LupusNobilis/sogo
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

merge of '6518d809c62090407ee4ee8fc132902607385421'

Browse source 
and 'ae25610b2149f561f23ae34e0889a7197d4324c3'

Monotone-Parent: 6518d809c62090407ee4ee8fc132902607385421
Monotone-Parent: ae25610b2149f561f23ae34e0889a7197d4324c3
Monotone-Revision: a625593a580ec03e118df9e1150b6baf7c8f5c53

Monotone-Author: ludovic@Sophos.ca
Monotone-Date: 2010-03-25T01:20:16
Monotone-Branch: ca.inverse.sogo
This commit is contained in:
Ludovic Marcotte 2010-03-25 01:20:16 +00:00
parent 6f58d9445e 7c72b96b1e
commit b4979825e8
2 changed files with 8 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
ChangeLog
View file

@ -9,6 +9,10 @@
(- _parseLine:) fixed incorrrect handling
of QP-encoded attributes.
* SoObjects/SOGo/SQLSource.m - we now properly
escape quotes for SQL parameters coming from
user's input.
2010-03-22 Ludovic Marcotte <lmarcotte@inverse.ca>
* SoObjects/Mailer/SOGoDraftObject.m - we strip

4
SoObjects/SOGo/SQLSource.m
View file

@ -184,6 +184,7 @@
rc = NO;
_login = [_login stringByReplacingString: @"'" withString: @"''"];
cm = [GCSChannelManager defaultChannelManager];
channel = [cm acquireOpenChannelForURL: _viewURL];
if (channel)
@ -237,6 +238,7 @@
response = nil;
theID = [theID stringByReplacingString: @"'" withString: @"''"];
cm = [GCSChannelManager defaultChannelManager];
channel = [cm acquireOpenChannelForURL: _viewURL];
if (channel)
@ -348,6 +350,8 @@
if (channel)
{
lowerFilter = [filter lowercaseString];
lowerFilter = [lowerFilter stringByReplacingString: @"'" withString: @"''"];
sql = [NSString stringWithFormat: (@"SELECT *"
@" FROM %@"
@" WHERE LOWER(c_cn) LIKE '%%%@%%'"