Skip to content
Permalink
Browse files Browse the repository at this point in the history
Solve bug with tags (possible sql injection)
  • Loading branch information
dimtion committed Jun 6, 2015
1 parent 7f0bcb7 commit 3d1d9b2
Showing 1 changed file with 5 additions and 3 deletions.
8 changes: 5 additions & 3 deletions app/src/main/java/com/dimtion/shaarlier/TagsSource.java
Expand Up @@ -61,10 +61,12 @@ public Tag createTag(ShaarliAccount masterAccount, String value) {
values.put(MySQLiteHelper.TAGS_COLUMN_TAG, tag.getValue());

// If existing, do nothing :
String[] getTagArgs = {String.valueOf(tag.getMasterAccountId()), tag.getValue()};

Cursor cursor = db.query(MySQLiteHelper.TABLE_TAGS, allColumns,
MySQLiteHelper.TAGS_COLUMN_ID_ACCOUNT + " = " + tag.getMasterAccountId() + " AND " +
MySQLiteHelper.TAGS_COLUMN_TAG + " = '" + tag.getValue() + "'",
null, null, null, null);
MySQLiteHelper.TAGS_COLUMN_ID_ACCOUNT + " = ? AND " +
MySQLiteHelper.TAGS_COLUMN_TAG + " = ?",
getTagArgs, null, null, null);
try {
cursor.moveToFirst();
if (cursor.isAfterLast()) {
Expand Down

0 comments on commit 3d1d9b2

Please sign in to comment.