From 2145db53718d1c8f986e6c88e8765b2660754286 Mon Sep 17 00:00:00 2001 From: Chris Richardson Date: Thu, 18 Aug 2016 00:28:24 -0700 Subject: [PATCH] Fix SQLi in al_data->location al_data->location was vulnerable to an SQLi, this should? fix it... --- src/os_dbd/alert.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/os_dbd/alert.c b/src/os_dbd/alert.c index 47571307d..f5dbcf534 100644 --- a/src/os_dbd/alert.c +++ b/src/os_dbd/alert.c @@ -106,7 +106,8 @@ int OS_Alert_InsertDB(const alert_data *al_data, DBConfig *db_config) /* Escape strings */ osdb_escapestr(al_data->user); - + osdb_escapestr(al_data->location); + /* We first need to insert the location */ loc_id = (int *) OSHash_Get(db_config->location_hash, al_data->location);