url-encoded paths and QString::arg()
Edward Hades
edward.hades at gmail.com
Sun Aug 3 00:42:52 CEST 2008
Hey, guys,
I just found a curious piece of misfortune that happens when these two
guys in subject are brought together in single C++ statement.
Consider the following statement (which there was at least one in
Amarok, see r841272):
QString( "INSERT INTO table VALUES ( %1, '%2', '%3' )" ).arg( whatever
).arg( rpath ).arg( someotherdata );
If rpath contains %3f, or %20, or something like that, the
someotherdata get inserted there, instead of where sane people would
normally expect.
This results in curious SQL statements like:
INSERT INTO uniqueid_temp(deviceid,rpath,uniqueid) VALUES
(-1,'./mnt/media/Music/Best of Jazz instrumentals/Best of - 02 - Urban
Knight 118b02960c18f41752495907c88359bdF Scirrocco.flac','%3');
There might be other places where this happens.
Watch your six ;)
More information about the Amarok-devel
mailing list