[Asterisk-code-review] func_odbc: Add SQL_ESC_BACKSLASHES dialplan function. (asterisk[certified/16.8])
Friendly Automation
asteriskteam at digium.com
Thu Apr 14 12:12:21 CDT 2022
Friendly Automation has uploaded this change for review. ( https://gerrit.asterisk.org/c/asterisk/+/18376 )
Change subject: func_odbc: Add SQL_ESC_BACKSLASHES dialplan function.
......................................................................
func_odbc: Add SQL_ESC_BACKSLASHES dialplan function.
Some databases depending on their configuration using backslashes
for escaping. When combined with the use of ' this can result in
a broken func_odbc query.
This change adds a SQL_ESC_BACKSLASHES dialplan function which can
be used to escape the backslashes.
This is done as a dialplan function instead of being always done
as some databases do not require this, and always doing it would
result in incorrect data being put into the database.
ASTERISK-29838
Change-Id: I152bf34899b96ddb09cca3e767254d8d78f0c83d
---
M configs/samples/func_odbc.conf.sample
A doc/CHANGES-staging/func_odbc_esc_backslashes.txt
M funcs/func_odbc.c
3 files changed, 46 insertions(+), 4 deletions(-)
git pull ssh://gerrit.asterisk.org:29418/asterisk refs/changes/76/18376/1
diff --git a/configs/samples/func_odbc.conf.sample b/configs/samples/func_odbc.conf.sample
index 706b9ce..32fb68b 100644
--- a/configs/samples/func_odbc.conf.sample
+++ b/configs/samples/func_odbc.conf.sample
@@ -32,6 +32,10 @@
; to use the dialplan function SQL_ESC() to escape the data prior to its
; inclusion in the SQL statement.
;
+; If you have data which may potentially contain backslashes, you may wish to
+; use the dialplan function SQL_ESC_BACKSLASHES() to escape the backslashes.
+; Note that not all databases may require escaping of the backslashes.
+;
;
; The following options are available in this configuration file:
;
diff --git a/doc/CHANGES-staging/func_odbc_esc_backslashes.txt b/doc/CHANGES-staging/func_odbc_esc_backslashes.txt
new file mode 100644
index 0000000..087bb42
--- /dev/null
+++ b/doc/CHANGES-staging/func_odbc_esc_backslashes.txt
@@ -0,0 +1,7 @@
+Subject: func_odbc
+
+A SQL_ESC_BACKSLASHES dialplan function has been added which
+escapes backslashes. Usage of this is dependent on whether the
+database in use can use backslashes to escape ticks or not. If
+it can, then usage of this prevents a broken SQL query depending
+on how the SQL query is constructed.
diff --git a/funcs/func_odbc.c b/funcs/func_odbc.c
index f9fa971..e5c6944 100644
--- a/funcs/func_odbc.c
+++ b/funcs/func_odbc.c
@@ -96,6 +96,19 @@
<para>Example: SELECT foo FROM bar WHERE baz='${SQL_ESC(${ARG1})}'</para>
</description>
</function>
+ <function name="SQL_ESC_BACKSLASHES" language="en_US">
+ <synopsis>
+ Escapes backslashes for use in SQL statements.
+ </synopsis>
+ <syntax>
+ <parameter name="string" required="true" />
+ </syntax>
+ <description>
+ <para>Used in SQL templates to escape data which may contain backslashes
+ <literal>\</literal> which are otherwise used to escape data.</para>
+ <para>Example: SELECT foo FROM bar WHERE baz='${SQL_ESC(${SQL_ESC_BACKSLASHES(${ARG1})})}'</para>
+ </description>
+ </function>
***/
static char *config = "func_odbc.conf";
@@ -1079,13 +1092,13 @@
return 0;
}
-static int acf_escape(struct ast_channel *chan, const char *cmd, char *data, char *buf, size_t len)
+static int acf_escape(struct ast_channel *chan, const char *cmd, char *data, char *buf, size_t len, char character)
{
char *out = buf;
for (; *data && out - buf < len; data++) {
- if (*data == '\'') {
- *out = '\'';
+ if (*data == character) {
+ *out = character;
out++;
}
*out++ = *data;
@@ -1095,9 +1108,25 @@
return 0;
}
+static int acf_escape_ticks(struct ast_channel *chan, const char *cmd, char *data, char *buf, size_t len)
+{
+ return acf_escape(chan, cmd, data, buf, len, '\'');
+}
+
static struct ast_custom_function escape_function = {
.name = "SQL_ESC",
- .read = acf_escape,
+ .read = acf_escape_ticks,
+ .write = NULL,
+};
+
+static int acf_escape_backslashes(struct ast_channel *chan, const char *cmd, char *data, char *buf, size_t len)
+{
+ return acf_escape(chan, cmd, data, buf, len, '\\');
+}
+
+static struct ast_custom_function escape_backslashes_function = {
+ .name = "SQL_ESC_BACKSLASHES",
+ .read = acf_escape_backslashes,
.write = NULL,
};
@@ -1831,6 +1860,7 @@
ast_config_destroy(cfg);
res |= ast_custom_function_register(&escape_function);
+ res |= ast_custom_function_register(&escape_backslashes_function);
ast_cli_register_multiple(cli_func_odbc, ARRAY_LEN(cli_func_odbc));
AST_RWLIST_UNLOCK(&queries);
@@ -1850,6 +1880,7 @@
}
res |= ast_custom_function_unregister(&escape_function);
+ res |= ast_custom_function_unregister(&escape_backslashes_function);
res |= ast_custom_function_unregister(&fetch_function);
res |= ast_unregister_application(app_odbcfinish);
ast_cli_unregister_multiple(cli_func_odbc, ARRAY_LEN(cli_func_odbc));
--
To view, visit https://gerrit.asterisk.org/c/asterisk/+/18376
To unsubscribe, or for help writing mail filters, visit https://gerrit.asterisk.org/settings
Gerrit-Project: asterisk
Gerrit-Branch: certified/16.8
Gerrit-Change-Id: I152bf34899b96ddb09cca3e767254d8d78f0c83d
Gerrit-Change-Number: 18376
Gerrit-PatchSet: 1
Gerrit-Owner: Friendly Automation
Gerrit-CC: Joshua Colp <jcolp at sangoma.com>
Gerrit-MessageType: newchange
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-code-review/attachments/20220414/e08074dd/attachment.html>
More information about the asterisk-code-review
mailing list