Escape single quotes in SQLite entries for message backups

Fixes #7491
Closes #7497
This commit is contained in:
junitas 2018-03-10 20:49:44 -05:00 committed by Moxie Marlinspike
parent fd7a3190f8
commit 7f7aab044c

View File

@ -143,7 +143,7 @@ public class FullBackupExporter extends FullBackupBase {
for (int i=0;i<cursor.getColumnCount();i++) { for (int i=0;i<cursor.getColumnCount();i++) {
if (cursor.getType(i) == Cursor.FIELD_TYPE_STRING) { if (cursor.getType(i) == Cursor.FIELD_TYPE_STRING) {
statement.append('\''); statement.append('\'');
statement.append(cursor.getString(i).replace("'", "\\'")); statement.append(cursor.getString(i).replace("'", "''"));
statement.append('\''); statement.append('\'');
} else if (cursor.getType(i) == Cursor.FIELD_TYPE_FLOAT) { } else if (cursor.getType(i) == Cursor.FIELD_TYPE_FLOAT) {
statement.append(cursor.getFloat(i)); statement.append(cursor.getFloat(i));