Fix use of double-quoted strings in SQLite queries (borisbabic#96)

Double-quotes are used for identifiers, not strings. While SQLite will interpret unknown identifiers that use double-quotes as strings, this is considered a misfeature. This commit fixes the SQL for those of us with double-quoted strings disabled, as well as fixes setting domain_name to the name of a column in the SQLite table. Co-authored-by: Mcsticken <[email protected]>
ppwwyyxx · Oct 8, 2021 · bd099aa · bd099aa
1 parent 87b7068
commit bd099aa
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/__init__.py b/__init__.py
@@ -268,11 +268,11 @@ def load(self):
         try:
             # chrome <=55
             cur.execute('SELECT host_key, path, secure, expires_utc, name, value, encrypted_value '
-                        'FROM cookies WHERE host_key like "%{}%";'.format(self.domain_name))
+                        'FROM cookies WHERE host_key like ?;', ('%{}%'.format(self.domain_name),))
         except sqlite3.OperationalError:
             # chrome >=56
             cur.execute('SELECT host_key, path, is_secure, expires_utc, name, value, encrypted_value '
-                        'FROM cookies WHERE host_key like "%{}%";'.format(self.domain_name))
+                        'FROM cookies WHERE host_key like ?;', ('%{}%'.format(self.domain_name),))
 
         cj = http.cookiejar.CookieJar()
 
@@ -606,7 +606,7 @@ def load(self):
         con = sqlite3.connect(self.tmp_cookie_file)
         cur = con.cursor()
         cur.execute('select host, path, isSecure, expiry, name, value from moz_cookies '
-                    'where host like "%{}%"'.format(self.domain_name))
+                    'where host like ?', ('%{}%'.format(self.domain_name),))
 
         cj = http.cookiejar.CookieJar()
         for item in cur.fetchall():