[asterisk-commits] twilson: branch twilson/res_config_sqlite3 r334568 - /team/twilson/res_config...

[SVN commits to the Asterisk project]

Author: twilson
Date: Tue Sep  6 16:35:56 2011
New Revision: 334568

URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=334568
Log:
Don't crash on NULL field values and handle escaping quotes ourselves.

Modified:
    team/twilson/res_config_sqlite3/res/res_config_sqlite3.c

Modified: team/twilson/res_config_sqlite3/res/res_config_sqlite3.c
URL: http://svnview.digium.com/svn/asterisk/team/twilson/res_config_sqlite3/res/res_config_sqlite3.c?view=diff&rev=334568&r1=334567&r2=334568
==============================================================================
--- team/twilson/res_config_sqlite3/res/res_config_sqlite3.c (original)
+++ team/twilson/res_config_sqlite3/res/res_config_sqlite3.c Tue Sep  6 16:35:56 2011
@@ -118,14 +118,22 @@
 	 * add two quotes, and convert NULL pointers to the word "NULL", but we
 	 * don't allow those anyway. Just going to use %q for now. */
 	struct ast_str *buf = ast_str_thread_get(ts, maxlen);
-	const char *result;
-	char q = ts == &escape_value_buf ? '\'' : '"'; 
+	char *tmp = ast_str_buffer(buf);
+	char q = ts == &escape_value_buf ? '\'' : '"';
 
 	ast_str_reset(buf);
-	result = S_OR(sqlite3_snprintf(maxlen, ast_str_buffer(buf), "%c%q%c", q, param, q), "");
+	*tmp++ = q; /* Initial quote */
+	while ((*tmp++ = *param++)) {
+		/* Did we just copy a quote? Then double it. */
+		if (*(tmp - 1) == q) {
+			*tmp++ = q;
+		}
+	}
+	*tmp = '\0'; /* Terminate past NULL from copy */
+	*(tmp - 1) = q; /* Replace original NULL with the quote */
 	ast_str_update(buf);
 
-	return result;
+	return ast_str_buffer(buf);
 }
 
 static inline const char *sqlite3_escape_table(const char *param)
@@ -143,21 +151,33 @@
 {
 	size_t maxlen = strlen(param) * 2 + sizeof("\"\" =");
 	struct ast_str *buf = ast_str_thread_get(&escape_column_buf, maxlen);
-	char *op, *dup;
-	const char *result;
-
-	dup = ast_strdupa(param);
-
-	if ((op = strchr(dup, ' '))) {
-		*op = '\0';
-		op++;
-	}
+	char *tmp = ast_str_buffer(buf);
+	int space = 0;
 
 	ast_str_reset(buf);
-	result = sqlite3_snprintf(maxlen, ast_str_buffer(buf), "\"%q\" %s", dup, S_OR(op, "="));
+	*tmp++ = '"';
+	while ((*tmp++ = *param++)) {
+		/* If we have seen a space, don't double quotes. XXX If we ever make the column/op field
+		 * available to users via an API, we will definitely need to avoid allowing special
+		 * characters like ';' in the data past the space as it will be unquoted data */
+		if (space) {
+			continue;
+		}
+		if (*(tmp - 1) == ' ') {
+			*(tmp - 1) = '"';
+			*tmp++ = ' ';
+			space = 1;
+		} else if (*(tmp - 1) == '"') {
+			*tmp++ = '"';
+		}
+	}
+	if (!space) {
+		strcpy(tmp - 1, "\" =");
+	}
+
 	ast_str_update(buf);
 
-	return result;
+	return ast_str_buffer(buf);
 }
 
 static inline const char *sqlite3_escape_value(const char *param)
@@ -430,13 +450,13 @@
 	int i;
 	struct ast_variable *new;
 
-	if (!(new = ast_variable_new(columns[0], values[0], ""))) {
+	if (!(new = ast_variable_new(columns[0], S_OR(values[0], ""), ""))) {
 		return SQLITE_ABORT;
 	}
 	*head = tail = new;
 
 	for (i = 1; i < num_columns; i++) {
-		if (!(new = ast_variable_new(columns[i], values[i], ""))) {
+		if (!(new = ast_variable_new(columns[i], S_OR(values[i], ""), ""))) {
 			ast_variables_destroy(*head);
 			*head = NULL;
 			return SQLITE_ABORT;