2021-04-18 Fred Gleason <fredg@paravelsystems.com>

* Escaped all SQL identifiers in 'rdadmin/'. * Replaced " with ' delimiters in all SQL literal strings in 'rdadmin/'. Signed-off-by: Fred Gleason <fredg@paravelsystems.com>
2025-12-01 06:10:10 +01:00 · 2021-04-18 21:23:19 -04:00
parent 0fd02861f9
commit 6264ec3235
67 changed files with 841 additions and 939 deletions
--- a/rdadmin/list_feeds.cpp
+++ b/rdadmin/list_feeds.cpp
@@ -147,16 +147,16 @@ void ListFeeds::addData()
      }
    }
    else {
-      sql=QString("delete from FEED_PERMS where ")+
-	"KEY_NAME=\""+RDEscapeString(feed)+"\"";
+      sql=QString("delete from `FEED_PERMS` where ")+
+	"`KEY_NAME`='"+RDEscapeString(feed)+"'";
      RDSqlQuery::apply(sql);

-      sql=QString("delete from FEED_IMAGES where ")+
-	"FEED_KEY_NAME=\""+RDEscapeString(feed)+"\"";
+      sql=QString("delete from `FEED_IMAGES` where ")+
+	"`FEED_KEY_NAME`='"+RDEscapeString(feed)+"'";
      RDSqlQuery::apply(sql);

-      sql=QString("delete from FEEDS where ")+
-	"KEY_NAME=\""+RDEscapeString(feed)+"\"";
+      sql=QString("delete from `FEEDS` where ")+
+	"`KEY_NAME`='"+RDEscapeString(feed)+"'";
      RDSqlQuery::apply(sql);

      return;
@@ -211,9 +211,9 @@ void ListFeeds::deleteData()
  //
  RDPodcast *cast;
  sql=QString("select ")+
-    "ID "+  // 00
-    "from PODCASTS where "+
-    QString().sprintf("FEED_ID=%u",list_feeds_model->feedId(rows.first()));
+    "`ID` "+  // 00
+    "from `PODCASTS` where "+
+    QString().sprintf("`FEED_ID`=%u",list_feeds_model->feedId(rows.first()));
  q=new RDSqlQuery(sql);
  QProgressDialog *pd=
    new QProgressDialog(tr("Deleting remote audio..."),"",0,q->size()+1,this);
@@ -241,30 +241,30 @@ void ListFeeds::deleteData()
  //
  // Delete Cast Entries
  //
-  sql=QString("delete from PODCASTS where ")+
-    QString().sprintf("FEED_ID=%u",list_feeds_model->feedId(rows.first()));
+  sql=QString("delete from `PODCASTS` where ")+
+    QString().sprintf("`FEED_ID`=%u",list_feeds_model->feedId(rows.first()));
  RDSqlQuery::apply(sql);

  //
  // Delete Images
  //
  feed->removeAllImages();
-  sql=QString("delete from FEED_IMAGES where ")+
-    QString().sprintf("FEED_ID=%d",feed->id());
+  sql=QString("delete from `FEED_IMAGES` where ")+
+    QString().sprintf("`FEED_ID`=%d",feed->id());
  RDSqlQuery::apply(sql);

  //
  // Delete Feed
  //
-  sql=QString("delete from FEED_PERMS where ")+
-    "KEY_NAME=\""+RDEscapeString(feedname)+"\"";
+  sql=QString("delete from `FEED_PERMS` where ")+
+    "`KEY_NAME`='"+RDEscapeString(feedname)+"'";
  RDSqlQuery::apply(sql);
-  sql=QString("delete from SUPERFEED_MAPS where ")+
-    "KEY_NAME=\""+RDEscapeString(feedname)+"\" || "+
-    "MEMBER_KEY_NAME=\""+RDEscapeString(feedname)+"\"";
+  sql=QString("delete from `SUPERFEED_MAPS` where ")+
+    "`KEY_NAME`='"+RDEscapeString(feedname)+"' || "+
+    "`MEMBER_KEY_NAME`='"+RDEscapeString(feedname)+"'";
  RDSqlQuery::apply(sql);
-  sql=QString("delete from FEEDS where ")+
-    "KEY_NAME=\""+RDEscapeString(feedname)+"\"";
+  sql=QString("delete from `FEEDS` where ")+
+    "`KEY_NAME`='"+RDEscapeString(feedname)+"'";
  RDSqlQuery::apply(sql);
  list_feeds_model->removeFeed(feedname);

@@ -312,9 +312,9 @@ void ListFeeds::repostData()
  // Post Images
  //
  sql=QString("select ")+
-    "ID "+              // 00
-    "from FEED_IMAGES where "+
-    QString().sprintf("FEED_ID=%u",feed->id());
+    "`ID` "+              // 00
+    "from `FEED_IMAGES` where "+
+    QString().sprintf("`FEED_ID`=%u",feed->id());
  q=new RDSqlQuery(sql);
  pd->setLabelText(tr("Posting images..."));
  pd->setRange(0,q->size());
@@ -330,9 +330,9 @@ void ListFeeds::repostData()
  // Post Item Data
  //
  sql=QString("select ")+
-    "ID "+              // 00
-    "from PODCASTS where "+
-    QString().sprintf("FEED_ID=%u",feed->id());
+    "`ID` "+              // 00
+    "from `PODCASTS` where "+
+    QString().sprintf("`FEED_ID`=%u",feed->id());
  q=new RDSqlQuery(sql);
  pd->setLabelText(tr("Posting item data..."));
  pd->setRange(0,q->size());
@@ -397,9 +397,9 @@ void ListFeeds::unpostData()
  // Remove Item Data
  //
  sql=QString("select ")+
-    "ID "+              // 00
-    "from PODCASTS where "+
-    QString().sprintf("FEED_ID=%u",feed->id());
+    "`ID` "+              // 00
+    "from `PODCASTS` where "+
+    QString().sprintf("`FEED_ID`=%u",feed->id());
  q=new RDSqlQuery(sql);
  pd->setLabelText(tr("Unposting item data..."));
  pd->setRange(0,q->size());
@@ -418,9 +418,9 @@ void ListFeeds::unpostData()
  // Remove Images
  //
  sql=QString("select ")+
-    "ID "+              // 00
-    "from FEED_IMAGES where "+
-    QString().sprintf("FEED_ID=%u",feed->id());
+    "`ID` "+              // 00
+    "from `FEED_IMAGES` where "+
+    QString().sprintf("`FEED_ID`=%u",feed->id());
  q=new RDSqlQuery(sql);
  pd->setLabelText(tr("Unposting images..."));
  pd->setRange(0,q->size());