0003368: LDAP Security Principal

JumpMind · Jan 25, 2018 · ed0ba24 · ed0ba24
1 parent f6c51c8
commit ed0ba24
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 6 deletions.
diff --git a/symmetric-db/src/main/java/org/jumpmind/db/platform/mysql/MySqlDmlStatement.java b/symmetric-db/src/main/java/org/jumpmind/db/platform/mysql/MySqlDmlStatement.java
@@ -56,4 +56,11 @@ protected void appendColumnEquals(StringBuilder sql, Column column) {
         }
     }
 
+    @Override
+    protected String escapeText(String value) {
+        value = super.escapeText(value);
+        value = value.replace("\\", "\\\\");
+        value = value.replace("$", "\\$");
+        return value;
+    }
 }
diff --git a/symmetric-db/src/main/java/org/jumpmind/db/sql/DmlStatement.java b/symmetric-db/src/main/java/org/jumpmind/db/sql/DmlStatement.java
@@ -28,6 +28,7 @@
 import java.util.Date;
 import java.util.List;
 import java.util.Map;
+import java.util.regex.Matcher;
 
 import org.apache.commons.codec.binary.Base64;
 import org.apache.commons.codec.binary.Hex;
@@ -73,6 +74,8 @@ public enum DmlType {
 
     protected String textColumnExpression;
 
+    protected static final String QUESTION_MARK = "<!QUESTION_MARK!>";
+
     public DmlStatement(DmlType type, String catalogName, String schemaName, String tableName,
             Column[] keysColumns, Column[] columns, boolean[] nullKeyValues, 
             DatabaseInfo databaseInfo, boolean useQuotedIdentifiers, String textColumnExpression) {
@@ -453,7 +456,6 @@ public Object[] getValueArray(Map<String, Object> params) {
 
     public String buildDynamicSql(BinaryEncoding encoding, Row row,
             boolean useVariableDates, boolean useJdbcTimestampFormat, Column[] columns) {
-    	final String QUESTION_MARK = "<!QUESTION_MARK!>";
         String newSql = sql;
         String quote = databaseInfo.getValueQuoteToken();
         String binaryQuoteStart = databaseInfo.getBinaryQuoteStart();
@@ -472,11 +474,9 @@ public String buildDynamicSql(BinaryEncoding encoding, Row row,
                 if (column.isOfTextType()) {
                     try {
                         String value = row.getString(name);
-                        value = value.replace("\\", "\\\\");
-                        value = value.replace("$", "\\$");
-                        value = value.replace("'", "''");
-                        value = value.replace("?", QUESTION_MARK);
-                        newSql = newSql.replaceFirst(regex, quote + value + quote);
+                        value = escapeText(value);
+                        //newSql = newSql.replaceFirst(regex, quote +value + quote);
+                        newSql = newSql.replaceFirst(regex, quote + Matcher.quoteReplacement(value) + quote);
                     } catch (RuntimeException ex) {
                         log.error("Failed to replace ? in {" + sql + "} with " + name + "="
                                 + row.getString(name));
@@ -553,5 +553,11 @@ public String[] getLookupKeyData(Map<String, String> lookupDataMap) {
         }
         return null;
     }
+
+    protected String escapeText(String value) {
+        value = value.replace("?", QUESTION_MARK);
+        value = value.replace("'", "''");
+        return value;
+    }
 
 }