diff options
author | Melanie | 2009-12-26 23:39:02 +0000 |
---|---|---|
committer | Melanie | 2009-12-26 23:39:02 +0000 |
commit | f5c310d9d4561315860dc441a3c55c7595fa15e4 (patch) | |
tree | fd54960cf025e64c740f92409c3293df73a495d3 /OpenSim | |
parent | Make sure that we're not bounds checking attachments. 'Cos otherwise your hai... (diff) | |
parent | Close a SQL injection loophole in the new database driver (diff) | |
download | opensim-SC-f5c310d9d4561315860dc441a3c55c7595fa15e4.zip opensim-SC-f5c310d9d4561315860dc441a3c55c7595fa15e4.tar.gz opensim-SC-f5c310d9d4561315860dc441a3c55c7595fa15e4.tar.bz2 opensim-SC-f5c310d9d4561315860dc441a3c55c7595fa15e4.tar.xz |
Merge branch 'master' into careminster
Diffstat (limited to 'OpenSim')
-rw-r--r-- | OpenSim/Data/MySQL/MySQLGenericTableHandler.cs | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/OpenSim/Data/MySQL/MySQLGenericTableHandler.cs b/OpenSim/Data/MySQL/MySQLGenericTableHandler.cs index 4dfc324..58b95d7 100644 --- a/OpenSim/Data/MySQL/MySQLGenericTableHandler.cs +++ b/OpenSim/Data/MySQL/MySQLGenericTableHandler.cs | |||
@@ -216,11 +216,12 @@ namespace OpenSim.Data.MySQL | |||
216 | foreach (KeyValuePair<string, string> kvp in data) | 216 | foreach (KeyValuePair<string, string> kvp in data) |
217 | { | 217 | { |
218 | names.Add(kvp.Key); | 218 | names.Add(kvp.Key); |
219 | values.Add(kvp.Value); | 219 | values.Add("?" + kvp.Key); |
220 | cmd.Parameters.AddWithValue("?" + kvp.Key, kvp.Value); | ||
220 | } | 221 | } |
221 | } | 222 | } |
222 | 223 | ||
223 | query = String.Format("replace into {0} (`", m_Realm) + String.Join("`,`", names.ToArray()) + "`) values ('" + String.Join("','", values.ToArray()) + "')"; | 224 | query = String.Format("replace into {0} (`", m_Realm) + String.Join("`,`", names.ToArray()) + "`) values (" + String.Join(",", values.ToArray()) + ")"; |
224 | 225 | ||
225 | cmd.CommandText = query; | 226 | cmd.CommandText = query; |
226 | 227 | ||