external/aurweb
0
0
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/aurweb.git synced 2025-02-03 10:43:03 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

sql wansn't escaped on inserting package sources

Browse source
This commit is contained in:
simo 2006-11-23 19:24:08 +00:00
parent a103c7b14c
commit 89d6607684
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
tupkg/update/tupkgupdate
View file

@ -162,7 +162,7 @@ class PackageDatabase:
# PackageSources # PackageSources
for source in package.sources: for source in package.sources:
q.execute("INSERT INTO PackageSources (PackageID, Source) " + q.execute("INSERT INTO PackageSources (PackageID, Source) " +
"VALUES (" + str(id) + ", '" + source + "')") "VALUES (" + str(id) + ", '" + MySQLdb.escape_string(source) + "')")
# PackageDepends # PackageDepends
for dep in package.depends: for dep in package.depends:
depid = self.lookupOrDummy(dep) depid = self.lookupOrDummy(dep)