remove null bytes from strings before creating sql statements in backup

1 files changed, 7 insertions, 2 deletions

diff --git a/src/main/java/eu/siacs/conversations/services/ExportBackupService.java b/src/main/java/eu/siacs/conversations/services/ExportBackupService.java
index f89434897..6cbb26ad1 100644
--- a/src/main/java/eu/siacs/conversations/services/ExportBackupService.java
+++ b/src/main/java/eu/siacs/conversations/services/ExportBackupService.java
@@ -15,6 +15,7 @@ import android.util.Log;
 
 import androidx.core.app.NotificationCompat;
 
+import com.google.common.base.CharMatcher;
 import com.google.common.base.Strings;
 
 import java.io.DataOutputStream;
@@ -114,7 +115,7 @@ public class ExportBackupService extends Service {
                     }
                     builder.append(intValue);
                 } else {
-                    DatabaseUtils.appendEscapedSQLString(builder, value);
+                    appendEscapedSQLString(builder, value);
                 }
             }
             builder.append(")");
@@ -127,6 +128,10 @@ public class ExportBackupService extends Service {
         writer.append(builder.toString());
     }
 
+    private static void appendEscapedSQLString(final StringBuilder sb, final String sqlString) {
+        DatabaseUtils.appendEscapedSQLString(sb, CharMatcher.is('\u0000').removeFrom(sqlString));
+    }
+
     private static void simpleExport(SQLiteDatabase db, String table, String column, String uuid, PrintWriter writer) {
         final Cursor cursor = db.query(table, null, column + "=?", new String[]{uuid}, null, null, null);
         while (cursor != null && cursor.moveToNext()) {
@@ -201,7 +206,7 @@ public class ExportBackupService extends Service {
             } else if (value.matches("[0-9]+")) {
                 builder.append(value);
             } else {
-                DatabaseUtils.appendEscapedSQLString(builder, value);
+                appendEscapedSQLString(builder, value);
             }
         }
         builder.append(")");