From: Joerg Jaspert <joerg@debian.org>
Date: Thu, 14 May 2009 19:46:17 +0000 (+0200)
Subject: Merge commit 'stew/master' into merge
X-Git-Url: https://git.decadent.org.uk/gitweb/?a=commitdiff_plain;h=88397f853b1673fbfbdfb399b7b98b6f4452bf6f;hp=ac248cc46170af4620aafd918cf3f7d593c4a9da;p=dak.git

Merge commit 'stew/master' into merge

* commit 'stew/master':
  must import pg...
  escape strings for comments on packages and comment authors

Signed-off-by: Joerg Jaspert <joerg@debian.org>
---

diff --git a/daklib/database.py b/daklib/database.py
index a5255568..fc8dd677 100755
--- a/daklib/database.py
+++ b/daklib/database.py
@@ -34,6 +34,7 @@ import sys
 import time
 import types
 import utils
+import pg
 from binary import Binary
 
 ################################################################################
@@ -907,7 +908,7 @@ def add_new_comment(package, version, comment, author):
 
     projectB.query(""" INSERT INTO new_comments (package, version, comment, author)
                        VALUES ('%s', '%s', '%s', '%s')
-    """ % (package, version, comment, author) )
+    """ % (package, version, pg.escape_string(comment), pg.escape_string(author)))
 
     return