r4sas/lightning-i2p
1
0
Fork 0
Code Issues Pull Requests Releases 1 Wiki Activity

Properly escape query strings, fixed crash

Browse Source
This commit is contained in:
Anthony Restaino 2016-07-22 22:51:40 -04:00
parent a0ae42dbb9
commit cb065d0812
1 changed files with 13 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
app/src/main/java/acr/browser/lightning/database/HistoryDatabase.java
View File

@ -6,8 +6,10 @@ package acr.browser.lightning.database;
import android.content.ContentValues; import android.content.ContentValues;
import android.content.Context; import android.content.Context;
import android.database.Cursor; import android.database.Cursor;
import android.database.DatabaseUtils;
import android.database.sqlite.SQLiteDatabase; import android.database.sqlite.SQLiteDatabase;
import android.database.sqlite.SQLiteOpenHelper; import android.database.sqlite.SQLiteOpenHelper;
import android.database.sqlite.SQLiteQuery;
import android.support.annotation.NonNull; import android.support.annotation.NonNull;
import android.support.annotation.Nullable; import android.support.annotation.Nullable;
@ -151,8 +153,10 @@ public class HistoryDatabase extends SQLiteOpenHelper {
if (search == null) { if (search == null) {
return itemList; return itemList;
} }
String selectQuery = "SELECT * FROM " + TABLE_HISTORY + " WHERE " + KEY_TITLE + " LIKE '%" search = DatabaseUtils.sqlEscapeString('%' + search + '%');
+ search + "%' OR " + KEY_URL + " LIKE '%" + search + "%' " + "ORDER BY "
String selectQuery = "SELECT * FROM " + TABLE_HISTORY + " WHERE " + KEY_TITLE + " LIKE "
+ search + " OR " + KEY_URL + " LIKE " + search + " ORDER BY "
+ KEY_TIME_VISITED + " DESC LIMIT 5"; + KEY_TIME_VISITED + " DESC LIMIT 5";
Cursor cursor = mDatabase.rawQuery(selectQuery, null); Cursor cursor = mDatabase.rawQuery(selectQuery, null);