Skip to content
Snippets Groups Projects
Unverified Commit c4a88302 authored by Richard Cordovano's avatar Richard Cordovano Committed by GitHub
Browse files

Merge pull request #4499 from wschaeferB/4635-CentralRepoEscapingFix

4635 fix escaping of single quotes in findfilesWhere query for common…
parents 1148ced7 6207b64a
No related branches found
No related tags found
No related merge requests found
......@@ -108,6 +108,7 @@ AbstractFile getAbstractFile() {
// will try using the file name, parent path and data source id.
File fileFromPath = new File(currentFullPath);
String fileName = fileFromPath.getName();
fileName = SleuthkitCase.escapeSingleQuotes(fileName);
// Create the parent path. Make sure not to add a separator if there is already one there.
String parentPath = fileFromPath.getParent();
......@@ -115,6 +116,7 @@ AbstractFile getAbstractFile() {
parentPath += File.separator;
}
parentPath = parentPath.replace("\\", "/");
parentPath = SleuthkitCase.escapeSingleQuotes(parentPath);
final String whereClause = String.format("lower(name) = '%s' AND lower(parent_path) = '%s' AND data_source_obj_id = %s", fileName, parentPath, dataSource.get().getId());
List<AbstractFile> potentialAbstractFiles = tskDb.findAllFilesWhere(whereClause);
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment