X-Git-Url: https://git.decadent.org.uk/gitweb/?a=blobdiff_plain;f=daklib%2Fdatabase.py;h=fc8dd677d9dd0d91ed857a24ccea7648d0e98eaa;hb=99576eb9184993f1a169c9c2b6cbd5b1caee69af;hp=a995378b3db78116c967bd205a9086e828c9ef5d;hpb=48e5e5ee12f7c36e3272ec8d3dc0d6c43625d984;p=dak.git

diff --git a/daklib/database.py b/daklib/database.py
index a995378b..fc8dd677 100755
--- a/daklib/database.py
+++ b/daklib/database.py
@@ -34,6 +34,7 @@ import sys
 import time
 import types
 import utils
+import pg
 from binary import Binary
 
 ################################################################################
@@ -858,7 +859,7 @@ def get_new_comments(package):
                            """ % (package))
 
     for row in query.getresult():
-        comments.append("\nAuthor: %s\nVersion: %s\nTimestamp: %s\n\n%s\n" % (row[2], row[0], row[4], row[1]))
+        comments.append("\nAuthor: %s\nVersion: %s\nTimestamp: %s\n\n%s\n" % (row[2], row[0], row[3], row[1]))
         comments.append("-"*72)
 
     return comments
@@ -907,7 +908,7 @@ def add_new_comment(package, version, comment, author):
 
     projectB.query(""" INSERT INTO new_comments (package, version, comment, author)
                        VALUES ('%s', '%s', '%s', '%s')
-    """ % (package, version, comment, author) )
+    """ % (package, version, pg.escape_string(comment), pg.escape_string(author)))
 
     return