Properly escape query strings, fixed crash
This commit is contained in:
parent
a0ae42dbb9
commit
cb065d0812
@ -6,8 +6,10 @@ package acr.browser.lightning.database;
|
|||||||
import android.content.ContentValues;
|
import android.content.ContentValues;
|
||||||
import android.content.Context;
|
import android.content.Context;
|
||||||
import android.database.Cursor;
|
import android.database.Cursor;
|
||||||
|
import android.database.DatabaseUtils;
|
||||||
import android.database.sqlite.SQLiteDatabase;
|
import android.database.sqlite.SQLiteDatabase;
|
||||||
import android.database.sqlite.SQLiteOpenHelper;
|
import android.database.sqlite.SQLiteOpenHelper;
|
||||||
|
import android.database.sqlite.SQLiteQuery;
|
||||||
import android.support.annotation.NonNull;
|
import android.support.annotation.NonNull;
|
||||||
import android.support.annotation.Nullable;
|
import android.support.annotation.Nullable;
|
||||||
|
|
||||||
@ -62,8 +64,8 @@ public class HistoryDatabase extends SQLiteOpenHelper {
|
|||||||
@Override
|
@Override
|
||||||
public void onCreate(@NonNull SQLiteDatabase db) {
|
public void onCreate(@NonNull SQLiteDatabase db) {
|
||||||
String CREATE_HISTORY_TABLE = "CREATE TABLE " + TABLE_HISTORY + '(' + KEY_ID
|
String CREATE_HISTORY_TABLE = "CREATE TABLE " + TABLE_HISTORY + '(' + KEY_ID
|
||||||
+ " INTEGER PRIMARY KEY," + KEY_URL + " TEXT," + KEY_TITLE + " TEXT,"
|
+ " INTEGER PRIMARY KEY," + KEY_URL + " TEXT," + KEY_TITLE + " TEXT,"
|
||||||
+ KEY_TIME_VISITED + " INTEGER" + ')';
|
+ KEY_TIME_VISITED + " INTEGER" + ')';
|
||||||
db.execSQL(CREATE_HISTORY_TABLE);
|
db.execSQL(CREATE_HISTORY_TABLE);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -111,7 +113,7 @@ public class HistoryDatabase extends SQLiteOpenHelper {
|
|||||||
values.put(KEY_TITLE, title == null ? "" : title);
|
values.put(KEY_TITLE, title == null ? "" : title);
|
||||||
values.put(KEY_TIME_VISITED, System.currentTimeMillis());
|
values.put(KEY_TIME_VISITED, System.currentTimeMillis());
|
||||||
Cursor q = mDatabase.query(false, TABLE_HISTORY, new String[]{KEY_URL},
|
Cursor q = mDatabase.query(false, TABLE_HISTORY, new String[]{KEY_URL},
|
||||||
KEY_URL + " = ?", new String[]{url}, null, null, null, "1");
|
KEY_URL + " = ?", new String[]{url}, null, null, null, "1");
|
||||||
if (q.getCount() > 0) {
|
if (q.getCount() > 0) {
|
||||||
mDatabase.update(TABLE_HISTORY, values, KEY_URL + " = ?", new String[]{url});
|
mDatabase.update(TABLE_HISTORY, values, KEY_URL + " = ?", new String[]{url});
|
||||||
} else {
|
} else {
|
||||||
@ -133,7 +135,7 @@ public class HistoryDatabase extends SQLiteOpenHelper {
|
|||||||
synchronized String getHistoryItem(@NonNull String url) {
|
synchronized String getHistoryItem(@NonNull String url) {
|
||||||
mDatabase = openIfNecessary();
|
mDatabase = openIfNecessary();
|
||||||
Cursor cursor = mDatabase.query(TABLE_HISTORY, new String[]{KEY_ID, KEY_URL, KEY_TITLE},
|
Cursor cursor = mDatabase.query(TABLE_HISTORY, new String[]{KEY_ID, KEY_URL, KEY_TITLE},
|
||||||
KEY_URL + " = ?", new String[]{url}, null, null, null, null);
|
KEY_URL + " = ?", new String[]{url}, null, null, null, null);
|
||||||
String m = null;
|
String m = null;
|
||||||
if (cursor != null) {
|
if (cursor != null) {
|
||||||
cursor.moveToFirst();
|
cursor.moveToFirst();
|
||||||
@ -151,9 +153,11 @@ public class HistoryDatabase extends SQLiteOpenHelper {
|
|||||||
if (search == null) {
|
if (search == null) {
|
||||||
return itemList;
|
return itemList;
|
||||||
}
|
}
|
||||||
String selectQuery = "SELECT * FROM " + TABLE_HISTORY + " WHERE " + KEY_TITLE + " LIKE '%"
|
search = DatabaseUtils.sqlEscapeString('%' + search + '%');
|
||||||
+ search + "%' OR " + KEY_URL + " LIKE '%" + search + "%' " + "ORDER BY "
|
|
||||||
+ KEY_TIME_VISITED + " DESC LIMIT 5";
|
String selectQuery = "SELECT * FROM " + TABLE_HISTORY + " WHERE " + KEY_TITLE + " LIKE "
|
||||||
|
+ search + " OR " + KEY_URL + " LIKE " + search + " ORDER BY "
|
||||||
|
+ KEY_TIME_VISITED + " DESC LIMIT 5";
|
||||||
Cursor cursor = mDatabase.rawQuery(selectQuery, null);
|
Cursor cursor = mDatabase.rawQuery(selectQuery, null);
|
||||||
|
|
||||||
int n = 0;
|
int n = 0;
|
||||||
@ -176,7 +180,7 @@ public class HistoryDatabase extends SQLiteOpenHelper {
|
|||||||
mDatabase = openIfNecessary();
|
mDatabase = openIfNecessary();
|
||||||
List<HistoryItem> itemList = new ArrayList<>(100);
|
List<HistoryItem> itemList = new ArrayList<>(100);
|
||||||
String selectQuery = "SELECT * FROM " + TABLE_HISTORY + " ORDER BY " + KEY_TIME_VISITED
|
String selectQuery = "SELECT * FROM " + TABLE_HISTORY + " ORDER BY " + KEY_TIME_VISITED
|
||||||
+ " DESC";
|
+ " DESC";
|
||||||
|
|
||||||
Cursor cursor = mDatabase.rawQuery(selectQuery, null);
|
Cursor cursor = mDatabase.rawQuery(selectQuery, null);
|
||||||
int counter = 0;
|
int counter = 0;
|
||||||
@ -199,7 +203,7 @@ public class HistoryDatabase extends SQLiteOpenHelper {
|
|||||||
mDatabase = openIfNecessary();
|
mDatabase = openIfNecessary();
|
||||||
List<HistoryItem> itemList = new ArrayList<>();
|
List<HistoryItem> itemList = new ArrayList<>();
|
||||||
String selectQuery = "SELECT * FROM " + TABLE_HISTORY + " ORDER BY " + KEY_TIME_VISITED
|
String selectQuery = "SELECT * FROM " + TABLE_HISTORY + " ORDER BY " + KEY_TIME_VISITED
|
||||||
+ " DESC";
|
+ " DESC";
|
||||||
|
|
||||||
Cursor cursor = mDatabase.rawQuery(selectQuery, null);
|
Cursor cursor = mDatabase.rawQuery(selectQuery, null);
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user