From be77ca3b8966441b5457a25f3f44245388494ceb Mon Sep 17 00:00:00 2001
From: millmanorama <millmanorama@gmail.com>
Date: Mon, 14 Aug 2017 12:57:59 -0400
Subject: [PATCH] escape the extension before it goes into the DB.

---
 bindings/java/src/org/sleuthkit/datamodel/SleuthkitCase.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/bindings/java/src/org/sleuthkit/datamodel/SleuthkitCase.java b/bindings/java/src/org/sleuthkit/datamodel/SleuthkitCase.java
index af6b27138..145313a0f 100755
--- a/bindings/java/src/org/sleuthkit/datamodel/SleuthkitCase.java
+++ b/bindings/java/src/org/sleuthkit/datamodel/SleuthkitCase.java
@@ -1083,7 +1083,7 @@ private int updateFromSchema6toSchema7(int schemaVersionNumber, CaseDbConnection
 			while (resultSet.next()) {
 				long objID = resultSet.getLong("obj_id");
 				String name = resultSet.getString("name");
-				updstatement.executeUpdate("UPDATE tsk_files SET extension = '" + extractExtension(name) + "' "
+				updstatement.executeUpdate("UPDATE tsk_files SET extension = '" +escapeSingleQuotes(extractExtension(name)) + "' "
 						+ "WHERE obj_id = " + objID);
 			}
 
-- 
GitLab