From 1096842dd62dc00c1bb0b8a3017075a198f684b0 Mon Sep 17 00:00:00 2001
From: Joe Huss <detain@interserver.net>
Date: Mon, 5 Aug 2013 15:28:46 -0400
Subject: [PATCH] adding SQL string escaping to the token before its merged
 with the query

---
 utils/websockify | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/utils/websockify b/utils/websockify
index 16e1eb42..a3ac0ba4 100755
--- a/utils/websockify
+++ b/utils/websockify
@@ -285,7 +285,7 @@ Traffic Legend:
         targets = {}
         db=MySQLdb.connect(passwd=sqlconfig['passwd'],db=sqlconfig['db'],user=sqlconfig['user'])
         c=db.cursor()
-        c.execute(sqlconfig['match_query'].replace('_TOKEN_', token))
+        c.execute(sqlconfig['match_query'].replace('_TOKEN_', db.escape_string(token)))
         results = c.fetchone()
         targets[token] = results[0]
         c.close()