From: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue, 27 Sep 2022 09:20:05 +0000 (+0000)
Subject: importer: Fix potential SQL command injection
X-Git-Tag: 0.9.16~20
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b56bf4bf065130b38968b580e0bea6db809783d8;p=location%2Flibloc.git

importer: Fix potential SQL command injection

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/src/scripts/location-importer.in b/src/scripts/location-importer.in
index d428976..9faf23b 100644
--- a/src/scripts/location-importer.in
+++ b/src/scripts/location-importer.in
@@ -1450,10 +1450,7 @@ class CLI(object):
 				# Conduct a very basic sanity check to rule out CDN issues causing bogus DROP
 				# downloads.
 				if len(fcontent) > 10:
-					self.db.execute("""
-						DELETE FROM network_overrides WHERE source = '%s';
-					""" % name,
-					)
+					self.db.execute("DELETE FROM network_overrides WHERE source = %s", name)
 				else:
 					log.error("%s (%s) returned likely bogus file, ignored" % (name, url))
 					continue
@@ -1505,10 +1502,7 @@ class CLI(object):
 				# Conduct a very basic sanity check to rule out CDN issues causing bogus DROP
 				# downloads.
 				if len(fcontent) > 10:
-					self.db.execute("""
-						DELETE FROM autnum_overrides WHERE source = '%s';
-					""" % name,
-					)
+					self.db.execute("DELETE FROM autnum_overrides WHERE source = %s", name)
 				else:
 					log.error("%s (%s) returned likely bogus file, ignored" % (name, url))
 					continue