sql wansn't escaped on inserting package sources

2025-02-03 10:43:03 +01:00 · 2006-11-23 19:24:08 +00:00 · 2006-11-23 19:24:08 +00:00 · 89d6607684
commit 89d6607684
parent a103c7b14c
1 changed files with 1 additions and 1 deletions
--- a/tupkg/update/tupkgupdate
+++ b/tupkg/update/tupkgupdate
@ -162,7 +162,7 @@ class PackageDatabase:
    # PackageSources
    for source in package.sources:
      q.execute("INSERT INTO PackageSources (PackageID, Source) " + 
-        "VALUES (" + str(id) + ", '" + source + "')")
+        "VALUES (" + str(id) + ", '" + MySQLdb.escape_string(source) + "')")
    # PackageDepends
    for dep in package.depends:
      depid = self.lookupOrDummy(dep)