From ac118cebd8e795e936187a024a6d16910f20c3a9 Mon Sep 17 00:00:00 2001
From: Neil Williams <neil@reddit.com>
Date: Sat, 22 Dec 2012 03:24:03 -0800
Subject: [PATCH] Be more thorough in sanitizing for add_request_info.

---
 r2/r2/lib/db/tdb_sql.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/r2/r2/lib/db/tdb_sql.py b/r2/r2/lib/db/tdb_sql.py
index 15136dd12..09661212f 100644
--- a/r2/r2/lib/db/tdb_sql.py
+++ b/r2/r2/lib/db/tdb_sql.py
@@ -364,10 +364,10 @@ def get_write_table(tables):
     else:
         return tables[0]
 
-_spaces = re.compile('[\s]+')
 def add_request_info(select):
     def sanitize(txt):
-        return _spaces.sub(' ', txt).replace("/", "|").replace("-", "_").replace(';', "").replace("*", "").replace(r"/", "")
+        return "".join(x if x.isalnum() else "."
+                       for x in filters._force_utf8(txt))
 
     tb = simple_traceback(limit=12)
     try:
@@ -376,7 +376,7 @@ def add_request_info(select):
             hasattr(request, 'user_agent')):
             comment = '/*\n%s\n%s\n%s\n*/' % (
                 tb or "", 
-                filters._force_utf8(sanitize(request.fullpath)),
+                sanitize(request.fullpath),
                 sanitize(request.ip))
             return select.prefix_with(comment)
     except UnicodeDecodeError: