From: Badlop <badlop@process-one.net>
Date: Tue, 26 Apr 2011 18:35:25 +0000 (+0200)
Subject: Escape user input in mod_privacy_odbc (EJAB-1442)
X-Git-Tag: v2.1.7~29
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=3952888f94457af484fe6f1cab1a457f5515d24f;p=ejabberd

Escape user input in mod_privacy_odbc (EJAB-1442)
---

diff --git a/src/mod_privacy_odbc.erl b/src/mod_privacy_odbc.erl
index 64543faa8..2df9ee27a 100644
--- a/src/mod_privacy_odbc.erl
+++ b/src/mod_privacy_odbc.erl
@@ -751,9 +751,9 @@ item_to_raw(#listitem{type = Type,
 	    none ->
 		{"n", ""};
 	    jid ->
-		{"j", jlib:jid_to_string(Value)};
+		{"j", ejabberd_odbc:escape(jlib:jid_to_string(Value))};
 	    group ->
-		{"g", Value};
+		{"g", ejabberd_odbc:escape(Value)};
 	    subscription ->
 		case Value of
 		    none ->