Radish alpha
H
HardenedBSD-pkg
rad:z3QDZAW2FAfuLvihrhiyDC9fAD8G9
HardenedBSD Package Manager
Radicle
Git
Commits f67004e
Limit accepted characters to evaluation format
Baptiste Daroussin committed 14 years ago
commit f67004ed5ddfe8847c153a1df5f2bb231f779a73
parent b1e6b0b
1 file changed +23 -8
modified pkg/query.c
@@ -389,14 +389,28 @@ format_sql_condition(const char *str, struct sbuf *sqlcond)
						return (EPKG_FATAL);

				}

			} else {
- 
				if (str[0] == '|' && str[1] == '|') {
- 
					str++;
- 
					sbuf_cat(sqlcond, " OR ");
- 
				} else if (str[0] == '&' && str[1] == '&') {
- 
					str++;
- 
					sbuf_cat(sqlcond, " AND ");
- 
				} else {
- 
					sbuf_putc(sqlcond, str[0]);
+ 
				switch (str[0]) {
+ 
					case '(':
+ 
					case ')':
+ 
					case ' ':
+ 
					case '\t':
+ 
						sbuf_putc(sqlcond, str[0]);
+ 
						break;
+ 
					case '|':
+ 
						if (str[1] == '|') {
+ 
							str++;
+ 
							sbuf_cat(sqlcond, " OR ");
+ 
							break;
+ 
						}
+ 
					case '&':
+ 
						if (str[1] == '&') {
+ 
							str++;
+ 
							sbuf_cat(sqlcond, " AND ");
+ 
							break;
+ 
						}
+ 
					default:
+ 
						fprintf(stderr, "unexpected character %c\n", str[0]);
+ 
						return (EPKG_FATAL);

				}

			}

		} else if (state == OPERATOR_STRING || state == OPERATOR_INT) {
@@ -483,6 +497,7 @@ format_sql_condition(const char *str, struct sbuf *sqlcond)
	}

	if (state == STRING)

		sbuf_putc(sqlcond, '"');
+ 


	return (EPKG_OK);

}