From f9d0bfbc7cf6a4b4c2408484801f1eab76999438 Mon Sep 17 00:00:00 2001
From: Sangyoon Jang <s89.jang@samsung.com>
Date: Thu, 11 May 2017 18:55:29 +0900
Subject: [PATCH 1/1] Fix a vulnerable query from sql injection

Change-Id: Iae26050885188d4335f0500d118363e9bb68a9c9
Signed-off-by: Sangyoon Jang <s89.jang@samsung.com>
---
 src/pkgmgrinfo_appinfo.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/pkgmgrinfo_appinfo.c b/src/pkgmgrinfo_appinfo.c
index d1cc70d..1529a85 100644
--- a/src/pkgmgrinfo_appinfo.c
+++ b/src/pkgmgrinfo_appinfo.c
@@ -431,7 +431,7 @@ static int __get_appinfo_for_uid(sqlite3 *db, application_x *info, uid_t uid)
 {
 	static const char query_raw[] =
 		"SELECT is_splash_screen_enabled, is_disabled "
-		"FROM package_app_info_for_uid WHERE app_id='%s' AND uid='%d'";
+		"FROM package_app_info_for_uid WHERE app_id=%Q AND uid=%d";
 	int ret;
 	char *query;
 	char *is_disabled = NULL;
-- 
2.7.4