Skip to content

L
libloc
Commit b56bf4bf authored by Michael Tremer's avatar Michael Tremer
Browse files
Options

importer: Fix potential SQL command injection 

Signed-off-by: default avatarMichael Tremer <michael.tremer@ipfire.org>
parent c9486b13
Hide whitespace changes
Inline Side-by-side
Showing with 2 additions and 8 deletions
src/scripts/location-importer.in
View file @ b56bf4bf
...@@ -1450,10 +1450,7 @@ class CLI(object): ...@@ -1450,10 +1450,7 @@ class CLI(object):
# Conduct a very basic sanity check to rule out CDN issues causing bogus DROP # Conduct a very basic sanity check to rule out CDN issues causing bogus DROP
# downloads. # downloads.
if len(fcontent) > 10: if len(fcontent) > 10:
self.db.execute(""" self.db.execute("DELETE FROM network_overrides WHERE source = %s", name)
DELETE FROM network_overrides WHERE source = '%s';
""" % name,
)
else: else:
log.error("%s (%s) returned likely bogus file, ignored" % (name, url)) log.error("%s (%s) returned likely bogus file, ignored" % (name, url))
continue continue
...@@ -1505,10 +1502,7 @@ class CLI(object): ...@@ -1505,10 +1502,7 @@ class CLI(object):
# Conduct a very basic sanity check to rule out CDN issues causing bogus DROP # Conduct a very basic sanity check to rule out CDN issues causing bogus DROP
# downloads. # downloads.
if len(fcontent) > 10: if len(fcontent) > 10:
self.db.execute(""" self.db.execute("DELETE FROM autnum_overrides WHERE source = %s", name)
DELETE FROM autnum_overrides WHERE source = '%s';
""" % name,
)
else: else:
log.error("%s (%s) returned likely bogus file, ignored" % (name, url)) log.error("%s (%s) returned likely bogus file, ignored" % (name, url))
continue continue
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7