Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Add sanity checks in Query::value and Query::parseQuery to avoid erro…
…rs on invalid user input, fixes #42 in node-db-mysql
  • Loading branch information
oxff authored and Georg Wicherski committed Nov 30, 2011
1 parent 00b37dd commit 5172ff9
Showing 1 changed file with 10 additions and 0 deletions.
10 changes: 10 additions & 0 deletions query.cc
@@ -1,4 +1,5 @@
// Copyright 2011 Mariano Iglesias <mgiglesias@gmail.com>
// Copyright 2011 Georg Wicherski <gw@oxff.net>
#include "./query.h"

bool node_db::Query::gmtDeltaLoaded = false;
Expand Down Expand Up @@ -1382,6 +1383,11 @@ std::string node_db::Query::parseQuery() const throw(node_db::Exception&) {
uint32_t index = 0, delta = 0;
for (std::vector<std::string::size_type>::iterator iterator = positions.begin(), end = positions.end(); iterator != end; ++iterator, index++) {
std::string value = this->value(*(this->values[index]));

if(!value.length()) {
throw node_db::Exception("Internal error, attempting to replace with zero length value");
}

parsed.replace(*iterator + delta, 1, value);
delta += (value.length() - 1);
}
Expand Down Expand Up @@ -1479,6 +1485,10 @@ std::string node_db::Query::value(v8::Local<v8::Value> value, bool inArray, bool
} else {
currentStream << string;
}
} else {
v8::String::Utf8Value currentString(value->ToString());
std::string string = *currentString;
throw node_db::Exception("Unknown type for to convert to SQL, converting `" + string + "'");
}

return currentStream.str();
Expand Down

0 comments on commit 5172ff9

Please sign in to comment.