[asterisk-addons-commits] tilghman: branch 1.2 r465 - /branches/1.2/cdr_addon_mysql.c

SVN commits to the Asterisk addons project asterisk-addons-commits at lists.digium.com
Tue Oct 16 16:48:04 CDT 2007 

Author: tilghman
Date: Tue Oct 16 16:48:04 2007
New Revision: 465

URL: http://svn.digium.com/view/asterisk-addons?view=rev&rev=465
Log:
Escape all text-based fields for the insert

Modified:
    branches/1.2/cdr_addon_mysql.c

Modified: branches/1.2/cdr_addon_mysql.c
URL: http://svn.digium.com/view/asterisk-addons/branches/1.2/cdr_addon_mysql.c?view=diff&rev=465&r1=464&r2=465
==============================================================================
--- branches/1.2/cdr_addon_mysql.c (original)
+++ branches/1.2/cdr_addon_mysql.c Tue Oct 16 16:48:04 2007
@@ -115,7 +115,7 @@
 	struct localuser *u;
 	char *userfielddata = NULL;
 	char sqlcmd[2048], timestr[128];
-	char *clid=NULL, *dcontext=NULL, *channel=NULL, *dstchannel=NULL, *lastapp=NULL, *lastdata=NULL;
+	char *clid=NULL, *dcontext=NULL, *channel=NULL, *dstchannel=NULL, *lastapp=NULL, *lastdata=NULL, *src=NULL, *dst=NULL, *accountcode=NULL;
 	int retries = 5;
 #ifdef MYSQL_LOGUNIQUEID
 	char *uniqueid = NULL;
@@ -185,6 +185,12 @@
 		mysql_escape_string(lastapp, cdr->lastapp, strlen(cdr->lastapp));
 	if ((lastdata = alloca(strlen(cdr->lastdata) * 2 + 1)) != NULL)
 		mysql_escape_string(lastdata, cdr->lastdata, strlen(cdr->lastdata));
+	if ((src = alloca(strlen(cdr->src) * 2 + 1)) != NULL)
+		mysql_escape_string(src, cdr->src, strlen(cdr->src));
+	if ((dst = alloca(strlen(cdr->dst) * 2 + 1)) != NULL)
+		mysql_escape_string(dst, cdr->dst, strlen(cdr->dst));
+	if ((accountcode = alloca(strlen(cdr->accountcode) * 2 + 1)) != NULL)
+		mysql_escape_string(accountcode, cdr->accountcode, strlen(cdr->accountcode));
 #ifdef MYSQL_LOGUNIQUEID
 	if ((uniqueid = alloca(strlen(cdr->uniqueid) * 2 + 1)) != NULL)
 		mysql_escape_string(uniqueid, cdr->uniqueid, strlen(cdr->uniqueid));
@@ -194,9 +200,9 @@
 
 	/* Check for all alloca failures above at once */
 #ifdef MYSQL_LOGUNIQUEID
-	if ((!clid) || (!dcontext) || (!channel) || (!dstchannel) || (!lastapp) || (!lastdata) || (!uniqueid)) {
+	if ((!clid) || (!dcontext) || (!channel) || (!dstchannel) || (!lastapp) || (!lastdata) || (!uniqueid) || !(src) || (!dst) || (!accountcode)) {
 #else
-	if ((!clid) || (!dcontext) || (!channel) || (!dstchannel) || (!lastapp) || (!lastdata)) {
+	if ((!clid) || (!dcontext) || (!channel) || (!dstchannel) || (!lastapp) || (!lastdata) || !(src) || (!dst) || (!accountcode)) {
 #endif
 		ast_log(LOG_ERROR, "cdr_mysql:  Out of memory error (insert fails)\n");
 		ast_mutex_unlock(&mysql_lock);
@@ -207,15 +213,15 @@
 
 	if (userfield && userfielddata) {
 #ifdef MYSQL_LOGUNIQUEID
-		sprintf(sqlcmd, "INSERT INTO %s (calldate,clid,src,dst,dcontext,channel,dstchannel,lastapp,lastdata,duration,billsec,disposition,amaflags,accountcode,uniqueid,userfield) VALUES ('%s','%s','%s','%s','%s', '%s','%s','%s','%s',%i,%i,'%s',%i,'%s','%s','%s')", dbtable, timestr, clid, cdr->src, cdr->dst, dcontext, channel, dstchannel, lastapp, lastdata, cdr->duration, cdr->billsec, ast_cdr_disp2str(cdr->disposition), cdr->amaflags, cdr->accountcode, uniqueid, userfielddata);
+		sprintf(sqlcmd, "INSERT INTO %s (calldate,clid,src,dst,dcontext,channel,dstchannel,lastapp,lastdata,duration,billsec,disposition,amaflags,accountcode,uniqueid,userfield) VALUES ('%s','%s','%s','%s','%s', '%s','%s','%s','%s',%i,%i,'%s',%i,'%s','%s','%s')", dbtable, timestr, clid, src, dst, dcontext, channel, dstchannel, lastapp, lastdata, cdr->duration, cdr->billsec, ast_cdr_disp2str(cdr->disposition), cdr->amaflags, accountcode, uniqueid, userfielddata);
 #else
-		sprintf(sqlcmd, "INSERT INTO %s (calldate,clid,src,dst,dcontext,channel,dstchannel,lastapp,lastdata,duration,billsec,disposition,amaflags,accountcode,userfield) VALUES ('%s','%s','%s','%s','%s', '%s','%s','%s','%s',%i,%i,'%s',%i,'%s','%s')", dbtable, timestr, clid, cdr->src, cdr->dst, dcontext,channel, dstchannel, lastapp, lastdata, cdr->duration, cdr->billsec, ast_cdr_disp2str(cdr->disposition), cdr->amaflags, cdr->accountcode, userfielddata);
+		sprintf(sqlcmd, "INSERT INTO %s (calldate,clid,src,dst,dcontext,channel,dstchannel,lastapp,lastdata,duration,billsec,disposition,amaflags,accountcode,userfield) VALUES ('%s','%s','%s','%s','%s', '%s','%s','%s','%s',%i,%i,'%s',%i,'%s','%s')", dbtable, timestr, clid, src, dst, dcontext, channel, dstchannel, lastapp, lastdata, cdr->duration, cdr->billsec, ast_cdr_disp2str(cdr->disposition), cdr->amaflags, accountcode, userfielddata);
 #endif
 	} else {
 #ifdef MYSQL_LOGUNIQUEID
-		sprintf(sqlcmd, "INSERT INTO %s (calldate,clid,src,dst,dcontext,channel,dstchannel,lastapp,lastdata,duration,billsec,disposition,amaflags,accountcode,uniqueid) VALUES ('%s','%s','%s','%s','%s', '%s','%s','%s','%s',%i,%i,'%s',%i,'%s','%s')", dbtable, timestr, clid, cdr->src, cdr->dst, dcontext,channel, dstchannel, lastapp, lastdata, cdr->duration, cdr->billsec, ast_cdr_disp2str(cdr->disposition), cdr->amaflags, cdr->accountcode, uniqueid);
+		sprintf(sqlcmd, "INSERT INTO %s (calldate,clid,src,dst,dcontext,channel,dstchannel,lastapp,lastdata,duration,billsec,disposition,amaflags,accountcode,uniqueid) VALUES ('%s','%s','%s','%s','%s', '%s','%s','%s','%s',%i,%i,'%s',%i,'%s','%s')", dbtable, timestr, clid, src, dst, dcontext, channel, dstchannel, lastapp, lastdata, cdr->duration, cdr->billsec, ast_cdr_disp2str(cdr->disposition), cdr->amaflags, accountcode, uniqueid);
 #else
-		sprintf(sqlcmd, "INSERT INTO %s (calldate,clid,src,dst,dcontext,channel,dstchannel,lastapp,lastdata,duration,billsec,disposition,amaflags,accountcode) VALUES ('%s','%s','%s','%s','%s', '%s','%s','%s','%s',%i,%i,'%s',%i,'%s')", dbtable, timestr, clid, cdr->src, cdr->dst, dcontext, channel, dstchannel, lastapp, lastdata, cdr->duration, cdr->billsec, ast_cdr_disp2str(cdr->disposition), cdr->amaflags, cdr->accountcode);
+		sprintf(sqlcmd, "INSERT INTO %s (calldate,clid,src,dst,dcontext,channel,dstchannel,lastapp,lastdata,duration,billsec,disposition,amaflags,accountcode) VALUES ('%s','%s','%s','%s','%s', '%s','%s','%s','%s',%i,%i,'%s',%i,'%s')", dbtable, timestr, clid, src, dst, dcontext, channel, dstchannel, lastapp, lastdata, cdr->duration, cdr->billsec, ast_cdr_disp2str(cdr->disposition), cdr->amaflags, accountcode);
 #endif
 	}

More information about the asterisk-addons-commits mailing list