Google Git
Sign in
android / platform / packages / providers / TelephonyProvider / 6d3d099d902a3c258972e46e4bc033f46b73109f^! / .
commit6d3d099d902a3c258972e46e4bc033f46b73109f[log] [tgz]
authorTom Taylor <tomtaylor@google.com>Wed May 25 16:18:39 2022 -0700
committerTom Taylor <tomtaylor@google.com>Tue May 31 17:27:15 2022 +0000
treea871bf6794bad09fdce629e70187c3fa69d5162d
parent0003b99289b907ecf0ee17c5c9ef556b255e1182 [diff]
Use selectionArgs to build query

Bug: 224769956
Test: manually tested app in bug. Manually tested Messages

Change-Id: I3768fc397bba30a7fc4e205b84e9cabc29fde422
(cherry picked from commit b78d34e83c2d02f0a8cff1f58fef6b6e85596771)

diff --git a/src/com/android/providers/telephony/MmsSmsProvider.java b/src/com/android/providers/telephony/MmsSmsProvider.java
index 7c7003e..76d3b8a 100644
--- a/src/com/android/providers/telephony/MmsSmsProvider.java
+++ b/src/com/android/providers/telephony/MmsSmsProvider.java

@@ -1038,7 +1038,6 @@
     private Cursor getMessagesByPhoneNumber(
             String phoneNumber, String[] projection, String selection,
             String sortOrder, String smsTable, String pduTable) {
-        String escapedPhoneNumber = DatabaseUtils.sqlEscapeString(phoneNumber);
         int minMatch =
             getContext().getResources().getInteger(
                     com.android.internal.R.integer.config_phonenumber_compare_min_match);
@@ -1049,8 +1048,7 @@
         String finalSmsSelection =
                 concatSelections(
                         selection,
-                        "(address=" + escapedPhoneNumber + " OR PHONE_NUMBERS_EQUAL(address, " +
-                        escapedPhoneNumber +
+                        "(address=? OR PHONE_NUMBERS_EQUAL(address, ?" +
                         (mUseStrictPhoneNumberComparation ? ", 1))" : ", 0, " + minMatch + "))"));
         SQLiteQueryBuilder mmsQueryBuilder = new SQLiteQueryBuilder();
         SQLiteQueryBuilder smsQueryBuilder = new SQLiteQueryBuilder();
@@ -1060,9 +1058,8 @@
         mmsQueryBuilder.setTables(
                 pduTable +
                 ", (SELECT msg_id AS address_msg_id " +
-                "FROM addr WHERE (address=" + escapedPhoneNumber +
-                " OR PHONE_NUMBERS_EQUAL(addr.address, " +
-                escapedPhoneNumber +
+                "FROM addr WHERE (address=?" +
+                " OR PHONE_NUMBERS_EQUAL(addr.address, ?" +
                 (mUseStrictPhoneNumberComparation ? ", 1))) " : ", 0, " + minMatch + "))) ") +
                 "AS matching_addresses");
         smsQueryBuilder.setTables(smsTable);
@@ -1081,7 +1078,8 @@
         String unionQuery = unionQueryBuilder.buildUnionQuery(
                 new String[] { mmsSubQuery, smsSubQuery }, sortOrder, null);
 
-        return mOpenHelper.getReadableDatabase().rawQuery(unionQuery, EMPTY_STRING_ARRAY);
+        return mOpenHelper.getReadableDatabase().rawQuery(unionQuery,
+                new String[] { phoneNumber, phoneNumber, phoneNumber, phoneNumber });
     }
 
     /**