From 3f4f07d3267a82903bdab42d15a29e341f913cff Mon Sep 17 00:00:00 2001 From: Yann Leboulanger Date: Thu, 3 Dec 2009 18:59:10 +0100 Subject: [PATCH] correctly escape msgs when we search in database --- src/common/logger.py | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/src/common/logger.py b/src/common/logger.py index c853287b0..9fd3e2dd2 100644 --- a/src/common/logger.py +++ b/src/common/logger.py @@ -1005,15 +1005,14 @@ class Logger: elif direction == 'to': type_ = 'chat_msg_sent' jid_id = self.get_jid_id(with_) - where_sql = 'jid_id = %s AND message="%s"' % (jid_id, msg) + where_sql = 'jid_id = %s AND message=?' % (jid_id) if type_ == 'gc_msg': # We cannot differentiate gc message and pm messages, so look in both # logs with_2 = gajim.get_jid_without_resource(with_) if with_ != with_2: jid_id2 = self.get_jid_id(with_2) - where_sql = 'jid_id in (%s, %s) AND message="%s"' % (jid_id, - jid_id2, msg) + where_sql = 'jid_id in (%s, %s) AND message=?' % (jid_id, jid_id2) start_time = time_col - 300 # 5 minutes arrount given time end_time = time_col + 300 # 5 minutes arrount given time self.cur.execute(''' @@ -1021,7 +1020,7 @@ class Logger: WHERE (%s) AND time BETWEEN %d AND %d ORDER BY time - ''' % (where_sql, start_time, end_time)) + ''' % (where_sql, start_time, end_time), (msg,)) results = self.cur.fetchall() if results: log.debug('Log already in DB, ignoring it')