Autres/Rivendellaudio
1
0
Fork 0
mirror of https://github.com/ElvishArtisan/rivendell.git synced 2025-09-17 17:00:27 +02:00
Code Issues Projects Releases Wiki Activity

2021-04-20 Fred Gleason <fredg@paravelsystems.com>

Browse Source 
* Escaped all SQL identifiers in 'rdrssd/'.
	* Replaced " with ' delimiters in all SQL literal strings in
	'rdrssd/'.

Signed-off-by: Fred Gleason <fredg@paravelsystems.com>
This commit is contained in:
Fred Gleason 2021-04-20 08:34:16 -04:00
parent 8edaabbcdb
commit 8579b2cf47
2 changed files with 19 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ChangeLog
View File

@ -21527,3 +21527,7 @@
* Escaped all SQL identifiers in 'rdrepld/'. * Escaped all SQL identifiers in 'rdrepld/'.
* Replaced " with ' delimiters in all SQL literal strings in * Replaced " with ' delimiters in all SQL literal strings in
'rdrepld/'. 'rdrepld/'.
2021-04-20 Fred Gleason <fredg@paravelsystems.com>
* Escaped all SQL identifiers in 'rdrssd/'.
* Replaced " with ' delimiters in all SQL literal strings in
'rdrssd/'.

30
rdrssd/rdrssd.cpp
View File

@ -108,9 +108,9 @@ void MainObject::timeoutData()
RDSqlQuery *q=NULL; RDSqlQuery *q=NULL;
sql=QString("select ")+ sql=QString("select ")+
"KEY_NAME "+ // 00 "`KEY_NAME` "+ // 00
"from FEEDS where "+ "from `FEEDS` where "+
"IS_SUPERFEED='N'"; "`IS_SUPERFEED`='N'";
q=new RDSqlQuery(sql); q=new RDSqlQuery(sql);
while(q->next()) { while(q->next()) {
ProcessFeed(q->value(0).toString()); ProcessFeed(q->value(0).toString());
@ -126,7 +126,7 @@ void MainObject::ProcessFeed(const QString &key_name)
QString sql; QString sql;
RDSqlQuery *q=NULL; RDSqlQuery *q=NULL;
QDateTime now=QDateTime::currentDateTime(); QDateTime now=QDateTime::currentDateTime();
QString now_str="\""+now.toString("yyyy-MM-dd hh:mm:ss")+"\""; QString now_str="'"+now.toString("yyyy-MM-dd hh:mm:ss")+"'";
QString err_msg; QString err_msg;
RDFeed *feed=new RDFeed(key_name,rda->config(),this); RDFeed *feed=new RDFeed(key_name,rda->config(),this);
@ -134,15 +134,15 @@ void MainObject::ProcessFeed(const QString &key_name)
// Update Posted XML // Update Posted XML
// //
sql=QString("select ")+ sql=QString("select ")+
"PODCASTS.ID,"+ // 00 "`PODCASTS`.`ID`,"+ // 00
"PODCASTS.EXPIRATION_DATETIME "+ // 01 "`PODCASTS`.`EXPIRATION_DATETIME` "+ // 01
"from PODCASTS left join FEEDS "+ "from `PODCASTS` left join `FEEDS` "+
"on PODCASTS.FEED_ID=FEEDS.ID where "+ "on `PODCASTS`.`FEED_ID`=`FEEDS`.`ID` where "+
"(FEEDS.KEY_NAME=\""+RDEscapeString(key_name)+"\") && "+ "(`FEEDS`.`KEY_NAME`='"+RDEscapeString(key_name)+"') && "+
"((FEEDS.LAST_BUILD_DATETIME<PODCASTS.EFFECTIVE_DATETIME) && "+ "((`FEEDS`.`LAST_BUILD_DATETIME`<`PODCASTS`.`EFFECTIVE_DATETIME`) && "+
"(PODCASTS.EFFECTIVE_DATETIME<"+now_str+") || "+ "(`PODCASTS`.`EFFECTIVE_DATETIME`<"+now_str+") || "+
"(FEEDS.LAST_BUILD_DATETIME<PODCASTS.EXPIRATION_DATETIME) && "+ "(`FEEDS`.`LAST_BUILD_DATETIME`<`PODCASTS`.`EXPIRATION_DATETIME`) && "+
"(PODCASTS.EXPIRATION_DATETIME<"+now_str+"))"; "(`PODCASTS`.`EXPIRATION_DATETIME`<"+now_str+"))";
q=new RDSqlQuery(sql); q=new RDSqlQuery(sql);
while(q->next()) { while(q->next()) {
bool deleted=false; bool deleted=false;
@ -156,8 +156,8 @@ void MainObject::ProcessFeed(const QString &key_name)
feed->keyName().toUtf8().constData(), feed->keyName().toUtf8().constData(),
err_msg.toUtf8().constData()); err_msg.toUtf8().constData());
} }
sql=QString("delete from PODCASTS where ")+ sql=QString("delete from `PODCASTS` where ")+
QString().sprintf("ID=%u",q->value(0).toUInt()); QString().sprintf("`ID`=%u",q->value(0).toUInt());
RDSqlQuery::apply(sql); RDSqlQuery::apply(sql);
rda->syslog(LOG_INFO,"purged cast %u [%s] from feed \"%s\"", rda->syslog(LOG_INFO,"purged cast %u [%s] from feed \"%s\"",
q->value(0).toUInt(),cast->itemTitle().toUtf8().constData(), q->value(0).toUInt(),cast->itemTitle().toUtf8().constData(),