Fix #7247 About incorrect variable substitution with the query command

Description:
-----------

The following query.sql file was generating an incorrect SQL command

# 1
:Query to test substitutions
*Enter a
*Enter b
*Enter c
SELECT '%1' as "a", '%2' as "b", '%3' as "c", '%1' as "a", '%2' as "b", '%3' as "c";

Workaround:
----------

Do not reuse variable in the SQL command (add a new one) or tweak SQL to not reuse variables.

diff --git a/bacula/src/dird/ua_query.c b/bacula/src/dird/ua_query.c
index 0eb174f2e3c1d2b9b679dd5899c5df7ab0ced736..c76172849f2d00f4fc7f03030e4b7b7d4172e842 100644 (file)
--- a/bacula/src/dird/ua_query.c
+++ b/bacula/src/dird/ua_query.c
@@ -212,11 +212,13 @@ static POOLMEM *substitute_prompts(UAContext *ua,
                      q += 2;
                      break;
                   }
+                  /* Copy the new input to the subst table */
+                  len = strlen(ua->cmd);
+                  p = (char *)malloc(len * 2 + 1);
+                  db_escape_string(ua->jcr, ua->db, p, ua->cmd, len);
+                  subst[n] = p;
                }
-               len = strlen(ua->cmd);
-               p = (char *)malloc(len * 2 + 1);
-               db_escape_string(ua->jcr, ua->db, p, ua->cmd, len);
-               subst[n] = p;
+               p = subst[n];
                olen = o - new_query;
                new_query = check_pool_memory_size(new_query, olen + strlen(p) + 10);
                o = new_query + olen;