[asterisk-addons-commits] tilghman: branch 1.4 r466 - in /branches/1.4: ./ cdr_addon_mysql.c

SVN commits to the Asterisk addons project asterisk-addons-commits at lists.digium.com
Tue Oct 16 18:09:27 CDT 2007 

Author: tilghman
Date: Tue Oct 16 18:09:26 2007
New Revision: 466

URL: http://svn.digium.com/view/asterisk-addons?view=rev&rev=466
Log:
Merged revisions 465 via svnmerge from 
https://origsvn.digium.com/svn/asterisk-addons/branches/1.2

........
r465 | tilghman | 2007-10-16 16:48:04 -0500 (Tue, 16 Oct 2007) | 2 lines

Escape all text-based fields for the insert (fixes AST-2007-023)

........

Modified:
    branches/1.4/   (props changed)
    branches/1.4/cdr_addon_mysql.c

Propchange: branches/1.4/
------------------------------------------------------------------------------
--- branch-1.2-merged (original)
+++ branch-1.2-merged Tue Oct 16 18:09:26 2007
@@ -1,1 +1,1 @@
-/branches/1.2:1-183,209,211,257-258,264,268-273,305-328,332-336,339-344,346-351,357,404
+/branches/1.2:1-183,209,211,257-258,264,268-273,305-328,332-336,339-344,346-351,357,404,465

Modified: branches/1.4/cdr_addon_mysql.c
URL: http://svn.digium.com/view/asterisk-addons/branches/1.4/cdr_addon_mysql.c?view=diff&rev=466&r1=465&r2=466
==============================================================================
--- branches/1.4/cdr_addon_mysql.c (original)
+++ branches/1.4/cdr_addon_mysql.c Tue Oct 16 18:09:26 2007
@@ -119,7 +119,7 @@
 	struct ast_module_user *u;
 	char *userfielddata = NULL;
 	char sqlcmd[2048], timestr[128];
-	char *clid=NULL, *dcontext=NULL, *channel=NULL, *dstchannel=NULL, *lastapp=NULL, *lastdata=NULL;
+	char *clid=NULL, *dcontext=NULL, *channel=NULL, *dstchannel=NULL, *lastapp=NULL, *lastdata=NULL, *src=NULL, *dst=NULL, *accountcode=NULL;
 	int retries = 5;
 #ifdef MYSQL_LOGUNIQUEID
 	char *uniqueid = NULL;
@@ -189,6 +189,12 @@
 		mysql_escape_string(lastapp, cdr->lastapp, strlen(cdr->lastapp));
 	if ((lastdata = alloca(strlen(cdr->lastdata) * 2 + 1)) != NULL)
 		mysql_escape_string(lastdata, cdr->lastdata, strlen(cdr->lastdata));
+	if ((src = alloca(strlen(cdr->src) * 2 + 1)) != NULL)
+		mysql_escape_string(src, cdr->src, strlen(cdr->src));
+	if ((dst = alloca(strlen(cdr->dst) * 2 + 1)) != NULL)
+		mysql_escape_string(dst, cdr->dst, strlen(cdr->dst));
+	if ((accountcode = alloca(strlen(cdr->accountcode) * 2 + 1)) != NULL)
+		mysql_escape_string(accountcode, cdr->accountcode, strlen(cdr->accountcode));
 #ifdef MYSQL_LOGUNIQUEID
 	if ((uniqueid = alloca(strlen(cdr->uniqueid) * 2 + 1)) != NULL)
 		mysql_escape_string(uniqueid, cdr->uniqueid, strlen(cdr->uniqueid));
@@ -198,9 +204,9 @@
 
 	/* Check for all alloca failures above at once */
 #ifdef MYSQL_LOGUNIQUEID
-	if ((!clid) || (!dcontext) || (!channel) || (!dstchannel) || (!lastapp) || (!lastdata) || (!uniqueid)) {
+	if ((!clid) || (!dcontext) || (!channel) || (!dstchannel) || (!lastapp) || (!lastdata) || (!uniqueid) || !(src) || (!dst) || (!accountcode)) {
 #else
-	if ((!clid) || (!dcontext) || (!channel) || (!dstchannel) || (!lastapp) || (!lastdata)) {
+	if ((!clid) || (!dcontext) || (!channel) || (!dstchannel) || (!lastapp) || (!lastdata) || !(src) || (!dst) || (!accountcode)) {
 #endif
 		ast_log(LOG_ERROR, "cdr_mysql:  Out of memory error (insert fails)\n");
 		ast_mutex_unlock(&mysql_lock);
@@ -212,15 +218,15 @@
 
 	if (userfield && userfielddata) {
 #ifdef MYSQL_LOGUNIQUEID
-		sprintf(sqlcmd, "INSERT INTO %s (calldate,clid,src,dst,dcontext,channel,dstchannel,lastapp,lastdata,duration,billsec,disposition,amaflags,accountcode,uniqueid,userfield) VALUES ('%s','%s','%s','%s','%s', '%s','%s','%s','%s',%i,%i,'%s',%i,'%s','%s','%s')", dbtable, timestr, clid, cdr->src, cdr->dst, dcontext, channel, dstchannel, lastapp, lastdata, cdr->duration, cdr->billsec, ast_cdr_disp2str(cdr->disposition), cdr->amaflags, cdr->accountcode, uniqueid, userfielddata);
+		sprintf(sqlcmd, "INSERT INTO %s (calldate,clid,src,dst,dcontext,channel,dstchannel,lastapp,lastdata,duration,billsec,disposition,amaflags,accountcode,uniqueid,userfield) VALUES ('%s','%s','%s','%s','%s', '%s','%s','%s','%s',%i,%i,'%s',%i,'%s','%s','%s')", dbtable, timestr, clid, src, dst, dcontext, channel, dstchannel, lastapp, lastdata, cdr->duration, cdr->billsec, ast_cdr_disp2str(cdr->disposition), cdr->amaflags, accountcode, uniqueid, userfielddata);
 #else
-		sprintf(sqlcmd, "INSERT INTO %s (calldate,clid,src,dst,dcontext,channel,dstchannel,lastapp,lastdata,duration,billsec,disposition,amaflags,accountcode,userfield) VALUES ('%s','%s','%s','%s','%s', '%s','%s','%s','%s',%i,%i,'%s',%i,'%s','%s')", dbtable, timestr, clid, cdr->src, cdr->dst, dcontext,channel, dstchannel, lastapp, lastdata, cdr->duration, cdr->billsec, ast_cdr_disp2str(cdr->disposition), cdr->amaflags, cdr->accountcode, userfielddata);
+		sprintf(sqlcmd, "INSERT INTO %s (calldate,clid,src,dst,dcontext,channel,dstchannel,lastapp,lastdata,duration,billsec,disposition,amaflags,accountcode,userfield) VALUES ('%s','%s','%s','%s','%s', '%s','%s','%s','%s',%i,%i,'%s',%i,'%s','%s')", dbtable, timestr, clid, src, dst, dcontext, channel, dstchannel, lastapp, lastdata, cdr->duration, cdr->billsec, ast_cdr_disp2str(cdr->disposition), cdr->amaflags, accountcode, userfielddata);
 #endif
 	} else {
 #ifdef MYSQL_LOGUNIQUEID
-		sprintf(sqlcmd, "INSERT INTO %s (calldate,clid,src,dst,dcontext,channel,dstchannel,lastapp,lastdata,duration,billsec,disposition,amaflags,accountcode,uniqueid) VALUES ('%s','%s','%s','%s','%s', '%s','%s','%s','%s',%i,%i,'%s',%i,'%s','%s')", dbtable, timestr, clid, cdr->src, cdr->dst, dcontext,channel, dstchannel, lastapp, lastdata, cdr->duration, cdr->billsec, ast_cdr_disp2str(cdr->disposition), cdr->amaflags, cdr->accountcode, uniqueid);
+		sprintf(sqlcmd, "INSERT INTO %s (calldate,clid,src,dst,dcontext,channel,dstchannel,lastapp,lastdata,duration,billsec,disposition,amaflags,accountcode,uniqueid) VALUES ('%s','%s','%s','%s','%s', '%s','%s','%s','%s',%i,%i,'%s',%i,'%s','%s')", dbtable, timestr, clid, src, dst, dcontext, channel, dstchannel, lastapp, lastdata, cdr->duration, cdr->billsec, ast_cdr_disp2str(cdr->disposition), cdr->amaflags, accountcode, uniqueid);
 #else
-		sprintf(sqlcmd, "INSERT INTO %s (calldate,clid,src,dst,dcontext,channel,dstchannel,lastapp,lastdata,duration,billsec,disposition,amaflags,accountcode) VALUES ('%s','%s','%s','%s','%s', '%s','%s','%s','%s',%i,%i,'%s',%i,'%s')", dbtable, timestr, clid, cdr->src, cdr->dst, dcontext, channel, dstchannel, lastapp, lastdata, cdr->duration, cdr->billsec, ast_cdr_disp2str(cdr->disposition), cdr->amaflags, cdr->accountcode);
+		sprintf(sqlcmd, "INSERT INTO %s (calldate,clid,src,dst,dcontext,channel,dstchannel,lastapp,lastdata,duration,billsec,disposition,amaflags,accountcode) VALUES ('%s','%s','%s','%s','%s', '%s','%s','%s','%s',%i,%i,'%s',%i,'%s')", dbtable, timestr, clid, src, dst, dcontext, channel, dstchannel, lastapp, lastdata, cdr->duration, cdr->billsec, ast_cdr_disp2str(cdr->disposition), cdr->amaflags, accountcode);
 #endif
 	}

More information about the asterisk-addons-commits mailing list