Skip to content

Commit

Permalink
redports-trac:
Browse files Browse the repository at this point in the history 
- Fix a possible SQL injection
  • Loading branch information
@decke
decke committed Jan 14, 2014
1 parent 2b28838 commit fc2c1ea
Showing 1 changed file with 4 additions and 4 deletions.
8 changes: 4 additions & 4 deletions redports-trac/redports/model.py
View file
Expand Up @@ -757,7 +757,7 @@ def __init__(self, env):
def filter(self, owner=None, queueid=None, revision=None, uniqueports=False):
self.owner = owner
self.queueid = queueid
self.revision = int(revision)
self.revision = revision
self.uniqueports = uniqueports

def count(self):
Expand All @@ -772,13 +772,13 @@ def _get_filter(self):
filter = ''

if self.queueid:
filter += "AND buildqueue.id = '%s'" % (self.queueid)
filter += "AND buildqueue.id = '%s'" % (re.sub("[\"']", "", self.queueid))

if self.owner:
filter += "AND buildqueue.owner = '%s'" % (self.owner)
filter += "AND buildqueue.owner = '%s'" % (re.sub("[\"']", "", self.owner))

if self.revision:
filter += "AND buildqueue.revision = '%s'" % (self.revision)
filter += "AND buildqueue.revision = %s" % (int(self.revision))

return filter

Expand Down

0 comments on commit fc2c1ea

Please sign in to comment.