse=getselectresponse,
 	runsqlcommand=runsqlcommand,
+	escape=provdb.escape,
 	get_device=get_device,
 	get_device_params=get_device_params,
 	set_device_params=set_device_params,
-- 
cgit v1.2.3