From: Christian Dywan Date: Sun, 11 Jul 2010 21:49:13 +0000 (+0200) Subject: Use sqlite3_mprintf to quote when inserting bookmark items X-Git-Url: https://spindle.queued.net/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5a082100c80af824bd5b8880b86e7d82e74b50be;p=midori Use sqlite3_mprintf to quote when inserting bookmark items --- diff --git a/panels/midori-bookmarks.c b/panels/midori-bookmarks.c index 5450f0ba..d767bec6 100644 --- a/panels/midori-bookmarks.c +++ b/panels/midori-bookmarks.c @@ -232,12 +232,9 @@ midori_bookmarks_insert_item_db (sqlite3* db, else parent = g_strdup (""); - /* Workaround a sqlite3_mprintf error with - handling of katze_item_get_meta_integer(). */ - /* FIXME: Need proper single quote escaping. */ - sqlcmd = g_strdup_printf ( + sqlcmd = sqlite3_mprintf ( "INSERT into bookmarks (uri, title, folder, toolbar, app) values" - " ('%s', '%s', '%s', %d, %d)", + " ('%q', '%q', '%q', %d, %d)", uri, katze_item_get_name (item), parent, @@ -252,7 +249,7 @@ midori_bookmarks_insert_item_db (sqlite3* db, g_free (uri); g_free (parent); - g_free (sqlcmd); + sqlite3_free (sqlcmd); } void