Host nickname input not sanitized
Closed this issue · 3 comments
GoogleCodeExporter commented
Error reported from Google Play:
v6.10.17.beta3
Jun 4, 2012 8:23:42 AM
1 reports
android.database.sqlite.SQLiteException: unrecognized token: "'Oliv''": , while
compiling: SELECT DISTINCT _id, nickname FROM hosts WHERE _id!=-1 AND
nickname='Oliv''
at android.database.sqlite.SQLiteCompiledSql.native_compile(Native Method)
at android.database.sqlite.SQLiteCompiledSql.compile(SQLiteCompiledSql.java:92)
at android.database.sqlite.SQLiteCompiledSql.<init>(SQLiteCompiledSql.java:65)
at android.database.sqlite.SQLiteProgram.<init>(SQLiteProgram.java:83)
at android.database.sqlite.SQLiteQuery.<init>(SQLiteQuery.java:49)
at
android.database.sqlite.SQLiteDirectCursorDriver.query(SQLiteDirectCursorDriver.
java:42)
at
android.database.sqlite.SQLiteDatabase.rawQueryWithFactory(SQLiteDatabase.java:1
356)
at
android.database.sqlite.SQLiteDatabase.queryWithFactory(SQLiteDatabase.java:1235
)
at android.database.sqlite.SQLiteDatabase.query(SQLiteDatabase.java:1189)
at
sk.boinc.androboinc.util.HostListDbAdapter.hostUnique(HostListDbAdapter.java:196
)
at
sk.boinc.androboinc.EditHostActivity.setConfirmButtonState(EditHostActivity.java
:156)
at sk.boinc.androboinc.EditHostActivity.access$0(EditHostActivity.java:148)
at
sk.boinc.androboinc.EditHostActivity$1.afterTextChanged(EditHostActivity.java:80
)
at android.widget.TextView.sendAfterTextChanged(TextView.java:6335)
at android.widget.TextView$ChangeWatcher.afterTextChanged(TextView.java:6523)
at
android.text.SpannableStringBuilder.sendTextHasChanged(SpannableStringBuilder.ja
va:897)
at android.text.SpannableStringBuilder.change(SpannableStringBuilder.java:353)
at android.text.SpannableStringBuilder.change(SpannableStringBuilder.java:269)
at android.text.SpannableStringBuilder.replace(SpannableStringBuilder.java:432)
at android.text.SpannableStringBuilder.replace(SpannableStringBuilder.java:409)
at android.text.SpannableStringBuilder.replace(SpannableStringBuilder.java:28)
at
android.view.inputmethod.BaseInputConnection.replaceText(BaseInputConnection.jav
a:654)
at
android.view.inputmethod.BaseInputConnection.commitText(BaseInputConnection.java
:180)
at
com.android.internal.widget.EditableInputConnection.commitText(EditableInputConn
ection.java:129)
at
com.android.internal.view.IInputConnectionWrapper.executeMessage(IInputConnectio
nWrapper.java:273)
at
com.android.internal.view.IInputConnectionWrapper$MyHandler.handleMessage(IInput
ConnectionWrapper.java:75)
at android.os.Handler.dispatchMessage(Handler.java:99)
at android.os.Looper.loop(Looper.java:130)
at android.app.ActivityThread.main(ActivityThread.java:3835)
at java.lang.reflect.Method.invokeNative(Native Method)
at java.lang.reflect.Method.invoke(Method.java:507)
at
com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:847)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:605)
at dalvik.system.NativeStart.main(Native Method)
Apparently it is caused by single quote character (') in host nickname
What steps will reproduce the problem?
1. Add new host
2. In the nickname use the sigle-quote character, e.g. test'1
3. As soon as the next field is selected, activity crashes
Possible solutions:
a) Ignore single-quote in input of nickname (never use it)
b) Try to use escape code ' or possibly ’ when single-quote is
entered by user
Original issue reported on code.google.com by pavol.michalec@gmail.com
on 26 Aug 2012 at 10:30
GoogleCodeExporter commented
This issue was closed by revision r56.
Original comment by pavol.michalec@gmail.com
on 29 Aug 2012 at 2:01
- Changed state: Fixed
GoogleCodeExporter commented
Implementation details:
Character apostrophe (U+0027) is replaced by right single quotation (U+2019) by
input filter
Typographically it is nearly the same character, so user experience is not
disturbed.
Original comment by pavol.michalec@gmail.com
on 5 Sep 2012 at 2:07
GoogleCodeExporter commented
Verified on published v6.10.58.rc2
Original comment by pavol.michalec@gmail.com
on 9 Sep 2012 at 4:10
- Changed state: Verified