From: Sangyoon Jang <s89.jang@samsung.com>
Date: Thu, 11 May 2017 09:55:29 +0000 (+0900)
Subject: Fix a vulnerable query from sql injection
X-Git-Tag: accepted/tizen/unified/20170512.023730~2
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=f9d0bfbc7cf6a4b4c2408484801f1eab76999438;hp=10f603e1513cf6e460aca521bc754a361a7e69a7;p=platform%2Fcore%2Fappfw%2Fpkgmgr-info.git

Fix a vulnerable query from sql injection

Change-Id: Iae26050885188d4335f0500d118363e9bb68a9c9
Signed-off-by: Sangyoon Jang <s89.jang@samsung.com>
---

diff --git a/src/pkgmgrinfo_appinfo.c b/src/pkgmgrinfo_appinfo.c
index d1cc70d..1529a85 100644
--- a/src/pkgmgrinfo_appinfo.c
+++ b/src/pkgmgrinfo_appinfo.c
@@ -431,7 +431,7 @@ static int __get_appinfo_for_uid(sqlite3 *db, application_x *info, uid_t uid)
 {
 	static const char query_raw[] =
 		"SELECT is_splash_screen_enabled, is_disabled "
-		"FROM package_app_info_for_uid WHERE app_id='%s' AND uid='%d'";
+		"FROM package_app_info_for_uid WHERE app_id=%Q AND uid=%d";
 	int ret;
 	char *query;
 	char *is_disabled = NULL;