From 3cbe78e5ee5165b1fc0df239ac07387a07377a8c Mon Sep 17 00:00:00 2001 From: Christian Dywan Date: Sat, 6 Dec 2008 14:35:54 +0100 Subject: [PATCH] Escape page uri and title when inserting into database --- midori/main.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/midori/main.c b/midori/main.c index 2bed84d5..2722f97d 100644 --- a/midori/main.c +++ b/midori/main.c @@ -716,13 +716,13 @@ midori_history_add_item_cb (KatzeArray* array, return; } } - sqlcmd = g_strdup_printf ("INSERT INTO history VALUES" - "('%s', '%s', %" G_GUINT64_FORMAT ", -1)", + sqlcmd = sqlite3_mprintf ("INSERT INTO history VALUES" + "('%q', '%q', %" G_GUINT64_FORMAT ", -1)", katze_item_get_uri (item), katze_item_get_name (item), katze_item_get_added (item)); success = db_exec (db, sqlcmd, &error); - g_free (sqlcmd); + sqlite3_free (sqlcmd); if (!success) { g_printerr (_("Failed to add history item: %s\n"), error->message); -- 2.39.5