crabapples
/
noVNC
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

adding SQL string escaping to the token before its merged with the query

This commit is contained in:
Joe Huss 2013-08-05 15:28:46 -04:00
parent 04b8604d4b
commit 1096842dd6
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
utils/websockify
View File

@ -285,7 +285,7 @@ Traffic Legend:
targets = {}
db=MySQLdb.connect(passwd=sqlconfig['passwd'],db=sqlconfig['db'],user=sqlconfig['user'])
c=db.cursor()
c.execute(sqlconfig['match_query'].replace('_TOKEN_', token))
c.execute(sqlconfig['match_query'].replace('_TOKEN_', db.escape_string(token)))
results = c.fetchone()
targets[token] = results[0]
c.close()