Merge pull request #185 from internetarchive/trough-esc-sql

escape strings in sql posted to trough
internetarchive · Sep 21, 2017 · 65004ea · 65004ea
2 parents 4c438d3 + 7fc1c2f
commit 65004ea
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/contrib/src/main/java/org/archive/modules/postprocessor/TroughCrawlLogFeed.java b/contrib/src/main/java/org/archive/modules/postprocessor/TroughCrawlLogFeed.java
@@ -27,6 +27,7 @@
 
 import org.apache.commons.collections.Closure;
 import org.apache.commons.io.IOUtils;
+import org.apache.commons.lang.StringEscapeUtils;
 import org.apache.commons.lang.StringUtils;
 import org.apache.http.HttpResponse;
 import org.apache.http.client.methods.HttpPost;
@@ -178,7 +179,7 @@ protected String sqlValue(Object o) {
         } else if (o instanceof Number) {
             return o.toString();
         } else {
-            return "'" + o + "'";
+            return "'" + StringEscapeUtils.escapeSql(o.toString()) + "'";
         }
     }