diff --git a/src/lib/navigation/completer/locationcompleterrefreshjob.cpp b/src/lib/navigation/completer/locationcompleterrefreshjob.cpp index aebf0e480..b0f3b7a5c 100644 --- a/src/lib/navigation/completer/locationcompleterrefreshjob.cpp +++ b/src/lib/navigation/completer/locationcompleterrefreshjob.cpp @@ -22,6 +22,7 @@ #include "sqldatabase.h" #include "qzsettings.h" #include "bookmarks.h" +#include "qztools.h" #include @@ -96,12 +97,13 @@ void LocationCompleterRefreshJob::runJob() // Load all icons into QImage QSqlQuery query; - query.prepare(QSL("SELECT icon FROM icons WHERE url LIKE ? LIMIT 1")); + query.prepare(QSL("SELECT icon FROM icons WHERE url LIKE ? ESCAPE ? LIMIT 1")); foreach (QStandardItem* item, m_items) { const QUrl url = item->data(LocationCompleterModel::UrlRole).toUrl(); - query.bindValue(0, QString(QL1S("%1%")).arg(QString::fromUtf8(url.toEncoded(QUrl::RemoveFragment)))); + query.bindValue(0, QString(QL1S("%1%")).arg(QzTools::escapeSqlString(QString::fromUtf8(url.toEncoded(QUrl::RemoveFragment))))); + query.bindValue(1, QL1S("!")); QSqlQuery res = SqlDatabase::instance()->exec(query); if (res.next()) { diff --git a/src/lib/other/iconchooser.cpp b/src/lib/other/iconchooser.cpp index ffa50a2b0..977feb1f0 100644 --- a/src/lib/other/iconchooser.cpp +++ b/src/lib/other/iconchooser.cpp @@ -65,8 +65,9 @@ void IconChooser::searchIcon(const QString &string) ui->iconList->clear(); QSqlQuery query; - query.prepare("SELECT icon FROM icons WHERE url LIKE ? LIMIT 20"); - query.bindValue(0, QString("%%1%").arg(string)); + query.prepare(QSL("SELECT icon FROM icons WHERE url LIKE ? ESCAPE ? LIMIT 20")); + query.bindValue(0, QString(QL1S("%%1%")).arg(QzTools::escapeSqlString(string))); + query.bindValue(1, QL1S("!")); query.exec(); while (query.next()) { diff --git a/src/lib/tools/iconprovider.cpp b/src/lib/tools/iconprovider.cpp index eb8ee62d5..37a7fd7cb 100644 --- a/src/lib/tools/iconprovider.cpp +++ b/src/lib/tools/iconprovider.cpp @@ -20,6 +20,7 @@ #include "sqldatabase.h" #include "autosaver.h" #include "webview.h" +#include "qztools.h" #include #include @@ -168,8 +169,10 @@ QImage IconProvider::imageForUrl(const QUrl &url) } QSqlQuery query; - query.prepare("SELECT icon FROM icons WHERE url LIKE ? LIMIT 1"); - query.addBindValue(QString("%1%").arg(QString::fromUtf8(url.toEncoded(QUrl::RemoveFragment)))); + query.prepare(QSL("SELECT icon FROM icons WHERE url LIKE ? ESCAPE ? LIMIT 1")); + + query.addBindValue(QString("%1%").arg(QzTools::escapeSqlString(QString::fromUtf8(url.toEncoded(QUrl::RemoveFragment))))); + query.addBindValue(QL1S("!")); query.exec(); if (query.next()) { @@ -193,8 +196,10 @@ QImage IconProvider::imageForDomain(const QUrl &url) } QSqlQuery query; - query.prepare("SELECT icon FROM icons WHERE url LIKE ? LIMIT 1"); - query.addBindValue(QString("%%1%").arg(url.host())); + query.prepare(QSL("SELECT icon FROM icons WHERE url LIKE ? ESCAPE ? LIMIT 1")); + + query.addBindValue(QString("%%1%").arg(QzTools::escapeSqlString(url.host()))); + query.addBindValue(QL1S("!")); query.exec(); if (query.next()) { diff --git a/src/lib/tools/qztools.cpp b/src/lib/tools/qztools.cpp index dab327b7d..5adecbeb9 100644 --- a/src/lib/tools/qztools.cpp +++ b/src/lib/tools/qztools.cpp @@ -195,6 +195,16 @@ QString QzTools::urlEncodeQueryString(const QUrl &url) return returnString; } +QString QzTools::escapeSqlString(QString urlString) +{ + const static QString &escapeString = QL1S("!"); + urlString.replace(escapeString, escapeString + escapeString); + urlString.replace(QL1S("_"), escapeString + QL1S("_")); + urlString.replace(QL1S("%"), escapeString + QL1S("%")); + + return urlString; +} + QString QzTools::ensureUniqueFilename(const QString &name, const QString &appendFormat) { if (!QFile::exists(name)) { diff --git a/src/lib/tools/qztools.h b/src/lib/tools/qztools.h index f0b233925..94d6d5b63 100644 --- a/src/lib/tools/qztools.h +++ b/src/lib/tools/qztools.h @@ -46,6 +46,7 @@ public: static QString samePartOfStrings(const QString &one, const QString &other); static QString urlEncodeQueryString(const QUrl &url); + static QString escapeSqlString(QString urlString); static QString ensureUniqueFilename(const QString &name, const QString &appendFormat = QString("(%1)")); static QString getFileNameFromUrl(const QUrl &url);