From: Badlop Date: Tue, 26 Apr 2011 18:35:25 +0000 (+0200) Subject: Escape user input in mod_privacy_odbc (EJAB-1442) X-Git-Tag: v2.1.7~29 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=3952888f94457af484fe6f1cab1a457f5515d24f;p=ejabberd Escape user input in mod_privacy_odbc (EJAB-1442) --- diff --git a/src/mod_privacy_odbc.erl b/src/mod_privacy_odbc.erl index 64543faa8..2df9ee27a 100644 --- a/src/mod_privacy_odbc.erl +++ b/src/mod_privacy_odbc.erl @@ -751,9 +751,9 @@ item_to_raw(#listitem{type = Type, none -> {"n", ""}; jid -> - {"j", jlib:jid_to_string(Value)}; + {"j", ejabberd_odbc:escape(jlib:jid_to_string(Value))}; group -> - {"g", Value}; + {"g", ejabberd_odbc:escape(Value)}; subscription -> case Value of none ->