From c3eaf9f3da876f419dbc3b652efc54a3f810ef4a Mon Sep 17 00:00:00 2001
From: Wolfgang Sourdeau <wsourdeau@inverse.ca>
Date: Thu, 16 Jun 2011 14:38:14 +0000
Subject: [PATCH] Monotone-Parent: a1ab19d0430de4dc429a378a11f7f8e16772efd3
 Monotone-Revision: 7ed8d0e95d642fed8f24b92fc18f0e2abc1b90d0

Monotone-Author: wsourdeau@inverse.ca
Monotone-Date: 2011-06-16T14:38:14
Monotone-Branch: ca.inverse.sogo
---
 ChangeLog                           | 6 ++++++
 SoObjects/SOGo/NSString+Utilities.h | 1 +
 SoObjects/SOGo/NSString+Utilities.m | 5 +++++
 3 files changed, 12 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index 09371a146..fe2328c2a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2011-06-16  Wolfgang Sourdeau  <wsourdeau@inverse.ca>
+
+	* SoObjects/SOGo/NSString+Utilities.m (-asSafeSQLString): new
+	method that properly escape strings passed as values in SQL
+	queries.
+
 2011-06-15  Wolfgang Sourdeau  <wsourdeau@inverse.ca>
 
 	* OpenChange/MAPIStoreSpoolerContext.[hm]: new backend context.
diff --git a/SoObjects/SOGo/NSString+Utilities.h b/SoObjects/SOGo/NSString+Utilities.h
index 42f92c022..8b9d0dc81 100644
--- a/SoObjects/SOGo/NSString+Utilities.h
+++ b/SoObjects/SOGo/NSString+Utilities.h
@@ -72,6 +72,7 @@
 - (NSString *) asMD5String;
 - (NSString *) asSHA1String;
 
+- (NSString *) asSafeSQLString;
 
 @end
 
diff --git a/SoObjects/SOGo/NSString+Utilities.m b/SoObjects/SOGo/NSString+Utilities.m
index ef3639210..19f372307 100644
--- a/SoObjects/SOGo/NSString+Utilities.m
+++ b/SoObjects/SOGo/NSString+Utilities.m
@@ -589,5 +589,10 @@ static NSMutableCharacterSet *safeLDIFStartChars = nil;
   return [NSString stringWithUTF8String: buf];
 }
 
+- (NSString *) asSafeSQLString
+{
+  return [[self stringByReplacingString: @"\\" withString: @"\\\\"]
+           stringByReplacingString: @"'" withString: @"\\'"];
+}
 
 @end