Commit ea0a6935 authored by Leigh Stoller's avatar Leigh Stoller

Use DBQuoteSpecial() on the sitevar value instead of escapeshellarg.

I think this fixes flyspray bug #51.
parent d01ee1b9
#!/usr/bin/perl -wT
#
# EMULAB-COPYRIGHT
# Copyright (c) 2000-2007 University of Utah and the Flux Group.
# Copyright (c) 2000-2008 University of Utah and the Flux Group.
# All rights reserved.
#
use English;
......@@ -280,8 +280,8 @@ exit(0)
# Now safe to set the site variable value.
#
my $name = $editsitevars_args{"name"};
my $value = exists($editsitevars_args{"reset"}) ? "NULL" :
"'" . escapeshellarg($editsitevars_args{"value"}) . "'";
my $value = (exists($editsitevars_args{"reset"}) ?
"NULL" : DBQuoteSpecial($editsitevars_args{"value"}));
DBQueryFatal("UPDATE sitevariables ".
"SET value=$value ".
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment