yetangitu/ejabberd
1
0
Fork 0
mirror of https://github.com/processone/ejabberd synced 2025-10-06 03:50:15 +02:00
Code Issues Releases Wiki Activity

Fix missed escaping in node_flat_sql.erl

Browse source
This commit is contained in:
Alexey Shchepin 2016-07-05 17:45:37 +03:00
parent 3820aaa421
commit be3a4acb55
1 changed files with 4 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

7
src/node_flat_sql.erl
View file

@ -914,12 +914,13 @@ first_in_list(Pred, [H | T]) ->
end. end.
itemids(Nidx, {_U, _S, _R} = JID) -> itemids(Nidx, {_U, _S, _R} = JID) ->
SJID = <<(ejabberd_sql:escape(encode_jid_like(JID)))/binary, "/%">>, SJID = encode_jid(JID),
SJIDLike = <<(ejabberd_sql:escape(encode_jid_like(JID)))/binary, "/%">>,
case catch case catch
ejabberd_sql:sql_query_t( ejabberd_sql:sql_query_t(
?SQL("select @(itemid)s from pubsub_item where " ?SQL("select @(itemid)s from pubsub_item where "
"nodeid=%(Nidx)d and (publisher=%(JID)s" "nodeid=%(Nidx)d and (publisher=%(SJID)s"
" or publisher like %(SJID)s escape '^') " " or publisher like %(SJIDLike)s escape '^') "
"order by modification desc")) "order by modification desc"))
of of
{selected, RItems} -> {selected, RItems} ->