[gnome-news/wip/gbsneto/improvements] tracker: protect against malicious search



commit 76df369e9d17159d5209c69fce583a60218a2533
Author: Georges Basile Stavracas Neto <georges stavracas gmail com>
Date:   Mon Mar 7 17:32:56 2016 -0300

    tracker: protect against malicious search

 gnomenews/tracker.py |   19 +++++++++++--------
 1 files changed, 11 insertions(+), 8 deletions(-)
---
diff --git a/gnomenews/tracker.py b/gnomenews/tracker.py
index a7bd4ef..a17d4b1 100644
--- a/gnomenews/tracker.py
+++ b/gnomenews/tracker.py
@@ -296,15 +296,18 @@ class Tracker(GObject.GObject):
         """
 
         if channel:
-            query = query % text, channel
+            query = query % Trackr.sparql_escape_string(text), channel
         else:
-            query = query % text
-
-        results = self.sparql.query(query)
-        ret = []
-        while (results.next(None)):
-            ret.append(self.parse_sparql(results))
-        return ret
+            query = query % Trackr.sparql_escape_string(text)
+
+        try:
+            results = self.sparql.query(query)
+            ret = []
+            while (results.next(None)):
+                ret.append(self.parse_sparql(results))
+            return ret
+        except Exception:
+            return []
 
     @log
     def on_graph_updated(self, connection, sender_name, object_path,


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]