Autres/Rivendellaudio
1
0
Fork 0
mirror of https://github.com/ElvishArtisan/rivendell.git synced 2025-10-11 17:13:47 +02:00
Code Issues Projects Releases Wiki Activity

2021-04-17 Fred Gleason <fredg@paravelsystems.com>

Browse Source 
* Escaped all SQL identifiers in 'lib/'.
	* Replaced " with ' delimiters in all SQL literal strings in 'lib/'.

Signed-off-by: Fred Gleason <fredg@paravelsystems.com>
This commit is contained in:
Fred Gleason
2021-04-17 19:47:05 -04:00
parent 1b7dd5cd7d
commit 0fd02861f9
104 changed files with 4807 additions and 5120 deletions
Download Patch File Download Diff File Expand all files Collapse all files

69
lib/rdloglock.cpp
View File

@@ -2,7 +2,7 @@
//
// Log locking routines for Rivendell
//
// (C) Copyright 2017-2019 Fred Gleason <fredg@paravelsystems.com>
// (C) Copyright 2017-2021 Fred Gleason <fredg@paravelsystems.com>
//
// This program is free software; you can redistribute it and/or modify
// it under the terms of the GNU General Public License version 2 as
@@ -18,10 +18,6 @@
// Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
//
#include <syslog.h>
#include <qdatetime.h>
#include "rdapplication.h"
#include "rddb.h"
#include "rdescape_string.h"
@@ -101,27 +97,26 @@ bool RDLogLock::tryLock(QString *username,QString *stationname,
bool ret=false;
QDateTime now=QDateTime::currentDateTime();
sql=QString("update LOGS set ")+
"LOCK_USER_NAME=\""+RDEscapeString(*username)+"\","+
"LOCK_STATION_NAME=\""+RDEscapeString(*stationname)+"\","+
"LOCK_IPV4_ADDRESS=\""+RDEscapeString(addr->toString())+
"\","+
"LOCK_GUID=\""+RDEscapeString(guid)+"\","+
"LOCK_DATETIME=now() where "+
"(NAME=\""+RDEscapeString(log_name)+"\")&&"+
"((LOCK_DATETIME is null)||"+
"(LOCK_DATETIME<\""+RDEscapeString(now.addSecs(-RD_LOG_LOCK_TIMEOUT/1000).toString("yyyy-MM-dd hh:mm:ss"))+"\"))";
sql=QString("update `LOGS` set ")+
"`LOCK_USER_NAME`='"+RDEscapeString(*username)+"',"+
"`LOCK_STATION_NAME`='"+RDEscapeString(*stationname)+"',"+
"`LOCK_IPV4_ADDRESS`='"+RDEscapeString(addr->toString())+"',"+
"`LOCK_GUID`='"+RDEscapeString(guid)+"',"+
"`LOCK_DATETIME`=now() where "+
"(`NAME`='"+RDEscapeString(log_name)+"')&&"+
"((`LOCK_DATETIME` is null)||"+
"(`LOCK_DATETIME`<'"+RDEscapeString(now.addSecs(-RD_LOG_LOCK_TIMEOUT/1000).toString("yyyy-MM-dd hh:mm:ss"))+"'))";
q=new RDSqlQuery(sql);
if(q->numRowsAffected()>0) {
ret=true;
}
else {
sql=QString("select ")+
"LOCK_USER_NAME,"+
"LOCK_STATION_NAME,"+
"LOCK_IPV4_ADDRESS "+
"from LOGS where "+
"NAME=\""+RDEscapeString(log_name)+"\"";
"`LOCK_USER_NAME`,"+
"`LOCK_STATION_NAME`,"+
"`LOCK_IPV4_ADDRESS` "+
"from `LOGS` where "+
"`NAME`='"+RDEscapeString(log_name)+"'";
q1=new RDSqlQuery(sql);
if(q1->first()) {
*username=q1->value(0).toString();
@@ -141,9 +136,9 @@ void RDLogLock::updateLock(const QString &log_name,const QString &guid)
QString sql;
RDSqlQuery *q;
sql=QString("update LOGS set ")+
"LOCK_DATETIME=now() where "+
"LOCK_GUID=\""+RDEscapeString(guid)+"\"";
sql=QString("update `LOGS` set ")+
"`LOCK_DATETIME`=now() where "+
"`LOCK_GUID`='"+RDEscapeString(guid)+"'";
q=new RDSqlQuery(sql);
if(q->numRowsAffected()==0) {
rda->syslog(LOG_WARNING,"lock on log \"%s\" has evaporated!",
@@ -156,17 +151,15 @@ void RDLogLock::updateLock(const QString &log_name,const QString &guid)
void RDLogLock::clearLock(const QString &guid)
{
QString sql;
RDSqlQuery *q;
sql=QString("update LOGS set ")+
"LOCK_USER_NAME=null,"+
"LOCK_STATION_NAME=null,"+
"LOCK_IPV4_ADDRESS=null,"+
"LOCK_GUID=null,"+
"LOCK_DATETIME=null where "+
"LOCK_GUID=\""+RDEscapeString(guid)+"\"";
q=new RDSqlQuery(sql);
delete q;
sql=QString("update `LOGS` set ")+
"`LOCK_USER_NAME`=null,"+
"`LOCK_STATION_NAME`=null,"+
"`LOCK_IPV4_ADDRESS`=null,"+
"`LOCK_GUID`=null,"+
"`LOCK_DATETIME`=null where "+
"`LOCK_GUID`='"+RDEscapeString(guid)+"'";
RDSqlQuery::apply(sql);
}
@@ -177,11 +170,11 @@ bool RDLogLock::validateLock(const QString &log_name,const QString &guid)
bool ret=false;
QDateTime now=QDateTime::currentDateTime();
sql=QString("select NAME from LOGS where ")+
"(NAME=\""+RDEscapeString(log_name)+"\")&&"+
"(LOCK_GUID=\""+RDEscapeString(guid)+"\")&&"+
"(LOCK_DATETIME>\""+RDEscapeString(now.addSecs(-RD_LOG_LOCK_TIMEOUT/1000).
toString("yyyy-MM-dd hh:mm:ss"))+"\")";
sql=QString("select `NAME` from `LOGS` where ")+
"(`NAME`='"+RDEscapeString(log_name)+"')&&"+
"(`LOCK_GUID`='"+RDEscapeString(guid)+"')&&"+
"(`LOCK_DATETIME`>'"+RDEscapeString(now.addSecs(-RD_LOG_LOCK_TIMEOUT/1000).
toString("yyyy-MM-dd hh:mm:ss"))+"')";
q=new RDSqlQuery(sql);
ret=q->first();
delete q;