[evolution-data-server] Bug 603689 - Improper escaping of folder name

[Lucian Langa <lucilanga src gnome org>]

commit 2ff37e08421ffa43768c0b85467ec441dc9857e9
Author: Lucian Langa <lucilanga gnome org>
Date:   Fri Dec 4 17:30:52 2009 +0200

    Bug 603689 -  Improper escaping of folder name

 camel/camel-db.c |   14 +++++++-------
 1 files changed, 7 insertions(+), 7 deletions(-)
---
diff --git a/camel/camel-db.c b/camel/camel-db.c
index 53dba96..67a692c 100644
--- a/camel/camel-db.c
+++ b/camel/camel-db.c
@@ -1143,12 +1143,12 @@ camel_db_create_message_info_table (CamelDB *cdb, const gchar *folder_name, Came
 	ret = camel_db_add_to_transaction (cdb, table_creation_query, ex);
 	sqlite3_free (table_creation_query);
 
-	table_creation_query = sqlite3_mprintf ("CREATE TABLE IF NOT EXISTS '%s_bodystructure' (  uid TEXT PRIMARY KEY , bodystructure TEXT )", folder_name);
+	table_creation_query = sqlite3_mprintf ("CREATE TABLE IF NOT EXISTS '%q_bodystructure' (  uid TEXT PRIMARY KEY , bodystructure TEXT )", folder_name);
 	ret = camel_db_add_to_transaction (cdb, table_creation_query, ex);
 	sqlite3_free (table_creation_query);
 
 	/* Create message preview table. */
-	table_creation_query = sqlite3_mprintf ("CREATE TABLE IF NOT EXISTS '%s_preview' (  uid TEXT PRIMARY KEY , preview TEXT)", folder_name);
+	table_creation_query = sqlite3_mprintf ("CREATE TABLE IF NOT EXISTS '%q_preview' (  uid TEXT PRIMARY KEY , preview TEXT)", folder_name);
 	ret = camel_db_add_to_transaction (cdb, table_creation_query, ex);
 	sqlite3_free (table_creation_query);
 
@@ -1161,7 +1161,7 @@ camel_db_create_message_info_table (CamelDB *cdb, const gchar *folder_name, Came
 
 	/* INDEX on preview */
 	safe_index = g_strdup_printf("SINDEX-%s-preview", folder_name);
-	table_creation_query = sqlite3_mprintf ("CREATE INDEX IF NOT EXISTS %Q ON '%s_preview' (uid, preview)", safe_index, folder_name);
+	table_creation_query = sqlite3_mprintf ("CREATE INDEX IF NOT EXISTS %Q ON '%q_preview' (uid, preview)", safe_index, folder_name);
 	ret = camel_db_add_to_transaction (cdb, table_creation_query, ex);
 	g_free (safe_index);
 	sqlite3_free (table_creation_query);
@@ -1403,7 +1403,7 @@ write_mir (CamelDB *cdb, const gchar *folder_name, CamelMIRecord *record, CamelE
 	sqlite3_free (ins_query);
 
 	if (ret == 0) {
-		ins_query = sqlite3_mprintf ("INSERT OR REPLACE INTO '%s_bodystructure' VALUES (%Q, %Q )",
+		ins_query = sqlite3_mprintf ("INSERT OR REPLACE INTO '%q_bodystructure' VALUES (%Q, %Q )",
 				folder_name, record->uid, record->bodystructure);
 		ret = camel_db_add_to_transaction (cdb, ins_query, ex);
 		sqlite3_free (ins_query);
@@ -1578,7 +1578,7 @@ camel_db_delete_uid (CamelDB *cdb, const gchar *folder, const gchar *uid, CamelE
 
 	ret = camel_db_trim_deleted_table (cdb, ex);
 
-	tab = sqlite3_mprintf ("DELETE FROM '%s_bodystructure' WHERE uid = %Q", folder, uid);
+	tab = sqlite3_mprintf ("DELETE FROM '%q_bodystructure' WHERE uid = %Q", folder, uid);
 	ret = camel_db_add_to_transaction (cdb, tab, ex);
 	sqlite3_free (tab);
 
@@ -1690,7 +1690,7 @@ camel_db_clear_folder_summary (CamelDB *cdb, gchar *folder, CamelException *ex)
 
 	folders_del = sqlite3_mprintf ("DELETE FROM folders WHERE folder_name = %Q", folder);
 	msginfo_del = sqlite3_mprintf ("DELETE FROM %Q ", folder);
-	bstruct_del = sqlite3_mprintf ("DELETE FROM '%s_bodystructure' ", folder);
+	bstruct_del = sqlite3_mprintf ("DELETE FROM '%q_bodystructure' ", folder);
 
 	camel_db_begin_transaction (cdb, ex);
 
@@ -1740,7 +1740,7 @@ camel_db_delete_folder (CamelDB *cdb, const gchar *folder, CamelException *ex)
 	ret = camel_db_add_to_transaction (cdb, del, ex);
 	sqlite3_free (del);
 
-	del = sqlite3_mprintf ("DROP TABLE '%s_bodystructure' ", folder);
+	del = sqlite3_mprintf ("DROP TABLE '%q_bodystructure' ", folder);
 	ret = camel_db_add_to_transaction (cdb, del, ex);
 	sqlite3_free (del);