strip out any control characters before writing to the db
authorRichard Fairhurst <richard@systemed.net>
Fri, 13 Jul 2007 09:46:39 +0000 (09:46 +0000)
committerRichard Fairhurst <richard@systemed.net>
Fri, 13 Jul 2007 09:46:39 +0000 (09:46 +0000)
app/controllers/amf_controller.rb

index 5fe9b45cba54338eb7f6142a079b964747d23f31..18a1c63469b6ce91c1a04c31b370552af1e9cb3c 100644 (file)
@@ -288,6 +288,7 @@ EOF
       ymin=[ys,ymin].min; ymax=[ys,ymax].max
       node=points[i][2].to_i
       tagstr=array2tag(points[i][4])
+         tagstr=tagstr.gsub(/[\000-\037]/,"")
       tagsql="'"+sqlescape(tagstr)+"'"
 
       # compare node
@@ -404,6 +405,8 @@ EOF
       if v[0,6]=='(type ' then next end
       if insertsql !='' then insertsql +=',' end
       if currentsql!='' then currentsql+=',' end
+         k=k.gsub(/[\000-\037]/,"")
+         v=v.gsub(/[\000-\037]/,"")
       insertsql +="(#{way},'"+sqlescape(k)+"','"+sqlescape(v)+"',#{version})"
       currentsql+="(#{way},'"+sqlescape(k)+"','"+sqlescape(v)+"')"
     end