Use sqlite3_mprintf to quote when inserting bookmark items

author Christian Dywan <christian@twotoasts.de>

Sun, 11 Jul 2010 21:49:13 +0000 (23:49 +0200)

committer Christian Dywan <christian@twotoasts.de>

Sun, 11 Jul 2010 21:49:13 +0000 (23:49 +0200)
author Christian Dywan <christian@twotoasts.de>
Sun, 11 Jul 2010 21:49:13 +0000 (23:49 +0200)
committer Christian Dywan <christian@twotoasts.de>
Sun, 11 Jul 2010 21:49:13 +0000 (23:49 +0200)
diff --git a/panels/midori-bookmarks.c b/panels/midori-bookmarks.c

index 5450f0ba496cce5fb1aad44bfa2ef8dd8fffddce..d767bec615b3c55b43c967a4d458a5ab3bfa4db6 100644 (file)
--- a/panels/midori-bookmarks.c
+++ b/panels/midori-bookmarks.c
@@ -232,12 +232,9 @@ midori_bookmarks_insert_item_db (sqlite3*     db,
      else
          parent = g_strdup ("");
  
-    /* Workaround a sqlite3_mprintf error with
-       handling of katze_item_get_meta_integer(). */
-    /* FIXME: Need proper single quote escaping. */
-    sqlcmd = g_strdup_printf (
+    sqlcmd = sqlite3_mprintf (
              "INSERT into bookmarks (uri, title, folder, toolbar, app) values"
-            " ('%s', '%s', '%s', %d, %d)",
+            " ('%q', '%q', '%q', %d, %d)",
              uri,
              katze_item_get_name (item),
              parent,
@@ -252,7 +249,7 @@ midori_bookmarks_insert_item_db (sqlite3*     db,
  
      g_free (uri);
      g_free (parent);
-    g_free (sqlcmd);
+    sqlite3_free (sqlcmd);
  }
  
  void
author	Christian Dywan <christian@twotoasts.de>
	Sun, 11 Jul 2010 21:49:13 +0000 (23:49 +0200)
committer	Christian Dywan <christian@twotoasts.de>
	Sun, 11 Jul 2010 21:49:13 +0000 (23:49 +0200)