This works for me and shouldn't have any effect on MySQL; haven't
looked at the pgsql backend though.
thanks
--
Call the SQL backend's escaping method instead of the generic sqlEscape().
Modify SQLite's escaping method to only escape single quotes, and to do so with
another single quote. SQLite doesn't do anything special with backslashes.
Fixes bug #590285.
Index: pdns-2.9.21.2/modules/gsqlitebackend/ssqlite.cc
===================================================================
--- pdns-2.9.21.2.orig/modules/gsqlitebackend/ssqlite.cc 2010-08-03 13:10:26.000000000 +0000
+++ pdns-2.9.21.2/modules/gsqlitebackend/ssqlite.cc 2010-08-03 13:15:04.000000000 +0000
@@ -141,10 +141,12 @@
{
std::string a;
+// The only thing that needs to be escaped in SQLite is a ', and it gets
+// escaped with another '
for( std::string::const_iterator i = name.begin(); i != name.end(); ++i )
{
- if( *i == '\'' || *i == '\\' )
- a += '\\';
+ if( *i == '\'' )
+ a += '\'';
a += *i;
}
Index: pdns-2.9.21.2/pdns/backends/gsql/gsqlbackend.cc
===================================================================
--- pdns-2.9.21.2.orig/pdns/backends/gsql/gsqlbackend.cc 2010-08-03 13:10:39.000000000 +0000
+++ pdns-2.9.21.2/pdns/backends/gsql/gsqlbackend.cc 2010-08-03 13:12:18.000000000 +0000
@@ -385,7 +385,7 @@
{
char output[1024];
snprintf(output,sizeof(output)-1,d_InsertRecordQuery.c_str(),
- sqlEscape(r.content).c_str(),
+ d_db->escape(r.content).c_str(),
r.ttl, r.priority,
sqlEscape(r.qtype.getName()).c_str(),
r.domain_id, toLower(sqlEscape(r.qname)).c_str());
