SQL/ODBC: escape values in connection string
Values in connection strings must be escaped when they - contain a ; -> escape with " - start with ' -> escape with " - start with " -> escape with ' Fixes: QTBUG-122642 Change-Id: I1df638194067af5df94a34009e1547886fdf928c Reviewed-by: Axel Spoerl <axel.spoerl@qt.io> Reviewed-by: Thiago Macieira <thiago.macieira@intel.com> (cherry picked from commit 000d462bf93b21a9bbb46fdba631c09ba3eb9276) Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
This commit is contained in:
Christian Ehrlicher
Qt Cherry-pick Bot
parent
874f5c1f46
commit
0b5b6e7db2
@ -1918,6 +1918,18 @@ bool QODBCDriver::open(const QString & db,
|
|||||||
int,
|
int,
|
||||||
const QString& connOpts)
|
const QString& connOpts)
|
||||||
{
|
{
|
||||||
|
const auto ensureEscaped = [](QString arg) -> QString {
|
||||||
|
QChar quoteChar;
|
||||||
|
if (arg.startsWith(u'"'))
|
||||||
|
quoteChar = u'\'';
|
||||||
|
else if (arg.startsWith(u'\''))
|
||||||
|
quoteChar = u'"';
|
||||||
|
else if (arg.contains(u';'))
|
||||||
|
quoteChar = u'"';
|
||||||
|
else
|
||||||
|
return arg;
|
||||||
|
return quoteChar + arg + quoteChar;
|
||||||
|
};
|
||||||
Q_D(QODBCDriver);
|
Q_D(QODBCDriver);
|
||||||
if (isOpen())
|
if (isOpen())
|
||||||
close();
|
close();
|
||||||
@ -1953,17 +1965,17 @@ bool QODBCDriver::open(const QString & db,
|
|||||||
QString connQStr;
|
QString connQStr;
|
||||||
// support the "DRIVER={SQL SERVER};SERVER=blah" syntax
|
// support the "DRIVER={SQL SERVER};SERVER=blah" syntax
|
||||||
if (db.contains(".dsn"_L1, Qt::CaseInsensitive))
|
if (db.contains(".dsn"_L1, Qt::CaseInsensitive))
|
||||||
connQStr = "FILEDSN="_L1 + db;
|
connQStr = "FILEDSN="_L1 + ensureEscaped(db);
|
||||||
else if (db.contains("DRIVER="_L1, Qt::CaseInsensitive)
|
else if (db.contains("DRIVER="_L1, Qt::CaseInsensitive)
|
||||||
|| db.contains("SERVER="_L1, Qt::CaseInsensitive))
|
|| db.contains("SERVER="_L1, Qt::CaseInsensitive))
|
||||||
connQStr = db;
|
connQStr = ensureEscaped(db);
|
||||||
else
|
else
|
||||||
connQStr = "DSN="_L1 + db;
|
connQStr = "DSN="_L1 + ensureEscaped(db);
|
||||||
|
|
||||||
if (!user.isEmpty())
|
if (!user.isEmpty())
|
||||||
connQStr += ";UID="_L1 + user;
|
connQStr += ";UID="_L1 + ensureEscaped(user);
|
||||||
if (!password.isEmpty())
|
if (!password.isEmpty())
|
||||||
connQStr += ";PWD="_L1 + password;
|
connQStr += ";PWD="_L1 + ensureEscaped(password);
|
||||||
|
|
||||||
SQLSMALLINT cb;
|
SQLSMALLINT cb;
|
||||||
QVarLengthArray<SQLTCHAR, 1024> connOut(1024);
|
QVarLengthArray<SQLTCHAR, 1024> connOut(1024);
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user