cdr_pgsql: Use PQescapeStringConn for escaping names.
authorRodrigo Ramírez Norambuena <decipher.hk@gmail.com>
Sat, 2 May 2015 04:43:22 +0000 (00:43 -0400)
committerJoshua Colp <jcolp@digium.com>
Mon, 11 May 2015 12:42:22 +0000 (07:42 -0500)
Use function PQescapeStringConn for escaping the name
of the table and schema instead of doing it manually.

Change-Id: I6709165e2d00463e9c813d24f17830ad4910b599

cdr/cdr_pgsql.c

index 310411c..9c46ceb 100644 (file)
@@ -670,42 +670,20 @@ static int config_module(int reload)
                version = PQserverVersion(conn);
 
                if (version >= 70300) {
-                       char *schemaname, *tablename;
+                       char *schemaname, *tablename, *tmp_schemaname, *tmp_tablename;
                        if (strchr(table, '.')) {
-                               schemaname = ast_strdupa(table);
-                               tablename = strchr(schemaname, '.');
-                               *tablename++ = '\0';
+                               tmp_schemaname = ast_strdupa(table);
+                               tmp_tablename = strchr(tmp_schemaname, '.');
+                               *tmp_tablename++ = '\0';
                        } else {
-                               schemaname = "";
-                               tablename = table;
+                               tmp_schemaname = "";
+                               tmp_tablename = table;
                        }
+                       tablename = ast_alloca(strlen(tmp_tablename) * 2 + 1);
+                       PQescapeStringConn(conn, tablename, tmp_tablename, strlen(tmp_tablename), NULL);
 
-                       /* Escape special characters in schemaname */
-                       if (strchr(schemaname, '\\') || strchr(schemaname, '\'')) {
-                               char *tmp = schemaname, *ptr;
-
-                               ptr = schemaname = ast_alloca(strlen(tmp) * 2 + 1);
-                               for (; *tmp; tmp++) {
-                                       if (strchr("\\'", *tmp)) {
-                                               *ptr++ = *tmp;
-                                       }
-                                       *ptr++ = *tmp;
-                               }
-                               *ptr = '\0';
-                       }
-                       /* Escape special characters in tablename */
-                       if (strchr(tablename, '\\') || strchr(tablename, '\'')) {
-                               char *tmp = tablename, *ptr;
-
-                               ptr = tablename = ast_alloca(strlen(tmp) * 2 + 1);
-                               for (; *tmp; tmp++) {
-                                       if (strchr("\\'", *tmp)) {
-                                               *ptr++ = *tmp;
-                                       }
-                                       *ptr++ = *tmp;
-                               }
-                               *ptr = '\0';
-                       }
+                       schemaname = ast_alloca(strlen(tmp_schemaname) * 2 + 1);
+                       PQescapeStringConn(conn, schemaname, tmp_schemaname, strlen(tmp_schemaname), NULL);
 
                        snprintf(sqlcmd, sizeof(sqlcmd), "SELECT a.attname, t.typname, a.attlen, a.attnotnull, d.adsrc, a.atttypmod FROM (((pg_catalog.pg_class c INNER JOIN pg_catalog.pg_namespace n ON n.oid = c.relnamespace AND c.relname = '%s' AND n.nspname = %s%s%s) INNER JOIN pg_catalog.pg_attribute a ON (NOT a.attisdropped) AND a.attnum > 0 AND a.attrelid = c.oid) INNER JOIN pg_catalog.pg_type t ON t.oid = a.atttypid) LEFT OUTER JOIN pg_attrdef d ON a.atthasdef AND d.adrelid = a.attrelid AND d.adnum = a.attnum ORDER BY n.nspname, c.relname, attnum",
                                tablename,