commit | edb6e9144ad4db5a8752a38a1a0d97ca484dda07 | [log] [tgz] |
---|---|---|
author | Sahana Rao <sahanas@google.com> | Tue Apr 28 19:18:48 2020 +0100 |
committer | Sahana Rao <sahanas@google.com> | Tue Apr 28 20:20:06 2020 +0100 |
tree | f114266a52493b327ad0ceaefc33c1f5e44e76b9 | |
parent | 70e7eae2da6684b884a6d88cd72057c8dc8cba6a [diff] |
Append GET_ID custom function using bindSelection GET_ID custom function accepts FileColumns.DATA as input. Previously, this value was passed as raw string. FileColumns.DATA is obtained from user input and might result in sql injection. Changed buildInsert and buildUpdate to append GET_ID custom function to sql statement using DatabaseUtils.bindSelection Test: atest packages/providers/MediaProvider Bug: 154189383 Change-Id: I7279c489e971d96d17a7538388373fb60621daa6