From: martin f. krafft Date: Sun, 23 Sep 2007 18:15:04 +0000 (+0200) Subject: factor out sql escaping X-Git-Url: https://git.madduck.net/etc/mailfilter.git/commitdiff_plain/a61350bc7ddd403460f79498a48e07f101fc2067?ds=inline factor out sql escaping --- diff --git a/procmail/msgid-index b/procmail/msgid-index index 908fc3d..c85b61a 100644 --- a/procmail/msgid-index +++ b/procmail/msgid-index @@ -10,17 +10,14 @@ MSGID_INDEX_DB=$PMVAR/msgid-index.sqlite DO_QUERY="$SQLITE $MSGID_INDEX_DB" -SQ="'\\''" -SQE="'\\\''" -FIELDS="$FROM$NL$ORIGINAL_TO$NL$SUBJECT$NL$MSGID" +DATA="$FROM,$NL$ORIGINAL_TO,$NL$SUBJECT,$NL$MSGID" +INCLUDERC=$PMDIR/sql-escape + QUERY="insert into logfiles (sender, recipient, subject, msgid, filename, dest) values ( - `echo \"$FIELDS\" | sed -e 's,'\'','$SQE$SQE',g; s/^.*$/'\$SQE'&'\$SQE',/'` - $SQ$THISLOGFILE_REL$SQ, '\\'\$DEST\\'')" + $DATA, '\\'$THISLOGFILE_REL\\'', '\\'\$DEST\\'')" TRAP="$TRAP; $DO_QUERY '$QUERY'" QUERY -FIELDS -SQE -SQ +DATA DO_QUERY MSGID_INDEX_DB diff --git a/procmail/sql-escape b/procmail/sql-escape new file mode 100644 index 0000000..08d0903 --- /dev/null +++ b/procmail/sql-escape @@ -0,0 +1,17 @@ +SQ="'\\''" +SQE="'\\\''" + +:0 +* DATA ?? . +{ + DATA="`echo \"$DATA\" \ + | sed -re 's,'\'','$SQE$SQE',g;' \ + -e 's/^.*$/'\$SQE'&'\$SQE'/' \ + -e 's/,'$SQE'$/'\$SQE',/'`" +} + +:0 E +{ LOG="sql-escape: WARNING: no \$DATA provided!$NL" } + +SQE +SQ