tasque r155 - in trunk: . src/Backends/Sqlite

From: sharm svn gnome org
To: svn-commits-list gnome org
Subject: tasque r155 - in trunk: . src/Backends/Sqlite
Date: Sun, 26 Oct 2008 15:34:29 +0000 (UTC)

Author: sharm
Date: Sun Oct 26 15:34:28 2008
New Revision: 155
URL: http://svn.gnome.org/viewvc/tasque?rev=155&view=rev

Log:
* tasque/src/Backends/Sqlite/SqliteTask.cs: Sanitize task name text
  before inserting into database.  Fixes crasher bug #537911.  Thanks
  to Geert van Dijk and Loganathan Subramaniam for their assistance
  with this patch.

* tasque/src/Backends/Sqlite/SqliteBackend.cs: Add SanitizeText method,
  which currently just replaces single apostrophes with
  double-apostrophes.

Modified:
   trunk/ChangeLog
   trunk/src/Backends/Sqlite/SqliteBackend.cs
   trunk/src/Backends/Sqlite/SqliteTask.cs

Modified: trunk/src/Backends/Sqlite/SqliteBackend.cs
==============================================================================
--- trunk/src/Backends/Sqlite/SqliteBackend.cs	(original)
+++ trunk/src/Backends/Sqlite/SqliteBackend.cs	Sun Oct 26 15:34:28 2008
@@ -159,6 +159,17 @@
 			// so that the Preferences Dialog doesn't waste space.
 			return new Gtk.Label ("Local file requires no configuration.");
 		}
+
+		/// <summary>
+		/// Given some text to be input into the database, do whatever
+		/// processing is required to make sure special characters are
+		/// escaped, etc.
+		/// </summary>
+		public string SanitizeText (string text)
+		{
+			return text.Replace ("'", "''");
+		}
+		
 		#endregion // Public Methods
 		
 		#region Private Methods

Modified: trunk/src/Backends/Sqlite/SqliteTask.cs
==============================================================================
--- trunk/src/Backends/Sqlite/SqliteTask.cs	(original)
+++ trunk/src/Backends/Sqlite/SqliteTask.cs	Sun Oct 26 15:34:28 2008
@@ -15,6 +15,7 @@
 		public SqliteTask(SqliteBackend backend, string name)
 		{
 			this.backend = backend;
+			name = backend.SanitizeText (name);
 			string command = String.Format("INSERT INTO Tasks (Name, DueDate, CompletionDate, Priority, State, Category, ExternalID) values ('{0}','{1}', '{2}','{3}', '{4}', '{5}', '{6}')", 
 								name, Database.FromDateTime(DateTime.MinValue), Database.FromDateTime(DateTime.MinValue), 
 								((int)(TaskPriority.None)), ((int)TaskState.Active), 0, string.Empty );
@@ -48,7 +49,8 @@
 				return backend.Database.GetSingleString(command);
 			}
 			set {
-				string command = String.Format("UPDATE Tasks set Name='{0}' where ID='{1}'", value, id);
+				string name = backend.SanitizeText (value);
+				string command = String.Format("UPDATE Tasks set Name='{0}' where ID='{1}'", name, id);
 				backend.Database.ExecuteScalar(command);
 				backend.UpdateTask(this);
 			}

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]