From: martin f. krafft <madduck@madduck.net>
Date: Wed, 20 Feb 2008 11:34:03 +0000 (+0100)
Subject: fix sql escaping and sqlite error reporting
X-Git-Url: https://git.madduck.net/etc/mailfilter.git/commitdiff_plain/c0bd106b31e7ceddac35cced23cb32989ac7c8e1?ds=sidebyside

fix sql escaping and sqlite error reporting
---

diff --git a/procmail/msgid-index b/procmail/msgid-index
index 102dacc..caccf83 100644
--- a/procmail/msgid-index
+++ b/procmail/msgid-index
@@ -14,10 +14,9 @@ DATA="$FROM,$NL$ORIGINAL_TO,$NL$SUBJECT,$NL$MSGID"
 INCLUDERC=$PMDIR/sql-escape
 
 QUERY="insert into messages (sender, recipient, subject, msgid, filename, dest) values (
-  $DATA, '\\'$THISLOGFILE_REL\\'', '\\'\$DESTFILE\\'');
-       select * from messages where filename = '\\'$THISLOGFILE_REL\\''"
-TRAP="$TRAP; case \"$($DO_QUERY '$QUERY')\" in '') 
-      echo 'msgid-index: failed to insert reference into database';; esac"
+  $DATA, '$THISLOGFILE_REL', '\$DESTFILE');"
+TRAP="$TRAP; OUT=\"$(echo \"$QUERY\" | $DO_QUERY 2>&1)\";
+      [ -n \"\$OUT\" ] && echo \"msgid-index: failed to insert reference into database: \$OUT\""
 
 QUERY
 DATA
diff --git a/procmail/record-delayed-mail b/procmail/record-delayed-mail
index 72ff6b8..c8256e1 100644
--- a/procmail/record-delayed-mail
+++ b/procmail/record-delayed-mail
@@ -8,10 +8,9 @@ DO_QUERY="$SQLITE $DELAYED_QUEUE_DB"
 DATA="$MSGID"
 INCLUDERC=$PMDIR/sql-escape
 
-QUERY="insert into messages values ($DATA, '\\'\$DESTFILE\\'', $RELEASE_TS);
-       select * from messages where msgid = $DATA"
-TRAP="$TRAP; case \"$($DO_QUERY '$QUERY')\" in '') 
-      echo 'delay:       failed to insert reference into database';; esac"
+QUERY="insert into messages values ($DATA, '\$DESTFILE', $RELEASE_TS);"
+TRAP="$TRAP; OUT=\"$(echo \"$QUERY\" | $DO_QUERY 2>&1)\";
+      [ -n \"\$OUT\" ] && echo \"delay:       failed register delayed mail in database: \$OUT\""
 
 QUERY
 DATA
diff --git a/procmail/sql-escape b/procmail/sql-escape
index 08d0903..02c090a 100644
--- a/procmail/sql-escape
+++ b/procmail/sql-escape
@@ -1,13 +1,13 @@
-SQ="'\\''"
-SQE="'\\\''"
-
 :0
 * DATA ?? .
 { 
+  # 1. replace ' with ''
+  # 2. add quotes to each line
+  # 3. swap comma outside
   DATA="`echo \"$DATA\" \
-    | sed -re 's,'\'','$SQE$SQE',g;' \
-          -e  's/^.*$/'\$SQE'&'\$SQE'/' \
-          -e  's/,'$SQE'$/'\$SQE',/'`"
+    | sed -re \"s,','',g\" \
+           -e \"s/^.*$/'&'/\" \
+           -e \"s/,'$/',/\"`"
 }
 
 :0 E