sharpetronics/QGIS
1
0
Fork 0
mirror of https://github.com/qgis/QGIS.git synced 2025-03-01 00:46:20 -05:00
Code Issues Packages Projects Releases Wiki Activity

Prevent SQL injection by using sqlite3_mprintf

Browse Source
This commit is contained in:
Alessandro Pasotti 2017-08-17 20:31:44 +02:00
parent b46c9c3424
commit bcd495c693
1 changed files with 12 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
src/providers/ogr/qgsgeopackagedataitems.cpp
View File

@ -514,7 +514,7 @@ void QgsGeoPackageAbstractLayerItem::deleteLayer()
} }
else else
{ {
QMessageBox::information( nullptr, tr( "Delete Layer" ), tr( "Layer deleted successfully." ) ); QMessageBox::information( nullptr, tr( "Delete Layer" ), tr( "Layer <b>%1</b> deleted successfully." ).arg( mName ) );
if ( mParent ) if ( mParent )
mParent->refresh(); mParent->refresh();
} }
@ -577,19 +577,24 @@ bool QgsGeoPackageRasterLayerItem::executeDeleteLayer( QString &errCause )
else else
{ {
// Remove table // Remove table
QString sql;
char *errmsg = NULL; char *errmsg = NULL;
sql = QStringLiteral( "DROP table %1;" char *sql = sqlite3_mprintf(
"DELETE FROM gpkg_contents WHERE table_name = '%1';" "DROP table %w;"
"DELETE FROM gpkg_tile_matrix WHERE table_name = '%1';" "DELETE FROM gpkg_contents WHERE table_name = '%q';"
"DELETE FROM gpkg_tile_matrix_set WHERE table_name = '%1';" ).arg( layerName ); "DELETE FROM gpkg_tile_matrix WHERE table_name = '%q';"
"DELETE FROM gpkg_tile_matrix_set WHERE table_name = '%q';",
layerName.toUtf8().constData(),
layerName.toUtf8().constData(),
layerName.toUtf8().constData(),
layerName.toUtf8().constData() );
status = sqlite3_exec( status = sqlite3_exec(
handle, /* An open database */ handle, /* An open database */
sql.toUtf8().constData(), /* SQL to be evaluated */ sql, /* SQL to be evaluated */
NULL, /* Callback function */ NULL, /* Callback function */
NULL, /* 1st argument to callback */ NULL, /* 1st argument to callback */
&errmsg /* Error msg written here */ &errmsg /* Error msg written here */
); );
sqlite3_free( sql );
if ( status == SQLITE_OK ) if ( status == SQLITE_OK )
{ {
result = true; result = true;