From 8dd07cc3b6f7e19f97c18e7a3acc71335507f36b Mon Sep 17 00:00:00 2001
From: "cyeh%bluemartini.com" <>
Date: Thu, 29 Jun 2000 00:54:11 +0000
Subject: fix for bug #44040 "sanitycheck.cgi dies if apostrophes in product,
 component, version, or milestone". thanks to dave@intrec.com (Dave Miller)
 for the patch

---
 sanitycheck.cgi | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'sanitycheck.cgi')

diff --git a/sanitycheck.cgi b/sanitycheck.cgi
index ee6d5e188..e381aaa82 100755
--- a/sanitycheck.cgi
+++ b/sanitycheck.cgi
@@ -188,7 +188,7 @@ while (@row = FetchSQLData()) {
 
 foreach my $ref (@checklist) {
     my ($product, $version) = (@$ref);
-    SendSQL("select count(*) from versions where program = '$product' and value = '$version'");
+    SendSQL("select count(*) from versions where program = " . SqlQuote($product) . " and value = " . SqlQuote($version));
     if (FetchOneColumn() != 1) {
         Alert("Bug(s) found with invalid product/version: $product/$version");
     }
@@ -206,7 +206,7 @@ while (@row = FetchSQLData()) {
 
 foreach my $ref (@checklist) {
     my ($product, $milestone) = (@$ref);
-    SendSQL("SELECT count(*) FROM milestones WHERE product = '$product' AND value = '$milestone'");
+    SendSQL("SELECT count(*) FROM milestones WHERE product = " . SqlQuote($product) . " AND value = " . SqlQuote($milestone));
     if(FetchOneColumn() != 1) {
         Alert("Bug(s) found with invalud product/milestone: $product/$milestone");
     }
@@ -225,7 +225,7 @@ while (@row = FetchSQLData()) {
 
 foreach my $ref (@checklist) {
     my ($product, $component) = (@$ref);
-    SendSQL("select count(*) from components where program = '$product' and value = '$component'");
+    SendSQL("select count(*) from components where program = " . SqlQuote($product) . " and value = " . SqlQuote($component));
     if (FetchOneColumn() != 1) {
         Alert("Bug(s) found with invalid product/component: $product/$component");
     }
-- 
cgit v1.2.3-24-g4f1b