From 2c3dd2bc2ae31dade8d3bc1fa64b6ad011b46f5f Mon Sep 17 00:00:00 2001
From: paulc <paulc@acf43c95-373e-0410-b603-e72c3f656dc1>
Date: Fri, 6 Feb 2009 19:37:01 +0000
Subject: [PATCH] Added support for SQL escaping a binary DataBlock. Replacing
 with SQL escaping a NamedPointer parameter of a NamedList that holds a
 DataBlock will insert the escaped binary data instead.

git-svn-id: http://yate.null.ro/svn/yate/trunk@2475 acf43c95-373e-0410-b603-e72c3f656dc1
---
 engine/DataBlock.cpp | 20 ++++++++++++++++++++
 engine/NamedList.cpp | 22 +++++++++++++++++++---
 yateclass.h          |  7 +++++++
 3 files changed, 46 insertions(+), 3 deletions(-)

diff --git a/engine/DataBlock.cpp b/engine/DataBlock.cpp
index 8053d9df..491bfd1b 100644
--- a/engine/DataBlock.cpp
+++ b/engine/DataBlock.cpp
@@ -332,4 +332,24 @@ bool DataBlock::unHexify(const char* data, unsigned int len, char sep)
     return (iBuf >= n);
 }
 
+String DataBlock::sqlEscape(char extraEsc) const
+{
+    unsigned int len = m_length;
+    unsigned int i;
+    for (i = 0; i < m_length; i++) {
+	char c = static_cast<char*>(m_data)[i];
+	if (c == '\0' || c == '\\' || c == '\'' || c == extraEsc)
+	    len++;
+    }
+    String tmp(' ',len);
+    char* d = const_cast<char*>(tmp.c_str());
+    for (i = 0; i < m_length; i++) {
+	char c = static_cast<char*>(m_data)[i];
+	if (c == '\0' || c == '\\' || c == '\'' || c == extraEsc)
+	    *d++ = '\\';
+	*d++ = c ? c : '0';
+    }
+    return tmp;
+}
+
 /* vi: set ts=8 sw=4 sts=4 noet: */
diff --git a/engine/NamedList.cpp b/engine/NamedList.cpp
index eb847907..9d137e84 100644
--- a/engine/NamedList.cpp
+++ b/engine/NamedList.cpp
@@ -260,9 +260,25 @@ int NamedList::replaceParams(String& str, bool sqlEsc, char extraEsc) const
 	    String tmp = str.substr(p1+2,p2-p1-2);
 	    tmp.trimBlanks();
 	    DDebug(DebugAll,"NamedList replacing parameter '%s' [%p]",tmp.c_str(),this);
-	    tmp = getValue(tmp);
-	    if (sqlEsc)
-		tmp = tmp.sqlEscape(extraEsc);
+	    const NamedString* ns = getParam(tmp);
+	    if (ns) {
+		if (sqlEsc) {
+		    const DataBlock* data = 0;
+		    if (ns->null()) {
+			NamedPointer* np = YOBJECT(NamedPointer,ns);
+			if (np)
+			    data = YOBJECT(DataBlock,np->userData());
+		    }
+		    if (data)
+			tmp = data->sqlEscape(extraEsc);
+		    else
+			tmp = ns->sqlEscape(extraEsc);
+		}
+		else
+		    tmp = *ns;
+	    }
+	    else
+		tmp.clear();
 	    str = str.substr(0,p1) + tmp + str.substr(p2+1);
 	    // advance search offset past the string we just replaced
 	    p1 += tmp.length();
diff --git a/yateclass.h b/yateclass.h
index 98117e24..cdbbb1f4 100644
--- a/yateclass.h
+++ b/yateclass.h
@@ -2862,6 +2862,13 @@ public:
      */
     bool unHexify(const char* data, unsigned int len, char sep = 0);
 
+    /**
+     * Create an escaped string suitable for use in SQL queries
+     * @param extraEsc Character to escape other than the default ones
+     * @return A string with binary zeros and other special characters escaped
+     */
+    String sqlEscape(char extraEsc) const;
+
 private:
     void* m_data;
     unsigned int m_length;