agw/overleaf-cep
1
0
Fork 0
mirror of https://github.com/yu-i-i/overleaf-cep.git synced 2026-06-02 05:41:33 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix SQL injection.

Browse Source
This commit is contained in:
Winston Li
2015-02-23 11:00:34 +00:00
parent 4561409450
commit 77c4576b59
2 changed files with 5 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
services/git-bridge/src/main/java/uk/ac/ic/wlgitbridge/writelatex/model/db/sql/update/delete/DeleteFilesForProjectSQLUpdate.java
View File

@@ -25,9 +25,7 @@ public class DeleteFilesForProjectSQLUpdate implements SQLUpdate {
public String getSQL() {
StringBuilder sb = new StringBuilder(DELETE_URL_INDEXES_FOR_PROJECT_NAME);
for (int i = 0; i < paths.length; i++) {
sb.append('\'');
sb.append(paths[i]);
sb.append('\'');
sb.append("?");
if (i < paths.length - 1) {
sb.append(", ");
}
@@ -39,6 +37,9 @@ public class DeleteFilesForProjectSQLUpdate implements SQLUpdate {
@Override
public void addParametersToStatement(PreparedStatement statement) throws SQLException {
statement.setString(1, projectName);
for (int i = 0; i < paths.length; i++) {
statement.setString(i + 2, paths[i]);
}
}
}