From 3cbe78e5ee5165b1fc0df239ac07387a07377a8c Mon Sep 17 00:00:00 2001
From: Christian Dywan <christian@twotoasts.de>
Date: Sat, 6 Dec 2008 14:35:54 +0100
Subject: [PATCH] Escape page uri and title when inserting into database

---
 midori/main.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/midori/main.c b/midori/main.c
index 2bed84d5..2722f97d 100644
--- a/midori/main.c
+++ b/midori/main.c
@@ -716,13 +716,13 @@ midori_history_add_item_cb (KatzeArray* array,
             return;
         }
     }
-    sqlcmd = g_strdup_printf ("INSERT INTO history VALUES"
-                              "('%s', '%s', %" G_GUINT64_FORMAT ", -1)",
+    sqlcmd = sqlite3_mprintf ("INSERT INTO history VALUES"
+                              "('%q', '%q', %" G_GUINT64_FORMAT ", -1)",
                               katze_item_get_uri (item),
                               katze_item_get_name (item),
                               katze_item_get_added (item));
     success = db_exec (db, sqlcmd, &error);
-    g_free (sqlcmd);
+    sqlite3_free (sqlcmd);
     if (!success)
     {
         g_printerr (_("Failed to add history item: %s\n"), error->message);