Prevent us from sql injecting ourselves on backup/restore

Fixes #7478
fork-5.53.8
Moxie Marlinspike 2018-03-08 16:39:57 -08:00
rodzic 9fb67b9f03
commit a2d04f4806
1 zmienionych plików z 1 dodań i 1 usunięć

Wyświetl plik

@ -143,7 +143,7 @@ public class FullBackupExporter extends FullBackupBase {
for (int i=0;i<cursor.getColumnCount();i++) {
if (cursor.getType(i) == Cursor.FIELD_TYPE_STRING) {
statement.append('\'');
statement.append(cursor.getString(i));
statement.append(cursor.getString(i).replace("'", "\\'"));
statement.append('\'');
} else if (cursor.getType(i) == Cursor.FIELD_TYPE_FLOAT) {
statement.append(cursor.getFloat(i));