diff options
author | Melanie | 2009-12-26 23:38:11 +0000 |
---|---|---|
committer | Melanie | 2009-12-26 23:38:11 +0000 |
commit | 0369256720811e5247cbbe24b2f875cce259e01c (patch) | |
tree | e3dae213f6a95c919edcb9cf58a2a2283c89027f /OpenSim/Data/MySQL | |
parent | Add AvatarInterestsReply (diff) | |
download | opensim-SC-0369256720811e5247cbbe24b2f875cce259e01c.zip opensim-SC-0369256720811e5247cbbe24b2f875cce259e01c.tar.gz opensim-SC-0369256720811e5247cbbe24b2f875cce259e01c.tar.bz2 opensim-SC-0369256720811e5247cbbe24b2f875cce259e01c.tar.xz |
Close a SQL injection loophole in the new database driver
Diffstat (limited to 'OpenSim/Data/MySQL')
-rw-r--r-- | OpenSim/Data/MySQL/MySQLGenericTableHandler.cs | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/OpenSim/Data/MySQL/MySQLGenericTableHandler.cs b/OpenSim/Data/MySQL/MySQLGenericTableHandler.cs index 4dfc324..58b95d7 100644 --- a/OpenSim/Data/MySQL/MySQLGenericTableHandler.cs +++ b/OpenSim/Data/MySQL/MySQLGenericTableHandler.cs | |||
@@ -216,11 +216,12 @@ namespace OpenSim.Data.MySQL | |||
216 | foreach (KeyValuePair<string, string> kvp in data) | 216 | foreach (KeyValuePair<string, string> kvp in data) |
217 | { | 217 | { |
218 | names.Add(kvp.Key); | 218 | names.Add(kvp.Key); |
219 | values.Add(kvp.Value); | 219 | values.Add("?" + kvp.Key); |
220 | cmd.Parameters.AddWithValue("?" + kvp.Key, kvp.Value); | ||
220 | } | 221 | } |
221 | } | 222 | } |
222 | 223 | ||
223 | query = String.Format("replace into {0} (`", m_Realm) + String.Join("`,`", names.ToArray()) + "`) values ('" + String.Join("','", values.ToArray()) + "')"; | 224 | query = String.Format("replace into {0} (`", m_Realm) + String.Join("`,`", names.ToArray()) + "`) values (" + String.Join(",", values.ToArray()) + ")"; |
224 | 225 | ||
225 | cmd.CommandText = query; | 226 | cmd.CommandText = query; |
226 | 227 | ||