Skip to content
Permalink
Browse files Browse the repository at this point in the history
Merge pull request #190 from japroc/fix-potential-sqli-through-fs-path
Fix potential sql injection through fs path
  • Loading branch information
saradickinson committed May 13, 2021
2 parents d00d466 + 736427d commit 58922c3
Showing 1 changed file with 3 additions and 0 deletions.
3 changes: 3 additions & 0 deletions src/DSCIOManager.cpp
Expand Up @@ -214,6 +214,9 @@ DSCIOManager::dsc_import_input_from_source() {

string node = bfs::initial_path().filename().generic_string();
string server = bfs::initial_path().parent_path().filename().generic_string();
//fix potential sql injection
replace(node.begin(), node.end(), '\'', '_');
replace(server.begin(), server.end(), '\'', '_');
//transform to 'internal' name
replace(server.begin(), server.end(), '-', '_');
replace_string(server, ".", "__");
Expand Down

0 comments on commit 58922c3

Please sign in to comment.