fix code injection in queries
This commit is contained in:
parent
b9e5409300
commit
b21c82ccd0
1 changed files with 7 additions and 7 deletions
|
@ -54,29 +54,29 @@ class DataBase(object):
|
|||
|
||||
with self.lock:
|
||||
self.cur.execute(
|
||||
"INSERT INTO bridge (room_id, channel_id) "
|
||||
f"VALUES ('{room_id}', '{channel_id}')"
|
||||
"INSERT INTO bridge (room_id, channel_id) VALUES (?, ?)",
|
||||
[room_id, channel_id],
|
||||
)
|
||||
self.conn.commit()
|
||||
|
||||
def add_user(self, mxid: str) -> None:
|
||||
with self.lock:
|
||||
self.cur.execute(f"INSERT INTO users (mxid) VALUES ('{mxid}')")
|
||||
self.cur.execute("INSERT INTO users (mxid) VALUES (?)", [mxid])
|
||||
self.conn.commit()
|
||||
|
||||
def add_avatar(self, avatar_url: str, mxid: str) -> None:
|
||||
with self.lock:
|
||||
self.cur.execute(
|
||||
f"UPDATE users SET avatar_url = '{avatar_url}'"
|
||||
f"WHERE mxid = '{mxid}'"
|
||||
"UPDATE users SET avatar_url = (?) WHERE mxid = (?)",
|
||||
[avatar_url, mxid],
|
||||
)
|
||||
self.conn.commit()
|
||||
|
||||
def add_username(self, username: str, mxid: str) -> None:
|
||||
with self.lock:
|
||||
self.cur.execute(
|
||||
f"UPDATE users SET username = '{username}'"
|
||||
f"WHERE mxid = '{mxid}'"
|
||||
"UPDATE users SET username = (?) WHERE mxid = (?)",
|
||||
[username, mxid],
|
||||
)
|
||||
self.conn.commit()
|
||||
|
||||
|
|
Loading…
Reference in a new issue