Escape user input in mod_privacy_odbc (EJAB-1442)

author Badlop <badlop@process-one.net>

Tue, 26 Apr 2011 18:35:25 +0000 (20:35 +0200)

committer Badlop <badlop@process-one.net>

Tue, 26 Apr 2011 18:57:48 +0000 (20:57 +0200)
author Badlop <badlop@process-one.net>
Tue, 26 Apr 2011 18:35:25 +0000 (20:35 +0200)
committer Badlop <badlop@process-one.net>
Tue, 26 Apr 2011 18:57:48 +0000 (20:57 +0200)
diff --git a/src/mod_privacy_odbc.erl b/src/mod_privacy_odbc.erl

index 64543faa811a00a7c27158b88f0e0a0706cc8df1..2df9ee27ac36cb6fcfc9489acca0f79ff9003171 100644 (file)
--- a/src/mod_privacy_odbc.erl
+++ b/src/mod_privacy_odbc.erl
@@ -751,9 +751,9 @@ item_to_raw(#listitem{type = Type,
             none ->
                 {"n", ""};
             jid ->
-               {"j", jlib:jid_to_string(Value)};
+               {"j", ejabberd_odbc:escape(jlib:jid_to_string(Value))};
             group ->
-               {"g", Value};
+               {"g", ejabberd_odbc:escape(Value)};
             subscription ->
                 case Value of
                     none ->
author	Badlop <badlop@process-one.net>
	Tue, 26 Apr 2011 18:35:25 +0000 (20:35 +0200)
committer	Badlop <badlop@process-one.net>
	Tue, 26 Apr 2011 18:57:48 +0000 (20:57 +0200)