Autres/Rivendellaudio
1
0
Fork 0
mirror of https://github.com/ElvishArtisan/rivendell.git synced 2025-10-18 16:41:18 +02:00
Code Issues Projects Releases Wiki Activity

2021-04-23 Fred Gleason <fredg@paravelsystems.com>

Browse Source 
* Escaped all SQL identifiers in 'web/rdxport/'.
	* Replaced " with ' delimiters in all SQL literal strings in
	'web/rdxport/'.

Signed-off-by: Fred Gleason <fredg@paravelsystems.com>
This commit is contained in:
Fred Gleason
2021-04-23 13:55:42 -04:00
parent ac82d7356a
commit 703299899c
8 changed files with 54 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
web/rdxport/groups.cpp
View File

@@ -44,9 +44,9 @@ void Xport::ListGroups()
// Generate Group List
//
sql=QString("select ")+
"GROUP_NAME from USER_PERMS where "+
"USER_NAME=\""+RDEscapeString(rda->user()->name())+"\" "+
"order by GROUP_NAME";
"`GROUP_NAME` from `USER_PERMS` where "+
"`USER_NAME`='"+RDEscapeString(rda->user()->name())+"' "+
"order by `GROUP_NAME`";
q=new RDSqlQuery(sql);
//
@@ -86,9 +86,9 @@ void Xport::ListGroup()
// Check Group Accessibility
//
sql=QString("select ")+
"GROUP_NAME from USER_PERMS where "+
"(USER_NAME=\""+RDEscapeString(rda->user()->name())+"\")&&"+
"(GROUP_NAME=\""+RDEscapeString(group_name)+"\")";
"`GROUP_NAME` from `USER_PERMS` where "+
"(`USER_NAME`='"+RDEscapeString(rda->user()->name())+"')&&"+
"(`GROUP_NAME`='"+RDEscapeString(group_name)+"')";
q=new RDSqlQuery(sql);
if(!q->first()) {
delete q;