Bugzilla – Bug 42904
Use sqlite3_mprintf() to avoid SQL injections
Last modified: 2011-11-25 03:31:04 UTC
To be on the safe side, we should use sqlite3_mprintf() with %q. See http://www.sqlite.org/c3ref/mprintf.html
Created attachment 53501 [details] [review]
Use sqlite3_mprintf() with %q
The code builds with the patch, but as I don't really have things setup for color management, the code is untested.
Pushed to master, thanks dude.
the fix incomplete, cd-device-db.c is vulnerable too.
Created attachment 53844 [details] [review]