From 67f021426bc94699c3ce3b066a61c3a3babe40a1 Mon Sep 17 00:00:00 2001 From: Daniel Gultsch Date: Thu, 4 Aug 2022 11:31:58 +0200 Subject: [PATCH] remove null bytes from strings before creating sql statements in backup --- .../conversations/services/ExportBackupService.java | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/src/main/java/eu/siacs/conversations/services/ExportBackupService.java b/src/main/java/eu/siacs/conversations/services/ExportBackupService.java index f8943489786a9d2b03857f0244a66c1eec0a88f0..6cbb26ad118eb97addf8cd7dfe47806bbf2163ee 100644 --- a/src/main/java/eu/siacs/conversations/services/ExportBackupService.java +++ b/src/main/java/eu/siacs/conversations/services/ExportBackupService.java @@ -15,6 +15,7 @@ import android.util.Log; import androidx.core.app.NotificationCompat; +import com.google.common.base.CharMatcher; import com.google.common.base.Strings; import java.io.DataOutputStream; @@ -114,7 +115,7 @@ public class ExportBackupService extends Service { } builder.append(intValue); } else { - DatabaseUtils.appendEscapedSQLString(builder, value); + appendEscapedSQLString(builder, value); } } builder.append(")"); @@ -127,6 +128,10 @@ public class ExportBackupService extends Service { writer.append(builder.toString()); } + private static void appendEscapedSQLString(final StringBuilder sb, final String sqlString) { + DatabaseUtils.appendEscapedSQLString(sb, CharMatcher.is('\u0000').removeFrom(sqlString)); + } + private static void simpleExport(SQLiteDatabase db, String table, String column, String uuid, PrintWriter writer) { final Cursor cursor = db.query(table, null, column + "=?", new String[]{uuid}, null, null, null); while (cursor != null && cursor.moveToNext()) { @@ -201,7 +206,7 @@ public class ExportBackupService extends Service { } else if (value.matches("[0-9]+")) { builder.append(value); } else { - DatabaseUtils.appendEscapedSQLString(builder, value); + appendEscapedSQLString(builder, value); } } builder.append(")");