From e1b3ee1efd49cfd3f0d50172e79d95a0859aa29a Mon Sep 17 00:00:00 2001 From: Mike Jerris Date: Fri, 11 Nov 2016 11:27:35 -0600 Subject: [PATCH] FS-9652: improve sql sanitization --- .../mod_callcenter/mod_callcenter.c | 16 ++--- .../applications/mod_commands/mod_commands.c | 58 +++++++++---------- .../mod_directory/mod_directory.c | 11 ++-- src/mod/applications/mod_fifo/mod_fifo.c | 10 ++-- .../mod_nibblebill/mod_nibblebill.c | 4 +- src/mod/applications/mod_snom/mod_snom.c | 2 +- .../mod_voicemail/mod_voicemail.c | 36 ++++++------ src/mod/endpoints/mod_skinny/mod_skinny.c | 18 +++--- .../endpoints/mod_skinny/skinny_protocol.c | 14 ++--- src/mod/endpoints/mod_skinny/skinny_server.c | 16 ++--- src/mod/endpoints/mod_sofia/mod_sofia.c | 10 ++-- src/mod/endpoints/mod_sofia/sofia.c | 18 +++--- src/mod/endpoints/mod_sofia/sofia_presence.c | 4 +- src/mod/endpoints/mod_sofia/sofia_reg.c | 18 +++--- .../mod_cdr_pg_csv/mod_cdr_pg_csv.c | 4 +- .../mod_cdr_sqlite/mod_cdr_sqlite.c | 4 +- .../mod_odbc_cdr/mod_odbc_cdr.c | 2 +- src/mod/event_handlers/mod_snmp/subagent.c | 4 +- src/switch_console.c | 6 +- src/switch_core_sqldb.c | 38 ++++++------ 20 files changed, 148 insertions(+), 145 deletions(-) diff --git a/src/mod/applications/mod_callcenter/mod_callcenter.c b/src/mod/applications/mod_callcenter/mod_callcenter.c index f6d66720d6..3b12c9948a 100644 --- a/src/mod/applications/mod_callcenter/mod_callcenter.c +++ b/src/mod/applications/mod_callcenter/mod_callcenter.c @@ -2379,9 +2379,9 @@ static int members_callback(void *pArg, int argc, char **argv, char **columnName switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_DEBUG, "Queue '%s' changed strategy, adjusting member parameters", queue_name); /* member was ring-all, becomes ring-progressively (no state change because of strategy similarities) */ if (!strcasecmp(queue_strategy, "ring-progressively")) { - sql = switch_mprintf("UPDATE members SET serving_agent = 'ring-progressively' WHERE uuid = '%s' AND state = '%s' AND serving_agent = 'ring-all'", cbt.member_uuid, cc_member_state2str(CC_MEMBER_STATE_TRYING)); + sql = switch_mprintf("UPDATE members SET serving_agent = 'ring-progressively' WHERE uuid = '%q' AND state = '%q' AND serving_agent = 'ring-all'", cbt.member_uuid, cc_member_state2str(CC_MEMBER_STATE_TRYING)); } else { - sql = switch_mprintf("UPDATE members SET serving_agent = '', state = '%s' WHERE uuid = '%s' AND state = '%s' AND serving_agent = 'ring-all'", cc_member_state2str(CC_MEMBER_STATE_WAITING), cbt.member_uuid, cc_member_state2str(CC_MEMBER_STATE_TRYING)); + sql = switch_mprintf("UPDATE members SET serving_agent = '', state = '%q' WHERE uuid = '%q' AND state = '%q' AND serving_agent = 'ring-all'", cc_member_state2str(CC_MEMBER_STATE_WAITING), cbt.member_uuid, cc_member_state2str(CC_MEMBER_STATE_TRYING)); } cc_execute_sql(NULL, sql, NULL); switch_safe_free(sql); @@ -2391,9 +2391,9 @@ static int members_callback(void *pArg, int argc, char **argv, char **columnName switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_DEBUG, "Queue '%s' changed strategy, adjusting member parameters", queue_name); /* member was ring-progressively, becomes ring-all (no state change because of strategy similarities) */ if (!strcasecmp(queue_strategy, "ring-all")) { - sql = switch_mprintf("UPDATE members SET serving_agent = 'ring-all' WHERE uuid = '%s' AND state = '%s' AND serving_agent = 'ring-progressively'", cbt.member_uuid, cc_member_state2str(CC_MEMBER_STATE_TRYING)); + sql = switch_mprintf("UPDATE members SET serving_agent = 'ring-all' WHERE uuid = '%q' AND state = '%q' AND serving_agent = 'ring-progressively'", cbt.member_uuid, cc_member_state2str(CC_MEMBER_STATE_TRYING)); } else { - sql = switch_mprintf("UPDATE members SET serving_agent = '', state = '%s' WHERE uuid = '%s' AND state = '%s' AND serving_agent = 'ring-progressively'", cc_member_state2str(CC_MEMBER_STATE_WAITING), cbt.member_uuid, cc_member_state2str(CC_MEMBER_STATE_TRYING)); + sql = switch_mprintf("UPDATE members SET serving_agent = '', state = '%q' WHERE uuid = '%q' AND state = '%q' AND serving_agent = 'ring-progressively'", cc_member_state2str(CC_MEMBER_STATE_WAITING), cbt.member_uuid, cc_member_state2str(CC_MEMBER_STATE_TRYING)); } cc_execute_sql(NULL, sql, NULL); switch_safe_free(sql); @@ -2403,9 +2403,9 @@ static int members_callback(void *pArg, int argc, char **argv, char **columnName switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_DEBUG, "Queue '%s' changed strategy, adjusting member parameters", queue_name); /* member was ring-progressively, its state is already set to TRYING */ if (!strcasecmp(serving_agent, "ring-progressively")) { - sql = switch_mprintf("UPDATE members SET serving_agent = 'ring-all' WHERE uuid = '%s' AND state = '%s' AND serving_agent = 'ring-progressively'", cbt.member_uuid, cc_member_state2str(CC_MEMBER_STATE_TRYING)); + sql = switch_mprintf("UPDATE members SET serving_agent = 'ring-all' WHERE uuid = '%q' AND state = '%q' AND serving_agent = 'ring-progressively'", cbt.member_uuid, cc_member_state2str(CC_MEMBER_STATE_TRYING)); } else { - sql = switch_mprintf("UPDATE members SET serving_agent = 'ring-all', state = '%s' WHERE uuid = '%s' AND state = '%s' AND serving_agent = ''", cc_member_state2str(CC_MEMBER_STATE_TRYING), cbt.member_uuid, cc_member_state2str(CC_MEMBER_STATE_WAITING)); + sql = switch_mprintf("UPDATE members SET serving_agent = 'ring-all', state = '%q' WHERE uuid = '%q' AND state = '%q' AND serving_agent = ''", cc_member_state2str(CC_MEMBER_STATE_TRYING), cbt.member_uuid, cc_member_state2str(CC_MEMBER_STATE_WAITING)); } cc_execute_sql(NULL, sql, NULL); switch_safe_free(sql); @@ -2415,9 +2415,9 @@ static int members_callback(void *pArg, int argc, char **argv, char **columnName switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_DEBUG, "Queue '%s' changed strategy, adjusting member parameters", queue_name); /* member was ring-all, its state is already set to TRYING */ if (!strcasecmp(serving_agent, "ring-all")) { - sql = switch_mprintf("UPDATE members SET serving_agent = 'ring-progressively' WHERE uuid = '%s' AND state = '%s' AND serving_agent = 'ring-all'", cbt.member_uuid, cc_member_state2str(CC_MEMBER_STATE_TRYING)); + sql = switch_mprintf("UPDATE members SET serving_agent = 'ring-progressively' WHERE uuid = '%q' AND state = '%q' AND serving_agent = 'ring-all'", cbt.member_uuid, cc_member_state2str(CC_MEMBER_STATE_TRYING)); } else { - sql = switch_mprintf("UPDATE members SET serving_agent = 'ring-progressively', state = '%s' WHERE uuid = '%s' AND state = '%s' AND serving_agent = ''", cc_member_state2str(CC_MEMBER_STATE_TRYING), cbt.member_uuid, cc_member_state2str(CC_MEMBER_STATE_WAITING)); + sql = switch_mprintf("UPDATE members SET serving_agent = 'ring-progressively', state = '%q' WHERE uuid = '%q' AND state = '%q' AND serving_agent = ''", cc_member_state2str(CC_MEMBER_STATE_TRYING), cbt.member_uuid, cc_member_state2str(CC_MEMBER_STATE_WAITING)); } cc_execute_sql(NULL, sql, NULL); switch_safe_free(sql); diff --git a/src/mod/applications/mod_commands/mod_commands.c b/src/mod/applications/mod_commands/mod_commands.c index 93593b4629..27c8857c18 100644 --- a/src/mod/applications/mod_commands/mod_commands.c +++ b/src/mod/applications/mod_commands/mod_commands.c @@ -103,7 +103,7 @@ static switch_status_t select_url(const char *user, if (exclude_contact) { sql = switch_mprintf("select url, '%q' " "from registrations where reg_user='%q' and realm='%q' " - "and url not like '%%%s%%'", (concat != NULL) ? concat : "", user, domain, exclude_contact); + "and url not like '%%%q%%'", (concat != NULL) ? concat : "", user, domain, exclude_contact); } else { sql = switch_mprintf("select url, '%q' " "from registrations where reg_user='%q' and realm='%q'", @@ -5409,33 +5409,33 @@ SWITCH_STANDARD_API(show_function) if (end_of(command) == 's') { end_of(command) = '\0'; } - sprintf(sql, "select type, name, ikey from interfaces where hostname='%s' and type = '%s' order by type,name", switch_core_get_hostname(), command); + switch_snprintfv(sql, sizeof(sql), "select type, name, ikey from interfaces where hostname='%q' and type = '%q' order by type,name", switch_core_get_hostname(), command); } else if (!strncasecmp(command, "module", 6)) { if (argv[1] && strcasecmp(argv[1], "as")) { - sprintf(sql, "select distinct type, name, ikey, filename from interfaces where hostname='%s' and ikey = '%s' order by type,name", + switch_snprintfv(sql, sizeof(sql), "select distinct type, name, ikey, filename from interfaces where hostname='%q' and ikey = '%q' order by type,name", switch_core_get_hostname(), argv[1]); } else { - sprintf(sql, "select distinct type, name, ikey, filename from interfaces where hostname='%s' order by type,name", switch_core_get_hostname()); + switch_snprintfv(sql, sizeof(sql), "select distinct type, name, ikey, filename from interfaces where hostname='%q' order by type,name", switch_core_get_hostname()); } } else if (!strcasecmp(command, "interfaces")) { - sprintf(sql, "select type, name, ikey from interfaces where hostname='%s' order by type,name", switch_core_get_hostname()); + switch_snprintfv(sql, sizeof(sql), "select type, name, ikey from interfaces where hostname='%q' order by type,name", switch_core_get_hostname()); } else if (!strcasecmp(command, "interface_types")) { - sprintf(sql, "select type,count(type) as total from interfaces where hostname='%s' group by type order by type", switch_core_get_switchname()); + switch_snprintfv(sql, sizeof(sql), "select type,count(type) as total from interfaces where hostname='%q' group by type order by type", switch_core_get_switchname()); } else if (!strcasecmp(command, "tasks")) { - sprintf(sql, "select * from %s where hostname='%s'", command, switch_core_get_hostname()); + switch_snprintfv(sql, sizeof(sql), "select * from %q where hostname='%q'", command, switch_core_get_hostname()); } else if (!strcasecmp(command, "application") || !strcasecmp(command, "api")) { if (argv[1] && strcasecmp(argv[1], "as")) { - sprintf(sql, - "select name, description, syntax, ikey from interfaces where hostname='%s' and type = '%s' and description != '' and name = '%s' order by type,name", + switch_snprintfv(sql, sizeof(sql), + "select name, description, syntax, ikey from interfaces where hostname='%q' and type = '%q' and description != '' and name = '%q' order by type,name", switch_core_get_hostname(), command, argv[1]); } else { - sprintf(sql, "select name, description, syntax, ikey from interfaces where hostname='%s' and type = '%s' and description != '' order by type,name", switch_core_get_hostname(), command); + switch_snprintfv(sql, sizeof(sql), "select name, description, syntax, ikey from interfaces where hostname='%q' and type = '%q' and description != '' order by type,name", switch_core_get_hostname(), command); } /* moved refreshable webpage show commands i.e. show calls|registrations|channels||detailed_calls|bridged_calls|detailed_bridged_calls */ } else if (!strcasecmp(command, "aliases")) { - sprintf(sql, "select * from aliases where hostname='%s' order by alias", switch_core_get_switchname()); + switch_snprintfv(sql, sizeof(sql), "select * from aliases where hostname='%q' order by alias", switch_core_get_switchname()); } else if (!strcasecmp(command, "complete")) { - sprintf(sql, "select * from complete where hostname='%s' order by a1,a2,a3,a4,a5,a6,a7,a8,a9,a10", switch_core_get_switchname()); + switch_snprintfv(sql, sizeof(sql), "select * from complete where hostname='%q' order by a1,a2,a3,a4,a5,a6,a7,a8,a9,a10", switch_core_get_switchname()); } else if (!strncasecmp(command, "help", 4)) { char *cmdname = NULL; @@ -5444,18 +5444,18 @@ SWITCH_STANDARD_API(show_function) if ((cmdname = strchr(command, ' ')) && strcasecmp(cmdname, "as")) { *cmdname++ = '\0'; switch_snprintfv(sql, sizeof(sql), - "select name, syntax, description, ikey from interfaces where hostname='%s' and type = 'api' and name = '%q' order by name", + "select name, syntax, description, ikey from interfaces where hostname='%q' and type = 'api' and name = '%q' order by name", switch_core_get_hostname(), cmdname); } else { switch_snprintfv(sql, sizeof(sql), "select name, syntax, description, ikey from interfaces where hostname='%q' and type = 'api' order by name", switch_core_get_hostname()); } } else if (!strcasecmp(command, "nat_map")) { - switch_snprintf(sql, sizeof(sql) - 1, + switch_snprintfv(sql, sizeof(sql) - 1, "SELECT port, " " CASE proto " " WHEN 0 THEN 'udp' " " WHEN 1 THEN 'tcp' " - " ELSE 'unknown' " " END AS proto, " " proto AS proto_num, " " sticky " " FROM nat where hostname='%s' ORDER BY port, proto", switch_core_get_hostname()); + " ELSE 'unknown' " " END AS proto, " " proto AS proto_num, " " sticky " " FROM nat where hostname='%q' ORDER BY port, proto", switch_core_get_hostname()); } else { /* from here on refreshable commands: calls|registrations|channels||detailed_calls|bridged_calls|detailed_bridged_calls */ if (holder.format->api) { @@ -5474,18 +5474,18 @@ SWITCH_STANDARD_API(show_function) } if (!strcasecmp(command, "calls")) { - sprintf(sql, "select * from basic_calls where hostname='%s' order by call_created_epoch", switch_core_get_switchname()); + switch_snprintfv(sql, sizeof(sql), "select * from basic_calls where hostname='%q' order by call_created_epoch", switch_core_get_switchname()); if (argv[1] && !strcasecmp(argv[1], "count")) { - sprintf(sql, "select count(*) from basic_calls where hostname='%s'", switch_core_get_switchname()); + switch_snprintfv(sql, sizeof(sql), "select count(*) from basic_calls where hostname='%q'", switch_core_get_switchname()); holder.justcount = 1; if (argv[3] && !strcasecmp(argv[2], "as")) { as = argv[3]; } } } else if (!strcasecmp(command, "registrations")) { - sprintf(sql, "select * from registrations where hostname='%s'", switch_core_get_switchname()); + switch_snprintfv(sql, sizeof(sql), "select * from registrations where hostname='%q'", switch_core_get_switchname()); if (argv[1] && !strcasecmp(argv[1], "count")) { - sprintf(sql, "select count(*) from registrations where hostname='%s'", switch_core_get_switchname()); + switch_snprintfv(sql, sizeof(sql), "select count(*) from registrations where hostname='%q'", switch_core_get_switchname()); holder.justcount = 1; if (argv[3] && !strcasecmp(argv[2], "as")) { as = argv[3]; @@ -5500,41 +5500,41 @@ SWITCH_STANDARD_API(show_function) } } if (strchr(argv[2], '%')) { - sprintf(sql, - "select * from channels where hostname='%s' and uuid like '%s' or name like '%s' or cid_name like '%s' or cid_num like '%s' or presence_data like '%s' or accountcode like '%s' order by created_epoch", + switch_snprintfv(sql, sizeof(sql), + "select * from channels where hostname='%q' and uuid like '%q' or name like '%q' or cid_name like '%q' or cid_num like '%q' or presence_data like '%q' or accountcode like '%q' order by created_epoch", switch_core_get_switchname(), argv[2], argv[2], argv[2], argv[2], argv[2], argv[2]); } else { - sprintf(sql, - "select * from channels where hostname='%s' and uuid like '%%%s%%' or name like '%%%s%%' or cid_name like '%%%s%%' or cid_num like '%%%s%%' or presence_data like '%%%s%%' or accountcode like '%%%s%%' order by created_epoch", + switch_snprintfv(sql, sizeof(sql), + "select * from channels where hostname='%q' and uuid like '%%%q%%' or name like '%%%q%%' or cid_name like '%%%q%%' or cid_num like '%%%q%%' or presence_data like '%%%q%%' or accountcode like '%%%q%%' order by created_epoch", switch_core_get_switchname(), argv[2], argv[2], argv[2], argv[2], argv[2], argv[2]); } if (argv[4] && !strcasecmp(argv[3], "as")) { as = argv[4]; } } else { - sprintf(sql, "select * from channels where hostname='%s' order by created_epoch", switch_core_get_switchname()); + switch_snprintfv(sql, sizeof(sql), "select * from channels where hostname='%q' order by created_epoch", switch_core_get_switchname()); } } else if (!strcasecmp(command, "channels")) { - sprintf(sql, "select * from channels where hostname='%s' order by created_epoch", switch_core_get_switchname()); + switch_snprintfv(sql, sizeof(sql), "select * from channels where hostname='%q' order by created_epoch", switch_core_get_switchname()); if (argv[1] && !strcasecmp(argv[1], "count")) { - sprintf(sql, "select count(*) from channels where hostname='%s'", switch_core_get_switchname()); + switch_snprintfv(sql, sizeof(sql), "select count(*) from channels where hostname='%q'", switch_core_get_switchname()); holder.justcount = 1; if (argv[3] && !strcasecmp(argv[2], "as")) { as = argv[3]; } } } else if (!strcasecmp(command, "detailed_calls")) { - sprintf(sql, "select * from detailed_calls where hostname='%s' order by created_epoch", switch_core_get_switchname()); + switch_snprintfv(sql, sizeof(sql), "select * from detailed_calls where hostname='%q' order by created_epoch", switch_core_get_switchname()); if (argv[2] && !strcasecmp(argv[1], "as")) { as = argv[2]; } } else if (!strcasecmp(command, "bridged_calls")) { - sprintf(sql, "select * from basic_calls where b_uuid is not null and hostname='%s' order by created_epoch", switch_core_get_switchname()); + switch_snprintfv(sql, sizeof(sql), "select * from basic_calls where b_uuid is not null and hostname='%q' order by created_epoch", switch_core_get_switchname()); if (argv[2] && !strcasecmp(argv[1], "as")) { as = argv[2]; } } else if (!strcasecmp(command, "detailed_bridged_calls")) { - sprintf(sql, "select * from detailed_calls where b_uuid is not null and hostname='%s' order by created_epoch", switch_core_get_switchname()); + switch_snprintfv(sql, sizeof(sql), "select * from detailed_calls where b_uuid is not null and hostname='%q' order by created_epoch", switch_core_get_switchname()); if (argv[2] && !strcasecmp(argv[1], "as")) { as = argv[2]; } diff --git a/src/mod/applications/mod_directory/mod_directory.c b/src/mod/applications/mod_directory/mod_directory.c index b46bab89e3..a214003cf7 100644 --- a/src/mod/applications/mod_directory/mod_directory.c +++ b/src/mod/applications/mod_directory/mod_directory.c @@ -863,14 +863,17 @@ switch_status_t navigate_entrys(switch_core_session_t *session, dir_profile_t *p cbt.len = sizeof(entry_count); if (params->search_by == SEARCH_BY_FIRST_AND_LAST_NAME) { - sql_where = switch_mprintf("hostname = '%q' and uuid = '%q' and name_visible = 1 and (%s like '%q%%' or %s like '%q%%')", + sql_where = switch_mprintf("hostname = '%q' and uuid = '%q' and name_visible = 1 and (%q like '%q%%' or %q like '%q%%')", globals.hostname, switch_core_session_get_uuid(session), "last_name_digit", params->digits, "first_name_digit", params->digits); } else if (params->search_by == SEARCH_BY_FULL_NAME) { sql_where = switch_mprintf("hostname = '%q' and uuid = '%q' and name_visible = 1 and full_name_digit like '%%%q%%'", - globals.hostname, switch_core_session_get_uuid(session), "last_name_digit", params->digits, "first_name_digit", params->digits); + globals.hostname, switch_core_session_get_uuid(session), params->digits); + } else if (params->search_by == SEARCH_BY_LAST_NAME) { + sql_where = switch_mprintf("hostname = '%q' and uuid = '%q' and name_visible = 1 and last_name_digit like '%q%%'", + globals.hostname, switch_core_session_get_uuid(session), params->digits); } else { - sql_where = switch_mprintf("hostname = '%q' and uuid = '%q' and name_visible = 1 and %s like '%q%%'", - globals.hostname, switch_core_session_get_uuid(session), (params->search_by == SEARCH_BY_LAST_NAME ? "last_name_digit" : "first_name_digit"), params->digits); + sql_where = switch_mprintf("hostname = '%q' and uuid = '%q' and name_visible = 1 and first_name_digit like '%q%%'", + globals.hostname, switch_core_session_get_uuid(session), params->digits); } sql = switch_mprintf("select count(*) from (select distinct first_name, last_name, extension from directory_search where %s) AS dsearch", sql_where); diff --git a/src/mod/applications/mod_fifo/mod_fifo.c b/src/mod/applications/mod_fifo/mod_fifo.c index a8a9a8db12..ee9b52e6bc 100644 --- a/src/mod/applications/mod_fifo/mod_fifo.c +++ b/src/mod/applications/mod_fifo/mod_fifo.c @@ -1619,7 +1619,7 @@ static void *SWITCH_THREAD_FUNC outbound_ringall_thread_run(switch_thread_t *thr for (i = 0; i < cbh->rowcount; i++) { struct call_helper *h = cbh->rows[i]; - char *sql = switch_mprintf("update fifo_outbound set ring_count=ring_count+1 where uuid='%s'", h->uuid); + char *sql = switch_mprintf("update fifo_outbound set ring_count=ring_count+1 where uuid='%q'", h->uuid); fifo_execute_sql_queued(&sql, SWITCH_TRUE, SWITCH_TRUE); } @@ -1844,7 +1844,7 @@ static void *SWITCH_THREAD_FUNC outbound_enterprise_thread_run(switch_thread_t * switch_event_fire(&event); } - sql = switch_mprintf("update fifo_outbound set ring_count=ring_count+1 where uuid='%s'", h->uuid); + sql = switch_mprintf("update fifo_outbound set ring_count=ring_count+1 where uuid='%q'", h->uuid); fifo_execute_sql_queued(&sql, SWITCH_TRUE, SWITCH_TRUE); status = switch_ivr_originate(NULL, &session, &cause, originate_string, h->timeout, NULL, NULL, NULL, NULL, ovars, SOF_NONE, NULL); @@ -3358,7 +3358,7 @@ SWITCH_STANDARD_APP(fifo_function) cancel_consumer_outbound_call(outbound_id, SWITCH_CAUSE_ORIGINATOR_CANCEL); add_bridge_call(outbound_id); - sql = switch_mprintf("update fifo_outbound set stop_time=0,start_time=%ld,use_count=use_count+1,outbound_fail_count=0 where uuid='%s'", + sql = switch_mprintf("update fifo_outbound set stop_time=0,start_time=%ld,use_count=use_count+1,outbound_fail_count=0 where uuid='%q'", switch_epoch_time_now(NULL), outbound_id); fifo_execute_sql_queued(&sql, SWITCH_TRUE, SWITCH_TRUE); @@ -3439,7 +3439,7 @@ SWITCH_STANDARD_APP(fifo_function) sql = switch_mprintf("update fifo_outbound set stop_time=%ld, use_count=use_count-1, " "outbound_call_total_count=outbound_call_total_count+1, " - "outbound_call_count=outbound_call_count+1, next_avail=%ld + lag + 1 where uuid='%s' and use_count > 0", + "outbound_call_count=outbound_call_count+1, next_avail=%ld + lag + 1 where uuid='%q' and use_count > 0", now, now, outbound_id); fifo_execute_sql_queued(&sql, SWITCH_TRUE, SWITCH_TRUE); @@ -3788,7 +3788,7 @@ static int xml_outbound(switch_xml_t xml, fifo_node_t *node, char *container, ch char *sql; if (!strcmp(node->name, MANUAL_QUEUE_NAME)) { - sql = switch_mprintf("select uuid, '%s', originate_string, simo_count, use_count, timeout," + sql = switch_mprintf("select uuid, '%q', originate_string, simo_count, use_count, timeout," "lag, next_avail, expires, static, outbound_call_count, outbound_fail_count," "hostname, taking_calls, status, outbound_call_total_count, outbound_fail_total_count, active_time, inactive_time," "manual_calls_out_count, manual_calls_in_count, manual_calls_out_total_count, manual_calls_in_total_count from fifo_outbound " diff --git a/src/mod/applications/mod_nibblebill/mod_nibblebill.c b/src/mod/applications/mod_nibblebill/mod_nibblebill.c index 0249c266c4..58665498ae 100644 --- a/src/mod/applications/mod_nibblebill/mod_nibblebill.c +++ b/src/mod/applications/mod_nibblebill/mod_nibblebill.c @@ -387,7 +387,7 @@ static switch_bool_t bill_event(double billamount, const char *billaccount, swit sql = globals.custom_sql_save; } } else { - sql = dsql = switch_mprintf("UPDATE %s SET %s=%s- %f WHERE %s='%s'", globals.db_table, globals.db_column_cash, + sql = dsql = switch_mprintf("UPDATE %q SET %q=%q- %f WHERE %q='%q'", globals.db_table, globals.db_column_cash, globals.db_column_cash, billamount, globals.db_column_account, billaccount); } @@ -415,7 +415,7 @@ static double get_balance(const char *billaccount, switch_channel_t *channel) sql = globals.custom_sql_lookup; } } else { - sql = dsql = switch_mprintf("SELECT %s AS nibble_balance FROM %s WHERE %s='%s'", + sql = dsql = switch_mprintf("SELECT %q AS nibble_balance FROM %q WHERE %q='%q'", globals.db_column_cash, globals.db_table, globals.db_column_account, billaccount); } diff --git a/src/mod/applications/mod_snom/mod_snom.c b/src/mod/applications/mod_snom/mod_snom.c index 5aa274e640..ffec25f7a8 100644 --- a/src/mod/applications/mod_snom/mod_snom.c +++ b/src/mod/applications/mod_snom/mod_snom.c @@ -172,7 +172,7 @@ SWITCH_STANDARD_API(snom_command_api_function) goto end; } - sql = switch_mprintf("select network_ip from registrations where url = '%s'", apiresp); + sql = switch_mprintf("select network_ip from registrations where url = '%q'", apiresp); ret = switch_cache_db_execute_sql2str(db, sql, host, sizeof(host), NULL); switch_safe_free(sql); diff --git a/src/mod/applications/mod_voicemail/mod_voicemail.c b/src/mod/applications/mod_voicemail/mod_voicemail.c index f2e2b3a1d7..27089ada4f 100644 --- a/src/mod/applications/mod_voicemail/mod_voicemail.c +++ b/src/mod/applications/mod_voicemail/mod_voicemail.c @@ -1778,7 +1778,7 @@ static switch_status_t listen_file(switch_core_session_t *session, vm_profile_t } } else if (!strcmp(input, profile->delete_file_key) || (!strcmp(input, profile->email_key) && !zstr(cbt->email))) { - char *sql = switch_mprintf("update voicemail_msgs set flags='delete' where uuid='%s'", cbt->uuid); + char *sql = switch_mprintf("update voicemail_msgs set flags='delete' where uuid='%q'", cbt->uuid); vm_execute_sql(profile, sql, profile->mutex); switch_safe_free(sql); if (!strcmp(input, profile->email_key) && !zstr(cbt->email)) { @@ -1891,7 +1891,7 @@ static switch_status_t listen_file(switch_core_session_t *session, vm_profile_t TRY_CODE(switch_ivr_phrase_macro(session, VM_ACK_MACRO, "deleted", NULL, NULL)); } } else { - char *sql = switch_mprintf("update voicemail_msgs set flags='save' where uuid='%s'", cbt->uuid); + char *sql = switch_mprintf("update voicemail_msgs set flags='save' where uuid='%q'", cbt->uuid); vm_execute_sql(profile, sql, profile->mutex); switch_safe_free(sql); TRY_CODE(switch_ivr_phrase_macro(session, VM_ACK_MACRO, "saved", NULL, NULL)); @@ -2119,7 +2119,7 @@ static void voicemail_check_main(switch_core_session_t *session, vm_profile_t *p switch (play_msg_type) { case MSG_NEW: { - switch_snprintf(sql, sizeof(sql), + switch_snprintfv(sql, sizeof(sql), "select created_epoch, read_epoch, username, domain, uuid, cid_name, cid_number, in_folder, file_path, message_len, flags, read_flags, forwarded_by from voicemail_msgs where username='%s' and domain='%s' and read_epoch=0" " order by read_flags, created_epoch %s", myid, domain_name, profile->play_new_messages_lifo ? "desc" : "asc"); @@ -2130,7 +2130,7 @@ static void voicemail_check_main(switch_core_session_t *session, vm_profile_t *p case MSG_SAVED: default: { - switch_snprintf(sql, sizeof(sql), + switch_snprintfv(sql, sizeof(sql), "select created_epoch, read_epoch, username, domain, uuid, cid_name, cid_number, in_folder, file_path, message_len, flags, read_flags, forwarded_by from voicemail_msgs where username='%s' and domain='%s' and read_epoch !=0" " order by read_flags, created_epoch %s", myid, domain_name, profile->play_saved_messages_lifo ? "desc" : "asc"); @@ -2163,8 +2163,8 @@ static void voicemail_check_main(switch_core_session_t *session, vm_profile_t *p break; } } - switch_snprintf(sql, sizeof(sql), "update voicemail_msgs set read_epoch=%ld where read_epoch=0 and " - "username='%s' and domain='%s' and flags='save'", + switch_snprintfv(sql, sizeof(sql), "update voicemail_msgs set read_epoch=%ld where read_epoch=0 and " + "username='%q' and domain='%q' and flags='save'", (long) switch_epoch_time_now(NULL), myid, domain_name); vm_execute_sql(profile, sql, profile->mutex); switch_snprintfv(sql, sizeof(sql), "select file_path from voicemail_msgs where username='%q' and domain='%q' and flags='delete'", myid, @@ -2242,11 +2242,11 @@ static void voicemail_check_main(switch_core_session_t *session, vm_profile_t *p TRY_CODE(switch_ivr_phrase_macro(session, VM_CHOOSE_GREETING_SELECTED_MACRO, input, NULL, NULL)); if (file_path == NULL) { sql = - switch_mprintf("update voicemail_prefs set greeting_path=NULL where username='%s' and domain='%s'", myid, + switch_mprintf("update voicemail_prefs set greeting_path=NULL where username='%q' and domain='%q'", myid, domain_name); } else { sql = - switch_mprintf("update voicemail_prefs set greeting_path='%s' where username='%s' and domain='%s'", + switch_mprintf("update voicemail_prefs set greeting_path='%q' where username='%q' and domain='%q'", file_path, myid, domain_name); } vm_execute_sql(profile, sql, profile->mutex); @@ -2282,7 +2282,7 @@ static void voicemail_check_main(switch_core_session_t *session, vm_profile_t *p switch_file_rename(tmp_file_path, file_path, switch_core_session_get_pool(session)); sql = - switch_mprintf("update voicemail_prefs set greeting_path='%s' where username='%s' and domain='%s'", file_path, myid, + switch_mprintf("update voicemail_prefs set greeting_path='%q' where username='%q' and domain='%q'", file_path, myid, domain_name); vm_execute_sql(profile, sql, profile->mutex); switch_safe_free(sql); @@ -2341,7 +2341,7 @@ static void voicemail_check_main(switch_core_session_t *session, vm_profile_t *p switch_ivr_phrase_macro(session, VM_CHANGE_PASS_FAIL_MACRO, NULL, NULL, NULL); switch_event_destroy(¶ms); } else { - sql = switch_mprintf("update voicemail_prefs set password='%s' where username='%s' and domain='%s'", buf, myid, domain_name); + sql = switch_mprintf("update voicemail_prefs set password='%q' where username='%q' and domain='%q'", buf, myid, domain_name); vm_execute_sql(profile, sql, profile->mutex); switch_safe_free(file_path); switch_safe_free(sql); @@ -2359,7 +2359,7 @@ static void voicemail_check_main(switch_core_session_t *session, vm_profile_t *p unlink(tmp_file_path); TRY_CODE(create_file(session, profile, VM_RECORD_NAME_MACRO, file_path, &message_len, SWITCH_FALSE, NULL, NULL)); switch_file_rename(tmp_file_path, file_path, switch_core_session_get_pool(session)); - sql = switch_mprintf("update voicemail_prefs set name_path='%s' where username='%s' and domain='%s'", file_path, myid, domain_name); + sql = switch_mprintf("update voicemail_prefs set name_path='%q' where username='%q' and domain='%q'", file_path, myid, domain_name); vm_execute_sql(profile, sql, profile->mutex); switch_safe_free(tmp_file_path); switch_safe_free(sql); @@ -4240,13 +4240,13 @@ static void do_play(vm_profile_t *profile, char *user_in, char *domain, char *fi user = resolve_id(user_in, domain, "web-vm"); - sql = switch_mprintf("update voicemail_msgs set read_epoch=%ld where username='%s' and domain='%s' and file_path like '%%%s'", + sql = switch_mprintf("update voicemail_msgs set read_epoch=%ld where username='%q' and domain='%q' and file_path like '%%%q'", (long) switch_epoch_time_now(NULL), user, domain, file); vm_execute_sql(profile, sql, profile->mutex); free(sql); - sql = switch_mprintf("select created_epoch, read_epoch, username, domain, uuid, cid_name, cid_number, in_folder, file_path, message_len, flags, read_flags, forwarded_by from voicemail_msgs where username='%s' and domain='%s' and file_path like '%%%s' order by created_epoch", + sql = switch_mprintf("select created_epoch, read_epoch, username, domain, uuid, cid_name, cid_number, in_folder, file_path, message_len, flags, read_flags, forwarded_by from voicemail_msgs where username='%q' and domain='%q' and file_path like '%%%q' order by created_epoch", user, domain, file); memset(&holder, 0, sizeof(holder)); holder.profile = profile; @@ -4272,7 +4272,7 @@ static void do_del(vm_profile_t *profile, char *user_in, char *domain, char *fil ref = switch_event_get_header(stream->param_event, "http-referer"); } - sql = switch_mprintf("select created_epoch, read_epoch, username, domain, uuid, cid_name, cid_number, in_folder, file_path, message_len, flags, read_flags, forwarded_by from voicemail_msgs where username='%s' and domain='%s' and file_path like '%%%s' order by created_epoch", + sql = switch_mprintf("select created_epoch, read_epoch, username, domain, uuid, cid_name, cid_number, in_folder, file_path, message_len, flags, read_flags, forwarded_by from voicemail_msgs where username='%q' and domain='%q' and file_path like '%%%q' order by created_epoch", user, domain, file); memset(&holder, 0, sizeof(holder)); holder.profile = profile; @@ -4280,7 +4280,7 @@ static void do_del(vm_profile_t *profile, char *user_in, char *domain, char *fil vm_execute_sql_callback(profile, profile->mutex, sql, del_callback, &holder); switch_safe_free(sql); - sql = switch_mprintf("delete from voicemail_msgs where username='%s' and domain='%s' and file_path like '%%%s'", user, domain, file); + sql = switch_mprintf("delete from voicemail_msgs where username='%q' and domain='%q' and file_path like '%%%q'", user, domain, file); vm_execute_sql(profile, sql, profile->mutex); free(sql); @@ -4537,7 +4537,7 @@ static void do_rss(vm_profile_t *profile, char *user, char *domain, char *host, x_tmp = switch_xml_add_child_d(holder.x_channel, "ttl", 0); switch_xml_set_txt_d(x_tmp, "15"); - sql = switch_mprintf("select created_epoch, read_epoch, username, domain, uuid, cid_name, cid_number, in_folder, file_path, message_len, flags, read_flags, forwarded_by from voicemail_msgs where username='%s' and domain='%s' order by read_flags, created_epoch", user, domain); + sql = switch_mprintf("select created_epoch, read_epoch, username, domain, uuid, cid_name, cid_number, in_folder, file_path, message_len, flags, read_flags, forwarded_by from voicemail_msgs where username='%q' and domain='%q' order by read_flags, created_epoch", user, domain); vm_execute_sql_callback(profile, profile->mutex, sql, rss_callback, &holder); xmlstr = switch_xml_toxml(holder.xml, SWITCH_TRUE); @@ -4580,11 +4580,11 @@ static void do_web(vm_profile_t *profile, const char *user_in, const char *domai cbt.buf = buf; cbt.len = sizeof(buf); - sql = switch_mprintf("select created_epoch, read_epoch, username, domain, uuid, cid_name, cid_number, in_folder, file_path, message_len, flags, read_flags, forwarded_by from voicemail_msgs where username='%s' and domain='%s' order by read_flags, created_epoch", user, domain); + sql = switch_mprintf("select created_epoch, read_epoch, username, domain, uuid, cid_name, cid_number, in_folder, file_path, message_len, flags, read_flags, forwarded_by from voicemail_msgs where username='%q' and domain='%q' order by read_flags, created_epoch", user, domain); vm_execute_sql_callback(profile, profile->mutex, sql, web_callback, &holder); switch_safe_free(sql); - sql = switch_mprintf("select count(*) from voicemail_msgs where username='%s' and domain='%s' order by read_flags", user, domain); + sql = switch_mprintf("select count(*) from voicemail_msgs where username='%q' and domain='%q' order by read_flags", user, domain); vm_execute_sql_callback(profile, profile->mutex, sql, sql2str_callback, &cbt); switch_safe_free(sql); diff --git a/src/mod/endpoints/mod_skinny/mod_skinny.c b/src/mod/endpoints/mod_skinny/mod_skinny.c index 48f1f50589..3a39801cc5 100644 --- a/src/mod/endpoints/mod_skinny/mod_skinny.c +++ b/src/mod/endpoints/mod_skinny/mod_skinny.c @@ -285,7 +285,7 @@ char * skinny_profile_find_session_uuid(skinny_profile_t *profile, listener_t *l helper.channel_uuid = NULL; if(listener) { - device_condition = switch_mprintf("device_name='%s' AND device_instance=%d", + device_condition = switch_mprintf("device_name='%q' AND device_instance=%d", listener->device_name, listener->device_instance); } else { device_condition = switch_mprintf("1=1"); @@ -496,7 +496,7 @@ uint32_t skinny_line_get_state(listener_t *listener, uint32_t line_instance, uin helper.call_state = -1; if ((sql = switch_mprintf( "SELECT call_state FROM skinny_active_lines " - "WHERE device_name='%s' AND device_instance=%d " + "WHERE device_name='%q' AND device_instance=%d " "AND %s AND %s " "ORDER BY call_state, channel_uuid", /* off hook first */ listener->device_name, listener->device_instance, @@ -532,7 +532,7 @@ uint32_t skinny_line_count_active(listener_t *listener) helper.count = 0; if ((sql = switch_mprintf( "SELECT call_state FROM skinny_active_lines " - "WHERE device_name='%s' AND device_instance=%d " + "WHERE device_name='%q' AND device_instance=%d " "AND call_state not in (%d,%d,%d)", listener->device_name, listener->device_instance, SKINNY_ON_HOOK, SKINNY_IN_USE_REMOTELY, SKINNY_HOLD @@ -987,7 +987,7 @@ switch_status_t skinny_ring_active_calls(listener_t *listener) "ON skinny_active_lines.device_name = skinny_lines.device_name " "AND skinny_active_lines.device_instance = skinny_lines.device_instance " "AND skinny_active_lines.line_instance = skinny_lines.line_instance " - "WHERE skinny_lines.device_name='%s' AND skinny_lines.device_instance=%d " + "WHERE skinny_lines.device_name='%q' AND skinny_lines.device_instance=%d " "AND (call_state=%d)", listener->device_name, listener->device_instance, SKINNY_RING_IN))) { skinny_execute_sql_callback(listener->profile, listener->profile->sql_mutex, sql, skinny_ring_active_calls_callback, &helper); @@ -1370,9 +1370,9 @@ switch_call_cause_t channel_outgoing_channel(switch_core_session_t *session, swi if ((sql = switch_mprintf( "INSERT INTO skinny_active_lines " "(device_name, device_instance, line_instance, channel_uuid, call_id, call_state) " - "SELECT device_name, device_instance, line_instance, '%s', %d, %d " + "SELECT device_name, device_instance, line_instance, '%q', %d, %d " "FROM skinny_lines " - "WHERE value='%s'", + "WHERE value='%q'", switch_core_session_get_uuid(nsession), tech_pvt->call_id, SKINNY_ON_HOOK, dest ))) { skinny_execute_sql(profile, sql, profile->sql_mutex); @@ -1731,7 +1731,7 @@ static void flush_listener(listener_t *listener) if ((sql = switch_mprintf( "SELECT '%q', value, '%q', '%q', '%d' " "FROM skinny_lines " - "WHERE device_name='%s' AND device_instance=%d " + "WHERE device_name='%q' AND device_instance=%d " "ORDER BY position", profile->name, profile->domain, listener->device_name, listener->device_instance, listener->device_name, listener->device_instance @@ -1796,7 +1796,7 @@ switch_status_t dump_device(skinny_profile_t *profile, const char *device_name, { char *sql; if ((sql = switch_mprintf("SELECT name, user_id, instance, ip, type, max_streams, port, codec_string, headset, handset, speaker " - "FROM skinny_devices WHERE name='%s'", + "FROM skinny_devices WHERE name='%q'", device_name))) { skinny_execute_sql_callback(profile, profile->sql_mutex, sql, dump_device_callback, stream); switch_safe_free(sql); @@ -2657,7 +2657,7 @@ static void skinny_message_waiting_event_handler(switch_event_t *event) if ((sql = switch_mprintf( "SELECT device_name, device_instance FROM skinny_lines " - "WHERE value='%s' AND line_instance=1", user))) { + "WHERE value='%q' AND line_instance=1", user))) { struct skinny_message_waiting_event_handler_helper helper = {0}; helper.profile = profile; helper.yn = switch_true(yn); diff --git a/src/mod/endpoints/mod_skinny/skinny_protocol.c b/src/mod/endpoints/mod_skinny/skinny_protocol.c index cb3878ab82..c73c9069ee 100644 --- a/src/mod/endpoints/mod_skinny/skinny_protocol.c +++ b/src/mod/endpoints/mod_skinny/skinny_protocol.c @@ -237,9 +237,9 @@ switch_status_t skinny_device_event(listener_t *listener, switch_event_t **ev, s switch_event_create_subclass(&event, event_id, subclass_name); switch_assert(event); - if ((sql = switch_mprintf("SELECT '%s', name, user_id, instance, ip, type, max_streams, port, codec_string " + if ((sql = switch_mprintf("SELECT '%q', name, user_id, instance, ip, type, max_streams, port, codec_string " "FROM skinny_devices " - "WHERE name='%s' AND instance=%d", + "WHERE name='%q' AND instance=%d", listener->profile->name, listener->device_name, listener->device_instance))) { skinny_execute_sql_callback(profile, profile->sql_mutex, sql, skinny_device_event_callback, event); @@ -263,7 +263,7 @@ switch_status_t skinny_session_walk_lines(skinny_profile_t *profile, char *chann "ON skinny_active_lines.device_name = skinny_lines.device_name " "AND skinny_active_lines.device_instance = skinny_lines.device_instance " "AND skinny_active_lines.line_instance = skinny_lines.line_instance " - "WHERE channel_uuid='%s'", + "WHERE channel_uuid='%q'", channel_uuid))) { skinny_execute_sql_callback(profile, profile->sql_mutex, sql, callback, data); switch_safe_free(sql); @@ -325,7 +325,7 @@ void skinny_line_get(listener_t *listener, uint32_t instance, struct line_stat_r if ((sql = switch_mprintf( "SELECT '%d' AS wanted_position, position, label, value, caller_name " "FROM skinny_lines " - "WHERE device_name='%s' AND device_instance=%d " + "WHERE device_name='%q' AND device_instance=%d " "ORDER BY position", instance, listener->device_name, listener->device_instance @@ -368,7 +368,7 @@ void skinny_speed_dial_get(listener_t *listener, uint32_t instance, struct speed if ((sql = switch_mprintf( "SELECT '%d' AS wanted_position, position, label, value, settings " "FROM skinny_buttons " - "WHERE device_name='%s' AND device_instance=%d AND type=%d " + "WHERE device_name='%q' AND device_instance=%d AND type=%d " "ORDER BY position", instance, listener->device_name, listener->device_instance, @@ -412,7 +412,7 @@ void skinny_service_url_get(listener_t *listener, uint32_t instance, struct serv if ((sql = switch_mprintf( "SELECT '%d' AS wanted_position, position, label, value, settings " "FROM skinny_buttons " - "WHERE device_name='%s' AND device_instance=%d AND type=%d " + "WHERE device_name='%q' AND device_instance=%d AND type=%d " "ORDER BY position", instance, listener->device_name, @@ -458,7 +458,7 @@ void skinny_feature_get(listener_t *listener, uint32_t instance, struct feature_ if ((sql = switch_mprintf( "SELECT '%d' AS wanted_position, position, label, value, settings " "FROM skinny_buttons " - "WHERE device_name='%s' AND device_instance=%d AND NOT (type=%d OR type=%d) " + "WHERE device_name='%q' AND device_instance=%d AND NOT (type=%d OR type=%d) " "ORDER BY position", instance, listener->device_name, diff --git a/src/mod/endpoints/mod_skinny/skinny_server.c b/src/mod/endpoints/mod_skinny/skinny_server.c index b1da93b4c4..e0ec67e180 100644 --- a/src/mod/endpoints/mod_skinny/skinny_server.c +++ b/src/mod/endpoints/mod_skinny/skinny_server.c @@ -1070,7 +1070,7 @@ switch_status_t skinny_hold_active_calls(listener_t *listener) "ON skinny_active_lines.device_name = skinny_lines.device_name " "AND skinny_active_lines.device_instance = skinny_lines.device_instance " "AND skinny_active_lines.line_instance = skinny_lines.line_instance " - "WHERE skinny_lines.device_name='%s' AND skinny_lines.device_instance=%d AND (call_state=%d OR call_state=%d)", + "WHERE skinny_lines.device_name='%q' AND skinny_lines.device_instance=%d AND (call_state=%d OR call_state=%d)", listener->device_name, listener->device_instance, SKINNY_PROCEED, SKINNY_CONNECTED))) { skinny_execute_sql_callback(listener->profile, listener->profile->sql_mutex, sql, skinny_hold_active_calls_callback, &helper); switch_safe_free(sql); @@ -1673,7 +1673,7 @@ switch_status_t skinny_handle_on_hook_message(listener_t *listener, skinny_messa "ON skinny_active_lines.device_name = skinny_lines.device_name " "AND skinny_active_lines.device_instance = skinny_lines.device_instance " "AND skinny_active_lines.line_instance = skinny_lines.line_instance " - "WHERE skinny_lines.device_name='%s' AND skinny_lines.device_instance=%d", + "WHERE skinny_lines.device_name='%q' AND skinny_lines.device_instance=%d", listener->device_name, listener->device_instance))) { skinny_execute_sql_callback(listener->profile, listener->profile->sql_mutex, sql, skinny_hangup_active_calls_callback, &helper); @@ -1778,9 +1778,9 @@ switch_status_t skinny_handle_config_stat_request(listener_t *listener, skinny_m if ((sql = switch_mprintf( "SELECT name, user_id, instance, '' AS user_name, '' AS server_name, " - "(SELECT COUNT(*) FROM skinny_lines WHERE device_name='%s' AND device_instance=%d) AS number_lines, " - "(SELECT COUNT(*) FROM skinny_buttons WHERE device_name='%s' AND device_instance=%d AND type=%d) AS number_speed_dials " - "FROM skinny_devices WHERE name='%s' ", + "(SELECT COUNT(*) FROM skinny_lines WHERE device_name='%q' AND device_instance=%d) AS number_lines, " + "(SELECT COUNT(*) FROM skinny_buttons WHERE device_name='%q' AND device_instance=%d AND type=%d) AS number_speed_dials " + "FROM skinny_devices WHERE name='%q' ", listener->device_name, listener->device_instance, listener->device_name, @@ -1854,7 +1854,7 @@ switch_status_t skinny_handle_button_template_request(listener_t *listener, skin if ((sql = switch_mprintf( "SELECT device_name, device_instance, position, type " "FROM skinny_buttons " - "WHERE device_name='%s' AND device_instance=%d " + "WHERE device_name='%q' AND device_instance=%d " "ORDER BY position", listener->device_name, listener->device_instance ))) { @@ -1866,7 +1866,7 @@ switch_status_t skinny_handle_button_template_request(listener_t *listener, skin if ((sql = switch_mprintf( "SELECT device_name, device_instance, position, %d AS type " "FROM skinny_lines " - "WHERE device_name='%s' AND device_instance=%d " + "WHERE device_name='%q' AND device_instance=%d " "ORDER BY position", SKINNY_BUTTON_LINE, listener->device_name, listener->device_instance @@ -1979,7 +1979,7 @@ switch_status_t skinny_handle_capabilities_response(listener_t *listener, skinny } codec_string[string_len] = '\0'; if ((sql = switch_mprintf( - "UPDATE skinny_devices SET codec_string='%q' WHERE name='%s'", + "UPDATE skinny_devices SET codec_string='%q' WHERE name='%q'", codec_string, listener->device_name ))) { diff --git a/src/mod/endpoints/mod_sofia/mod_sofia.c b/src/mod/endpoints/mod_sofia/mod_sofia.c index e66f99240c..9e047e79bf 100644 --- a/src/mod/endpoints/mod_sofia/mod_sofia.c +++ b/src/mod/endpoints/mod_sofia/mod_sofia.c @@ -1404,7 +1404,7 @@ static switch_status_t sofia_receive_message(switch_core_session_t *session, swi if (presence_id || presence_data) { char *sql = switch_mprintf("update sip_dialogs set presence_id='%q',presence_data='%q' " - "where uuid='%s';\n", switch_str_nil(presence_id), switch_str_nil(presence_data), + "where uuid='%q';\n", switch_str_nil(presence_id), switch_str_nil(presence_data), switch_core_session_get_uuid(session)); switch_assert(sql); sofia_glue_execute_sql_now(tech_pvt->profile, &sql, SWITCH_TRUE); @@ -3802,7 +3802,7 @@ static void select_from_profile(sofia_profile_t *profile, "from sip_registrations where profile_name='%q' " "and upper(sip_user)=upper('%q') " "and (sip_host='%q' or presence_hosts like '%%%q%%') " - "and contact not like '%%%s%%'", (concat != NULL) ? concat : "", profile->name, user, domain, domain, exclude_contact); + "and contact not like '%%%q%%'", (concat != NULL) ? concat : "", profile->name, user, domain, domain, exclude_contact); } else { sql = switch_mprintf("select contact, profile_name, '%q' " "from sip_registrations where profile_name='%q' " @@ -5282,12 +5282,12 @@ void general_event_handler(switch_event_t *event) } else { if (!strcasecmp(es, "message-summary")) { sql = switch_mprintf("select sip_user,sip_host,contact,profile_name,'%q','%q','%q' " - "from sip_registrations where mwi_user='%s' and mwi_host='%q'", + "from sip_registrations where mwi_user='%q' and mwi_host='%q'", ct, es, switch_str_nil(body), switch_str_nil(user), switch_str_nil(host) ); } else { sql = switch_mprintf("select sip_user,sip_host,contact,profile_name,'%q','%q','%q' " - "from sip_registrations where sip_user='%s' and sip_host='%q'", + "from sip_registrations where sip_user='%q' and sip_host='%q'", ct, es, switch_str_nil(body), switch_str_nil(user), switch_str_nil(host) ); @@ -5389,7 +5389,7 @@ void general_event_handler(switch_event_t *event) "from sip_subscriptions where event='as-feature-event' and call_id='%q'", stream.data, ct, call_id); } else { sql = switch_mprintf("select sip_user,sip_host,contact,profile_name,call_id,full_from,full_to,expires,'%q', '%q' " - "from sip_subscriptions where event='as-feature-event' and sip_user='%s' and sip_host='%q'", stream.data, ct, switch_str_nil(user), switch_str_nil(host) + "from sip_subscriptions where event='as-feature-event' and sip_user='%q' and sip_host='%q'", stream.data, ct, switch_str_nil(user), switch_str_nil(host) ); } diff --git a/src/mod/endpoints/mod_sofia/sofia.c b/src/mod/endpoints/mod_sofia/sofia.c index 2757460fbf..004b3620c6 100644 --- a/src/mod/endpoints/mod_sofia/sofia.c +++ b/src/mod/endpoints/mod_sofia/sofia.c @@ -2782,10 +2782,10 @@ void event_handler(switch_event_t *event) switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_ERROR, "Invalid Profile\n"); } else { if (!strcmp(ping_status, "REACHABLE")) { - sql = switch_mprintf("update sip_registrations set ping_status='%s' where sip_user='%s' and sip_host='%s' and call_id='%q'", + sql = switch_mprintf("update sip_registrations set ping_status='%q' where sip_user='%q' and sip_host='%q' and call_id='%q'", "Reachable", from_user, from_host, call_id); } else { - sql = switch_mprintf("update sip_registrations set ping_status='%s' where sip_user='%s' and sip_host='%s' and call_id='%q'", + sql = switch_mprintf("update sip_registrations set ping_status='%q' where sip_user='%q' and sip_host='%q' and call_id='%q'", "Unreachable", from_user, from_host, call_id); } if (sql) { @@ -6182,7 +6182,7 @@ static void sofia_handle_sip_r_options(switch_core_session_t *session, int statu sip_user_status.status_len = sizeof(ping_status); sip_user_status.contact = sip_contact; sip_user_status.contact_len = sizeof(sip_contact); - sql = switch_mprintf("select ping_status, ping_count, contact from sip_registrations where sip_user='%s' and sip_host='%s' and call_id='%q'", + sql = switch_mprintf("select ping_status, ping_count, contact from sip_registrations where sip_user='%q' and sip_host='%q' and call_id='%q'", sip->sip_to->a_url->url_user, sip->sip_to->a_url->url_host, call_id); sofia_glue_execute_sql_callback(profile, profile->ireg_mutex, sql, sofia_sip_user_status_callback, &sip_user_status); switch_safe_free(sql); @@ -6192,7 +6192,7 @@ static void sofia_handle_sip_r_options(switch_core_session_t *session, int statu if (sip_user_status.count >= 0) { switch_log_printf(SWITCH_CHANNEL_SESSION_LOG(session), SWITCH_LOG_DEBUG, "Ping to sip user '%s@%s' failed with code %d - count %d, state %s\n", sip->sip_to->a_url->url_user, sip->sip_to->a_url->url_host, status, sip_user_status.count, sip_user_status.status); - sql = switch_mprintf("update sip_registrations set ping_count=%d, ping_time=%d where sip_user='%s' and sip_host='%s' and call_id='%q'", + sql = switch_mprintf("update sip_registrations set ping_count=%d, ping_time=%d where sip_user='%q' and sip_host='%q' and call_id='%q'", sip_user_status.count, ping_time, sip->sip_to->a_url->url_user, sip->sip_to->a_url->url_host, call_id); sofia_glue_execute_sql(profile, &sql, SWITCH_TRUE); switch_safe_free(sql); @@ -6201,7 +6201,7 @@ static void sofia_handle_sip_r_options(switch_core_session_t *session, int statu if (strcmp(sip_user_status.status, "Unreachable")) { switch_log_printf(SWITCH_CHANNEL_SESSION_LOG(session), SWITCH_LOG_WARNING, "Sip user '%s@%s' is now Unreachable\n", sip->sip_to->a_url->url_user, sip->sip_to->a_url->url_host); - sql = switch_mprintf("update sip_registrations set ping_status='Unreachable', ping_time=%d where sip_user='%s' and sip_host='%s' and call_id='%q'", + sql = switch_mprintf("update sip_registrations set ping_status='Unreachable', ping_time=%d where sip_user='%q' and sip_host='%q' and call_id='%q'", ping_time, sip->sip_to->a_url->url_user, sip->sip_to->a_url->url_host, call_id); sofia_glue_execute_sql(profile, &sql, SWITCH_TRUE); switch_safe_free(sql); @@ -6213,7 +6213,7 @@ static void sofia_handle_sip_r_options(switch_core_session_t *session, int statu switch_log_printf(SWITCH_CHANNEL_SESSION_LOG(session), SWITCH_LOG_WARNING, "Expire sip user '%s@%s' due to options failure\n", sip->sip_to->a_url->url_user, sip->sip_to->a_url->url_host); - sql = switch_mprintf("update sip_registrations set expires=%ld, ping_time=%d where sip_user='%s' and sip_host='%s' and call_id='%q'", + sql = switch_mprintf("update sip_registrations set expires=%ld, ping_time=%d where sip_user='%q' and sip_host='%q' and call_id='%q'", (long) now, ping_time, sip->sip_to->a_url->url_user, sip->sip_to->a_url->url_host, call_id); sofia_glue_execute_sql(profile, &sql, SWITCH_TRUE); switch_safe_free(sql); @@ -6225,7 +6225,7 @@ static void sofia_handle_sip_r_options(switch_core_session_t *session, int statu if (sip_user_status.count <= sip_user_ping_max) { switch_log_printf(SWITCH_CHANNEL_SESSION_LOG(session), SWITCH_LOG_DEBUG, "Ping to sip user '%s@%s' succeeded with code %d - count %d, state %s\n", sip->sip_to->a_url->url_user, sip->sip_to->a_url->url_host, status, sip_user_status.count, sip_user_status.status); - sql = switch_mprintf("update sip_registrations set ping_count=%d, ping_time=%d where sip_user='%s' and sip_host='%s' and call_id='%q'", + sql = switch_mprintf("update sip_registrations set ping_count=%d, ping_time=%d where sip_user='%q' and sip_host='%q' and call_id='%q'", sip_user_status.count, ping_time, sip->sip_to->a_url->url_user, sip->sip_to->a_url->url_host, call_id); sofia_glue_execute_sql(profile, &sql, SWITCH_TRUE); switch_safe_free(sql); @@ -6234,7 +6234,7 @@ static void sofia_handle_sip_r_options(switch_core_session_t *session, int statu if (strcmp(sip_user_status.status, "Reachable")) { switch_log_printf(SWITCH_CHANNEL_SESSION_LOG(session), SWITCH_LOG_WARNING, "Sip user '%s@%s' is now Reachable\n", sip->sip_to->a_url->url_user, sip->sip_to->a_url->url_host); - sql = switch_mprintf("update sip_registrations set ping_status='Reachable' where sip_user='%s' and sip_host='%s' and call_id='%q'", + sql = switch_mprintf("update sip_registrations set ping_status='Reachable' where sip_user='%q' and sip_host='%q' and call_id='%q'", sip->sip_to->a_url->url_user, sip->sip_to->a_url->url_host, call_id); sofia_glue_execute_sql(profile, &sql, SWITCH_TRUE); switch_safe_free(sql); @@ -6829,7 +6829,7 @@ static void sofia_handle_sip_r_invite(switch_core_session_t *session, int status const char *presence_id = switch_channel_get_variable(channel, "presence_id"); sql = switch_mprintf("update sip_dialogs set state='%q',presence_id='%q',presence_data='%q' " - "where uuid='%s';\n", astate, switch_str_nil(presence_id), switch_str_nil(presence_data), + "where uuid='%q';\n", astate, switch_str_nil(presence_id), switch_str_nil(presence_data), switch_core_session_get_uuid(session)); switch_assert(sql); sofia_glue_execute_sql_now(profile, &sql, SWITCH_TRUE); diff --git a/src/mod/endpoints/mod_sofia/sofia_presence.c b/src/mod/endpoints/mod_sofia/sofia_presence.c index c89b3f57b9..6100766b41 100644 --- a/src/mod/endpoints/mod_sofia/sofia_presence.c +++ b/src/mod/endpoints/mod_sofia/sofia_presence.c @@ -527,7 +527,7 @@ static void actual_sofia_presence_mwi_event_handler(switch_event_t *event) char buf[512] = ""; switch_console_callback_match_t *matches; - sql = switch_mprintf("select profile_name from sip_registrations where hostname='%q' and (sip_host='%s' or mwi_host='%s')", + sql = switch_mprintf("select profile_name from sip_registrations where hostname='%q' and (sip_host='%q' or mwi_host='%q')", mod_sofia_globals.hostname, host, host); if (list_profiles_full(NULL, NULL, &matches, SWITCH_FALSE) == SWITCH_STATUS_SUCCESS) { @@ -3081,7 +3081,7 @@ static int sofia_presence_sub_callback(void *pArg, int argc, char **argv, char * if (!zstr(astate) && !zstr(uuid) && helper && helper->stream.data && strcmp(helper->last_uuid, uuid) && strcasecmp(astate, "terminated") && strchr(uuid, '-')) { - helper->stream.write_function(&helper->stream, "update sip_dialogs set state='%s' where hostname='%q' and profile_name='%q' and uuid='%s';", + helper->stream.write_function(&helper->stream, "update sip_dialogs set state='%q' where hostname='%q' and profile_name='%q' and uuid='%q';", astate, mod_sofia_globals.hostname, profile->name, uuid); switch_copy_string(helper->last_uuid, uuid, sizeof(helper->last_uuid)); } diff --git a/src/mod/endpoints/mod_sofia/sofia_reg.c b/src/mod/endpoints/mod_sofia/sofia_reg.c index 0ce4b64904..b135c5f7dc 100644 --- a/src/mod/endpoints/mod_sofia/sofia_reg.c +++ b/src/mod/endpoints/mod_sofia/sofia_reg.c @@ -817,7 +817,7 @@ void sofia_reg_check_expire(sofia_profile_t *profile, time_t now, int reboot) if (now) { sql = switch_mprintf("select call_id from sip_shared_appearance_dialogs where hostname='%q' " - "and profile_name='%s' and expires <= %ld", mod_sofia_globals.hostname, profile->name, (long) now); + "and profile_name='%q' and expires <= %ld", mod_sofia_globals.hostname, profile->name, (long) now); sofia_glue_execute_sql_callback(profile, profile->dbh_mutex, sql, sofia_sla_dialog_del_callback, profile); free(sql); @@ -888,8 +888,8 @@ void sofia_reg_check_ping_expire(sofia_profile_t *profile, time_t now, int inter if (sofia_test_pflag(profile, PFLAG_ALL_REG_OPTIONS_PING)) { sql = switch_mprintf("select call_id,sip_user,sip_host,contact,status,rpid," "expires,user_agent,server_user,server_host,profile_name " - "from sip_registrations where hostname='%s' and " - "profile_name='%s' and orig_hostname='%s' and " + "from sip_registrations where hostname='%q' and " + "profile_name='%q' and orig_hostname='%q' and " "ping_expires > 0 and ping_expires <= %ld", mod_sofia_globals.hostname, profile->name, mod_sofia_globals.hostname, (long) now); @@ -899,7 +899,7 @@ void sofia_reg_check_ping_expire(sofia_profile_t *profile, time_t now, int inter sql = switch_mprintf(" select call_id,sip_user,sip_host,contact,status,rpid, " " expires,user_agent,server_user,server_host,profile_name " " from sip_registrations where (status like '%%UDP-NAT%%' or force_ping=1)" - " and hostname='%s' and profile_name='%s' and ping_expires > 0 and ping_expires <= %ld ", + " and hostname='%q' and profile_name='%q' and ping_expires > 0 and ping_expires <= %ld ", mod_sofia_globals.hostname, profile->name, (long) now); sofia_glue_execute_sql_callback(profile, profile->dbh_mutex, sql, sofia_reg_nat_callback, profile); @@ -908,8 +908,8 @@ void sofia_reg_check_ping_expire(sofia_profile_t *profile, time_t now, int inter sql = switch_mprintf("select call_id,sip_user,sip_host,contact,status,rpid," "expires,user_agent,server_user,server_host,profile_name " "from sip_registrations where (status like '%%NAT%%' " - "or contact like '%%fs_nat=yes%%' or force_ping=1) and hostname='%s' " - "and profile_name='%s' and orig_hostname='%s' and " + "or contact like '%%fs_nat=yes%%' or force_ping=1) and hostname='%q' " + "and profile_name='%q' and orig_hostname='%q' and " "ping_expires > 0 and ping_expires <= %ld", mod_sofia_globals.hostname, profile->name, mod_sofia_globals.hostname, (long) now); @@ -918,8 +918,8 @@ void sofia_reg_check_ping_expire(sofia_profile_t *profile, time_t now, int inter } else { sql = switch_mprintf("select call_id,sip_user,sip_host,contact,status,rpid," "expires,user_agent,server_user,server_host,profile_name " - "from sip_registrations where force_ping=1 and hostname='%s' " - "and profile_name='%s' and orig_hostname='%s' and " + "from sip_registrations where force_ping=1 and hostname='%q' " + "and profile_name='%q' and orig_hostname='%q' and " "ping_expires > 0 and ping_expires <= %ld", mod_sofia_globals.hostname, profile->name, mod_sofia_globals.hostname, (long) now); @@ -3230,7 +3230,7 @@ auth_res_t sofia_reg_parse_auth(sofia_profile_t *profile, if (nc && cnonce && qop) { ncl = strtoul(nc, 0, 16); - sql = switch_mprintf("update sip_authentication set expires='%ld',last_nc=%lu where nonce='%s'", + sql = switch_mprintf("update sip_authentication set expires='%ld',last_nc=%lu where nonce='%q'", (long)switch_epoch_time_now(NULL) + (profile->nonce_ttl ? profile->nonce_ttl : DEFAULT_NONCE_TTL) + exptime, ncl, nonce); switch_assert(sql != NULL); diff --git a/src/mod/event_handlers/mod_cdr_pg_csv/mod_cdr_pg_csv.c b/src/mod/event_handlers/mod_cdr_pg_csv/mod_cdr_pg_csv.c index f89a9a0644..419d6a29d6 100644 --- a/src/mod/event_handlers/mod_cdr_pg_csv/mod_cdr_pg_csv.c +++ b/src/mod/event_handlers/mod_cdr_pg_csv/mod_cdr_pg_csv.c @@ -366,9 +366,9 @@ static switch_status_t my_on_reporting(switch_core_session_t *session) pq_var = switch_mprintf("null,", var); } else { if (cdr_field->quote) { - pq_var = switch_mprintf("'%s',", var); + pq_var = switch_mprintf("'%q',", var); } else { - pq_var = switch_mprintf("%s,", var); + pq_var = switch_mprintf("%q,", var); } } diff --git a/src/mod/event_handlers/mod_cdr_sqlite/mod_cdr_sqlite.c b/src/mod/event_handlers/mod_cdr_sqlite/mod_cdr_sqlite.c index 17b1a09f2e..c6c22f27eb 100644 --- a/src/mod/event_handlers/mod_cdr_sqlite/mod_cdr_sqlite.c +++ b/src/mod/event_handlers/mod_cdr_sqlite/mod_cdr_sqlite.c @@ -159,7 +159,7 @@ static switch_status_t my_on_reporting(switch_core_session_t *session) return SWITCH_STATUS_FALSE; } - sql = switch_mprintf("INSERT INTO %s VALUES (%s)", globals.db_table, expanded_vars); + sql = switch_mprintf("INSERT INTO %q VALUES (%s)", globals.db_table, expanded_vars); assert(sql); write_cdr(sql); switch_safe_free(sql); @@ -262,7 +262,7 @@ static switch_status_t load_config(switch_memory_pool_t *pool) dbh = cdr_get_db_handle(); if (dbh) { - select_sql = switch_mprintf("SELECT * FROM %s LIMIT 1", globals.db_table); + select_sql = switch_mprintf("SELECT * FROM %q LIMIT 1", globals.db_table); assert(select_sql); create_sql = switch_mprintf(default_create_sql, globals.db_table); diff --git a/src/mod/event_handlers/mod_odbc_cdr/mod_odbc_cdr.c b/src/mod/event_handlers/mod_odbc_cdr/mod_odbc_cdr.c index 254abb402e..7a744dbc6e 100644 --- a/src/mod/event_handlers/mod_odbc_cdr/mod_odbc_cdr.c +++ b/src/mod/event_handlers/mod_odbc_cdr/mod_odbc_cdr.c @@ -340,7 +340,7 @@ static switch_status_t odbc_cdr_reporting(switch_core_session_t *session) } switch_safe_free(i_hi); - sql = switch_mprintf("INSERT INTO %s (%s) VALUES (%s)", table_name, stream_field.data, stream_value.data); + sql = switch_mprintf("INSERT INTO %q (%s) VALUES (%s)", table_name, stream_field.data, stream_value.data); if (globals.debug_sql == SWITCH_TRUE) { switch_log_printf(SWITCH_CHANNEL_SESSION_LOG(session), SWITCH_LOG_DEBUG, "sql %s\n", sql); } diff --git a/src/mod/event_handlers/mod_snmp/subagent.c b/src/mod/event_handlers/mod_snmp/subagent.c index 5db0713150..4b76b9d046 100644 --- a/src/mod/event_handlers/mod_snmp/subagent.c +++ b/src/mod/event_handlers/mod_snmp/subagent.c @@ -139,7 +139,7 @@ int channelList_load(netsnmp_cache *cache, void *vmagic) idx = 1; - sprintf(sql, "SELECT * FROM channels WHERE hostname='%s' ORDER BY created_epoch", switch_core_get_switchname()); + switch_snprintfv(sql, sizeof(sql), "SELECT * FROM channels WHERE hostname='%q' ORDER BY created_epoch", switch_core_get_switchname()); switch_cache_db_execute_sql_callback(dbh, sql, channelList_callback, NULL, NULL); switch_cache_db_release_db_handle(&dbh); @@ -243,7 +243,7 @@ int handle_systemStats(netsnmp_mib_handler *handler, netsnmp_handler_registratio return SNMP_ERR_GENERR; } - sprintf(sql, "SELECT COUNT(*) FROM calls WHERE hostname='%s'", switch_core_get_switchname()); + switch_snprintfv(sql, sizeof(sql), "SELECT COUNT(*) FROM calls WHERE hostname='%q'", switch_core_get_switchname()); switch_cache_db_execute_sql_callback(dbh, sql, sql_count_callback, &int_val, NULL); snmp_set_var_typed_integer(requests->requestvb, ASN_GAUGE, int_val); switch_cache_db_release_db_handle(&dbh); diff --git a/src/switch_console.c b/src/switch_console.c index d9435a17af..3f953b8086 100644 --- a/src/switch_console.c +++ b/src/switch_console.c @@ -828,7 +828,7 @@ SWITCH_DECLARE(unsigned char) switch_console_complete(const char *line, const ch argc = switch_separate_string(dupdup, ' ', argv, (sizeof(argv) / sizeof(argv[0]))); if (h.words == 0) { - stream.write_function(&stream, "select distinct a1 from complete where " "a1 not in (select name from interfaces where hostname='%s') %s ", + stream.write_function(&stream, "select distinct a1 from complete where " "a1 not in (select name from interfaces where hostname='%q') %s ", switch_core_get_hostname(), argc ? "and" : ""); } else { if (switch_cache_db_get_type(db) == SCDB_TYPE_CORE_DB) { @@ -1889,7 +1889,7 @@ SWITCH_DECLARE(switch_status_t) switch_console_set_complete(const char *string) switch_safe_free(mydata); return SWITCH_STATUS_FALSE; } else if (!strcasecmp(what, "*")) { - mystream.write_function(&mystream, "delete from complete where hostname='%s'", switch_core_get_hostname()); + mystream.write_function(&mystream, "delete from complete where hostname='%q'", switch_core_get_hostname()); switch_core_sql_exec(mystream.data); } else { mystream.write_function(&mystream, "delete from complete where "); @@ -1900,7 +1900,7 @@ SWITCH_DECLARE(switch_status_t) switch_console_set_complete(const char *string) mystream.write_function(&mystream, "a%d = '%w'%w", x + 1, switch_str_nil(argv[x + 1]), x == argc - 2 ? "" : " and "); } } - mystream.write_function(&mystream, " and hostname='%s'", switch_core_get_hostname()); + mystream.write_function(&mystream, " and hostname='%q'", switch_core_get_hostname()); switch_core_sql_exec(mystream.data); } status = SWITCH_STATUS_SUCCESS; diff --git a/src/switch_core_sqldb.c b/src/switch_core_sqldb.c index fe64efaf9a..a9dbe889b1 100644 --- a/src/switch_core_sqldb.c +++ b/src/switch_core_sqldb.c @@ -2386,7 +2386,7 @@ static void core_event_handler(switch_event_t *event) case SWITCH_EVENT_CALL_UPDATE: { new_sql() = switch_mprintf("update channels set callee_name='%q',callee_num='%q',sent_callee_name='%q',sent_callee_num='%q',callee_direction='%q'," - "cid_name='%q',cid_num='%q' where uuid='%s'", + "cid_name='%q',cid_num='%q' where uuid='%q'", switch_event_get_header_nil(event, "caller-callee-id-name"), switch_event_get_header_nil(event, "caller-callee-id-number"), switch_event_get_header_nil(event, "sent-callee-id-name"), @@ -2443,31 +2443,31 @@ static void core_event_handler(switch_event_t *event) break; #ifdef SWITCH_DEPRECATED_CORE_DB case CS_HANGUP: /* marked for deprication */ - new_sql_a() = switch_mprintf("update channels set state='%s' where uuid='%s'", + new_sql_a() = switch_mprintf("update channels set state='%q' where uuid='%q'", switch_event_get_header_nil(event, "channel-state"), switch_event_get_header_nil(event, "unique-id")); break; #endif case CS_EXECUTE: if ((extra_cols = parse_presence_data_cols(event))) { - new_sql() = switch_mprintf("update channels set state='%s',%s where uuid='%q'", + new_sql() = switch_mprintf("update channels set state='%q',%s where uuid='%q'", switch_event_get_header_nil(event, "channel-state"), extra_cols, switch_event_get_header_nil(event, "unique-id")); free(extra_cols); } else { - new_sql() = switch_mprintf("update channels set state='%s' where uuid='%s'", + new_sql() = switch_mprintf("update channels set state='%q' where uuid='%q'", switch_event_get_header_nil(event, "channel-state"), switch_event_get_header_nil(event, "unique-id")); } break; case CS_ROUTING: if ((extra_cols = parse_presence_data_cols(event))) { - new_sql() = switch_mprintf("update channels set state='%s',cid_name='%q',cid_num='%q',callee_name='%q',callee_num='%q'," + new_sql() = switch_mprintf("update channels set state='%q',cid_name='%q',cid_num='%q',callee_name='%q',callee_num='%q'," "sent_callee_name='%q',sent_callee_num='%q'," - "ip_addr='%s',dest='%q',dialplan='%q',context='%q',presence_id='%q',presence_data='%q',accountcode='%q',%s " - "where uuid='%s'", + "ip_addr='%q',dest='%q',dialplan='%q',context='%q',presence_id='%q',presence_data='%q',accountcode='%q',%s " + "where uuid='%q'", switch_event_get_header_nil(event, "channel-state"), switch_event_get_header_nil(event, "caller-caller-id-name"), switch_event_get_header_nil(event, "caller-caller-id-number"), @@ -2486,10 +2486,10 @@ static void core_event_handler(switch_event_t *event) switch_event_get_header_nil(event, "unique-id")); free(extra_cols); } else { - new_sql() = switch_mprintf("update channels set state='%s',cid_name='%q',cid_num='%q',callee_name='%q',callee_num='%q'," + new_sql() = switch_mprintf("update channels set state='%q',cid_name='%q',cid_num='%q',callee_name='%q',callee_num='%q'," "sent_callee_name='%q',sent_callee_num='%q'," - "ip_addr='%s',dest='%q',dialplan='%q',context='%q',presence_id='%q',presence_data='%q',accountcode='%q' " - "where uuid='%s'", + "ip_addr='%q',dest='%q',dialplan='%q',context='%q',presence_id='%q',presence_data='%q',accountcode='%q' " + "where uuid='%q'", switch_event_get_header_nil(event, "channel-state"), switch_event_get_header_nil(event, "caller-caller-id-name"), switch_event_get_header_nil(event, "caller-caller-id-number"), @@ -2508,7 +2508,7 @@ static void core_event_handler(switch_event_t *event) } break; default: - new_sql() = switch_mprintf("update channels set state='%s' where uuid='%s'", + new_sql() = switch_mprintf("update channels set state='%q' where uuid='%q'", switch_event_get_header_nil(event, "channel-state"), switch_event_get_header_nil(event, "unique-id")); break; @@ -2532,17 +2532,17 @@ static void core_event_handler(switch_event_t *event) } if (uuid && (extra_cols = parse_presence_data_cols(event))) { - new_sql() = switch_mprintf("update channels set %s where uuid='%s'", extra_cols, uuid); + new_sql() = switch_mprintf("update channels set %s where uuid='%q'", extra_cols, uuid); switch_safe_free(extra_cols); } - new_sql() = switch_mprintf("update channels set call_uuid='%q' where uuid='%s' or uuid='%s'", + new_sql() = switch_mprintf("update channels set call_uuid='%q' where uuid='%q' or uuid='%q'", switch_event_get_header_nil(event, "channel-call-uuid"), a_uuid, b_uuid); new_sql() = switch_mprintf("insert into calls (call_uuid,call_created,call_created_epoch," "caller_uuid,callee_uuid,hostname) " - "values ('%s','%s','%ld','%q','%q','%q')", + "values ('%q','%q','%ld','%q','%q','%q')", switch_event_get_header_nil(event, "channel-call-uuid"), switch_event_get_header_nil(event, "event-date-local"), (long) switch_epoch_time_now(NULL), @@ -2558,11 +2558,11 @@ static void core_event_handler(switch_event_t *event) char *uuid = switch_event_get_header(event, "unique-id"); if (uuid && (extra_cols = parse_presence_data_cols(event))) { - new_sql() = switch_mprintf("update channels set %s where uuid='%s'", extra_cols, uuid); + new_sql() = switch_mprintf("update channels set %s where uuid='%q'", extra_cols, uuid); switch_safe_free(extra_cols); } - new_sql() = switch_mprintf("update channels set call_uuid=uuid where call_uuid='%s'", + new_sql() = switch_mprintf("update channels set call_uuid=uuid where call_uuid='%q'", switch_event_get_header_nil(event, "channel-call-uuid")); new_sql() = switch_mprintf("delete from calls where (caller_uuid='%q' or callee_uuid='%q')", @@ -2613,7 +2613,7 @@ static void core_event_handler(switch_event_t *event) if (zstr(type)) { break; } - new_sql() = switch_mprintf("update channels set secure='%s' where uuid='%s'", + new_sql() = switch_mprintf("update channels set secure='%q' where uuid='%q'", type, switch_event_get_header_nil(event, "caller-unique-id") ); break; @@ -2623,12 +2623,12 @@ static void core_event_handler(switch_event_t *event) const char *op = switch_event_get_header_nil(event, "op"); switch_bool_t sticky = switch_true(switch_event_get_header_nil(event, "sticky")); if (!strcmp("add", op)) { - new_sql() = switch_mprintf("insert into nat (port, proto, sticky, hostname) values (%s, %s, %d,'%q')", + new_sql() = switch_mprintf("insert into nat (port, proto, sticky, hostname) values (%q, %q, %d,'%q')", switch_event_get_header_nil(event, "port"), switch_event_get_header_nil(event, "proto"), sticky, switch_core_get_hostname() ); } else if (!strcmp("del", op)) { - new_sql() = switch_mprintf("delete from nat where port=%s and proto=%s and hostname='%q'", + new_sql() = switch_mprintf("delete from nat where port=%q and proto=%q and hostname='%q'", switch_event_get_header_nil(event, "port"), switch_event_get_header_nil(event, "proto"), switch_core_get_hostname()); } else if (!strcmp("status", op)) {