Sophie

Sophie

distrib > Mandriva > 10.2 > x86_64 > by-pkgid > 63552527a81ec493b4761eaa819b73db > files > 7

proftpd-1.2.10-9.1.102mdk.src.rpm

Index: mod_sql.c
===================================================================
RCS file: /cvsroot/proftp/proftpd/contrib/mod_sql.c,v
retrieving revision 1.94
retrieving revision 1.96
diff -u -r1.94 -r1.96
--- contrib/mod_sql.c	3 Jul 2005 18:52:01 -0000	1.94
+++ contrib/mod_sql.c	4 Aug 2005 21:06:21 -0000	1.96
@@ -1413,7 +1413,7 @@
   sql_data_t *sd = NULL;
   modret_t *mr = NULL;
   array_header *gids = NULL, *groups = NULL;
-  char *name = cmd->argv[0];
+  char *name = cmd->argv[0], *username = NULL;
   int numrows = 0;
   register unsigned int i = 0;
 
@@ -1447,11 +1447,17 @@
    *    WHERE members LIKE '%,<user>,%' OR LIKE '<user>,%' OR LIKE '%,<user>';
    */
 
+  mr = _sql_dispatch(_sql_make_cmd(cmd->tmp_pool, 2, "default",
+    pr_str_strip(cmd->tmp_pool, name)), "sql_escapestring");
+  _sql_check_response(mr);
+
+  username = (char *) mr->data;
+
   grpwhere = pstrcat(cmd->tmp_pool,
-    cmap.grpmembersfield, " = '", name, "' OR ",
-    cmap.grpmembersfield, " LIKE '", name, ",%' OR ",
-    cmap.grpmembersfield, " LIKE '%,", name, "' OR ",
-    cmap.grpmembersfield, " LIKE '%,", name, ",%'", NULL);
+    cmap.grpmembersfield, " = '", username, "' OR ",
+    cmap.grpmembersfield, " LIKE '", username, ",%' OR ",
+    cmap.grpmembersfield, " LIKE '%,", username, "' OR ",
+    cmap.grpmembersfield, " LIKE '%,", username, ",%'", NULL);
 
   where = _sql_where(cmd->tmp_pool, 2, grpwhere, cmap.groupwhere);
   
@@ -2179,7 +2185,7 @@
       *outsp++ = 0;
 
       /* add the response */
-      pr_response_add( c->argv[0], outs);
+      pr_response_add(c->argv[0], "%s", outs);
 
     } while((c = find_config_next(c, c->next, CONF_PARAM, name, FALSE)) != NULL);
 
@@ -2253,7 +2259,7 @@
       *outsp++ = 0;
 
       /* add the response */
-      pr_response_add( c->argv[0], outs);
+      pr_response_add(c->argv[0], "%s", outs);
 
     } while((c = find_config_next(c, c->next, CONF_PARAM, name, FALSE)) != NULL);
 
@@ -2343,7 +2349,7 @@
       *outsp++ = 0;
 
       /* add the response */
-      pr_response_add_err( c->argv[0], outs);
+      pr_response_add_err(c->argv[0], "%s", outs);
 
     } while((c = find_config_next(c, c->next, CONF_PARAM, name, FALSE)) != NULL);
 
@@ -2417,7 +2423,7 @@
       *outsp++ = 0;
 
       /* add the response */
-      pr_response_add( c->argv[0], outs);
+      pr_response_add(c->argv[0], "%s", outs);
 
     } while((c = find_config_next(c, c->next, CONF_PARAM, name, FALSE)) != NULL);
 
Index: response.c
===================================================================
RCS file: /cvsroot/proftp/proftpd/src/response.c,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- src/response.c	3 Jun 2003 16:25:23 -0000	1.4
+++ src/response.c	5 Jul 2005 15:42:01 -0000	1.5
@@ -1,6 +1,6 @@
 /*
  * ProFTPD - FTP server daemon
- * Copyright (c) 2001, 2002, 2003 The ProFTPD Project team
+ * Copyright (c) 2001-2005 The ProFTPD Project team
  *  
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -23,7 +23,7 @@
  */
 
 /* Command response routines
- * $Id: response.c,v 1.4 2003/06/03 16:25:23 castaglia Exp $
+ * $Id: response.c,v 1.5 2005/07/05 15:42:01 castaglia Exp $
  */
 
 #include "conf.h"
@@ -169,7 +169,7 @@
   buf[sizeof(buf) - 1] = '\0';
   sstrcat(buf, "\r\n", sizeof(buf));
 
-  RESPONSE_WRITE_STR_ASYNC(session.c->outstrm, buf, strlen(buf))
+  RESPONSE_WRITE_STR_ASYNC(session.c->outstrm, "%s", buf)
 }
 
 void pr_response_send(const char *resp_numeric, const char *fmt, ...) {

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional