Autres/Rivendellaudio
1
0
Fork 0
mirror of https://github.com/ElvishArtisan/rivendell.git synced 2025-08-16 08:34:12 +02:00
Code Issues Projects Releases Wiki Activity

2021-04-20 Fred Gleason <fredg@paravelsystems.com>

Browse Source 
* Escaped all SQL identifiers in 'rdrepld/'.
	* Replaced " with ' delimiters in all SQL literal strings in
	'rdrepld/'.

Signed-off-by: Fred Gleason <fredg@paravelsystems.com>
This commit is contained in:
Fred Gleason 2021-04-20 08:29:38 -04:00
parent 1fffb2ef9e
commit 8edaabbcdb
3 changed files with 98 additions and 100 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ChangeLog
View File

@ -21523,3 +21523,7 @@
* Escaped all SQL identifiers in 'rdpadengined/'. * Escaped all SQL identifiers in 'rdpadengined/'.
* Replaced " with ' delimiters in all SQL literal strings in * Replaced " with ' delimiters in all SQL literal strings in
'rdpadengined/'. 'rdpadengined/'.
2021-04-20 Fred Gleason <fredg@paravelsystems.com>
* Escaped all SQL identifiers in 'rdrepld/'.
* Replaced " with ' delimiters in all SQL literal strings in
'rdrepld/'.

118
rdrepld/citadelxds.cpp
View File

@ -46,7 +46,7 @@ CitadelXds::CitadelXds(ReplConfig *repl_config)
QString sql; QString sql;
RDSqlQuery *q; RDSqlQuery *q;
sql="select LAST_ISCI_XREFERENCE from VERSION"; sql="select `LAST_ISCI_XREFERENCE` from `VERSION`";
q=new RDSqlQuery(sql); q=new RDSqlQuery(sql);
if(q->first()) { if(q->first()) {
xds_isci_datetime=q->value(0).toDateTime(); xds_isci_datetime=q->value(0).toDateTime();
@ -68,9 +68,9 @@ bool CitadelXds::processCart(const unsigned cartnum)
RDSqlQuery *q; RDSqlQuery *q;
bool ret=false; bool ret=false;
sql=QString().sprintf("select FILENAME from ISCI_XREFERENCE \ sql=QString().sprintf("select `FILENAME` from `ISCI_XREFERENCE` \
where (CART_NUMBER=%u)&&(LATEST_DATE>=now())&&\ where (`CART_NUMBER`=%u)&&(`LATEST_DATE`>=now())&&\
((TYPE=\"R\")||(TYPE=\"B\"))",cartnum); ((`TYPE`='R')||(`TYPE`='B'))",cartnum);
q=new RDSqlQuery(sql); q=new RDSqlQuery(sql);
if(q->first()) { if(q->first()) {
ret=PostCut(RDCut::cutName(cartnum,1),q->value(0).toString()); ret=PostCut(RDCut::cutName(cartnum,1),q->value(0).toString());
@ -83,15 +83,13 @@ bool CitadelXds::processCart(const unsigned cartnum)
void CitadelXds::CheckIsciXreference() void CitadelXds::CheckIsciXreference()
{ {
QString sql; QString sql;
RDSqlQuery *q;
QFileInfo *fi=new QFileInfo(rda->system()->isciXreferencePath()); QFileInfo *fi=new QFileInfo(rda->system()->isciXreferencePath());
if(fi->exists()) { if(fi->exists()) {
if(fi->lastModified()>xds_isci_datetime) { if(fi->lastModified()>xds_isci_datetime) {
if(LoadIsciXreference(rda->system()->isciXreferencePath())) { if(LoadIsciXreference(rda->system()->isciXreferencePath())) {
sql="update VERSION set LAST_ISCI_XREFERENCE=now()"; sql="update `VERSION` set `LAST_ISCI_XREFERENCE`=now()";
q=new RDSqlQuery(sql); RDSqlQuery::apply(sql);
delete q;
xds_isci_datetime=QDateTime(QDate::currentDate(),QTime::currentTime()); xds_isci_datetime=QDateTime(QDate::currentDate(),QTime::currentTime());
PurgeCuts(); PurgeCuts();
} }
@ -129,7 +127,7 @@ bool CitadelXds::LoadIsciXreference(const QString &filename)
// //
// Purge Old Data // Purge Old Data
// //
sql="delete from ISCI_XREFERENCE"; sql="delete from `ISCI_XREFERENCE`";
q=new RDSqlQuery(sql); q=new RDSqlQuery(sql);
delete q; delete q;
@ -156,18 +154,17 @@ bool CitadelXds::LoadIsciXreference(const QString &filename)
datelist[1].toInt()); datelist[1].toInt());
if(ValidateFilename(fields[8])) { if(ValidateFilename(fields[8])) {
if(date.isValid()) { if(date.isValid()) {
sql=QString("insert into ISCI_XREFERENCE set ")+ sql=QString("insert into `ISCI_XREFERENCE` set ")+
"CART_NUMBER="+QString().sprintf("%u",cartnum)+","+ "`CART_NUMBER`="+QString().sprintf("%u",cartnum)+","+
"ISCI=\""+RDEscapeString(fields[4])+"\","+ "`ISCI`='"+RDEscapeString(fields[4])+"',"+
"FILENAME=\""+RDEscapeString(fields[8])+"\","+ "`FILENAME`='"+RDEscapeString(fields[8])+"',"+
"LATEST_DATE=\""+date.toString("yyyy/MM/dd")+"\","+ "`LATEST_DATE`='"+date.toString("yyyy/MM/dd")+"',"+
"TYPE=\""+RDEscapeString(fields[0])+"\","+ "`TYPE`='"+RDEscapeString(fields[0])+"',"+
"ADVERTISER_NAME=\""+RDEscapeString(fields[1])+"\","+ "`ADVERTISER_NAME`='"+RDEscapeString(fields[1])+"',"+
"PRODUCT_NAME=\""+RDEscapeString(fields[2])+"\","+ "`PRODUCT_NAME`='"+RDEscapeString(fields[2])+"',"+
"CREATIVE_TITLE=\""+RDEscapeString(fields[5])+"\","+ "`CREATIVE_TITLE`='"+RDEscapeString(fields[5])+"',"+
"REGION_NAME=\""+RDEscapeString(fields[7])+"\""; "`REGION_NAME`='"+RDEscapeString(fields[7])+"'";
q=new RDSqlQuery(sql); RDSqlQuery::apply(sql);
delete q;
} }
else { else {
rda->syslog(LOG_WARNING,"invalid date in line %d of \"%s\"", rda->syslog(LOG_WARNING,"invalid date in line %d of \"%s\"",
@ -254,49 +251,52 @@ void CitadelXds::CheckCarts()
// //
// Generate Update List // Generate Update List
// //
sql="select CART_NUMBER,FILENAME from ISCI_XREFERENCE \ sql=QString("select ")+
where (LATEST_DATE>=now())&&((TYPE=\"R\")||(TYPE=\"B\"))"; "`CART_NUMBER`,"+ // 00
"`FILENAME` "+ // 01
"from `ISCI_XREFERENCE` where "+
"(`LATEST_DATE`>=now())&&((`TYPE`='R')||(`TYPE`='B'))";
q=new RDSqlQuery(sql); q=new RDSqlQuery(sql);
while(q->next()) { while(q->next()) {
sql=QString("select REPL_CART_STATE.ID from ")+ sql=QString("select `REPL_CART_STATE`.`ID` from ")+
"REPL_CART_STATE left join CUTS "+ "`REPL_CART_STATE` left join `CUTS` "+
"on REPL_CART_STATE.CART_NUMBER=CUTS.CART_NUMBER where "+ "on `REPL_CART_STATE`.`CART_NUMBER`=`CUTS`.`CART_NUMBER` where "+
"(CUTS.ORIGIN_DATETIME<REPL_CART_STATE.ITEM_DATETIME)&&"+ "(`CUTS`.`ORIGIN_DATETIME`<`REPL_CART_STATE`.`ITEM_DATETIME`)&&"+
"(REPL_CART_STATE.REPLICATOR_NAME=\""+ "(`REPL_CART_STATE`.`REPLICATOR_NAME`='"+
RDEscapeString(config()->name())+"\")&&"+ RDEscapeString(config()->name())+"')&&"+
QString().sprintf("(REPL_CART_STATE.CART_NUMBER=%u)&&",q->value(0).toUInt())+ QString().sprintf("(`REPL_CART_STATE`.`CART_NUMBER`=%u)&&",
"(REPL_CART_STATE.POSTED_FILENAME=\""+ q->value(0).toUInt())+
RDEscapeString(q->value(1).toString())+"\")&&"+ "(`REPL_CART_STATE`.`POSTED_FILENAME`='"+
"(REPL_CART_STATE.ITEM_DATETIME>\""+RDEscapeString(now)+"\")&&"+ RDEscapeString(q->value(1).toString())+"')&&"+
"(REPL_CART_STATE.REPOST=\"N\")"; "(`REPL_CART_STATE`.`ITEM_DATETIME`>'"+RDEscapeString(now)+"')&&"+
"(`REPL_CART_STATE`.`REPOST`='N')";
q1=new RDSqlQuery(sql); q1=new RDSqlQuery(sql);
if(!q1->first()) { if(!q1->first()) {
if(PostCut(RDCut::cutName(q->value(0).toUInt(),1), if(PostCut(RDCut::cutName(q->value(0).toUInt(),1),
q->value(1).toString())) { q->value(1).toString())) {
sql=QString("select ID from REPL_CART_STATE where ")+ sql=QString("select `ID` from `REPL_CART_STATE` where ")+
"(REPLICATOR_NAME=\""+RDEscapeString(config()->name())+"\")&&"+ "(`REPLICATOR_NAME`='"+RDEscapeString(config()->name())+"')&&"+
QString().sprintf("(CART_NUMBER=%u)&&",q->value(0).toUInt())+ QString().sprintf("(`CART_NUMBER`=%u)&&",q->value(0).toUInt())+
"(POSTED_FILENAME=\""+RDEscapeString(q->value(1).toString())+"\")"; "(`POSTED_FILENAME`='"+RDEscapeString(q->value(1).toString())+"')";
q2=new RDSqlQuery(sql); q2=new RDSqlQuery(sql);
if(q2->first()) { if(q2->first()) {
sql=QString("update REPL_CART_STATE set ")+ sql=QString("update `REPL_CART_STATE` set ")+
"ITEM_DATETIME=now(),"+ "`ITEM_DATETIME`=now(),"+
"REPOST=\"N\" where "+ "`REPOST`='N' where "+
"(REPLICATOR_NAME=\""+RDEscapeString(config()->name())+"\")&&"+ "(`REPLICATOR_NAME`='"+RDEscapeString(config()->name())+"')&&"+
QString().sprintf("(CART_NUMBER=%u)&&",q->value(0).toUInt())+ QString().sprintf("(`CART_NUMBER`=%u)&&",q->value(0).toUInt())+
"(POSTED_FILENAME=\""+RDEscapeString(q->value(1).toString())+"\")"; "(`POSTED_FILENAME`='"+RDEscapeString(q->value(1).toString())+"')";
} }
else { else {
sql=QString("insert into REPL_CART_STATE set ")+ sql=QString("insert into `REPL_CART_STATE` set ")+
"ITEM_DATETIME=now(),"+ "`ITEM_DATETIME`=now(),"+
"REPOST=\"N\","+ "`REPOST`='N',"+
"REPLICATOR_NAME=\""+RDEscapeString(config()->name())+"\","+ "`REPLICATOR_NAME`='"+RDEscapeString(config()->name())+"',"+
QString().sprintf("CART_NUMBER=%u,",q->value(0).toUInt())+ QString().sprintf("`CART_NUMBER`=%u,",q->value(0).toUInt())+
"POSTED_FILENAME=\""+RDEscapeString(q->value(1).toString())+"\""; "`POSTED_FILENAME`='"+RDEscapeString(q->value(1).toString())+"'";
} }
delete q2; delete q2;
q2=new RDSqlQuery(sql); RDSqlQuery::apply(sql);
delete q2;
} }
} }
delete q1; delete q1;
@ -401,14 +401,14 @@ void CitadelXds::PurgeCuts()
RDDelete::ErrorCode conv_err; RDDelete::ErrorCode conv_err;
sql=QString("select ")+ sql=QString("select ")+
"ID,"+ // 00 "`ID`,"+ // 00
"POSTED_FILENAME "+ // 01 "`POSTED_FILENAME` "+ // 01
"from REPL_CART_STATE where "+ "from `REPL_CART_STATE` where "+
"REPLICATOR_NAME=\""+RDEscapeString(config()->name())+"\""; "`REPLICATOR_NAME`='"+RDEscapeString(config()->name())+"'";
q=new RDSqlQuery(sql); q=new RDSqlQuery(sql);
while(q->next()) { while(q->next()) {
sql=QString("select ID from ISCI_XREFERENCE where ")+ sql=QString("select `ID` from `ISCI_XREFERENCE` where ")+
"FILENAME=\""+RDEscapeString(q->value(1).toString())+"\""; "`FILENAME`='"+RDEscapeString(q->value(1).toString())+"'";
q1=new RDSqlQuery(sql); q1=new RDSqlQuery(sql);
if(!q1->first()) { if(!q1->first()) {
QString path=config()->url(); QString path=config()->url();
@ -425,7 +425,7 @@ void CitadelXds::PurgeCuts()
config()->urlPassword(),"",false, config()->urlPassword(),"",false,
rda->config()->logXloadDebugData()))== rda->config()->logXloadDebugData()))==
RDDelete::ErrorOk) { RDDelete::ErrorOk) {
sql=QString().sprintf("delete from REPL_CART_STATE where ID=%d", sql=QString().sprintf("delete from `REPL_CART_STATE` where `ID`=%d",
q->value(0).toInt()); q->value(0).toInt());
q2=new RDSqlQuery(sql); q2=new RDSqlQuery(sql);
delete q2; delete q2;

76
rdrepld/rdrepld.cpp
View File

@ -96,10 +96,6 @@ MainObject::MainObject(QObject *parent)
// //
repl_temp_dir=RDTempDirectory::basePath(); repl_temp_dir=RDTempDirectory::basePath();
// connect(RDDbStatus(),
// SIGNAL(logText(RDConfig::LogPriority,const QString &)),
// this,SLOT(log(RDConfig::LogPriority,const QString &)));
if(qApp->arguments().size()!=1) { if(qApp->arguments().size()!=1) {
debug=true; debug=true;
} }
@ -138,7 +134,6 @@ void MainObject::ProcessCarts()
QString sql; QString sql;
RDSqlQuery *q; RDSqlQuery *q;
RDSqlQuery *q1; RDSqlQuery *q1;
RDSqlQuery *q2;
QString repl_name; QString repl_name;
QString where; QString where;
bool stale; bool stale;
@ -146,29 +141,29 @@ void MainObject::ProcessCarts()
for(unsigned i=0;i<repl_replicators.size();i++) { for(unsigned i=0;i<repl_replicators.size();i++) {
where=""; where="";
repl_name=repl_replicators[i]->config()->name(); repl_name=repl_replicators[i]->config()->name();
sql=QString("select GROUP_NAME from REPLICATOR_MAP where ")+ sql=QString("select `GROUP_NAME` from `REPLICATOR_MAP` where ")+
"REPLICATOR_NAME=\""+RDEscapeString(repl_name)+"\""; "`REPLICATOR_NAME`='"+RDEscapeString(repl_name)+"'";
q=new RDSqlQuery(sql); q=new RDSqlQuery(sql);
while(q->next()) { while(q->next()) {
where+=QString("(GROUP_NAME=\"")+ where+=QString("(GROUP_NAME='")+
RDEscapeString(q->value(0).toString())+"\")||"; RDEscapeString(q->value(0).toString())+"')||";
} }
delete q; delete q;
where=where.left(where.length()-2); where=where.left(where.length()-2);
sql=QString("select ")+ sql=QString("select ")+
"NUMBER,"+ // 00 "`NUMBER`,"+ // 00
"TYPE,"+ // 01 "`TYPE`,"+ // 01
"METADATA_DATETIME "+ // 02 "`METADATA_DATETIME` "+ // 02
"from CART where "+ "from `CART` where "+
where; where;
q=new RDSqlQuery(sql); q=new RDSqlQuery(sql);
while(q->next()) { while(q->next()) {
sql=QString("select ")+ sql=QString("select ")+
"ID,"+ // 00 "`ID`,"+ // 00
"ITEM_DATETIME "+ // 01 "`ITEM_DATETIME` "+ // 01
"from REPL_CART_STATE where "+ "from `REPL_CART_STATE` where "+
"(REPLICATOR_NAME=\""+RDEscapeString(repl_name)+"\")&&"+ "(`REPLICATOR_NAME`='"+RDEscapeString(repl_name)+"')&&"+
QString().sprintf("(CART_NUMBER=%u)",q->value(0).toUInt()); QString().sprintf("(`CART_NUMBER`=%u)",q->value(0).toUInt());
q1=new RDSqlQuery(sql); q1=new RDSqlQuery(sql);
if(q1->first()) { if(q1->first()) {
stale=q->value(2).toDateTime()>q1->value(1).toDateTime(); stale=q->value(2).toDateTime()>q1->value(1).toDateTime();
@ -179,18 +174,17 @@ void MainObject::ProcessCarts()
if(stale) { if(stale) {
if(repl_replicators[i]->processCart(q->value(0).toUInt())) { if(repl_replicators[i]->processCart(q->value(0).toUInt())) {
if(q1->isValid()) { if(q1->isValid()) {
sql=QString("update REPL_CART_STATE set ")+ sql=QString("update `REPL_CART_STATE` set ")+
"ITEM_DATETIME=now() where "+ "`ITEM_DATETIME`=now() where "+
QString().sprintf("ID=%u",q1->value(0).toUInt()); QString().sprintf("`ID`=%u",q1->value(0).toUInt());
} }
else { else {
sql=QString("insert into REPL_CART_STATE set ")+ sql=QString("insert into `REPL_CART_STATE` set ")+
"REPLICATOR_NAME=\""+RDEscapeString(repl_name)+"\","+ "`REPLICATOR_NAME`='"+RDEscapeString(repl_name)+"',"+
QString().sprintf("CART_NUMBER=%u,",q->value(0).toUInt())+ QString().sprintf("`CART_NUMBER`=%u,",q->value(0).toUInt())+
"ITEM_DATETIME=now()"; "`ITEM_DATETIME`=now()";
} }
q2=new RDSqlQuery(sql); RDSqlQuery::apply(sql);
delete q2;
} }
} }
delete q1; delete q1;
@ -207,20 +201,20 @@ void MainObject::LoadReplicators()
ReplConfig *config; ReplConfig *config;
sql=QString("select ")+ sql=QString("select ")+
"NAME,"+ // 00 "`NAME`,"+ // 00
"TYPE_ID,"+ // 01 "`TYPE_ID`,"+ // 01
"FORMAT,"+ // 02 "`FORMAT`,"+ // 02
"CHANNELS,"+ // 03 "`CHANNELS`,"+ // 03
"SAMPRATE,"+ // 04 "`SAMPRATE`,"+ // 04
"BITRATE,"+ // 05 "`BITRATE`,"+ // 05
"QUALITY,"+ // 06 "`QUALITY`,"+ // 06
"URL,"+ // 07 "`URL`,"+ // 07
"URL_USERNAME,"+ // 08 "`URL_USERNAME`,"+ // 08
"URL_PASSWORD,"+ // 09 "`URL_PASSWORD`,"+ // 09
"ENABLE_METADATA,"+ // 10 "`ENABLE_METADATA`,"+ // 10
"NORMALIZATION_LEVEL "+ // 11 "`NORMALIZATION_LEVEL` "+ // 11
"from REPLICATORS where "+ "from `REPLICATORS` where "+
"STATION_NAME=\""+RDEscapeString(rda->config()->stationName())+"\""; "`STATION_NAME`='"+RDEscapeString(rda->config()->stationName())+"'";
q=new RDSqlQuery(sql); q=new RDSqlQuery(sql);
while(q->next()) { while(q->next()) {
config=new ReplConfig(); config=new ReplConfig();