summaryrefslogtreecommitdiffstats
path: root/attachment.cgi
diff options
context:
space:
mode:
authormkanat%kerio.com <>2005-03-18 12:23:54 +0100
committermkanat%kerio.com <>2005-03-18 12:23:54 +0100
commit026808687250a3e1c2415c1967e1a48abeba217b (patch)
tree097746c95cdaa454e980625bdfc69b6bf4a2d5bc /attachment.cgi
parent17844d976d7036582f7b8204bdde7ac2429b1a38 (diff)
downloadbugzilla-026808687250a3e1c2415c1967e1a48abeba217b.tar.gz
bugzilla-026808687250a3e1c2415c1967e1a48abeba217b.tar.xz
Bug 285740: DBD::Pg must have the PG_BYTEA type specified for inserting BLOBs
Patch By Max Kanat-Alexander <mkanat@kerio.com> r=Tomas.Kopal, a=justdave
Diffstat (limited to 'attachment.cgi')
-rwxr-xr-xattachment.cgi14
1 files changed, 11 insertions, 3 deletions
diff --git a/attachment.cgi b/attachment.cgi
index bffba5bc4..054c8e62a 100755
--- a/attachment.cgi
+++ b/attachment.cgi
@@ -913,7 +913,6 @@ sub insert
$filename = SqlQuote($filename);
my $description = SqlQuote($::FORM{'description'});
my $contenttype = SqlQuote($::FORM{'contenttype'});
- my $thedata = SqlQuote($data);
my $isprivate = $::FORM{'isprivate'} ? 1 : 0;
# Figure out when the changes were made.
@@ -921,8 +920,17 @@ sub insert
my $sql_timestamp = SqlQuote($timestamp);
# Insert the attachment into the database.
- SendSQL("INSERT INTO attachments (bug_id, creation_ts, filename, description, mimetype, ispatch, isprivate, submitter_id, thedata)
- VALUES ($::FORM{'bugid'}, $sql_timestamp, $filename, $description, $contenttype, $::FORM{'ispatch'}, $isprivate, $::userid, $thedata)");
+ my $sth = $dbh->prepare("INSERT INTO attachments
+ (thedata, bug_id, creation_ts, filename, description,
+ mimetype, ispatch, isprivate, submitter_id)
+ VALUES (?, $::FORM{'bugid'}, $sql_timestamp, $filename,
+ $description, $contenttype, $::FORM{'ispatch'},
+ $isprivate, $::userid)");
+ # We only use $data here in this INSERT with a placeholder,
+ # so it's safe.
+ trick_taint($data);
+ $sth->bind_param(1, $data, $dbh->BLOB_TYPE);
+ $sth->execute();
# Retrieve the ID of the newly created attachment record.
my $attachid = $dbh->bz_last_key('attachments', 'attach_id');