diff options
author | Daniel Gultsch <daniel@gultsch.de> | 2022-08-04 12:31:58 +0300 |
---|---|---|
committer | Daniel Gultsch <daniel@gultsch.de> | 2022-08-04 12:31:58 +0300 |
commit | 67f021426bc94699c3ce3b066a61c3a3babe40a1 (patch) | |
tree | 20d655e242b1d7a4cc6c090b8d420ad5b4c7807e | |
parent | 62a379862e3ccbcaa4631960da4dedeaa9e0517d (diff) |
remove null bytes from strings before creating sql statements in backup
-rw-r--r-- | src/main/java/eu/siacs/conversations/services/ExportBackupService.java | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/src/main/java/eu/siacs/conversations/services/ExportBackupService.java b/src/main/java/eu/siacs/conversations/services/ExportBackupService.java index f89434897..6cbb26ad1 100644 --- a/src/main/java/eu/siacs/conversations/services/ExportBackupService.java +++ b/src/main/java/eu/siacs/conversations/services/ExportBackupService.java @@ -15,6 +15,7 @@ import android.util.Log; import androidx.core.app.NotificationCompat; +import com.google.common.base.CharMatcher; import com.google.common.base.Strings; import java.io.DataOutputStream; @@ -114,7 +115,7 @@ public class ExportBackupService extends Service { } builder.append(intValue); } else { - DatabaseUtils.appendEscapedSQLString(builder, value); + appendEscapedSQLString(builder, value); } } builder.append(")"); @@ -127,6 +128,10 @@ public class ExportBackupService extends Service { writer.append(builder.toString()); } + private static void appendEscapedSQLString(final StringBuilder sb, final String sqlString) { + DatabaseUtils.appendEscapedSQLString(sb, CharMatcher.is('\u0000').removeFrom(sqlString)); + } + private static void simpleExport(SQLiteDatabase db, String table, String column, String uuid, PrintWriter writer) { final Cursor cursor = db.query(table, null, column + "=?", new String[]{uuid}, null, null, null); while (cursor != null && cursor.moveToNext()) { @@ -201,7 +206,7 @@ public class ExportBackupService extends Service { } else if (value.matches("[0-9]+")) { builder.append(value); } else { - DatabaseUtils.appendEscapedSQLString(builder, value); + appendEscapedSQLString(builder, value); } } builder.append(")"); |