From: Mike O'Connor Date: Thu, 14 May 2009 06:28:30 +0000 (-0400) Subject: escape strings for comments on packages and comment authors X-Git-Url: https://err.no/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3657c94c57960067451d2ab42b92dc6d5acfa656;p=dak escape strings for comments on packages and comment authors dak hates the name "Mike O'Connor". This uses pg.escape_string to make it love my name instead. --- diff --git a/daklib/database.py b/daklib/database.py index a5255568..0be839b6 100755 --- a/daklib/database.py +++ b/daklib/database.py @@ -907,7 +907,7 @@ def add_new_comment(package, version, comment, author): projectB.query(""" INSERT INTO new_comments (package, version, comment, author) VALUES ('%s', '%s', '%s', '%s') - """ % (package, version, comment, author) ) + """ % (package, version, pg.escape_string(comment), pg.escape_string(author))) return