SQL query should use "?" and selectionArgs
Bug #880322 reported by
Koichi Akabe
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Tomdroid |
Fix Released
|
High
|
Unassigned |
Bug Description
At getListAdapter() function in src/org/
We can find the following codes:
where = where + "("+Note.TITLE+" LIKE '%"+string+"%' OR "+Note.
But this code can cause the bug in some cases of search queries. (like: %' )
The search query string is added to SQL code. If the search query contains brackets or other codes, it can be unexpected SQL.
Please see an attached patch for specific methods.
Related branches
lp:~vbkaisetsu/tomdroid/sql-args
Superseded
for merging
into
lp:~tomdroid-maintainers/tomdroid/main
- Olivier Bilodeau: Needs Fixing
-
Diff: 440 lines (+190/-33)5 files modifiedsrc/org/tomdroid/Note.java (+7/-1)
src/org/tomdroid/NoteManager.java (+42/-14)
src/org/tomdroid/NoteProvider.java (+73/-18)
src/org/tomdroid/sync/sd/NoteHandler.java (+17/-0)
src/org/tomdroid/util/StringConverter.java (+51/-0)
description: | updated |
Changed in tomdroid: | |
assignee: | nobody → Koichi Akabe (vbkaisetsu) |
Changed in tomdroid: | |
status: | New → In Progress |
description: | updated |
Changed in tomdroid: | |
importance: | Undecided → High |
Changed in tomdroid: | |
milestone: | none → 0.5.1 |
Changed in tomdroid: | |
assignee: | Koichi Akabe (vbkaisetsu) → nobody |
Changed in tomdroid: | |
status: | In Progress → Confirmed |
status: | Confirmed → Invalid |
status: | Invalid → In Progress |
To post a comment you must log in.
It's already fixed on 0.7