fix code injection in queries
This commit is contained in:
parent
b9e5409300
commit
b21c82ccd0
1 changed files with 7 additions and 7 deletions
|
@ -54,29 +54,29 @@ class DataBase(object):
|
||||||
|
|
||||||
with self.lock:
|
with self.lock:
|
||||||
self.cur.execute(
|
self.cur.execute(
|
||||||
"INSERT INTO bridge (room_id, channel_id) "
|
"INSERT INTO bridge (room_id, channel_id) VALUES (?, ?)",
|
||||||
f"VALUES ('{room_id}', '{channel_id}')"
|
[room_id, channel_id],
|
||||||
)
|
)
|
||||||
self.conn.commit()
|
self.conn.commit()
|
||||||
|
|
||||||
def add_user(self, mxid: str) -> None:
|
def add_user(self, mxid: str) -> None:
|
||||||
with self.lock:
|
with self.lock:
|
||||||
self.cur.execute(f"INSERT INTO users (mxid) VALUES ('{mxid}')")
|
self.cur.execute("INSERT INTO users (mxid) VALUES (?)", [mxid])
|
||||||
self.conn.commit()
|
self.conn.commit()
|
||||||
|
|
||||||
def add_avatar(self, avatar_url: str, mxid: str) -> None:
|
def add_avatar(self, avatar_url: str, mxid: str) -> None:
|
||||||
with self.lock:
|
with self.lock:
|
||||||
self.cur.execute(
|
self.cur.execute(
|
||||||
f"UPDATE users SET avatar_url = '{avatar_url}'"
|
"UPDATE users SET avatar_url = (?) WHERE mxid = (?)",
|
||||||
f"WHERE mxid = '{mxid}'"
|
[avatar_url, mxid],
|
||||||
)
|
)
|
||||||
self.conn.commit()
|
self.conn.commit()
|
||||||
|
|
||||||
def add_username(self, username: str, mxid: str) -> None:
|
def add_username(self, username: str, mxid: str) -> None:
|
||||||
with self.lock:
|
with self.lock:
|
||||||
self.cur.execute(
|
self.cur.execute(
|
||||||
f"UPDATE users SET username = '{username}'"
|
"UPDATE users SET username = (?) WHERE mxid = (?)",
|
||||||
f"WHERE mxid = '{mxid}'"
|
[username, mxid],
|
||||||
)
|
)
|
||||||
self.conn.commit()
|
self.conn.commit()
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue