--- embedaddon/lighttpd/src/mod_mysql_vhost.c	2013/10/14 10:32:47	1.1.1.1
+++ embedaddon/lighttpd/src/mod_mysql_vhost.c	2014/06/15 20:20:06	1.1.1.2
@@ -127,7 +127,7 @@ static void* mod_mysql_vhost_connection_data(server *s
 	UNUSED(srv);
 
 #ifdef DEBUG
-        log_error_write(srv, __FILE__, __LINE__, "ss",
+	log_error_write(srv, __FILE__, __LINE__, "ss",
 		"mod_mysql_connection_data", c ? "old" : "NEW");
 #endif
 
@@ -173,33 +173,32 @@ SERVER_FUNC(mod_mysql_vhost_set_defaults) {
 
 	char *qmark;
 	size_t i = 0;
+	buffer *sel;
 
 	config_values_t cv[] = {
-		{ "mysql-vhost.db",	NULL, T_CONFIG_STRING, 	T_CONFIG_SCOPE_SERVER },
-		{ "mysql-vhost.user",	NULL, T_CONFIG_STRING, 	T_CONFIG_SCOPE_SERVER },
-		{ "mysql-vhost.pass",	NULL, T_CONFIG_STRING, 	T_CONFIG_SCOPE_SERVER },
-		{ "mysql-vhost.sock",	NULL, T_CONFIG_STRING, 	T_CONFIG_SCOPE_SERVER },
-		{ "mysql-vhost.sql",	NULL, T_CONFIG_STRING, 	T_CONFIG_SCOPE_SERVER },
-		{ "mysql-vhost.hostname", NULL, T_CONFIG_STRING,T_CONFIG_SCOPE_SERVER },
-		{ "mysql-vhost.port",   NULL, T_CONFIG_SHORT,   T_CONFIG_SCOPE_SERVER },
-                { NULL,			NULL, T_CONFIG_UNSET,	T_CONFIG_SCOPE_UNSET }
-        };
+		{ "mysql-vhost.db",       NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_SERVER },
+		{ "mysql-vhost.user",     NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_SERVER },
+		{ "mysql-vhost.pass",     NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_SERVER },
+		{ "mysql-vhost.sock",     NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_SERVER },
+		{ "mysql-vhost.sql",      NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_SERVER },
+		{ "mysql-vhost.hostname", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_SERVER },
+		{ "mysql-vhost.port",     NULL, T_CONFIG_SHORT,  T_CONFIG_SCOPE_SERVER },
+		{ NULL,                   NULL, T_CONFIG_UNSET,  T_CONFIG_SCOPE_UNSET }
+	};
 
-	p->config_storage = calloc(1, srv->config_context->used * sizeof(specific_config *));
+	p->config_storage = calloc(1, srv->config_context->used * sizeof(plugin_config *));
+	sel = buffer_init();
 
 	for (i = 0; i < srv->config_context->used; i++) {
 		plugin_config *s;
-		buffer *sel;
 
-
 		s = calloc(1, sizeof(plugin_config));
 		s->mydb = buffer_init();
 		s->myuser = buffer_init();
 		s->mypass = buffer_init();
 		s->mysock = buffer_init();
 		s->hostname = buffer_init();
-		s->port   = 0;               /* default port for mysql */
-		sel = buffer_init();
+		s->port = 0;               /* default port for mysql */
 		s->mysql = NULL;
 
 		s->mysql_pre = buffer_init();
@@ -209,13 +208,14 @@ SERVER_FUNC(mod_mysql_vhost_set_defaults) {
 		cv[1].destination = s->myuser;
 		cv[2].destination = s->mypass;
 		cv[3].destination = s->mysock;
+		buffer_reset(sel);
 		cv[4].destination = sel;
 		cv[5].destination = s->hostname;
 		cv[6].destination = &(s->port);
 
 		p->config_storage[i] = s;
 
-        	if (config_insert_values_global(srv,
+		if (config_insert_values_global(srv,
 			((data_config *)srv->config_context->data[i])->value,
 			cv)) return HANDLER_ERROR;
 
@@ -249,6 +249,7 @@ SERVER_FUNC(mod_mysql_vhost_set_defaults) {
 			if (NULL == (s->mysql = mysql_init(NULL))) {
 				log_error_write(srv, __FILE__, __LINE__, "s", "mysql_init() failed, exiting...");
 
+				buffer_free(sel);
 				return HANDLER_ERROR;
 			}
 
@@ -260,7 +261,7 @@ SERVER_FUNC(mod_mysql_vhost_set_defaults) {
 #define FOO(x) (s->x->used ? s->x->ptr : NULL)
 
 #if MYSQL_VERSION_ID >= 40100
-                        /* CLIENT_MULTI_STATEMENTS first appeared in 4.1 */ 
+			/* CLIENT_MULTI_STATEMENTS first appeared in 4.1 */ 
 			if (!mysql_real_connect(s->mysql, FOO(hostname), FOO(myuser), FOO(mypass),
 						FOO(mydb), s->port, FOO(mysock), CLIENT_MULTI_STATEMENTS)) {
 #else
@@ -269,29 +270,16 @@ SERVER_FUNC(mod_mysql_vhost_set_defaults) {
 #endif
 				log_error_write(srv, __FILE__, __LINE__, "s", mysql_error(s->mysql));
 
+				buffer_free(sel);
 				return HANDLER_ERROR;
 			}
 #undef FOO
 
-#if 0
-			/* set close_on_exec for mysql the hard way */
-			/* Note: this only works as it is done during startup, */
-			/* otherwise we cannot be sure that mysql is fd i-1 */
-			{ int fd;
-			if (-1 != (fd = open("/dev/null", 0))) {
-				close(fd);
-#ifdef FD_CLOEXEC
-				fcntl(fd-1, F_SETFD, FD_CLOEXEC);
-#endif
-			} }
-#else
-#ifdef FD_CLOEXEC
-			fcntl(s->mysql->net.fd, F_SETFD, FD_CLOEXEC);
-#endif
-#endif
+			fd_close_on_exec(s->mysql->net.fd);
 		}
 	}
 
+	buffer_free(sel);
 	return HANDLER_GO_ON;
 }
 
@@ -351,21 +339,32 @@ CONNECTION_FUNC(mod_mysql_vhost_handle_docroot) {
 	mod_mysql_vhost_patch_connection(srv, con, p);
 
 	if (!p->conf.mysql) return HANDLER_GO_ON;
+	if (0 == p->conf.mysql_pre->used) return HANDLER_GO_ON;
 
 	/* sets up connection data if not done yet */
 	c = mod_mysql_vhost_connection_data(srv, con, p_d);
 
 	/* check if cached this connection */
 	if (c->server_name->used && /* con->uri.authority->used && */
-            buffer_is_equal(c->server_name, con->uri.authority)) goto GO_ON;
+	    buffer_is_equal(c->server_name, con->uri.authority)) goto GO_ON;
 
 	/* build and run SQL query */
 	buffer_copy_string_buffer(p->tmp_buf, p->conf.mysql_pre);
 	if (p->conf.mysql_post->used) {
-		buffer_append_string_buffer(p->tmp_buf, con->uri.authority);
+		/* escape the uri.authority */
+		unsigned long to_len;
+
+		/* 'to' has to be 'from_len * 2 + 1' */
+		buffer_prepare_append(p->tmp_buf, (con->uri.authority->used - 1) * 2 + 1);
+
+		to_len = mysql_real_escape_string(p->conf.mysql,
+				p->tmp_buf->ptr + p->tmp_buf->used - 1,
+				con->uri.authority->ptr, con->uri.authority->used - 1);
+		p->tmp_buf->used += to_len;
+
 		buffer_append_string_buffer(p->tmp_buf, p->conf.mysql_post);
 	}
-   	if (mysql_query(p->conf.mysql, p->tmp_buf->ptr)) {
+	if (mysql_real_query(p->conf.mysql, p->tmp_buf->ptr, p->tmp_buf->used - 1)) {
 		log_error_write(srv, __FILE__, __LINE__, "s", mysql_error(p->conf.mysql));
 		goto ERR500;
 	}
@@ -389,7 +388,7 @@ CONNECTION_FUNC(mod_mysql_vhost_handle_docroot) {
 		log_error_write(srv, __FILE__, __LINE__, "sb", strerror(errno), p->tmp_buf);
 		goto ERR500;
 	}
-        if (!S_ISDIR(sce->st.st_mode)) {
+	if (!S_ISDIR(sce->st.st_mode)) {
 		log_error_write(srv, __FILE__, __LINE__, "sb", "Not a directory", p->tmp_buf);
 		goto ERR500;
 	}
@@ -416,7 +415,8 @@ CONNECTION_FUNC(mod_mysql_vhost_handle_docroot) {
 #endif
 
 	/* fix virtual server and docroot */
-GO_ON:	buffer_copy_string_buffer(con->server_name, c->server_name);
+GO_ON:
+	buffer_copy_string_buffer(con->server_name, c->server_name);
 	buffer_copy_string_buffer(con->physical.doc_root, c->document_root);
 
 #ifdef DEBUG
@@ -427,7 +427,8 @@ GO_ON:	buffer_copy_string_buffer(con->server_name, c->
 #endif
 	return HANDLER_GO_ON;
 
-ERR500:	if (result) mysql_free_result(result);
+ERR500:
+	if (result) mysql_free_result(result);
 #if MYSQL_VERSION_ID >= 40100
 	while (mysql_next_result(p->conf.mysql) == 0);
 #endif