Autres/Rivendellaudio
1
0
Fork 0
mirror of https://github.com/ElvishArtisan/rivendell.git synced 2026-01-16 17:41:20 +01:00
Code Issues Projects Releases Wiki Activity

2021-04-18 Fred Gleason <fredg@paravelsystems.com>

Browse Source 
* Escaped all SQL identifiers in 'rdadmin/'.
	* Replaced " with ' delimiters in all SQL literal strings in
	'rdadmin/'.

Signed-off-by: Fred Gleason <fredg@paravelsystems.com>
This commit is contained in:
Fred Gleason
2021-04-18 21:23:19 -04:00
parent 0fd02861f9
commit 6264ec3235
67 changed files with 841 additions and 939 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
rdadmin/edit_user_service_perms.cpp
View File

@@ -2,7 +2,7 @@
//
// Edit Rivendell User/Group Permissions
//
// (C) Copyright 2002-2019 Fred Gleason <fredg@paravelsystems.com>
// (C) Copyright 2002-2021 Fred Gleason <fredg@paravelsystems.com>
//
// This program is free software; you can redistribute it and/or modify
// it under the terms of the GNU General Public License version 2 as
@@ -18,8 +18,6 @@
// Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
//
#include <qpushbutton.h>
#include <rddb.h>
#include <rdescape_string.h>
@@ -28,8 +26,6 @@
EditUserServicePerms::EditUserServicePerms(RDUser *user,QWidget *parent)
: RDDialog(parent)
{
setModal(true);
QString sql;
RDSqlQuery *q;
@@ -74,15 +70,15 @@ EditUserServicePerms::EditUserServicePerms(RDUser *user,QWidget *parent)
//
// Populate Fields
//
sql=QString("select SERVICE_NAME from USER_SERVICE_PERMS where ")+
"USER_NAME=\""+RDEscapeString(user_user->name())+"\"";
sql=QString("select `SERVICE_NAME` from `USER_SERVICE_PERMS` where ")+
"`USER_NAME`='"+RDEscapeString(user_user->name())+"'";
q=new RDSqlQuery(sql);
while(q->next()) {
user_host_sel->destInsertItem(q->value(0).toString());
}
delete q;
sql=QString().sprintf("select NAME from SERVICES");
sql=QString().sprintf("select `NAME` from `SERVICES`");
q=new RDSqlQuery(sql);
while(q->next()) {
if(user_host_sel->destFindItem(q->value(0).toString())==0) {
@@ -119,15 +115,15 @@ void EditUserServicePerms::okData()
// Add New Groups
//
for(unsigned i=0;i<user_host_sel->destCount();i++) {
sql=QString("select SERVICE_NAME from USER_SERVICE_PERMS where ")+
"USER_NAME=\""+RDEscapeString(user_user->name())+"\" && "+
"SERVICE_NAME=\""+RDEscapeString(user_host_sel->destText(i))+"\"";
sql=QString("select `SERVICE_NAME` from `USER_SERVICE_PERMS` where ")+
"`USER_NAME`='"+RDEscapeString(user_user->name())+"' && "+
"`SERVICE_NAME`='"+RDEscapeString(user_host_sel->destText(i))+"'";
q=new RDSqlQuery(sql);
if(q->size()==0) {
delete q;
sql=QString("insert into USER_SERVICE_PERMS (USER_NAME,SERVICE_NAME) ")+
"values (\""+RDEscapeString(user_user->name())+"\","+
"\""+RDEscapeString(user_host_sel->destText(i))+"\")";
sql=QString("insert into `USER_SERVICE_PERMS` (`USER_NAME`,`SERVICE_NAME`) ")+
"values ('"+RDEscapeString(user_user->name())+"',"+
"'"+RDEscapeString(user_host_sel->destText(i))+"')";
q=new RDSqlQuery(sql);
}
delete q;
@@ -136,14 +132,14 @@ void EditUserServicePerms::okData()
//
// Delete Old Groups
//
sql=QString("delete from USER_SERVICE_PERMS where ")+
"USER_NAME=\""+RDEscapeString(user_user->name())+"\"";
sql=QString("delete from `USER_SERVICE_PERMS` where ")+
"`USER_NAME`='"+RDEscapeString(user_user->name())+"'";
for(unsigned i=0;i<user_host_sel->destCount();i++) {
sql+=QString(" && SERVICE_NAME<>\"")+
RDEscapeString(user_host_sel->destText(i))+"\"";
sql+=QString(" && `SERVICE_NAME`<>'")+
RDEscapeString(user_host_sel->destText(i))+"'";
}
q=new RDSqlQuery(sql);
delete q;
RDSqlQuery::apply(sql);
done(0);
}