From 89d6607684a1d28575767a12419b6f652794fc30 Mon Sep 17 00:00:00 2001 From: simo Date: Thu, 23 Nov 2006 19:24:08 +0000 Subject: sql wansn't escaped on inserting package sources --- tupkg/update/tupkgupdate | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'tupkg/update/tupkgupdate') diff --git a/tupkg/update/tupkgupdate b/tupkg/update/tupkgupdate index 320ccbe..d44a7a3 100755 --- a/tupkg/update/tupkgupdate +++ b/tupkg/update/tupkgupdate @@ -162,7 +162,7 @@ class PackageDatabase: # PackageSources for source in package.sources: q.execute("INSERT INTO PackageSources (PackageID, Source) " + - "VALUES (" + str(id) + ", '" + source + "')") + "VALUES (" + str(id) + ", '" + MySQLdb.escape_string(source) + "')") # PackageDepends for dep in package.depends: depid = self.lookupOrDummy(dep) -- cgit v1.2.3-70-g09d2