Bug 528076 - Unsafe LIKE warning wrongly references mozIStorageConnection::escapeStringForLIKE. r=sdwilsh
authorBlair McBride <bmcbride@mozilla.com>
Sat, 14 Nov 2009 10:15:12 +0100
changeset 34851 2ad4391e7d0724d7d543b88c4c11c3c017cdf35a
parent 34850 d6863ea5c26aab7a52727ec68aad7d0edc8b3abd
child 34852 fe9f7efe466444cd716a98a9a4b491ee906765cf
push idunknown
push userunknown
push dateunknown
reviewerssdwilsh
bugs528076
milestone1.9.3a1pre
Bug 528076 - Unsafe LIKE warning wrongly references mozIStorageConnection::escapeStringForLIKE. r=sdwilsh
storage/src/mozStorageStatement.cpp
--- a/storage/src/mozStorageStatement.cpp
+++ b/storage/src/mozStorageStatement.cpp
@@ -244,17 +244,17 @@ Statement::initialize(Connection *aDBCon
 
     if (!(::FindInReadable(NS_LITERAL_CSTRING(" LIKE ?"), s1, end, c) ||
           ::FindInReadable(NS_LITERAL_CSTRING(" LIKE :"), s2, end, c) ||
           ::FindInReadable(NS_LITERAL_CSTRING(" LIKE @"), s3, end, c))) {
       // At this point, we didn't find a LIKE statement followed by ?, :,
       // or @, all of which are valid characters for binding a parameter.
       // We will warn the consumer that they may not be safely using LIKE.
       NS_WARNING("Unsafe use of LIKE detected!  Please ensure that you "
-                 "are using mozIStorageConnection::escapeStringForLIKE "
+                 "are using mozIStorageStatement::escapeStringForLIKE "
                  "and that you are binding that result to the statement "
                  "to prevent SQL injection attacks.");
     }
 
     // resetting start and e
     start = e;
     e = end;
   }