projects
/
platform
/
core
/
appfw
/
pkgmgr-info.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Fix a vulnerable query from sql injection
[platform/core/appfw/pkgmgr-info.git]
/
src
/
pkgmgrinfo_appinfo.c
diff --git
a/src/pkgmgrinfo_appinfo.c
b/src/pkgmgrinfo_appinfo.c
index
d1cc70d
..
1529a85
100644
(file)
--- a/
src/pkgmgrinfo_appinfo.c
+++ b/
src/pkgmgrinfo_appinfo.c
@@
-431,7
+431,7
@@
static int __get_appinfo_for_uid(sqlite3 *db, application_x *info, uid_t uid)
{
static const char query_raw[] =
"SELECT is_splash_screen_enabled, is_disabled "
{
static const char query_raw[] =
"SELECT is_splash_screen_enabled, is_disabled "
- "FROM package_app_info_for_uid WHERE app_id=
'%s' AND uid='%d'
";
+ "FROM package_app_info_for_uid WHERE app_id=
%Q AND uid=%d
";
int ret;
char *query;
char *is_disabled = NULL;
int ret;
char *query;
char *is_disabled = NULL;