From b56bf4bf065130b38968b580e0bea6db809783d8 Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue, 27 Sep 2022 09:20:05 +0000
Subject: [PATCH] importer: Fix potential SQL command injection

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 src/scripts/location-importer.in | 10 ++--------
 1 file changed, 2 insertions(+), 8 deletions(-)

diff --git a/src/scripts/location-importer.in b/src/scripts/location-importer.in
index d428976..9faf23b 100644
--- a/src/scripts/location-importer.in
+++ b/src/scripts/location-importer.in
@@ -1450,10 +1450,7 @@ class CLI(object):
 				# Conduct a very basic sanity check to rule out CDN issues causing bogus DROP
 				# downloads.
 				if len(fcontent) > 10:
-					self.db.execute("""
-						DELETE FROM network_overrides WHERE source = '%s';
-					""" % name,
-					)
+					self.db.execute("DELETE FROM network_overrides WHERE source = %s", name)
 				else:
 					log.error("%s (%s) returned likely bogus file, ignored" % (name, url))
 					continue
@@ -1505,10 +1502,7 @@ class CLI(object):
 				# Conduct a very basic sanity check to rule out CDN issues causing bogus DROP
 				# downloads.
 				if len(fcontent) > 10:
-					self.db.execute("""
-						DELETE FROM autnum_overrides WHERE source = '%s';
-					""" % name,
-					)
+					self.db.execute("DELETE FROM autnum_overrides WHERE source = %s", name)
 				else:
 					log.error("%s (%s) returned likely bogus file, ignored" % (name, url))
 					continue
-- 
2.39.2