strip out any control characters before writing to the db

author Richard Fairhurst <richard@systemed.net>

Fri, 13 Jul 2007 09:46:39 +0000 (09:46 +0000)

committer Richard Fairhurst <richard@systemed.net>

Fri, 13 Jul 2007 09:46:39 +0000 (09:46 +0000)
author Richard Fairhurst <richard@systemed.net>
Fri, 13 Jul 2007 09:46:39 +0000 (09:46 +0000)
committer Richard Fairhurst <richard@systemed.net>
Fri, 13 Jul 2007 09:46:39 +0000 (09:46 +0000)
diff --git a/app/controllers/amf_controller.rb b/app/controllers/amf_controller.rb

index 5fe9b45cba54338eb7f6142a079b964747d23f31..18a1c63469b6ce91c1a04c31b370552af1e9cb3c 100644 (file)
--- a/app/controllers/amf_controller.rb
+++ b/app/controllers/amf_controller.rb
@@ -288,6 +288,7 @@ EOF
        ymin=[ys,ymin].min; ymax=[ys,ymax].max
        node=points[i][2].to_i
        tagstr=array2tag(points[i][4])
+         tagstr=tagstr.gsub(/[\000-\037]/,"")
        tagsql="'"+sqlescape(tagstr)+"'"
  
        # compare node
@@ -404,6 +405,8 @@ EOF
        if v[0,6]=='(type ' then next end
        if insertsql !='' then insertsql +=',' end
        if currentsql!='' then currentsql+=',' end
+         k=k.gsub(/[\000-\037]/,"")
+         v=v.gsub(/[\000-\037]/,"")
        insertsql +="(#{way},'"+sqlescape(k)+"','"+sqlescape(v)+"',#{version})"
        currentsql+="(#{way},'"+sqlescape(k)+"','"+sqlescape(v)+"')"
      end
author	Richard Fairhurst <richard@systemed.net>
	Fri, 13 Jul 2007 09:46:39 +0000 (09:46 +0000)
committer	Richard Fairhurst <richard@systemed.net>
	Fri, 13 Jul 2007 09:46:39 +0000 (09:46 +0000)