2021-04-17 Fred Gleason <fredg@paravelsystems.com>

* Escaped all SQL identifiers in 'lib/'. * Replaced " with ' delimiters in all SQL literal strings in 'lib/'. Signed-off-by: Fred Gleason <fredg@paravelsystems.com>
2025-12-05 08:10:21 +01:00 · 2021-04-17 19:47:05 -04:00
parent 1b7dd5cd7d
commit 0fd02861f9
104 changed files with 4807 additions and 5120 deletions
--- a/lib/rdcoreapplication.cpp
+++ b/lib/rdcoreapplication.cpp
@@ -21,15 +21,13 @@
 #include <stdlib.h>
 #include <syslog.h>

-#include <qapplication.h>
-#include <qobject.h>
-#include <qprocess.h>
-
-#include "rdescape_string.h"
+#include <QApplication>
+#include <QProcess>

 #include "dbversion.h"
 #include "rdapplication.h"
 #include "rdcmd_switch.h"
+#include "rdescape_string.h"

 RDCoreApplication *rdc=NULL;
 QStringList __rdapplication_temp_files;
@@ -470,11 +468,11 @@ void RDCoreApplication::userChangedData()
  QStringList f0=app_ticket.split(":");
  if(f0.size()==2) {
    sql=QString("select ")+
-      "LOGIN_NAME "+  // 00
-      "from WEBAPI_AUTHS where "+
-      "TICKET=\""+RDEscapeString(f0.at(0))+"\" && "+
-      "IPV4_ADDRESS=\""+RDEscapeString(f0.at(1))+"\" && "+
-      "EXPIRATION_DATETIME>now()";
+      "`LOGIN_NAME` "+  // 00
+      "from `WEBAPI_AUTHS` where "+
+      "`TICKET`='"+RDEscapeString(f0.at(0))+"' && "+
+      "`IPV4_ADDRESS`='"+RDEscapeString(f0.at(1))+"' && "+
+      "`EXPIRATION_DATETIME`>now()";
    q=new RDSqlQuery(sql);
    if(q->first()) {
      app_user->setName(q->value(0).toString());