From 06bf8cb0289f3f4a2b99f072aa0634b845cef13b Mon Sep 17 00:00:00 2001
From: Eric Bollengier <eric@eb.homelinux.org>
Date: Mon, 13 Nov 2006 18:25:59 +0000
Subject: [PATCH] ebl  add sql_escape to catalog messages

git-svn-id: https://bacula.svn.sourceforge.net/svnroot/bacula/trunk@3615 91ce42f0-d328-0410-95d8-f526ca767f89
---
 bacula/src/dird/dird.c   |  3 ++-
 bacula/src/lib/message.c | 18 ++++++++++++++----
 bacula/src/lib/message.h |  3 +++
 3 files changed, 19 insertions(+), 5 deletions(-)

diff --git a/bacula/src/dird/dird.c b/bacula/src/dird/dird.c
index b8d6491c2d..75f91aa78b 100644
--- a/bacula/src/dird/dird.c
+++ b/bacula/src/dird/dird.c
@@ -218,7 +218,8 @@ int main (int argc, char *argv[])
    my_name_is(0, NULL, director->hdr.name);    /* set user defined name */
 
    /* Plug database interface for library routines */
-   p_sql_query = (sql_query)dir_sql_query;                                   
+   p_sql_query = (sql_query)dir_sql_query;
+   p_sql_escape = (sql_escape)db_escape_string;
 
    FDConnectTimeout = (int)director->FDConnectTimeout;
    SDConnectTimeout = (int)director->SDConnectTimeout;
diff --git a/bacula/src/lib/message.c b/bacula/src/lib/message.c
index 7b411d5b3c..804a417d59 100755
--- a/bacula/src/lib/message.c
+++ b/bacula/src/lib/message.c
@@ -27,6 +27,7 @@
 #include "jcr.h"
 
 sql_query p_sql_query = NULL;
+sql_escape p_sql_escape = NULL;
 
 #define FULL_LOCATION 1               /* set for file:line in Debug messages */
 
@@ -617,12 +618,21 @@ void dispatch_message(JCR *jcr, int type, time_t mtime, char *msg)
                 if (!jcr || !jcr->db) {
                    break;
                 }
-                if (p_sql_query) {
-                   POOL_MEM cmd(PM_MESSAGE);
+                if (p_sql_query && p_sql_escape) {
+                   POOLMEM *cmd = get_pool_memory(PM_MESSAGE);
+                   POOLMEM *esc_msg = get_pool_memory(PM_MESSAGE);
+                   
+                   int len = strlen(msg) + 1;
+                   esc_msg = check_pool_memory_size(esc_msg, len*2+1);
+                   p_sql_escape(esc_msg, msg, len);
+
                    bstrftimes(dt, sizeof(dt), mtime);
                    Mmsg(cmd, "INSERT INTO Log (JobId, Time, LogText) VALUES (%s,'%s','%s')",
-                         edit_int64(jcr->JobId, ed1), dt, msg);
-                   p_sql_query(jcr, cmd.c_str());
+                         edit_int64(jcr->JobId, ed1), dt, esc_msg);
+                   p_sql_query(jcr, cmd);
+                   
+                   free_pool_memory(cmd);
+                   free_pool_memory(esc_msg);
                 }
                 break;
              case MD_CONSOLE:
diff --git a/bacula/src/lib/message.h b/bacula/src/lib/message.h
index 66b0f82dd8..51d1f36dbd 100644
--- a/bacula/src/lib/message.h
+++ b/bacula/src/lib/message.h
@@ -133,7 +133,10 @@ void Qmsg(JCR *jcr, int type, time_t mtime, const char *fmt,...);
 bool get_trace(void);
 
 typedef void (*sql_query)(JCR *jcr, const char *cmd);
+typedef void (*sql_escape)(char *snew, char *old, int len);
+
 extern DLL_IMP_EXP sql_query     p_sql_query;
+extern DLL_IMP_EXP sql_escape    p_sql_escape;
 
 extern DLL_IMP_EXP int           debug_level;
 extern DLL_IMP_EXP int           verbose;
-- 
2.39.5