From: Andy D. <kha...@us...> - 2004-12-24 11:12:16
|
Update of /cvsroot/planeshift/planeshift/src/server/database/mysql In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv4664/src/server/database/mysql Modified Files: dal.cpp Log Message: Fixed dangerous use of non-const Data pointers in psMysqlConnection::Escape(). Index: dal.cpp =================================================================== RCS file: /cvsroot/planeshift/planeshift/src/server/database/mysql/dal.cpp,v retrieving revision 1.26 retrieving revision 1.27 diff -C2 -d -r1.26 -r1.27 *** dal.cpp 24 Dec 2004 01:21:45 -0000 1.26 --- dal.cpp 24 Dec 2004 11:12:07 -0000 1.27 *************** *** 77,84 **** void psMysqlConnection::Escape(csString& to, const char *from) { ! csString fromStr(from); ! to.SetCapacity( fromStr.Length()*2+1); ! mysql_escape_string(to.GetData(), fromStr.GetData(), fromStr.Length()); } --- 77,86 ---- void psMysqlConnection::Escape(csString& to, const char *from) { ! size_t len = strlen(from); ! char* buff = new char[len*2+1]; ! mysql_escape_string(buff, from, len); ! to = buff; ! delete[] buff; } |