merge of '6518d809c62090407ee4ee8fc132902607385421'
and 'ae25610b2149f561f23ae34e0889a7197d4324c3' Monotone-Parent: 6518d809c62090407ee4ee8fc132902607385421 Monotone-Parent: ae25610b2149f561f23ae34e0889a7197d4324c3 Monotone-Revision: a625593a580ec03e118df9e1150b6baf7c8f5c53 Monotone-Author: ludovic@Sophos.ca Monotone-Date: 2010-03-25T01:20:16 Monotone-Branch: ca.inverse.sogo
This commit is contained in:
commit
b4979825e8
|
@ -9,6 +9,10 @@
|
||||||
(- _parseLine:) fixed incorrrect handling
|
(- _parseLine:) fixed incorrrect handling
|
||||||
of QP-encoded attributes.
|
of QP-encoded attributes.
|
||||||
|
|
||||||
|
* SoObjects/SOGo/SQLSource.m - we now properly
|
||||||
|
escape quotes for SQL parameters coming from
|
||||||
|
user's input.
|
||||||
|
|
||||||
2010-03-22 Ludovic Marcotte <lmarcotte@inverse.ca>
|
2010-03-22 Ludovic Marcotte <lmarcotte@inverse.ca>
|
||||||
|
|
||||||
* SoObjects/Mailer/SOGoDraftObject.m - we strip
|
* SoObjects/Mailer/SOGoDraftObject.m - we strip
|
||||||
|
|
|
@ -184,6 +184,7 @@
|
||||||
|
|
||||||
rc = NO;
|
rc = NO;
|
||||||
|
|
||||||
|
_login = [_login stringByReplacingString: @"'" withString: @"''"];
|
||||||
cm = [GCSChannelManager defaultChannelManager];
|
cm = [GCSChannelManager defaultChannelManager];
|
||||||
channel = [cm acquireOpenChannelForURL: _viewURL];
|
channel = [cm acquireOpenChannelForURL: _viewURL];
|
||||||
if (channel)
|
if (channel)
|
||||||
|
@ -237,6 +238,7 @@
|
||||||
|
|
||||||
response = nil;
|
response = nil;
|
||||||
|
|
||||||
|
theID = [theID stringByReplacingString: @"'" withString: @"''"];
|
||||||
cm = [GCSChannelManager defaultChannelManager];
|
cm = [GCSChannelManager defaultChannelManager];
|
||||||
channel = [cm acquireOpenChannelForURL: _viewURL];
|
channel = [cm acquireOpenChannelForURL: _viewURL];
|
||||||
if (channel)
|
if (channel)
|
||||||
|
@ -348,6 +350,8 @@
|
||||||
if (channel)
|
if (channel)
|
||||||
{
|
{
|
||||||
lowerFilter = [filter lowercaseString];
|
lowerFilter = [filter lowercaseString];
|
||||||
|
lowerFilter = [lowerFilter stringByReplacingString: @"'" withString: @"''"];
|
||||||
|
|
||||||
sql = [NSString stringWithFormat: (@"SELECT *"
|
sql = [NSString stringWithFormat: (@"SELECT *"
|
||||||
@" FROM %@"
|
@" FROM %@"
|
||||||
@" WHERE LOWER(c_cn) LIKE '%%%@%%'"
|
@" WHERE LOWER(c_cn) LIKE '%%%@%%'"
|
||||||
|
|
Loading…
Reference in a new issue