[asterisk-addons-commits] tilghman: trunk r471 - in /trunk: ./ cdr_addon_mysql.c

SVN commits to the Asterisk addons project asterisk-addons-commits at lists.digium.com
Tue Oct 16 18:48:30 CDT 2007 

Author: tilghman
Date: Tue Oct 16 18:48:29 2007
New Revision: 471

URL: http://svn.digium.com/view/asterisk-addons?view=rev&rev=471
Log:
Merged revisions 466 via svnmerge from 
https://origsvn.digium.com/svn/asterisk-addons/branches/1.4

................
r466 | tilghman | 2007-10-16 18:09:26 -0500 (Tue, 16 Oct 2007) | 10 lines

Merged revisions 465 via svnmerge from 
https://origsvn.digium.com/svn/asterisk-addons/branches/1.2

........
r465 | tilghman | 2007-10-16 16:48:04 -0500 (Tue, 16 Oct 2007) | 2 lines

Escape all text-based fields for the insert (fixes AST-2007-023)

........

................

Modified:
    trunk/   (props changed)
    trunk/cdr_addon_mysql.c

Propchange: trunk/
------------------------------------------------------------------------------
--- branch-1.4-merged (original)
+++ branch-1.4-merged Tue Oct 16 18:48:29 2007
@@ -1,1 +1,1 @@
-/branches/1.4:1-299,308,310,317,319,329,342,348,358,380,382,387,389,398,405,410,414,417,423,428
+/branches/1.4:1-299,308,310,317,319,329,342,348,358,380,382,387,389,398,405,410,414,417,423,428,466

Modified: trunk/cdr_addon_mysql.c
URL: http://svn.digium.com/view/asterisk-addons/trunk/cdr_addon_mysql.c?view=diff&rev=471&r1=470&r2=471
==============================================================================
--- trunk/cdr_addon_mysql.c (original)
+++ trunk/cdr_addon_mysql.c Tue Oct 16 18:48:29 2007
@@ -136,7 +136,7 @@
 	struct ast_tm tm;
 	char *userfielddata = NULL;
 	char sqlcmd[2048], timestr[128];
-	char *clid=NULL, *dcontext=NULL, *channel=NULL, *dstchannel=NULL, *lastapp=NULL, *lastdata=NULL, *tmp;
+	char *clid=NULL, *dcontext=NULL, *channel=NULL, *dstchannel=NULL, *lastapp=NULL, *lastdata=NULL, *src=NULL, *dst=NULL, *accountcode=NULL, *tmp;
 	int retries = 5;
 	char *uniqueid = NULL;
 
@@ -212,9 +212,15 @@
 		mysql_escape_string(uniqueid, cdr->uniqueid, strlen(cdr->uniqueid));
 	if (userfield && ((userfielddata = alloca(strlen(cdr->userfield) * 2 + 1)) != NULL))
 		mysql_escape_string(userfielddata, cdr->userfield, strlen(cdr->userfield));
+	if (src && ((src = alloca(strlen(cdr->src) * 2 + 1)) != NULL))
+		mysql_escape_string(src, cdr->src, strlen(cdr->src));
+	if (dst && ((dst = alloca(strlen(cdr->dst) * 2 + 1)) != NULL))
+		mysql_escape_string(dst, cdr->dst, strlen(cdr->dst));
+	if (accountcode && ((accountcode = alloca(strlen(cdr->accountcode) * 2 + 1)) != NULL))
+		mysql_escape_string(accountcode, cdr->accountcode, strlen(cdr->accountcode));
 
 	/* Check for all alloca failures above at once */
-	if ((!clid) || (!dcontext) || (!channel) || (!dstchannel) || (!lastapp) || (!lastdata) || (loguniqueid && !uniqueid)) {
+	if ((!clid) || (!dcontext) || (!channel) || (!dstchannel) || (!lastapp) || (!lastdata) || (!src) || (!dst) || (!accountcode) || (loguniqueid && !uniqueid)) {
 		ast_log(LOG_ERROR, "cdr_mysql:  Out of memory error (insert fails)\n");
 		ast_mutex_unlock(&mysql_lock);
 		return -1;
@@ -224,14 +230,14 @@
 
 	if (userfield && userfielddata) {
 		if (loguniqueid)
-			snprintf(sqlcmd, sizeof(sqlcmd), "INSERT INTO %s (%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s) VALUES ('%s','%s','%s','%s','%s', '%s','%s','%s','%s',%ld,%ld,'%s',%ld,'%s','%s','%s')", dbtable->str, calldate_field->str, clid_field->str, src_field->str, dst_field->str, dcontext_field->str, channel_field->str, dstchannel_field->str, lastapp_field->str, lastdata_field->str, duration_field->str, billsec_field->str, disposition_field->str, amaflags_field->str, accountcode_field->str, uniqueid_field->str, userfield_field->str, timestr, clid, cdr->src, cdr->dst, dcontext, channel, dstchannel, lastapp, lastdata, cdr->duration, cdr->billsec, ast_cdr_disp2str(cdr->disposition), cdr->amaflags, cdr->accountcode, uniqueid, userfielddata);
+			snprintf(sqlcmd, sizeof(sqlcmd), "INSERT INTO %s (%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s) VALUES ('%s','%s','%s','%s','%s', '%s','%s','%s','%s',%ld,%ld,'%s',%ld,'%s','%s','%s')", dbtable->str, calldate_field->str, clid_field->str, src_field->str, dst_field->str, dcontext_field->str, channel_field->str, dstchannel_field->str, lastapp_field->str, lastdata_field->str, duration_field->str, billsec_field->str, disposition_field->str, amaflags_field->str, accountcode_field->str, uniqueid_field->str, userfield_field->str, timestr, clid, src, dst, dcontext, channel, dstchannel, lastapp, lastdata, cdr->duration, cdr->billsec, ast_cdr_disp2str(cdr->disposition), cdr->amaflags, accountcode, uniqueid, userfielddata);
 		else	
-			snprintf(sqlcmd, sizeof(sqlcmd), "INSERT INTO %s (%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s) VALUES ('%s','%s','%s','%s','%s', '%s','%s','%s','%s',%ld,%ld,'%s',%ld,'%s','%s')",  dbtable->str, calldate_field->str, clid_field->str, src_field->str, dst_field->str, dcontext_field->str, channel_field->str, dstchannel_field->str, lastapp_field->str, lastdata_field->str, duration_field->str, billsec_field->str, disposition_field->str, amaflags_field->str, accountcode_field->str, userfield_field->str, timestr, clid, cdr->src, cdr->dst, dcontext, channel, dstchannel, lastapp, lastdata, cdr->duration, cdr->billsec, ast_cdr_disp2str(cdr->disposition), cdr->amaflags, cdr->accountcode, userfielddata);
+			snprintf(sqlcmd, sizeof(sqlcmd), "INSERT INTO %s (%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s) VALUES ('%s','%s','%s','%s','%s', '%s','%s','%s','%s',%ld,%ld,'%s',%ld,'%s','%s')",  dbtable->str, calldate_field->str, clid_field->str, src_field->str, dst_field->str, dcontext_field->str, channel_field->str, dstchannel_field->str, lastapp_field->str, lastdata_field->str, duration_field->str, billsec_field->str, disposition_field->str, amaflags_field->str, accountcode_field->str, userfield_field->str, timestr, clid, src, dst, dcontext, channel, dstchannel, lastapp, lastdata, cdr->duration, cdr->billsec, ast_cdr_disp2str(cdr->disposition), cdr->amaflags, accountcode, userfielddata);
 	} else {
 		if (loguniqueid)
-			snprintf(sqlcmd, sizeof(sqlcmd), "INSERT INTO %s (%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s) VALUES ('%s','%s','%s','%s','%s', '%s','%s','%s','%s',%ld,%ld,'%s',%ld,'%s','%s')", dbtable->str, calldate_field->str, clid_field->str, src_field->str, dst_field->str, dcontext_field->str, channel_field->str, dstchannel_field->str, lastapp_field->str, lastdata_field->str, duration_field->str, billsec_field->str, disposition_field->str, amaflags_field->str, accountcode_field->str, uniqueid_field->str, timestr, clid, cdr->src, cdr->dst, dcontext,channel, dstchannel, lastapp, lastdata, cdr->duration, cdr->billsec, ast_cdr_disp2str(cdr->disposition), cdr->amaflags, cdr->accountcode, uniqueid);
+			snprintf(sqlcmd, sizeof(sqlcmd), "INSERT INTO %s (%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s) VALUES ('%s','%s','%s','%s','%s', '%s','%s','%s','%s',%ld,%ld,'%s',%ld,'%s','%s')", dbtable->str, calldate_field->str, clid_field->str, src_field->str, dst_field->str, dcontext_field->str, channel_field->str, dstchannel_field->str, lastapp_field->str, lastdata_field->str, duration_field->str, billsec_field->str, disposition_field->str, amaflags_field->str, accountcode_field->str, uniqueid_field->str, timestr, clid, src, dst, dcontext,channel, dstchannel, lastapp, lastdata, cdr->duration, cdr->billsec, ast_cdr_disp2str(cdr->disposition), cdr->amaflags, accountcode, uniqueid);
 		else	
-			snprintf(sqlcmd, sizeof(sqlcmd), "INSERT INTO %s (%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s) VALUES ('%s','%s','%s','%s','%s', '%s','%s','%s','%s',%ld,%ld,'%s',%ld,'%s')", dbtable->str, calldate_field->str, clid_field->str, src_field->str, dst_field->str, dcontext_field->str, channel_field->str, dstchannel_field->str, lastapp_field->str, lastdata_field->str, duration_field->str, billsec_field->str, disposition_field->str, amaflags_field->str, accountcode_field->str, timestr, clid, cdr->src, cdr->dst, dcontext,channel, dstchannel, lastapp, lastdata, cdr->duration, cdr->billsec, ast_cdr_disp2str(cdr->disposition), cdr->amaflags, cdr->accountcode);
+			snprintf(sqlcmd, sizeof(sqlcmd), "INSERT INTO %s (%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s) VALUES ('%s','%s','%s','%s','%s', '%s','%s','%s','%s',%ld,%ld,'%s',%ld,'%s')", dbtable->str, calldate_field->str, clid_field->str, src_field->str, dst_field->str, dcontext_field->str, channel_field->str, dstchannel_field->str, lastapp_field->str, lastdata_field->str, duration_field->str, billsec_field->str, disposition_field->str, amaflags_field->str, accountcode_field->str, timestr, clid, src, dst, dcontext, channel, dstchannel, lastapp, lastdata, cdr->duration, cdr->billsec, ast_cdr_disp2str(cdr->disposition), cdr->amaflags, accountcode);
 	}
 	
 	ast_debug(1, "cdr_mysql: SQL command as follows: %s\n", sqlcmd);

More information about the asterisk-addons-commits mailing list