From 2bfb7c7ce2e0aadfdb0ae0d8a8a5a50074fcb416 Mon Sep 17 00:00:00 2001
From: louis <louis.braun@gmx.de>
Date: Thu, 15 May 2014 15:15:46 +0200
Subject: [PATCH] fixed escaping when deleting outdated recordings

---
 HISTORY  | 2 ++
 update.c | 4 +++-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/HISTORY b/HISTORY
index f9540ce..088fadb 100644
--- a/HISTORY
+++ b/HISTORY
@@ -29,3 +29,5 @@ Version 0.1.2
 Version 0.1.3
 - fixed a bug that series meta data is not loaded completely
 - fixed crash during shutdown of plugin
+
+- fixed escaping when deleting outdated recordings
diff --git a/update.c b/update.c
index fa360fe..09b27b1 100644
--- a/update.c
+++ b/update.c
@@ -1181,8 +1181,10 @@ int cUpdate::CleanupRecordings(void) {
         int recStart = tRecordings->getIntValue(cTableRecordings::fiRecStart);
         string recPath = tRecordings->getStrValue(cTableRecordings::fiRecPath);
         if (!Recordings.GetByName(recPath.c_str())) {
+            char escapedPath[recPath.size()+1];
+            mysql_real_escape_string(connection->getMySql(), escapedPath, recPath.c_str(), recPath.size());            
             stringstream delWhere("");
-            delWhere << "uuid = '" << config.uuid << "' and rec_path = '" << recPath << "' and rec_start = " << recStart;
+            delWhere << "uuid = '" << config.uuid << "' and rec_path = '" << escapedPath << "' and rec_start = " << recStart;
             tRecordings->deleteWhere(delWhere.str().c_str());
             numRecsDeleted++;
         }