kenmirrors
/
freeswitch
mirror of https://github.com/signalwire/freeswitch.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

FS-9652: improve sql sanitization

This commit is contained in:
Mike Jerris 2016-11-11 11:27:35 -06:00
parent 53dbe5d84a
commit e1b3ee1efd
20 changed files with 148 additions and 145 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
src/mod/applications/mod_callcenter/mod_callcenter.c
View File

@ -2379,9 +2379,9 @@ static int members_callback(void *pArg, int argc, char **argv, char **columnName
switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_DEBUG, "Queue '%s' changed strategy, adjusting member parameters", queue_name);
/* member was ring-all, becomes ring-progressively (no state change because of strategy similarities) */
if (!strcasecmp(queue_strategy, "ring-progressively")) {
sql = switch_mprintf("UPDATE members SET serving_agent = 'ring-progressively' WHERE uuid = '%s' AND state = '%s' AND serving_agent = 'ring-all'", cbt.member_uuid, cc_member_state2str(CC_MEMBER_STATE_TRYING));
sql = switch_mprintf("UPDATE members SET serving_agent = 'ring-progressively' WHERE uuid = '%q' AND state = '%q' AND serving_agent = 'ring-all'", cbt.member_uuid, cc_member_state2str(CC_MEMBER_STATE_TRYING));
} else {
sql = switch_mprintf("UPDATE members SET serving_agent = '', state = '%s' WHERE uuid = '%s' AND state = '%s' AND serving_agent = 'ring-all'", cc_member_state2str(CC_MEMBER_STATE_WAITING), cbt.member_uuid, cc_member_state2str(CC_MEMBER_STATE_TRYING));
sql = switch_mprintf("UPDATE members SET serving_agent = '', state = '%q' WHERE uuid = '%q' AND state = '%q' AND serving_agent = 'ring-all'", cc_member_state2str(CC_MEMBER_STATE_WAITING), cbt.member_uuid, cc_member_state2str(CC_MEMBER_STATE_TRYING));
}
cc_execute_sql(NULL, sql, NULL);
switch_safe_free(sql);
@ -2391,9 +2391,9 @@ static int members_callback(void *pArg, int argc, char **argv, char **columnName
switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_DEBUG, "Queue '%s' changed strategy, adjusting member parameters", queue_name);
/* member was ring-progressively, becomes ring-all (no state change because of strategy similarities) */
if (!strcasecmp(queue_strategy, "ring-all")) {
sql = switch_mprintf("UPDATE members SET serving_agent = 'ring-all' WHERE uuid = '%s' AND state = '%s' AND serving_agent = 'ring-progressively'", cbt.member_uuid, cc_member_state2str(CC_MEMBER_STATE_TRYING));
sql = switch_mprintf("UPDATE members SET serving_agent = 'ring-all' WHERE uuid = '%q' AND state = '%q' AND serving_agent = 'ring-progressively'", cbt.member_uuid, cc_member_state2str(CC_MEMBER_STATE_TRYING));
} else {
sql = switch_mprintf("UPDATE members SET serving_agent = '', state = '%s' WHERE uuid = '%s' AND state = '%s' AND serving_agent = 'ring-progressively'", cc_member_state2str(CC_MEMBER_STATE_WAITING), cbt.member_uuid, cc_member_state2str(CC_MEMBER_STATE_TRYING));
sql = switch_mprintf("UPDATE members SET serving_agent = '', state = '%q' WHERE uuid = '%q' AND state = '%q' AND serving_agent = 'ring-progressively'", cc_member_state2str(CC_MEMBER_STATE_WAITING), cbt.member_uuid, cc_member_state2str(CC_MEMBER_STATE_TRYING));
}
cc_execute_sql(NULL, sql, NULL);
switch_safe_free(sql);
@ -2403,9 +2403,9 @@ static int members_callback(void *pArg, int argc, char **argv, char **columnName
switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_DEBUG, "Queue '%s' changed strategy, adjusting member parameters", queue_name);
/* member was ring-progressively, its state is already set to TRYING */
if (!strcasecmp(serving_agent, "ring-progressively")) {
sql = switch_mprintf("UPDATE members SET serving_agent = 'ring-all' WHERE uuid = '%s' AND state = '%s' AND serving_agent = 'ring-progressively'", cbt.member_uuid, cc_member_state2str(CC_MEMBER_STATE_TRYING));
sql = switch_mprintf("UPDATE members SET serving_agent = 'ring-all' WHERE uuid = '%q' AND state = '%q' AND serving_agent = 'ring-progressively'", cbt.member_uuid, cc_member_state2str(CC_MEMBER_STATE_TRYING));
} else {
sql = switch_mprintf("UPDATE members SET serving_agent = 'ring-all', state = '%s' WHERE uuid = '%s' AND state = '%s' AND serving_agent = ''", cc_member_state2str(CC_MEMBER_STATE_TRYING), cbt.member_uuid, cc_member_state2str(CC_MEMBER_STATE_WAITING));
sql = switch_mprintf("UPDATE members SET serving_agent = 'ring-all', state = '%q' WHERE uuid = '%q' AND state = '%q' AND serving_agent = ''", cc_member_state2str(CC_MEMBER_STATE_TRYING), cbt.member_uuid, cc_member_state2str(CC_MEMBER_STATE_WAITING));
}
cc_execute_sql(NULL, sql, NULL);
switch_safe_free(sql);
@ -2415,9 +2415,9 @@ static int members_callback(void *pArg, int argc, char **argv, char **columnName
switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_DEBUG, "Queue '%s' changed strategy, adjusting member parameters", queue_name);
/* member was ring-all, its state is already set to TRYING */
if (!strcasecmp(serving_agent, "ring-all")) {
sql = switch_mprintf("UPDATE members SET serving_agent = 'ring-progressively' WHERE uuid = '%s' AND state = '%s' AND serving_agent = 'ring-all'", cbt.member_uuid, cc_member_state2str(CC_MEMBER_STATE_TRYING));
sql = switch_mprintf("UPDATE members SET serving_agent = 'ring-progressively' WHERE uuid = '%q' AND state = '%q' AND serving_agent = 'ring-all'", cbt.member_uuid, cc_member_state2str(CC_MEMBER_STATE_TRYING));
} else {
sql = switch_mprintf("UPDATE members SET serving_agent = 'ring-progressively', state = '%s' WHERE uuid = '%s' AND state = '%s' AND serving_agent = ''", cc_member_state2str(CC_MEMBER_STATE_TRYING), cbt.member_uuid, cc_member_state2str(CC_MEMBER_STATE_WAITING));
sql = switch_mprintf("UPDATE members SET serving_agent = 'ring-progressively', state = '%q' WHERE uuid = '%q' AND state = '%q' AND serving_agent = ''", cc_member_state2str(CC_MEMBER_STATE_TRYING), cbt.member_uuid, cc_member_state2str(CC_MEMBER_STATE_WAITING));
}
cc_execute_sql(NULL, sql, NULL);
switch_safe_free(sql);

58
src/mod/applications/mod_commands/mod_commands.c
View File

@ -103,7 +103,7 @@ static switch_status_t select_url(const char *user,
if (exclude_contact) {
sql = switch_mprintf("select url, '%q' "
"from registrations where reg_user='%q' and realm='%q' "
"and url not like '%%%s%%'", (concat != NULL) ? concat : "", user, domain, exclude_contact);
"and url not like '%%%q%%'", (concat != NULL) ? concat : "", user, domain, exclude_contact);
} else {
sql = switch_mprintf("select url, '%q' "
"from registrations where reg_user='%q' and realm='%q'",
@ -5409,33 +5409,33 @@ SWITCH_STANDARD_API(show_function)
if (end_of(command) == 's') {
end_of(command) = '\0';
}
sprintf(sql, "select type, name, ikey from interfaces where hostname='%s' and type = '%s' order by type,name", switch_core_get_hostname(), command);
switch_snprintfv(sql, sizeof(sql), "select type, name, ikey from interfaces where hostname='%q' and type = '%q' order by type,name", switch_core_get_hostname(), command);
} else if (!strncasecmp(command, "module", 6)) {
if (argv[1] && strcasecmp(argv[1], "as")) {
sprintf(sql, "select distinct type, name, ikey, filename from interfaces where hostname='%s' and ikey = '%s' order by type,name",
switch_snprintfv(sql, sizeof(sql), "select distinct type, name, ikey, filename from interfaces where hostname='%q' and ikey = '%q' order by type,name",
switch_core_get_hostname(), argv[1]);
} else {
sprintf(sql, "select distinct type, name, ikey, filename from interfaces where hostname='%s' order by type,name", switch_core_get_hostname());
switch_snprintfv(sql, sizeof(sql), "select distinct type, name, ikey, filename from interfaces where hostname='%q' order by type,name", switch_core_get_hostname());
}
} else if (!strcasecmp(command, "interfaces")) {
sprintf(sql, "select type, name, ikey from interfaces where hostname='%s' order by type,name", switch_core_get_hostname());
switch_snprintfv(sql, sizeof(sql), "select type, name, ikey from interfaces where hostname='%q' order by type,name", switch_core_get_hostname());
} else if (!strcasecmp(command, "interface_types")) {
sprintf(sql, "select type,count(type) as total from interfaces where hostname='%s' group by type order by type", switch_core_get_switchname());
switch_snprintfv(sql, sizeof(sql), "select type,count(type) as total from interfaces where hostname='%q' group by type order by type", switch_core_get_switchname());
} else if (!strcasecmp(command, "tasks")) {
sprintf(sql, "select * from %s where hostname='%s'", command, switch_core_get_hostname());
switch_snprintfv(sql, sizeof(sql), "select * from %q where hostname='%q'", command, switch_core_get_hostname());
} else if (!strcasecmp(command, "application") || !strcasecmp(command, "api")) {
if (argv[1] && strcasecmp(argv[1], "as")) {
sprintf(sql,
"select name, description, syntax, ikey from interfaces where hostname='%s' and type = '%s' and description != '' and name = '%s' order by type,name",
switch_snprintfv(sql, sizeof(sql),
"select name, description, syntax, ikey from interfaces where hostname='%q' and type = '%q' and description != '' and name = '%q' order by type,name",
switch_core_get_hostname(), command, argv[1]);
} else {
sprintf(sql, "select name, description, syntax, ikey from interfaces where hostname='%s' and type = '%s' and description != '' order by type,name", switch_core_get_hostname(), command);
switch_snprintfv(sql, sizeof(sql), "select name, description, syntax, ikey from interfaces where hostname='%q' and type = '%q' and description != '' order by type,name", switch_core_get_hostname(), command);
}
/* moved refreshable webpage show commands i.e. show calls|registrations|channels||detailed_calls|bridged_calls|detailed_bridged_calls */
} else if (!strcasecmp(command, "aliases")) {
sprintf(sql, "select * from aliases where hostname='%s' order by alias", switch_core_get_switchname());
switch_snprintfv(sql, sizeof(sql), "select * from aliases where hostname='%q' order by alias", switch_core_get_switchname());
} else if (!strcasecmp(command, "complete")) {
sprintf(sql, "select * from complete where hostname='%s' order by a1,a2,a3,a4,a5,a6,a7,a8,a9,a10", switch_core_get_switchname());
switch_snprintfv(sql, sizeof(sql), "select * from complete where hostname='%q' order by a1,a2,a3,a4,a5,a6,a7,a8,a9,a10", switch_core_get_switchname());
} else if (!strncasecmp(command, "help", 4)) {
char *cmdname = NULL;
@ -5444,18 +5444,18 @@ SWITCH_STANDARD_API(show_function)
if ((cmdname = strchr(command, ' ')) && strcasecmp(cmdname, "as")) {
*cmdname++ = '\0';
switch_snprintfv(sql, sizeof(sql),
"select name, syntax, description, ikey from interfaces where hostname='%s' and type = 'api' and name = '%q' order by name",
"select name, syntax, description, ikey from interfaces where hostname='%q' and type = 'api' and name = '%q' order by name",
switch_core_get_hostname(), cmdname);
} else {
switch_snprintfv(sql, sizeof(sql), "select name, syntax, description, ikey from interfaces where hostname='%q' and type = 'api' order by name", switch_core_get_hostname());
}
} else if (!strcasecmp(command, "nat_map")) {
switch_snprintf(sql, sizeof(sql) - 1,
switch_snprintfv(sql, sizeof(sql) - 1,
"SELECT port, "
" CASE proto "
" WHEN 0 THEN 'udp' "
" WHEN 1 THEN 'tcp' "
" ELSE 'unknown' " " END AS proto, " " proto AS proto_num, " " sticky " " FROM nat where hostname='%s' ORDER BY port, proto", switch_core_get_hostname());
" ELSE 'unknown' " " END AS proto, " " proto AS proto_num, " " sticky " " FROM nat where hostname='%q' ORDER BY port, proto", switch_core_get_hostname());
} else {
/* from here on refreshable commands: calls|registrations|channels||detailed_calls|bridged_calls|detailed_bridged_calls */
if (holder.format->api) {
@ -5474,18 +5474,18 @@ SWITCH_STANDARD_API(show_function)
}
if (!strcasecmp(command, "calls")) {
sprintf(sql, "select * from basic_calls where hostname='%s' order by call_created_epoch", switch_core_get_switchname());
switch_snprintfv(sql, sizeof(sql), "select * from basic_calls where hostname='%q' order by call_created_epoch", switch_core_get_switchname());
if (argv[1] && !strcasecmp(argv[1], "count")) {
sprintf(sql, "select count(*) from basic_calls where hostname='%s'", switch_core_get_switchname());
switch_snprintfv(sql, sizeof(sql), "select count(*) from basic_calls where hostname='%q'", switch_core_get_switchname());
holder.justcount = 1;
if (argv[3] && !strcasecmp(argv[2], "as")) {
as = argv[3];
}
}
} else if (!strcasecmp(command, "registrations")) {
sprintf(sql, "select * from registrations where hostname='%s'", switch_core_get_switchname());
switch_snprintfv(sql, sizeof(sql), "select * from registrations where hostname='%q'", switch_core_get_switchname());
if (argv[1] && !strcasecmp(argv[1], "count")) {
sprintf(sql, "select count(*) from registrations where hostname='%s'", switch_core_get_switchname());
switch_snprintfv(sql, sizeof(sql), "select count(*) from registrations where hostname='%q'", switch_core_get_switchname());
holder.justcount = 1;
if (argv[3] && !strcasecmp(argv[2], "as")) {
as = argv[3];
@ -5500,41 +5500,41 @@ SWITCH_STANDARD_API(show_function)
}
}
if (strchr(argv[2], '%')) {
sprintf(sql,
"select * from channels where hostname='%s' and uuid like '%s' or name like '%s' or cid_name like '%s' or cid_num like '%s' or presence_data like '%s' or accountcode like '%s' order by created_epoch",
switch_snprintfv(sql, sizeof(sql),
"select * from channels where hostname='%q' and uuid like '%q' or name like '%q' or cid_name like '%q' or cid_num like '%q' or presence_data like '%q' or accountcode like '%q' order by created_epoch",
switch_core_get_switchname(), argv[2], argv[2], argv[2], argv[2], argv[2], argv[2]);
} else {
sprintf(sql,
"select * from channels where hostname='%s' and uuid like '%%%s%%' or name like '%%%s%%' or cid_name like '%%%s%%' or cid_num like '%%%s%%' or presence_data like '%%%s%%' or accountcode like '%%%s%%' order by created_epoch",
switch_snprintfv(sql, sizeof(sql),
"select * from channels where hostname='%q' and uuid like '%%%q%%' or name like '%%%q%%' or cid_name like '%%%q%%' or cid_num like '%%%q%%' or presence_data like '%%%q%%' or accountcode like '%%%q%%' order by created_epoch",
switch_core_get_switchname(), argv[2], argv[2], argv[2], argv[2], argv[2], argv[2]);
}
if (argv[4] && !strcasecmp(argv[3], "as")) {
as = argv[4];
}
} else {
sprintf(sql, "select * from channels where hostname='%s' order by created_epoch", switch_core_get_switchname());
switch_snprintfv(sql, sizeof(sql), "select * from channels where hostname='%q' order by created_epoch", switch_core_get_switchname());
}
} else if (!strcasecmp(command, "channels")) {
sprintf(sql, "select * from channels where hostname='%s' order by created_epoch", switch_core_get_switchname());
switch_snprintfv(sql, sizeof(sql), "select * from channels where hostname='%q' order by created_epoch", switch_core_get_switchname());
if (argv[1] && !strcasecmp(argv[1], "count")) {
sprintf(sql, "select count(*) from channels where hostname='%s'", switch_core_get_switchname());
switch_snprintfv(sql, sizeof(sql), "select count(*) from channels where hostname='%q'", switch_core_get_switchname());
holder.justcount = 1;
if (argv[3] && !strcasecmp(argv[2], "as")) {
as = argv[3];
}
}
} else if (!strcasecmp(command, "detailed_calls")) {
sprintf(sql, "select * from detailed_calls where hostname='%s' order by created_epoch", switch_core_get_switchname());
switch_snprintfv(sql, sizeof(sql), "select * from detailed_calls where hostname='%q' order by created_epoch", switch_core_get_switchname());
if (argv[2] && !strcasecmp(argv[1], "as")) {
as = argv[2];
}
} else if (!strcasecmp(command, "bridged_calls")) {
sprintf(sql, "select * from basic_calls where b_uuid is not null and hostname='%s' order by created_epoch", switch_core_get_switchname());
switch_snprintfv(sql, sizeof(sql), "select * from basic_calls where b_uuid is not null and hostname='%q' order by created_epoch", switch_core_get_switchname());
if (argv[2] && !strcasecmp(argv[1], "as")) {
as = argv[2];
}
} else if (!strcasecmp(command, "detailed_bridged_calls")) {
sprintf(sql, "select * from detailed_calls where b_uuid is not null and hostname='%s' order by created_epoch", switch_core_get_switchname());
switch_snprintfv(sql, sizeof(sql), "select * from detailed_calls where b_uuid is not null and hostname='%q' order by created_epoch", switch_core_get_switchname());
if (argv[2] && !strcasecmp(argv[1], "as")) {
as = argv[2];
}

11
src/mod/applications/mod_directory/mod_directory.c
View File

@ -863,14 +863,17 @@ switch_status_t navigate_entrys(switch_core_session_t *session, dir_profile_t *p
cbt.len = sizeof(entry_count);
if (params->search_by == SEARCH_BY_FIRST_AND_LAST_NAME) {
sql_where = switch_mprintf("hostname = '%q' and uuid = '%q' and name_visible = 1 and (%s like '%q%%' or %s like '%q%%')",
sql_where = switch_mprintf("hostname = '%q' and uuid = '%q' and name_visible = 1 and (%q like '%q%%' or %q like '%q%%')",
globals.hostname, switch_core_session_get_uuid(session), "last_name_digit", params->digits, "first_name_digit", params->digits);
} else if (params->search_by == SEARCH_BY_FULL_NAME) {
sql_where = switch_mprintf("hostname = '%q' and uuid = '%q' and name_visible = 1 and full_name_digit like '%%%q%%'",
globals.hostname, switch_core_session_get_uuid(session), "last_name_digit", params->digits, "first_name_digit", params->digits);
globals.hostname, switch_core_session_get_uuid(session), params->digits);
} else if (params->search_by == SEARCH_BY_LAST_NAME) {
sql_where = switch_mprintf("hostname = '%q' and uuid = '%q' and name_visible = 1 and last_name_digit like '%q%%'",
globals.hostname, switch_core_session_get_uuid(session), params->digits);
} else {
sql_where = switch_mprintf("hostname = '%q' and uuid = '%q' and name_visible = 1 and %s like '%q%%'",
globals.hostname, switch_core_session_get_uuid(session), (params->search_by == SEARCH_BY_LAST_NAME ? "last_name_digit" : "first_name_digit"), params->digits);
sql_where = switch_mprintf("hostname = '%q' and uuid = '%q' and name_visible = 1 and first_name_digit like '%q%%'",
globals.hostname, switch_core_session_get_uuid(session), params->digits);
}
sql = switch_mprintf("select count(*) from (select distinct first_name, last_name, extension from directory_search where %s) AS dsearch", sql_where);

10
src/mod/applications/mod_fifo/mod_fifo.c
View File

@ -1619,7 +1619,7 @@ static void *SWITCH_THREAD_FUNC outbound_ringall_thread_run(switch_thread_t *thr
for (i = 0; i < cbh->rowcount; i++) {
struct call_helper *h = cbh->rows[i];
char *sql = switch_mprintf("update fifo_outbound set ring_count=ring_count+1 where uuid='%s'", h->uuid);
char *sql = switch_mprintf("update fifo_outbound set ring_count=ring_count+1 where uuid='%q'", h->uuid);
fifo_execute_sql_queued(&sql, SWITCH_TRUE, SWITCH_TRUE);
}
@ -1844,7 +1844,7 @@ static void *SWITCH_THREAD_FUNC outbound_enterprise_thread_run(switch_thread_t *
switch_event_fire(&event);
}
sql = switch_mprintf("update fifo_outbound set ring_count=ring_count+1 where uuid='%s'", h->uuid);
sql = switch_mprintf("update fifo_outbound set ring_count=ring_count+1 where uuid='%q'", h->uuid);
fifo_execute_sql_queued(&sql, SWITCH_TRUE, SWITCH_TRUE);
status = switch_ivr_originate(NULL, &session, &cause, originate_string, h->timeout, NULL, NULL, NULL, NULL, ovars, SOF_NONE, NULL);
@ -3358,7 +3358,7 @@ SWITCH_STANDARD_APP(fifo_function)
cancel_consumer_outbound_call(outbound_id, SWITCH_CAUSE_ORIGINATOR_CANCEL);
add_bridge_call(outbound_id);
sql = switch_mprintf("update fifo_outbound set stop_time=0,start_time=%ld,use_count=use_count+1,outbound_fail_count=0 where uuid='%s'",
sql = switch_mprintf("update fifo_outbound set stop_time=0,start_time=%ld,use_count=use_count+1,outbound_fail_count=0 where uuid='%q'",
switch_epoch_time_now(NULL), outbound_id);
fifo_execute_sql_queued(&sql, SWITCH_TRUE, SWITCH_TRUE);
@ -3439,7 +3439,7 @@ SWITCH_STANDARD_APP(fifo_function)
sql = switch_mprintf("update fifo_outbound set stop_time=%ld, use_count=use_count-1, "
"outbound_call_total_count=outbound_call_total_count+1, "
"outbound_call_count=outbound_call_count+1, next_avail=%ld + lag + 1 where uuid='%s' and use_count > 0",
"outbound_call_count=outbound_call_count+1, next_avail=%ld + lag + 1 where uuid='%q' and use_count > 0",
now, now, outbound_id);
fifo_execute_sql_queued(&sql, SWITCH_TRUE, SWITCH_TRUE);
@ -3788,7 +3788,7 @@ static int xml_outbound(switch_xml_t xml, fifo_node_t *node, char *container, ch
char *sql;
if (!strcmp(node->name, MANUAL_QUEUE_NAME)) {
sql = switch_mprintf("select uuid, '%s', originate_string, simo_count, use_count, timeout,"
sql = switch_mprintf("select uuid, '%q', originate_string, simo_count, use_count, timeout,"
"lag, next_avail, expires, static, outbound_call_count, outbound_fail_count,"
"hostname, taking_calls, status, outbound_call_total_count, outbound_fail_total_count, active_time, inactive_time,"
"manual_calls_out_count, manual_calls_in_count, manual_calls_out_total_count, manual_calls_in_total_count from fifo_outbound "

4
src/mod/applications/mod_nibblebill/mod_nibblebill.c
View File

@ -387,7 +387,7 @@ static switch_bool_t bill_event(double billamount, const char *billaccount, swit
sql = globals.custom_sql_save;
}
} else {
sql = dsql = switch_mprintf("UPDATE %s SET %s=%s- %f WHERE %s='%s'", globals.db_table, globals.db_column_cash,
sql = dsql = switch_mprintf("UPDATE %q SET %q=%q- %f WHERE %q='%q'", globals.db_table, globals.db_column_cash,
globals.db_column_cash, billamount, globals.db_column_account, billaccount);
}
@ -415,7 +415,7 @@ static double get_balance(const char *billaccount, switch_channel_t *channel)
sql = globals.custom_sql_lookup;
}
} else {
sql = dsql = switch_mprintf("SELECT %s AS nibble_balance FROM %s WHERE %s='%s'",
sql = dsql = switch_mprintf("SELECT %q AS nibble_balance FROM %q WHERE %q='%q'",
globals.db_column_cash, globals.db_table, globals.db_column_account, billaccount);
}

2
src/mod/applications/mod_snom/mod_snom.c
View File

@ -172,7 +172,7 @@ SWITCH_STANDARD_API(snom_command_api_function)
goto end;
}
sql = switch_mprintf("select network_ip from registrations where url = '%s'", apiresp);
sql = switch_mprintf("select network_ip from registrations where url = '%q'", apiresp);
ret = switch_cache_db_execute_sql2str(db, sql, host, sizeof(host), NULL);
switch_safe_free(sql);

36
src/mod/applications/mod_voicemail/mod_voicemail.c
View File

@ -1778,7 +1778,7 @@ static switch_status_t listen_file(switch_core_session_t *session, vm_profile_t
}
} else if (!strcmp(input, profile->delete_file_key) || (!strcmp(input, profile->email_key) && !zstr(cbt->email))) {
char *sql = switch_mprintf("update voicemail_msgs set flags='delete' where uuid='%s'", cbt->uuid);
char *sql = switch_mprintf("update voicemail_msgs set flags='delete' where uuid='%q'", cbt->uuid);
vm_execute_sql(profile, sql, profile->mutex);
switch_safe_free(sql);
if (!strcmp(input, profile->email_key) && !zstr(cbt->email)) {
@ -1891,7 +1891,7 @@ static switch_status_t listen_file(switch_core_session_t *session, vm_profile_t
TRY_CODE(switch_ivr_phrase_macro(session, VM_ACK_MACRO, "deleted", NULL, NULL));
}
} else {
char *sql = switch_mprintf("update voicemail_msgs set flags='save' where uuid='%s'", cbt->uuid);
char *sql = switch_mprintf("update voicemail_msgs set flags='save' where uuid='%q'", cbt->uuid);
vm_execute_sql(profile, sql, profile->mutex);
switch_safe_free(sql);
TRY_CODE(switch_ivr_phrase_macro(session, VM_ACK_MACRO, "saved", NULL, NULL));
@ -2119,7 +2119,7 @@ static void voicemail_check_main(switch_core_session_t *session, vm_profile_t *p
switch (play_msg_type) {
case MSG_NEW:
{
switch_snprintf(sql, sizeof(sql),
switch_snprintfv(sql, sizeof(sql),
"select created_epoch, read_epoch, username, domain, uuid, cid_name, cid_number, in_folder, file_path, message_len, flags, read_flags, forwarded_by from voicemail_msgs where username='%s' and domain='%s' and read_epoch=0"
" order by read_flags, created_epoch %s", myid, domain_name,
profile->play_new_messages_lifo ? "desc" : "asc");
@ -2130,7 +2130,7 @@ static void voicemail_check_main(switch_core_session_t *session, vm_profile_t *p
case MSG_SAVED:
default:
{
switch_snprintf(sql, sizeof(sql),
switch_snprintfv(sql, sizeof(sql),
"select created_epoch, read_epoch, username, domain, uuid, cid_name, cid_number, in_folder, file_path, message_len, flags, read_flags, forwarded_by from voicemail_msgs where username='%s' and domain='%s' and read_epoch !=0"
" order by read_flags, created_epoch %s", myid, domain_name,
profile->play_saved_messages_lifo ? "desc" : "asc");
@ -2163,8 +2163,8 @@ static void voicemail_check_main(switch_core_session_t *session, vm_profile_t *p
break;
}
}
switch_snprintf(sql, sizeof(sql), "update voicemail_msgs set read_epoch=%ld where read_epoch=0 and "
"username='%s' and domain='%s' and flags='save'",
switch_snprintfv(sql, sizeof(sql), "update voicemail_msgs set read_epoch=%ld where read_epoch=0 and "
"username='%q' and domain='%q' and flags='save'",
(long) switch_epoch_time_now(NULL), myid, domain_name);
vm_execute_sql(profile, sql, profile->mutex);
switch_snprintfv(sql, sizeof(sql), "select file_path from voicemail_msgs where username='%q' and domain='%q' and flags='delete'", myid,
@ -2242,11 +2242,11 @@ static void voicemail_check_main(switch_core_session_t *session, vm_profile_t *p
TRY_CODE(switch_ivr_phrase_macro(session, VM_CHOOSE_GREETING_SELECTED_MACRO, input, NULL, NULL));
if (file_path == NULL) {
sql =
switch_mprintf("update voicemail_prefs set greeting_path=NULL where username='%s' and domain='%s'", myid,
switch_mprintf("update voicemail_prefs set greeting_path=NULL where username='%q' and domain='%q'", myid,
domain_name);
} else {
sql =
switch_mprintf("update voicemail_prefs set greeting_path='%s' where username='%s' and domain='%s'",
switch_mprintf("update voicemail_prefs set greeting_path='%q' where username='%q' and domain='%q'",
file_path, myid, domain_name);
}
vm_execute_sql(profile, sql, profile->mutex);
@ -2282,7 +2282,7 @@ static void voicemail_check_main(switch_core_session_t *session, vm_profile_t *p
switch_file_rename(tmp_file_path, file_path, switch_core_session_get_pool(session));
sql =
switch_mprintf("update voicemail_prefs set greeting_path='%s' where username='%s' and domain='%s'", file_path, myid,
switch_mprintf("update voicemail_prefs set greeting_path='%q' where username='%q' and domain='%q'", file_path, myid,
domain_name);
vm_execute_sql(profile, sql, profile->mutex);
switch_safe_free(sql);
@ -2341,7 +2341,7 @@ static void voicemail_check_main(switch_core_session_t *session, vm_profile_t *p
switch_ivr_phrase_macro(session, VM_CHANGE_PASS_FAIL_MACRO, NULL, NULL, NULL);
switch_event_destroy(&params);
} else {
sql = switch_mprintf("update voicemail_prefs set password='%s' where username='%s' and domain='%s'", buf, myid, domain_name);
sql = switch_mprintf("update voicemail_prefs set password='%q' where username='%q' and domain='%q'", buf, myid, domain_name);
vm_execute_sql(profile, sql, profile->mutex);
switch_safe_free(file_path);
switch_safe_free(sql);
@ -2359,7 +2359,7 @@ static void voicemail_check_main(switch_core_session_t *session, vm_profile_t *p
unlink(tmp_file_path);
TRY_CODE(create_file(session, profile, VM_RECORD_NAME_MACRO, file_path, &message_len, SWITCH_FALSE, NULL, NULL));
switch_file_rename(tmp_file_path, file_path, switch_core_session_get_pool(session));
sql = switch_mprintf("update voicemail_prefs set name_path='%s' where username='%s' and domain='%s'", file_path, myid, domain_name);
sql = switch_mprintf("update voicemail_prefs set name_path='%q' where username='%q' and domain='%q'", file_path, myid, domain_name);
vm_execute_sql(profile, sql, profile->mutex);
switch_safe_free(tmp_file_path);
switch_safe_free(sql);
@ -4240,13 +4240,13 @@ static void do_play(vm_profile_t *profile, char *user_in, char *domain, char *fi
user = resolve_id(user_in, domain, "web-vm");
sql = switch_mprintf("update voicemail_msgs set read_epoch=%ld where username='%s' and domain='%s' and file_path like '%%%s'",
sql = switch_mprintf("update voicemail_msgs set read_epoch=%ld where username='%q' and domain='%q' and file_path like '%%%q'",
(long) switch_epoch_time_now(NULL), user, domain, file);
vm_execute_sql(profile, sql, profile->mutex);
free(sql);
sql = switch_mprintf("select created_epoch, read_epoch, username, domain, uuid, cid_name, cid_number, in_folder, file_path, message_len, flags, read_flags, forwarded_by from voicemail_msgs where username='%s' and domain='%s' and file_path like '%%%s' order by created_epoch",
sql = switch_mprintf("select created_epoch, read_epoch, username, domain, uuid, cid_name, cid_number, in_folder, file_path, message_len, flags, read_flags, forwarded_by from voicemail_msgs where username='%q' and domain='%q' and file_path like '%%%q' order by created_epoch",
user, domain, file);
memset(&holder, 0, sizeof(holder));
holder.profile = profile;
@ -4272,7 +4272,7 @@ static void do_del(vm_profile_t *profile, char *user_in, char *domain, char *fil
ref = switch_event_get_header(stream->param_event, "http-referer");
}
sql = switch_mprintf("select created_epoch, read_epoch, username, domain, uuid, cid_name, cid_number, in_folder, file_path, message_len, flags, read_flags, forwarded_by from voicemail_msgs where username='%s' and domain='%s' and file_path like '%%%s' order by created_epoch",
sql = switch_mprintf("select created_epoch, read_epoch, username, domain, uuid, cid_name, cid_number, in_folder, file_path, message_len, flags, read_flags, forwarded_by from voicemail_msgs where username='%q' and domain='%q' and file_path like '%%%q' order by created_epoch",
user, domain, file);
memset(&holder, 0, sizeof(holder));
holder.profile = profile;
@ -4280,7 +4280,7 @@ static void do_del(vm_profile_t *profile, char *user_in, char *domain, char *fil
vm_execute_sql_callback(profile, profile->mutex, sql, del_callback, &holder);
switch_safe_free(sql);
sql = switch_mprintf("delete from voicemail_msgs where username='%s' and domain='%s' and file_path like '%%%s'", user, domain, file);
sql = switch_mprintf("delete from voicemail_msgs where username='%q' and domain='%q' and file_path like '%%%q'", user, domain, file);
vm_execute_sql(profile, sql, profile->mutex);
free(sql);
@ -4537,7 +4537,7 @@ static void do_rss(vm_profile_t *profile, char *user, char *domain, char *host,
x_tmp = switch_xml_add_child_d(holder.x_channel, "ttl", 0);
switch_xml_set_txt_d(x_tmp, "15");
sql = switch_mprintf("select created_epoch, read_epoch, username, domain, uuid, cid_name, cid_number, in_folder, file_path, message_len, flags, read_flags, forwarded_by from voicemail_msgs where username='%s' and domain='%s' order by read_flags, created_epoch", user, domain);
sql = switch_mprintf("select created_epoch, read_epoch, username, domain, uuid, cid_name, cid_number, in_folder, file_path, message_len, flags, read_flags, forwarded_by from voicemail_msgs where username='%q' and domain='%q' order by read_flags, created_epoch", user, domain);
vm_execute_sql_callback(profile, profile->mutex, sql, rss_callback, &holder);
xmlstr = switch_xml_toxml(holder.xml, SWITCH_TRUE);
@ -4580,11 +4580,11 @@ static void do_web(vm_profile_t *profile, const char *user_in, const char *domai
cbt.buf = buf;
cbt.len = sizeof(buf);
sql = switch_mprintf("select created_epoch, read_epoch, username, domain, uuid, cid_name, cid_number, in_folder, file_path, message_len, flags, read_flags, forwarded_by from voicemail_msgs where username='%s' and domain='%s' order by read_flags, created_epoch", user, domain);
sql = switch_mprintf("select created_epoch, read_epoch, username, domain, uuid, cid_name, cid_number, in_folder, file_path, message_len, flags, read_flags, forwarded_by from voicemail_msgs where username='%q' and domain='%q' order by read_flags, created_epoch", user, domain);
vm_execute_sql_callback(profile, profile->mutex, sql, web_callback, &holder);
switch_safe_free(sql);
sql = switch_mprintf("select count(*) from voicemail_msgs where username='%s' and domain='%s' order by read_flags", user, domain);
sql = switch_mprintf("select count(*) from voicemail_msgs where username='%q' and domain='%q' order by read_flags", user, domain);
vm_execute_sql_callback(profile, profile->mutex, sql, sql2str_callback, &cbt);
switch_safe_free(sql);

18
src/mod/endpoints/mod_skinny/mod_skinny.c
View File

@ -285,7 +285,7 @@ char * skinny_profile_find_session_uuid(skinny_profile_t *profile, listener_t *l
helper.channel_uuid = NULL;
if(listener) {
device_condition = switch_mprintf("device_name='%s' AND device_instance=%d",
device_condition = switch_mprintf("device_name='%q' AND device_instance=%d",
listener->device_name, listener->device_instance);
} else {
device_condition = switch_mprintf("1=1");
@ -496,7 +496,7 @@ uint32_t skinny_line_get_state(listener_t *listener, uint32_t line_instance, uin
helper.call_state = -1;
if ((sql = switch_mprintf(
"SELECT call_state FROM skinny_active_lines "
"WHERE device_name='%s' AND device_instance=%d "
"WHERE device_name='%q' AND device_instance=%d "
"AND %s AND %s "
"ORDER BY call_state, channel_uuid", /* off hook first */
listener->device_name, listener->device_instance,
@ -532,7 +532,7 @@ uint32_t skinny_line_count_active(listener_t *listener)
helper.count = 0;
if ((sql = switch_mprintf(
"SELECT call_state FROM skinny_active_lines "
"WHERE device_name='%s' AND device_instance=%d "
"WHERE device_name='%q' AND device_instance=%d "
"AND call_state not in (%d,%d,%d)",
listener->device_name, listener->device_instance,
SKINNY_ON_HOOK, SKINNY_IN_USE_REMOTELY, SKINNY_HOLD
@ -987,7 +987,7 @@ switch_status_t skinny_ring_active_calls(listener_t *listener)
"ON skinny_active_lines.device_name = skinny_lines.device_name "
"AND skinny_active_lines.device_instance = skinny_lines.device_instance "
"AND skinny_active_lines.line_instance = skinny_lines.line_instance "
"WHERE skinny_lines.device_name='%s' AND skinny_lines.device_instance=%d "
"WHERE skinny_lines.device_name='%q' AND skinny_lines.device_instance=%d "
"AND (call_state=%d)",
listener->device_name, listener->device_instance, SKINNY_RING_IN))) {
skinny_execute_sql_callback(listener->profile, listener->profile->sql_mutex, sql, skinny_ring_active_calls_callback, &helper);
@ -1370,9 +1370,9 @@ switch_call_cause_t channel_outgoing_channel(switch_core_session_t *session, swi
if ((sql = switch_mprintf(
"INSERT INTO skinny_active_lines "
"(device_name, device_instance, line_instance, channel_uuid, call_id, call_state) "
"SELECT device_name, device_instance, line_instance, '%s', %d, %d "
"SELECT device_name, device_instance, line_instance, '%q', %d, %d "
"FROM skinny_lines "
"WHERE value='%s'",
"WHERE value='%q'",
switch_core_session_get_uuid(nsession), tech_pvt->call_id, SKINNY_ON_HOOK, dest
))) {
skinny_execute_sql(profile, sql, profile->sql_mutex);
@ -1731,7 +1731,7 @@ static void flush_listener(listener_t *listener)
if ((sql = switch_mprintf(
"SELECT '%q', value, '%q', '%q', '%d' "
"FROM skinny_lines "
"WHERE device_name='%s' AND device_instance=%d "
"WHERE device_name='%q' AND device_instance=%d "
"ORDER BY position",
profile->name, profile->domain, listener->device_name, listener->device_instance,
listener->device_name, listener->device_instance
@ -1796,7 +1796,7 @@ switch_status_t dump_device(skinny_profile_t *profile, const char *device_name,
{
char *sql;
if ((sql = switch_mprintf("SELECT name, user_id, instance, ip, type, max_streams, port, codec_string, headset, handset, speaker "
"FROM skinny_devices WHERE name='%s'",
"FROM skinny_devices WHERE name='%q'",
device_name))) {
skinny_execute_sql_callback(profile, profile->sql_mutex, sql, dump_device_callback, stream);
switch_safe_free(sql);
@ -2657,7 +2657,7 @@ static void skinny_message_waiting_event_handler(switch_event_t *event)
if ((sql = switch_mprintf(
"SELECT device_name, device_instance FROM skinny_lines "
"WHERE value='%s' AND line_instance=1", user))) {
"WHERE value='%q' AND line_instance=1", user))) {
struct skinny_message_waiting_event_handler_helper helper = {0};
helper.profile = profile;
helper.yn = switch_true(yn);

14
src/mod/endpoints/mod_skinny/skinny_protocol.c
View File

@ -237,9 +237,9 @@ switch_status_t skinny_device_event(listener_t *listener, switch_event_t **ev, s
switch_event_create_subclass(&event, event_id, subclass_name);
switch_assert(event);
if ((sql = switch_mprintf("SELECT '%s', name, user_id, instance, ip, type, max_streams, port, codec_string "
if ((sql = switch_mprintf("SELECT '%q', name, user_id, instance, ip, type, max_streams, port, codec_string "
"FROM skinny_devices "
"WHERE name='%s' AND instance=%d",
"WHERE name='%q' AND instance=%d",
listener->profile->name,
listener->device_name, listener->device_instance))) {
skinny_execute_sql_callback(profile, profile->sql_mutex, sql, skinny_device_event_callback, event);
@ -263,7 +263,7 @@ switch_status_t skinny_session_walk_lines(skinny_profile_t *profile, char *chann
"ON skinny_active_lines.device_name = skinny_lines.device_name "
"AND skinny_active_lines.device_instance = skinny_lines.device_instance "
"AND skinny_active_lines.line_instance = skinny_lines.line_instance "
"WHERE channel_uuid='%s'",
"WHERE channel_uuid='%q'",
channel_uuid))) {
skinny_execute_sql_callback(profile, profile->sql_mutex, sql, callback, data);
switch_safe_free(sql);
@ -325,7 +325,7 @@ void skinny_line_get(listener_t *listener, uint32_t instance, struct line_stat_r
if ((sql = switch_mprintf(
"SELECT '%d' AS wanted_position, position, label, value, caller_name "
"FROM skinny_lines "
"WHERE device_name='%s' AND device_instance=%d "
"WHERE device_name='%q' AND device_instance=%d "
"ORDER BY position",
instance,
listener->device_name, listener->device_instance
@ -368,7 +368,7 @@ void skinny_speed_dial_get(listener_t *listener, uint32_t instance, struct speed
if ((sql = switch_mprintf(
"SELECT '%d' AS wanted_position, position, label, value, settings "
"FROM skinny_buttons "
"WHERE device_name='%s' AND device_instance=%d AND type=%d "
"WHERE device_name='%q' AND device_instance=%d AND type=%d "
"ORDER BY position",
instance,
listener->device_name, listener->device_instance,
@ -412,7 +412,7 @@ void skinny_service_url_get(listener_t *listener, uint32_t instance, struct serv
if ((sql = switch_mprintf(
"SELECT '%d' AS wanted_position, position, label, value, settings "
"FROM skinny_buttons "
"WHERE device_name='%s' AND device_instance=%d AND type=%d "
"WHERE device_name='%q' AND device_instance=%d AND type=%d "
"ORDER BY position",
instance,
listener->device_name,
@ -458,7 +458,7 @@ void skinny_feature_get(listener_t *listener, uint32_t instance, struct feature_
if ((sql = switch_mprintf(
"SELECT '%d' AS wanted_position, position, label, value, settings "
"FROM skinny_buttons "
"WHERE device_name='%s' AND device_instance=%d AND NOT (type=%d OR type=%d) "
"WHERE device_name='%q' AND device_instance=%d AND NOT (type=%d OR type=%d) "
"ORDER BY position",
instance,
listener->device_name,

16
src/mod/endpoints/mod_skinny/skinny_server.c
View File

@ -1070,7 +1070,7 @@ switch_status_t skinny_hold_active_calls(listener_t *listener)
"ON skinny_active_lines.device_name = skinny_lines.device_name "
"AND skinny_active_lines.device_instance = skinny_lines.device_instance "
"AND skinny_active_lines.line_instance = skinny_lines.line_instance "
"WHERE skinny_lines.device_name='%s' AND skinny_lines.device_instance=%d AND (call_state=%d OR call_state=%d)",
"WHERE skinny_lines.device_name='%q' AND skinny_lines.device_instance=%d AND (call_state=%d OR call_state=%d)",
listener->device_name, listener->device_instance, SKINNY_PROCEED, SKINNY_CONNECTED))) {
skinny_execute_sql_callback(listener->profile, listener->profile->sql_mutex, sql, skinny_hold_active_calls_callback, &helper);
switch_safe_free(sql);
@ -1673,7 +1673,7 @@ switch_status_t skinny_handle_on_hook_message(listener_t *listener, skinny_messa
"ON skinny_active_lines.device_name = skinny_lines.device_name "
"AND skinny_active_lines.device_instance = skinny_lines.device_instance "
"AND skinny_active_lines.line_instance = skinny_lines.line_instance "
"WHERE skinny_lines.device_name='%s' AND skinny_lines.device_instance=%d",
"WHERE skinny_lines.device_name='%q' AND skinny_lines.device_instance=%d",
listener->device_name, listener->device_instance)))
{
skinny_execute_sql_callback(listener->profile, listener->profile->sql_mutex, sql, skinny_hangup_active_calls_callback, &helper);
@ -1778,9 +1778,9 @@ switch_status_t skinny_handle_config_stat_request(listener_t *listener, skinny_m
if ((sql = switch_mprintf(
"SELECT name, user_id, instance, '' AS user_name, '' AS server_name, "
"(SELECT COUNT(*) FROM skinny_lines WHERE device_name='%s' AND device_instance=%d) AS number_lines, "
"(SELECT COUNT(*) FROM skinny_buttons WHERE device_name='%s' AND device_instance=%d AND type=%d) AS number_speed_dials "
"FROM skinny_devices WHERE name='%s' ",
"(SELECT COUNT(*) FROM skinny_lines WHERE device_name='%q' AND device_instance=%d) AS number_lines, "
"(SELECT COUNT(*) FROM skinny_buttons WHERE device_name='%q' AND device_instance=%d AND type=%d) AS number_speed_dials "
"FROM skinny_devices WHERE name='%q' ",
listener->device_name,
listener->device_instance,
listener->device_name,
@ -1854,7 +1854,7 @@ switch_status_t skinny_handle_button_template_request(listener_t *listener, skin
if ((sql = switch_mprintf(
"SELECT device_name, device_instance, position, type "
"FROM skinny_buttons "
"WHERE device_name='%s' AND device_instance=%d "
"WHERE device_name='%q' AND device_instance=%d "
"ORDER BY position",
listener->device_name, listener->device_instance
))) {
@ -1866,7 +1866,7 @@ switch_status_t skinny_handle_button_template_request(listener_t *listener, skin
if ((sql = switch_mprintf(
"SELECT device_name, device_instance, position, %d AS type "
"FROM skinny_lines "
"WHERE device_name='%s' AND device_instance=%d "
"WHERE device_name='%q' AND device_instance=%d "
"ORDER BY position",
SKINNY_BUTTON_LINE,
listener->device_name, listener->device_instance
@ -1979,7 +1979,7 @@ switch_status_t skinny_handle_capabilities_response(listener_t *listener, skinny
}
codec_string[string_len] = '\0';
if ((sql = switch_mprintf(
"UPDATE skinny_devices SET codec_string='%q' WHERE name='%s'",
"UPDATE skinny_devices SET codec_string='%q' WHERE name='%q'",
codec_string,
listener->device_name
))) {

10
src/mod/endpoints/mod_sofia/mod_sofia.c
View File

@ -1404,7 +1404,7 @@ static switch_status_t sofia_receive_message(switch_core_session_t *session, swi
if (presence_id || presence_data) {
char *sql = switch_mprintf("update sip_dialogs set presence_id='%q',presence_data='%q' "
"where uuid='%s';\n", switch_str_nil(presence_id), switch_str_nil(presence_data),
"where uuid='%q';\n", switch_str_nil(presence_id), switch_str_nil(presence_data),
switch_core_session_get_uuid(session));
switch_assert(sql);
sofia_glue_execute_sql_now(tech_pvt->profile, &sql, SWITCH_TRUE);
@ -3802,7 +3802,7 @@ static void select_from_profile(sofia_profile_t *profile,
"from sip_registrations where profile_name='%q' "
"and upper(sip_user)=upper('%q') "
"and (sip_host='%q' or presence_hosts like '%%%q%%') "
"and contact not like '%%%s%%'", (concat != NULL) ? concat : "", profile->name, user, domain, domain, exclude_contact);
"and contact not like '%%%q%%'", (concat != NULL) ? concat : "", profile->name, user, domain, domain, exclude_contact);
} else {
sql = switch_mprintf("select contact, profile_name, '%q' "
"from sip_registrations where profile_name='%q' "
@ -5282,12 +5282,12 @@ void general_event_handler(switch_event_t *event)
} else {
if (!strcasecmp(es, "message-summary")) {
sql = switch_mprintf("select sip_user,sip_host,contact,profile_name,'%q','%q','%q' "
"from sip_registrations where mwi_user='%s' and mwi_host='%q'",
"from sip_registrations where mwi_user='%q' and mwi_host='%q'",
ct, es, switch_str_nil(body), switch_str_nil(user), switch_str_nil(host)
);
} else {
sql = switch_mprintf("select sip_user,sip_host,contact,profile_name,'%q','%q','%q' "
"from sip_registrations where sip_user='%s' and sip_host='%q'",
"from sip_registrations where sip_user='%q' and sip_host='%q'",
ct, es, switch_str_nil(body), switch_str_nil(user), switch_str_nil(host)
);
@ -5389,7 +5389,7 @@ void general_event_handler(switch_event_t *event)
"from sip_subscriptions where event='as-feature-event' and call_id='%q'", stream.data, ct, call_id);
} else {
sql = switch_mprintf("select sip_user,sip_host,contact,profile_name,call_id,full_from,full_to,expires,'%q', '%q' "
"from sip_subscriptions where event='as-feature-event' and sip_user='%s' and sip_host='%q'", stream.data, ct, switch_str_nil(user), switch_str_nil(host)
"from sip_subscriptions where event='as-feature-event' and sip_user='%q' and sip_host='%q'", stream.data, ct, switch_str_nil(user), switch_str_nil(host)
);
}

18
src/mod/endpoints/mod_sofia/sofia.c
View File

@ -2782,10 +2782,10 @@ void event_handler(switch_event_t *event)
switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_ERROR, "Invalid Profile\n");
} else {
if (!strcmp(ping_status, "REACHABLE")) {
sql = switch_mprintf("update sip_registrations set ping_status='%s' where sip_user='%s' and sip_host='%s' and call_id='%q'",
sql = switch_mprintf("update sip_registrations set ping_status='%q' where sip_user='%q' and sip_host='%q' and call_id='%q'",
"Reachable", from_user, from_host, call_id);
} else {
sql = switch_mprintf("update sip_registrations set ping_status='%s' where sip_user='%s' and sip_host='%s' and call_id='%q'",
sql = switch_mprintf("update sip_registrations set ping_status='%q' where sip_user='%q' and sip_host='%q' and call_id='%q'",
"Unreachable", from_user, from_host, call_id);
}
if (sql) {
@ -6182,7 +6182,7 @@ static void sofia_handle_sip_r_options(switch_core_session_t *session, int statu
sip_user_status.status_len = sizeof(ping_status);
sip_user_status.contact = sip_contact;
sip_user_status.contact_len = sizeof(sip_contact);
sql = switch_mprintf("select ping_status, ping_count, contact from sip_registrations where sip_user='%s' and sip_host='%s' and call_id='%q'",
sql = switch_mprintf("select ping_status, ping_count, contact from sip_registrations where sip_user='%q' and sip_host='%q' and call_id='%q'",
sip->sip_to->a_url->url_user, sip->sip_to->a_url->url_host, call_id);
sofia_glue_execute_sql_callback(profile, profile->ireg_mutex, sql, sofia_sip_user_status_callback, &sip_user_status);
switch_safe_free(sql);
@ -6192,7 +6192,7 @@ static void sofia_handle_sip_r_options(switch_core_session_t *session, int statu
if (sip_user_status.count >= 0) {
switch_log_printf(SWITCH_CHANNEL_SESSION_LOG(session), SWITCH_LOG_DEBUG, "Ping to sip user '%s@%s' failed with code %d - count %d, state %s\n",
sip->sip_to->a_url->url_user, sip->sip_to->a_url->url_host, status, sip_user_status.count, sip_user_status.status);
sql = switch_mprintf("update sip_registrations set ping_count=%d, ping_time=%d where sip_user='%s' and sip_host='%s' and call_id='%q'",
sql = switch_mprintf("update sip_registrations set ping_count=%d, ping_time=%d where sip_user='%q' and sip_host='%q' and call_id='%q'",
sip_user_status.count, ping_time, sip->sip_to->a_url->url_user, sip->sip_to->a_url->url_host, call_id);
sofia_glue_execute_sql(profile, &sql, SWITCH_TRUE);
switch_safe_free(sql);
@ -6201,7 +6201,7 @@ static void sofia_handle_sip_r_options(switch_core_session_t *session, int statu
if (strcmp(sip_user_status.status, "Unreachable")) {
switch_log_printf(SWITCH_CHANNEL_SESSION_LOG(session), SWITCH_LOG_WARNING, "Sip user '%s@%s' is now Unreachable\n",
sip->sip_to->a_url->url_user, sip->sip_to->a_url->url_host);
sql = switch_mprintf("update sip_registrations set ping_status='Unreachable', ping_time=%d where sip_user='%s' and sip_host='%s' and call_id='%q'",
sql = switch_mprintf("update sip_registrations set ping_status='Unreachable', ping_time=%d where sip_user='%q' and sip_host='%q' and call_id='%q'",
ping_time, sip->sip_to->a_url->url_user, sip->sip_to->a_url->url_host, call_id);
sofia_glue_execute_sql(profile, &sql, SWITCH_TRUE);
switch_safe_free(sql);
@ -6213,7 +6213,7 @@ static void sofia_handle_sip_r_options(switch_core_session_t *session, int statu
switch_log_printf(SWITCH_CHANNEL_SESSION_LOG(session), SWITCH_LOG_WARNING, "Expire sip user '%s@%s' due to options failure\n",
sip->sip_to->a_url->url_user, sip->sip_to->a_url->url_host);
sql = switch_mprintf("update sip_registrations set expires=%ld, ping_time=%d where sip_user='%s' and sip_host='%s' and call_id='%q'",
sql = switch_mprintf("update sip_registrations set expires=%ld, ping_time=%d where sip_user='%q' and sip_host='%q' and call_id='%q'",
(long) now, ping_time, sip->sip_to->a_url->url_user, sip->sip_to->a_url->url_host, call_id);
sofia_glue_execute_sql(profile, &sql, SWITCH_TRUE);
switch_safe_free(sql);
@ -6225,7 +6225,7 @@ static void sofia_handle_sip_r_options(switch_core_session_t *session, int statu
if (sip_user_status.count <= sip_user_ping_max) {
switch_log_printf(SWITCH_CHANNEL_SESSION_LOG(session), SWITCH_LOG_DEBUG, "Ping to sip user '%s@%s' succeeded with code %d - count %d, state %s\n",
sip->sip_to->a_url->url_user, sip->sip_to->a_url->url_host, status, sip_user_status.count, sip_user_status.status);
sql = switch_mprintf("update sip_registrations set ping_count=%d, ping_time=%d where sip_user='%s' and sip_host='%s' and call_id='%q'",
sql = switch_mprintf("update sip_registrations set ping_count=%d, ping_time=%d where sip_user='%q' and sip_host='%q' and call_id='%q'",
sip_user_status.count, ping_time, sip->sip_to->a_url->url_user, sip->sip_to->a_url->url_host, call_id);
sofia_glue_execute_sql(profile, &sql, SWITCH_TRUE);
switch_safe_free(sql);
@ -6234,7 +6234,7 @@ static void sofia_handle_sip_r_options(switch_core_session_t *session, int statu
if (strcmp(sip_user_status.status, "Reachable")) {
switch_log_printf(SWITCH_CHANNEL_SESSION_LOG(session), SWITCH_LOG_WARNING, "Sip user '%s@%s' is now Reachable\n",
sip->sip_to->a_url->url_user, sip->sip_to->a_url->url_host);
sql = switch_mprintf("update sip_registrations set ping_status='Reachable' where sip_user='%s' and sip_host='%s' and call_id='%q'",
sql = switch_mprintf("update sip_registrations set ping_status='Reachable' where sip_user='%q' and sip_host='%q' and call_id='%q'",
sip->sip_to->a_url->url_user, sip->sip_to->a_url->url_host, call_id);
sofia_glue_execute_sql(profile, &sql, SWITCH_TRUE);
switch_safe_free(sql);
@ -6829,7 +6829,7 @@ static void sofia_handle_sip_r_invite(switch_core_session_t *session, int status
const char *presence_id = switch_channel_get_variable(channel, "presence_id");
sql = switch_mprintf("update sip_dialogs set state='%q',presence_id='%q',presence_data='%q' "
"where uuid='%s';\n", astate, switch_str_nil(presence_id), switch_str_nil(presence_data),
"where uuid='%q';\n", astate, switch_str_nil(presence_id), switch_str_nil(presence_data),
switch_core_session_get_uuid(session));
switch_assert(sql);
sofia_glue_execute_sql_now(profile, &sql, SWITCH_TRUE);

4
src/mod/endpoints/mod_sofia/sofia_presence.c
View File

@ -527,7 +527,7 @@ static void actual_sofia_presence_mwi_event_handler(switch_event_t *event)
char buf[512] = "";
switch_console_callback_match_t *matches;
sql = switch_mprintf("select profile_name from sip_registrations where hostname='%q' and (sip_host='%s' or mwi_host='%s')",
sql = switch_mprintf("select profile_name from sip_registrations where hostname='%q' and (sip_host='%q' or mwi_host='%q')",
mod_sofia_globals.hostname, host, host);
if (list_profiles_full(NULL, NULL, &matches, SWITCH_FALSE) == SWITCH_STATUS_SUCCESS) {
@ -3081,7 +3081,7 @@ static int sofia_presence_sub_callback(void *pArg, int argc, char **argv, char *
if (!zstr(astate) && !zstr(uuid) &&
helper && helper->stream.data && strcmp(helper->last_uuid, uuid) && strcasecmp(astate, "terminated") && strchr(uuid, '-')) {
helper->stream.write_function(&helper->stream, "update sip_dialogs set state='%s' where hostname='%q' and profile_name='%q' and uuid='%s';",
helper->stream.write_function(&helper->stream, "update sip_dialogs set state='%q' where hostname='%q' and profile_name='%q' and uuid='%q';",
astate, mod_sofia_globals.hostname, profile->name, uuid);
switch_copy_string(helper->last_uuid, uuid, sizeof(helper->last_uuid));
}

18
src/mod/endpoints/mod_sofia/sofia_reg.c
View File

@ -817,7 +817,7 @@ void sofia_reg_check_expire(sofia_profile_t *profile, time_t now, int reboot)
if (now) {
sql = switch_mprintf("select call_id from sip_shared_appearance_dialogs where hostname='%q' "
"and profile_name='%s' and expires <= %ld", mod_sofia_globals.hostname, profile->name, (long) now);
"and profile_name='%q' and expires <= %ld", mod_sofia_globals.hostname, profile->name, (long) now);
sofia_glue_execute_sql_callback(profile, profile->dbh_mutex, sql, sofia_sla_dialog_del_callback, profile);
free(sql);
@ -888,8 +888,8 @@ void sofia_reg_check_ping_expire(sofia_profile_t *profile, time_t now, int inter
if (sofia_test_pflag(profile, PFLAG_ALL_REG_OPTIONS_PING)) {
sql = switch_mprintf("select call_id,sip_user,sip_host,contact,status,rpid,"
"expires,user_agent,server_user,server_host,profile_name "
"from sip_registrations where hostname='%s' and "
"profile_name='%s' and orig_hostname='%s' and "
"from sip_registrations where hostname='%q' and "
"profile_name='%q' and orig_hostname='%q' and "
"ping_expires > 0 and ping_expires <= %ld",
mod_sofia_globals.hostname, profile->name, mod_sofia_globals.hostname, (long) now);
@ -899,7 +899,7 @@ void sofia_reg_check_ping_expire(sofia_profile_t *profile, time_t now, int inter
sql = switch_mprintf(" select call_id,sip_user,sip_host,contact,status,rpid, "
" expires,user_agent,server_user,server_host,profile_name "
" from sip_registrations where (status like '%%UDP-NAT%%' or force_ping=1)"
" and hostname='%s' and profile_name='%s' and ping_expires > 0 and ping_expires <= %ld ",
" and hostname='%q' and profile_name='%q' and ping_expires > 0 and ping_expires <= %ld ",
mod_sofia_globals.hostname, profile->name, (long) now);
sofia_glue_execute_sql_callback(profile, profile->dbh_mutex, sql, sofia_reg_nat_callback, profile);
@ -908,8 +908,8 @@ void sofia_reg_check_ping_expire(sofia_profile_t *profile, time_t now, int inter
sql = switch_mprintf("select call_id,sip_user,sip_host,contact,status,rpid,"
"expires,user_agent,server_user,server_host,profile_name "
"from sip_registrations where (status like '%%NAT%%' "
"or contact like '%%fs_nat=yes%%' or force_ping=1) and hostname='%s' "
"and profile_name='%s' and orig_hostname='%s' and "
"or contact like '%%fs_nat=yes%%' or force_ping=1) and hostname='%q' "
"and profile_name='%q' and orig_hostname='%q' and "
"ping_expires > 0 and ping_expires <= %ld",
mod_sofia_globals.hostname, profile->name, mod_sofia_globals.hostname, (long) now);
@ -918,8 +918,8 @@ void sofia_reg_check_ping_expire(sofia_profile_t *profile, time_t now, int inter
} else {
sql = switch_mprintf("select call_id,sip_user,sip_host,contact,status,rpid,"
"expires,user_agent,server_user,server_host,profile_name "
"from sip_registrations where force_ping=1 and hostname='%s' "
"and profile_name='%s' and orig_hostname='%s' and "
"from sip_registrations where force_ping=1 and hostname='%q' "
"and profile_name='%q' and orig_hostname='%q' and "
"ping_expires > 0 and ping_expires <= %ld",
mod_sofia_globals.hostname, profile->name, mod_sofia_globals.hostname, (long) now);
@ -3230,7 +3230,7 @@ auth_res_t sofia_reg_parse_auth(sofia_profile_t *profile,
if (nc && cnonce && qop) {
ncl = strtoul(nc, 0, 16);
sql = switch_mprintf("update sip_authentication set expires='%ld',last_nc=%lu where nonce='%s'",
sql = switch_mprintf("update sip_authentication set expires='%ld',last_nc=%lu where nonce='%q'",
(long)switch_epoch_time_now(NULL) + (profile->nonce_ttl ? profile->nonce_ttl : DEFAULT_NONCE_TTL) + exptime, ncl, nonce);
switch_assert(sql != NULL);

4
src/mod/event_handlers/mod_cdr_pg_csv/mod_cdr_pg_csv.c
View File

@ -366,9 +366,9 @@ static switch_status_t my_on_reporting(switch_core_session_t *session)
pq_var = switch_mprintf("null,", var);
} else {
if (cdr_field->quote) {
pq_var = switch_mprintf("'%s',", var);
pq_var = switch_mprintf("'%q',", var);
} else {
pq_var = switch_mprintf("%s,", var);
pq_var = switch_mprintf("%q,", var);
}
}

4
src/mod/event_handlers/mod_cdr_sqlite/mod_cdr_sqlite.c
View File

@ -159,7 +159,7 @@ static switch_status_t my_on_reporting(switch_core_session_t *session)
return SWITCH_STATUS_FALSE;
}
sql = switch_mprintf("INSERT INTO %s VALUES (%s)", globals.db_table, expanded_vars);
sql = switch_mprintf("INSERT INTO %q VALUES (%s)", globals.db_table, expanded_vars);
assert(sql);
write_cdr(sql);
switch_safe_free(sql);
@ -262,7 +262,7 @@ static switch_status_t load_config(switch_memory_pool_t *pool)
dbh = cdr_get_db_handle();
if (dbh) {
select_sql = switch_mprintf("SELECT * FROM %s LIMIT 1", globals.db_table);
select_sql = switch_mprintf("SELECT * FROM %q LIMIT 1", globals.db_table);
assert(select_sql);
create_sql = switch_mprintf(default_create_sql, globals.db_table);

2
src/mod/event_handlers/mod_odbc_cdr/mod_odbc_cdr.c
View File

@ -340,7 +340,7 @@ static switch_status_t odbc_cdr_reporting(switch_core_session_t *session)
}
switch_safe_free(i_hi);
sql = switch_mprintf("INSERT INTO %s (%s) VALUES (%s)", table_name, stream_field.data, stream_value.data);
sql = switch_mprintf("INSERT INTO %q (%s) VALUES (%s)", table_name, stream_field.data, stream_value.data);
if (globals.debug_sql == SWITCH_TRUE) {
switch_log_printf(SWITCH_CHANNEL_SESSION_LOG(session), SWITCH_LOG_DEBUG, "sql %s\n", sql);
}

4
src/mod/event_handlers/mod_snmp/subagent.c
View File

@ -139,7 +139,7 @@ int channelList_load(netsnmp_cache *cache, void *vmagic)
idx = 1;
sprintf(sql, "SELECT * FROM channels WHERE hostname='%s' ORDER BY created_epoch", switch_core_get_switchname());
switch_snprintfv(sql, sizeof(sql), "SELECT * FROM channels WHERE hostname='%q' ORDER BY created_epoch", switch_core_get_switchname());
switch_cache_db_execute_sql_callback(dbh, sql, channelList_callback, NULL, NULL);
switch_cache_db_release_db_handle(&dbh);
@ -243,7 +243,7 @@ int handle_systemStats(netsnmp_mib_handler *handler, netsnmp_handler_registratio
return SNMP_ERR_GENERR;
}
sprintf(sql, "SELECT COUNT(*) FROM calls WHERE hostname='%s'", switch_core_get_switchname());
switch_snprintfv(sql, sizeof(sql), "SELECT COUNT(*) FROM calls WHERE hostname='%q'", switch_core_get_switchname());
switch_cache_db_execute_sql_callback(dbh, sql, sql_count_callback, &int_val, NULL);
snmp_set_var_typed_integer(requests->requestvb, ASN_GAUGE, int_val);
switch_cache_db_release_db_handle(&dbh);

6
src/switch_console.c
View File

@ -828,7 +828,7 @@ SWITCH_DECLARE(unsigned char) switch_console_complete(const char *line, const ch
argc = switch_separate_string(dupdup, ' ', argv, (sizeof(argv) / sizeof(argv[0])));
if (h.words == 0) {
stream.write_function(&stream, "select distinct a1 from complete where " "a1 not in (select name from interfaces where hostname='%s') %s ",
stream.write_function(&stream, "select distinct a1 from complete where " "a1 not in (select name from interfaces where hostname='%q') %s ",
switch_core_get_hostname(), argc ? "and" : "");
} else {
if (switch_cache_db_get_type(db) == SCDB_TYPE_CORE_DB) {
@ -1889,7 +1889,7 @@ SWITCH_DECLARE(switch_status_t) switch_console_set_complete(const char *string)
switch_safe_free(mydata);
return SWITCH_STATUS_FALSE;
} else if (!strcasecmp(what, "*")) {
mystream.write_function(&mystream, "delete from complete where hostname='%s'", switch_core_get_hostname());
mystream.write_function(&mystream, "delete from complete where hostname='%q'", switch_core_get_hostname());
switch_core_sql_exec(mystream.data);
} else {
mystream.write_function(&mystream, "delete from complete where ");
@ -1900,7 +1900,7 @@ SWITCH_DECLARE(switch_status_t) switch_console_set_complete(const char *string)
mystream.write_function(&mystream, "a%d = '%w'%w", x + 1, switch_str_nil(argv[x + 1]), x == argc - 2 ? "" : " and ");
}
}
mystream.write_function(&mystream, " and hostname='%s'", switch_core_get_hostname());
mystream.write_function(&mystream, " and hostname='%q'", switch_core_get_hostname());
switch_core_sql_exec(mystream.data);
}
status = SWITCH_STATUS_SUCCESS;

38
src/switch_core_sqldb.c
View File

@ -2386,7 +2386,7 @@ static void core_event_handler(switch_event_t *event)
case SWITCH_EVENT_CALL_UPDATE:
{
new_sql() = switch_mprintf("update channels set callee_name='%q',callee_num='%q',sent_callee_name='%q',sent_callee_num='%q',callee_direction='%q',"
"cid_name='%q',cid_num='%q' where uuid='%s'",
"cid_name='%q',cid_num='%q' where uuid='%q'",
switch_event_get_header_nil(event, "caller-callee-id-name"),
switch_event_get_header_nil(event, "caller-callee-id-number"),
switch_event_get_header_nil(event, "sent-callee-id-name"),
@ -2443,31 +2443,31 @@ static void core_event_handler(switch_event_t *event)
break;
#ifdef SWITCH_DEPRECATED_CORE_DB
case CS_HANGUP: /* marked for deprication */
new_sql_a() = switch_mprintf("update channels set state='%s' where uuid='%s'",
new_sql_a() = switch_mprintf("update channels set state='%q' where uuid='%q'",
switch_event_get_header_nil(event, "channel-state"),
switch_event_get_header_nil(event, "unique-id"));
break;
#endif
case CS_EXECUTE:
if ((extra_cols = parse_presence_data_cols(event))) {
new_sql() = switch_mprintf("update channels set state='%s',%s where uuid='%q'",
new_sql() = switch_mprintf("update channels set state='%q',%s where uuid='%q'",
switch_event_get_header_nil(event, "channel-state"),
extra_cols,
switch_event_get_header_nil(event, "unique-id"));
free(extra_cols);
} else {
new_sql() = switch_mprintf("update channels set state='%s' where uuid='%s'",
new_sql() = switch_mprintf("update channels set state='%q' where uuid='%q'",
switch_event_get_header_nil(event, "channel-state"),
switch_event_get_header_nil(event, "unique-id"));
}
break;
case CS_ROUTING:
if ((extra_cols = parse_presence_data_cols(event))) {
new_sql() = switch_mprintf("update channels set state='%s',cid_name='%q',cid_num='%q',callee_name='%q',callee_num='%q',"
new_sql() = switch_mprintf("update channels set state='%q',cid_name='%q',cid_num='%q',callee_name='%q',callee_num='%q',"
"sent_callee_name='%q',sent_callee_num='%q',"
"ip_addr='%s',dest='%q',dialplan='%q',context='%q',presence_id='%q',presence_data='%q',accountcode='%q',%s "
"where uuid='%s'",
"ip_addr='%q',dest='%q',dialplan='%q',context='%q',presence_id='%q',presence_data='%q',accountcode='%q',%s "
"where uuid='%q'",
switch_event_get_header_nil(event, "channel-state"),
switch_event_get_header_nil(event, "caller-caller-id-name"),
switch_event_get_header_nil(event, "caller-caller-id-number"),
@ -2486,10 +2486,10 @@ static void core_event_handler(switch_event_t *event)
switch_event_get_header_nil(event, "unique-id"));
free(extra_cols);
} else {
new_sql() = switch_mprintf("update channels set state='%s',cid_name='%q',cid_num='%q',callee_name='%q',callee_num='%q',"
new_sql() = switch_mprintf("update channels set state='%q',cid_name='%q',cid_num='%q',callee_name='%q',callee_num='%q',"
"sent_callee_name='%q',sent_callee_num='%q',"
"ip_addr='%s',dest='%q',dialplan='%q',context='%q',presence_id='%q',presence_data='%q',accountcode='%q' "
"where uuid='%s'",
"ip_addr='%q',dest='%q',dialplan='%q',context='%q',presence_id='%q',presence_data='%q',accountcode='%q' "
"where uuid='%q'",
switch_event_get_header_nil(event, "channel-state"),
switch_event_get_header_nil(event, "caller-caller-id-name"),
switch_event_get_header_nil(event, "caller-caller-id-number"),
@ -2508,7 +2508,7 @@ static void core_event_handler(switch_event_t *event)
}
break;
default:
new_sql() = switch_mprintf("update channels set state='%s' where uuid='%s'",
new_sql() = switch_mprintf("update channels set state='%q' where uuid='%q'",
switch_event_get_header_nil(event, "channel-state"),
switch_event_get_header_nil(event, "unique-id"));
break;
@ -2532,17 +2532,17 @@ static void core_event_handler(switch_event_t *event)
}
if (uuid && (extra_cols = parse_presence_data_cols(event))) {
new_sql() = switch_mprintf("update channels set %s where uuid='%s'", extra_cols, uuid);
new_sql() = switch_mprintf("update channels set %s where uuid='%q'", extra_cols, uuid);
switch_safe_free(extra_cols);
}
new_sql() = switch_mprintf("update channels set call_uuid='%q' where uuid='%s' or uuid='%s'",
new_sql() = switch_mprintf("update channels set call_uuid='%q' where uuid='%q' or uuid='%q'",
switch_event_get_header_nil(event, "channel-call-uuid"), a_uuid, b_uuid);
new_sql() = switch_mprintf("insert into calls (call_uuid,call_created,call_created_epoch,"
"caller_uuid,callee_uuid,hostname) "
"values ('%s','%s','%ld','%q','%q','%q')",
"values ('%q','%q','%ld','%q','%q','%q')",
switch_event_get_header_nil(event, "channel-call-uuid"),
switch_event_get_header_nil(event, "event-date-local"),
(long) switch_epoch_time_now(NULL),
@ -2558,11 +2558,11 @@ static void core_event_handler(switch_event_t *event)
char *uuid = switch_event_get_header(event, "unique-id");
if (uuid && (extra_cols = parse_presence_data_cols(event))) {
new_sql() = switch_mprintf("update channels set %s where uuid='%s'", extra_cols, uuid);
new_sql() = switch_mprintf("update channels set %s where uuid='%q'", extra_cols, uuid);
switch_safe_free(extra_cols);
}
new_sql() = switch_mprintf("update channels set call_uuid=uuid where call_uuid='%s'",
new_sql() = switch_mprintf("update channels set call_uuid=uuid where call_uuid='%q'",
switch_event_get_header_nil(event, "channel-call-uuid"));
new_sql() = switch_mprintf("delete from calls where (caller_uuid='%q' or callee_uuid='%q')",
@ -2613,7 +2613,7 @@ static void core_event_handler(switch_event_t *event)
if (zstr(type)) {
break;
}
new_sql() = switch_mprintf("update channels set secure='%s' where uuid='%s'",
new_sql() = switch_mprintf("update channels set secure='%q' where uuid='%q'",
type, switch_event_get_header_nil(event, "caller-unique-id")
);
break;
@ -2623,12 +2623,12 @@ static void core_event_handler(switch_event_t *event)
const char *op = switch_event_get_header_nil(event, "op");
switch_bool_t sticky = switch_true(switch_event_get_header_nil(event, "sticky"));
if (!strcmp("add", op)) {
new_sql() = switch_mprintf("insert into nat (port, proto, sticky, hostname) values (%s, %s, %d,'%q')",
new_sql() = switch_mprintf("insert into nat (port, proto, sticky, hostname) values (%q, %q, %d,'%q')",
switch_event_get_header_nil(event, "port"),
switch_event_get_header_nil(event, "proto"), sticky, switch_core_get_hostname()
);
} else if (!strcmp("del", op)) {
new_sql() = switch_mprintf("delete from nat where port=%s and proto=%s and hostname='%q'",
new_sql() = switch_mprintf("delete from nat where port=%q and proto=%q and hostname='%q'",
switch_event_get_header_nil(event, "port"),
switch_event_get_header_nil(event, "proto"), switch_core_get_hostname());
} else if (!strcmp("status", op)) {