kenmirrors
/
freeswitch
mirror of https://github.com/signalwire/freeswitch.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Code cleanup, saner way of stripping chars from string

This commit is contained in:
Daniel Swarbrick 2010-12-31 03:10:50 +01:00
parent a0d36d8f9d
commit 0e31a974d4
1 changed files with 20 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
src/mod/event_handlers/mod_cdr_pg_csv/mod_cdr_pg_csv.c
View File

@ -185,34 +185,37 @@ static void write_cdr(const char *path, const char *log_line)
switch_mutex_unlock(fd->mutex); switch_mutex_unlock(fd->mutex);
} }
static int save_cdr(const char* const table, const char* const template, const char* const cdr) static int save_cdr(const char * const table, const char * const template, const char * const cdr)
{ {
char* columns; char *columns, *values;
char* values; char *p, *q;
char* p;
unsigned clen;
unsigned vlen; unsigned vlen;
char* query; char *query;
const char* const query_template = "INSERT INTO %s (%s) VALUES (%s);"; PGresult *res;
PGresult* res; char *nullValues, *temp, *tp;
char *spaceColumns, *pt, *nullValues, *temp, *tp; int nullCounter = 0, charCounter = 0;
int spaceCounter = 0, nullCounter = 0, charCounter = 0;
if (!table || !*table || !template || !*template || !cdr || !*cdr) { if (!table || !*table || !template || !*template || !cdr || !*cdr) {
switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_CRIT, "Bad parameter\n"); switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_CRIT, "Bad parameter\n");
return 0; return 0;
} }
/* Build comma-separated list of field names by dropping $ { } ; chars */
columns = strdup(template); columns = strdup(template);
for (p = columns; *p; ++p) { for (p = columns, q = columns; *p; ++p) {
switch (*p) { switch (*p) {
case '$': case '"': case '{': case '}': case ';': case '$': case '"': case '{': case '}': case ';':
*p = ' ';
break; break;
default:
*q++ = *p;
} }
} }
clen = p - columns; *q = '\0';
/* In the expanded vars, replace double quotes (") with single quotes (')
* for corect PostgreSQL syntax, and replace semi-colon with space to
* prevent SQL injection attacks.
*/
values = strdup(cdr); values = strdup(cdr);
for (p = values; *p; ++p) { for (p = values; *p; ++p) {
switch(*p) { switch(*p) {
@ -227,31 +230,9 @@ static int save_cdr(const char* const table, const char* const template, const c
vlen = p - values; vlen = p - values;
/* /*
* Patch for changing spaces (; ;) in the template paterns to NULL * Patch for changing empty strings ('') in the expanded variables to
* (eg.) ; ; --PATCH--> null * Postgresql null
* - added new functionality - space removing
*/ */
for (p = columns; *p; ++p) {
if (*p == ' ') {
spaceCounter++;
}
}
spaceColumns = (char *) malloc(clen - spaceCounter + 1);
pt = spaceColumns;
for (p = columns; *p; ++p) {
if (*p != ' ') {
*pt=*p;
pt++;
}
}
*pt = 0;
pt = columns;
columns = spaceColumns;
free(pt);
for (p = values; *p; ++p) { for (p = values; *p; ++p) {
if (*p == ',') { if (*p == ',') {
if (charCounter == 0) { if (charCounter == 0) {
@ -331,8 +312,8 @@ static int save_cdr(const char* const table, const char* const template, const c
//----------------------------- END_OF_PATCH ------------------------------- //----------------------------- END_OF_PATCH -------------------------------
query = malloc(strlen(query_template) - 6 + strlen(table) + clen + vlen + 1); query = switch_mprintf("INSERT INTO %s (%s) VALUES (%s);", table, columns, values);
sprintf(query, query_template, table, columns, values); assert(query);
free(columns); free(columns);
free(values); free(values);