From: Mu-Woong <muwoong.lee@samsung.com>
Date: Thu, 24 Sep 2015 06:00:56 +0000 (+0900)
Subject: Merge changes from Tizen 2.4
X-Git-Tag: submit/tizen/20151222.122953~2
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=d770c5148dbe74c8be9f491d2964bbb7fcdd7b63;p=platform%2Fcore%2Fapi%2Fcontext.git

Merge changes from Tizen 2.4

- Fix a broken link in trigger doc
- Check string in-params to prevent SQL injections

Change-Id: Ic99af23dafb59a65f27feb9bdd1303dae5d347e6
Signed-off-by: Mu-Woong <muwoong.lee@samsung.com>
---

diff --git a/doc/context_trigger_doc.h b/doc/context_trigger_doc.h
index c2e0f39..8d84f5b 100644
--- a/doc/context_trigger_doc.h
+++ b/doc/context_trigger_doc.h
@@ -79,5 +79,5 @@
  * To ensure your application is only running on the device with specific features,
  * please define the features in your manifest file using the manifest editor in the SDK.
  * More details on featuring your application can be found from
- * <a href="../org.tizen.mobile.native.appprogramming/html/ide_sdk_tools/feature_element.htm"><b>Feature Element</b>.</a>
+ * <a href="https://developer.tizen.org/development/tools/native-tools/manifest-text-editor#feature"><b>Feature Element</b>.</a>
  */
diff --git a/src/context_history.cpp b/src/context_history.cpp
index 8e3d99c..eea980e 100644
--- a/src/context_history.cpp
+++ b/src/context_history.cpp
@@ -414,7 +414,7 @@ bool check_filter_data_string(context_history_filter_e filter_type, const char*
 	switch (filter_type) {
 	case CONTEXT_HISTORY_FILTER_APP_ID:
 	case CONTEXT_HISTORY_FILTER_WIFI_BSSID:
-		return true;
+		return (g_strstr_len(val, -1, ";") == NULL);
 
 	default:
 		return false;
diff --git a/src/rule_validator.cpp b/src/rule_validator.cpp
index 0ed5d4a..1356ef5 100644
--- a/src/rule_validator.cpp
+++ b/src/rule_validator.cpp
@@ -141,6 +141,9 @@ bool ctx::rule_validator::check_option_string(std::string name, std::string key,
 {
 	init();
 
+	// Err: ';' for SQL injection
+	IF_FAIL_RETURN(value.find(';') == std::string::npos, false);
+
 	// Err: Item with no option
 	if (template_map[name].array_get_size(NULL, KEY_OPTION) <= 0) {
 		return false;
@@ -227,6 +230,9 @@ bool ctx::rule_validator::check_comparison_string(std::string name, std::string
 {
 	init();
 
+	// Err: ';' for SQL injection
+	IF_FAIL_RETURN(value.find(';') == std::string::npos, false);
+
 	// Err: Invalid attribute key or Invalid value type
 	bool ret = false;
 	ctx::json attr_tempt;