Autres/Rivendellaudio
1
0
Fork 0
mirror of https://github.com/ElvishArtisan/rivendell.git synced 2025-10-18 08:31:16 +02:00
Code Issues Projects Releases Wiki Activity

2021-04-19 Fred Gleason <fredg@paravelsystems.com>

Browse Source 
* Escaped all SQL identifiers in 'rdlibrary/'.
	* Replaced " with ' delimiters in all SQL literal strings in
	'rdlibrary/'.

Signed-off-by: Fred Gleason <fredg@paravelsystems.com>
This commit is contained in:
Fred Gleason
2021-04-19 20:11:16 -04:00
parent 220ead0ccd
commit ad56584012
8 changed files with 124 additions and 125 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
ChangeLog
View File

@@ -21503,3 +21503,7 @@
* Escaped all SQL identifiers in 'rdcatchd/'.
* Replaced " with ' delimiters in all SQL literal strings in
'rdcatchd/'.
2021-04-19 Fred Gleason <fredg@paravelsystems.com>
* Escaped all SQL identifiers in 'rdlibrary/'.
* Replaced " with ' delimiters in all SQL literal strings in
'rdlibrary/'.

4
rdlibrary/audio_cart.cpp
View File

@@ -312,8 +312,8 @@ void AudioCart::deleteCutData()
// Check for RDCatch Events
//
for(int i=0;i<cutnames.size();i++) {
QString sql=QString("select CUT_NAME from RECORDINGS where ")+
"CUT_NAME=\""+RDEscapeString(cutnames.at(i))+"\"";
QString sql=QString("select `CUT_NAME` from `RECORDINGS` where ")+
"`CUT_NAME`='"+RDEscapeString(cutnames.at(i))+"'";
RDSqlQuery *q=new RDSqlQuery(sql);
if(q->first()) {
if(QMessageBox::warning(this,tr("RDCatch Event Exists"),

6
rdlibrary/edit_cart.cpp
View File

@@ -749,9 +749,9 @@ void EditCart::okData()
return;
}
if(!rda->system()->allowDuplicateCartTitles()) {
sql=QString("select NUMBER from CART where ")+
"(TITLE=\""+RDEscapeString(rdcart_controls.title_edit->text())+"\") &&"+
QString().sprintf("(NUMBER!=%u)",rdcart_cart->number());
sql=QString("select `NUMBER` from `CART` where ")+
"(`TITLE`='"+RDEscapeString(rdcart_controls.title_edit->text())+"') &&"+
QString().sprintf("(`NUMBER`!=%u)",rdcart_cart->number());
q=new RDSqlQuery(sql);
if(q->first()) {
QMessageBox::warning(this,tr("Duplicate Title"),

2
rdlibrary/edit_schedulercodes.cpp
View File

@@ -106,7 +106,7 @@ EditSchedulerCodes::EditSchedulerCodes(QString *sched_codes,
}
}
sql=QString().sprintf("select CODE from SCHED_CODES");
sql=QString().sprintf("select `CODE` from `SCHED_CODES`");
q=new RDSqlQuery(sql);
while(q->next()) {
if(codes_sel->destFindItem(q->value(0).toString())==0) {

149
rdlibrary/list_reports.cpp
View File

@@ -172,26 +172,21 @@ void ListReports::GenerateCartReport(QString *report)
//
// Generate Rows
//
/*
if(list_type_filter.isEmpty()) {
return;
}
*/
sql=QString("select ")+
"CART.TYPE,"+ // 00
"CART.NUMBER,"+ // 01
"CART.GROUP_NAME,"+ // 02
"CART.FORCED_LENGTH,"+ // 03
"CART.TITLE,"+ // 04
"CART.ARTIST,"+ // 05
"CART.CUT_QUANTITY,"+ // 06
"CART.USE_WEIGHTING,"+ // 07
"CART.ENFORCE_LENGTH,"+ // 08
"CART.LENGTH_DEVIATION,"+ // 09
"CART.OWNER "+ // 10
"from CART "+
"left join GROUPS on CART.GROUP_NAME=GROUPS.NAME "+
"left join CUTS on CART.NUMBER=CUTS.CART_NUMBER ";
"`CART`.`TYPE`,"+ // 00
"`CART`.`NUMBER`,"+ // 01
"`CART`.`GROUP_NAME`,"+ // 02
"`CART`.`FORCED_LENGTH`,"+ // 03
"`CART`.`TITLE`,"+ // 04
"`CART`.`ARTIST`,"+ // 05
"`CART`.`CUT_QUANTITY`,"+ // 06
"`CART`.`USE_WEIGHTING`,"+ // 07
"`CART`.`ENFORCE_LENGTH`,"+ // 08
"`CART`.`LENGTH_DEVIATION`,"+ // 09
"`CART`.`OWNER` "+ // 10
"from `CART` "+
"left join `GROUPS` on `CART`.`GROUP_NAME`=`GROUPS`.`NAME "+
"left join `CUTS` on `CART`.`NUMBER`=`CUTS`.`CART_NUMBER` ";
sql+=list_filter_sql;
unsigned prev_cartnum=0;
q=new RDSqlQuery(sql);
@@ -318,30 +313,30 @@ void ListReports::GenerateCutReport(QString *report)
// Generate Rows
//
sql=QString("select ")+
"CART.NUMBER,"+ // 00
"CUTS.CUT_NAME,"+ // 01
"CART.USE_WEIGHTING,"+ // 02
"CUTS.PLAY_ORDER,"+ // 03
"CUTS.WEIGHT,"+ // 04
"CART.TITLE,"+ // 05
"CUTS.DESCRIPTION,"+ // 06
"CUTS.LENGTH,"+ // 07
"CUTS.LAST_PLAY_DATETIME,"+ // 08
"CUTS.PLAY_COUNTER,"+ // 09
"CUTS.START_DATETIME,"+ // 10
"CUTS.END_DATETIME,"+ // 11
"CUTS.SUN,"+ // 12
"CUTS.MON,"+ // 13
"CUTS.TUE,"+ // 14
"CUTS.WED,"+ // 15
"CUTS.THU,"+ // 16
"CUTS.FRI,"+ // 17
"CUTS.SAT,"+ // 18
"CUTS.START_DAYPART,"+ // 19
"CUTS.END_DAYPART "+ // 20
"from CART "+
"left join GROUPS on CART.GROUP_NAME=GROUPS.NAME "+
"left join CUTS on CART.NUMBER=CUTS.CART_NUMBER ";
"`CART`.`NUMBER`,"+ // 00
"`CUTS`.`CUT_NAME`,"+ // 01
"`CART`.`USE_WEIGHTING`,"+ // 02
"`CUTS`.`PLAY_ORDER`,"+ // 03
"`CUTS`.`WEIGHT`,"+ // 04
"`CART`.`TITLE`,"+ // 05
"`CUTS`.`DESCRIPTION`,"+ // 06
"`CUTS`.`LENGTH`,"+ // 07
"`CUTS`.`LAST_PLAY_DATETIME`,"+ // 08
"`CUTS`.`PLAY_COUNTER`,"+ // 09
"`CUTS`.`START_DATETIME`,"+ // 10
"`CUTS`.`END_DATETIME`,"+ // 11
"`CUTS`.`SUN`,"+ // 12
"`CUTS`.`MON`,"+ // 13
"`CUTS`.`TUE`,"+ // 14
"`CUTS`.`WED`,"+ // 15
"`CUTS`.`THU`,"+ // 16
"`CUTS`.`FRI`,"+ // 17
"`CUTS`.`SAT`,"+ // 18
"`CUTS`.`START_DAYPART`,"+ // 19
"`CUTS`.`END_DAYPART` "+ // 20
"from `CART` "+
"left join `GROUPS` on `CART`.`GROUP_NAME`=`GROUPS`.`NAME` "+
"left join `CUTS` on `CART`.`NUMBER`=`CUTS`.`CART_NUMBER` ";
sql+=list_filter_sql;
q=new RDSqlQuery(sql);
while(q->next()) {
@@ -511,40 +506,40 @@ void ListReports::GenerateCartDumpCsv(QString *report,bool prepend_names)
// Generate Rows
//
sql=QString("select ")+
"CART.NUMBER,"+ // 00
"CART.TYPE,"+ // 01
"CUTS.CUT_NAME,"+ // 02
"CART.GROUP_NAME,"+ // 03
"CART.TITLE,"+ // 04
"CART.ARTIST,"+ // 05
"CART.ALBUM,"+ // 06
"CART.YEAR,"+ // 07
"CUTS.ISRC,"+ // 08
"CUTS.ISCI,"+ // 09
"CART.LABEL,"+ // 10
"CART.CLIENT,"+ // 11
"CART.AGENCY,"+ // 12
"CART.PUBLISHER,"+ // 13
"CART.COMPOSER,"+ // 14
"CART.CONDUCTOR,"+ // 15
"CART.SONG_ID,"+ // 16
"CART.USER_DEFINED,"+ // 17
"CUTS.DESCRIPTION,"+ // 18
"CUTS.OUTCUE,"+ // 19
"CUTS.LENGTH,"+ // 20
"CUTS.START_POINT,"+ // 21
"CUTS.END_POINT,"+ // 22
"CUTS.SEGUE_START_POINT,"+ // 23
"CUTS.SEGUE_END_POINT,"+ // 24
"CUTS.HOOK_START_POINT,"+ // 25
"CUTS.HOOK_END_POINT,"+ // 26
"CUTS.TALK_START_POINT,"+ // 27
"CUTS.TALK_END_POINT,"+ // 28
"CUTS.FADEUP_POINT,"+ // 29
"CUTS.FADEDOWN_POINT "+ // 30
"from CART "+
"left join GROUPS on CART.GROUP_NAME=GROUPS.NAME "+
"left join CUTS on CART.NUMBER=CUTS.CART_NUMBER ";
"`CART`.`NUMBER`,"+ // 00
"`CART`.`TYPE`,"+ // 01
"`CUTS`.`CUT_NAME`,"+ // 02
"`CART`.`GROUP_NAME`,"+ // 03
"`CART`.`TITLE`,"+ // 04
"`CART`.`ARTIST`,"+ // 05
"`CART`.`ALBUM`,"+ // 06
"`CART`.`YEAR`,"+ // 07
"`CUTS`.`ISRC`,"+ // 08
"`CUTS`.`ISCI`,"+ // 09
"`CART`.`LABEL`,"+ // 10
"`CART`.`CLIENT`,"+ // 11
"`CART`.`AGENCY`,"+ // 12
"`CART`.`PUBLISHER`,"+ // 13
"`CART`.`COMPOSER`,"+ // 14
"`CART`.`CONDUCTOR`,"+ // 15
"`CART`.`SONG_ID`,"+ // 16
"`CART`.`USER_DEFINED`,"+ // 17
"`CUTS`.`DESCRIPTION`,"+ // 18
"`CUTS`.`OUTCUE`,"+ // 19
"`CUTS`.`LENGTH`,"+ // 20
"`CUTS`.`START_POINT`,"+ // 21
"`CUTS`.`END_POINT`,"+ // 22
"`CUTS`.`SEGUE_START_POINT`,"+ // 23
"`CUTS`.`SEGUE_END_POINT`,"+ // 24
"`CUTS`.`HOOK_START_POINT`,"+ // 25
"`CUTS`.`HOOK_END_POINT`,"+ // 26
"`CUTS`.`TALK_START_POINT`,"+ // 27
"`CUTS`.`TALK_END_POINT`,"+ // 28
"`CUTS`.`FADEUP_POINT`,"+ // 29
"`CUTS`.`FADEDOWN_POINT` "+ // 30
"from `CART` "+
"left join `GROUPS` on `CART`.`GROUP_NAME`=`GROUPS`.`NAME "+
"left join `CUTS` on `CART`.`NUMBER`=`CUTS`.`CART_NUMBER` ";
sql+=list_filter_sql;
q=new RDSqlQuery(sql);

4
rdlibrary/notebubble.cpp
View File

@@ -51,8 +51,8 @@ bool NoteBubble::setCartNumber(unsigned cartnum)
note_show_timer->stop();
hide();
QString sql=QString("select NOTES from CART where ")+
QString().sprintf("NUMBER=%u",cartnum);
QString sql=QString("select `NOTES` from `CART` where ")+
QString().sprintf("`NUMBER`=%u",cartnum);
RDSqlQuery *q=new RDSqlQuery(sql);
if(q->first()&&(!q->value(0).toString().trimmed().isEmpty())) {
setText(q->value(0).toString());

24
rdlibrary/rdlibrary.cpp
View File

@@ -355,10 +355,10 @@ void MainWidget::addData()
}
delete add_cart;
sql=QString("insert into CART set ")+
QString().sprintf("NUMBER=%u,TYPE=%d,",cart_num,cart_type)+
"GROUP_NAME=\""+RDEscapeString(lib_default_group)+"\","+
"TITLE=\""+RDEscapeString(cart_title)+"\"";
sql=QString("insert into `CART` set ")+
QString().sprintf("`NUMBER`=%u,`TYPE`=%d,",cart_num,cart_type)+
"`GROUP_NAME`='"+RDEscapeString(lib_default_group)+"',"+
"`TITLE`='"+RDEscapeString(cart_title)+"'";
q=new RDSqlQuery(sql);
delete q;
@@ -458,10 +458,10 @@ void MainWidget::deleteData()
for(int i=0;i<carts.size();i++) {
unsigned cartnum=lib_cart_model->cartNumber(carts.at(i));
sql=QString("select ")+
"CUT_NAME "+ // 00
"from RECORDINGS where "+
QString().sprintf("(CUT_NAME like \"%06u_%%\")||",cartnum)+
QString().sprintf("(MACRO_CART=%u)",cartnum);
"`CUT_NAME` "+ // 00
"from `RECORDINGS` where "+
QString().sprintf("(`CUT_NAME` like '%06u_%%')||",cartnum)+
QString().sprintf("(`MACRO_CART`=%u)",cartnum);
q=new RDSqlQuery(sql);
if(q->first()) {
QString str=tr("Cart")+
@@ -691,10 +691,10 @@ void MainWidget::notificationReceivedData(RDNotification *notify)
case RDNotification::AddAction:
and_fields.push_back(QString().sprintf("CART.NUMBER=%u",cartnum));
sql=QString("select ")+
"CART.NUMBER "+ // 00
"from CART "+
"left join GROUPS on CART.GROUP_NAME=GROUPS.NAME "+
"left join CUTS on CART.NUMBER=CUTS.CART_NUMBER "+
"`CART`.`NUMBER` "+ // 00
"from `CART` "+
"left join `GROUPS` on `CART`.`GROUP_NAME`=`GROUPS`.`NAME` "+
"left join `CUTS` on `CART`.`NUMBER`=`CUTS`.`CART_NUMBER` "+
lib_cart_filter->filterSql(and_fields);
q=new RDSqlQuery(sql);
if(q->first()) {

56
rdlibrary/validate_cut.cpp
View File

@@ -2,7 +2,7 @@
//
// Validate a Rivendell Audio Cut
//
// (C) Copyright 2006-2018 Fred Gleason <fredg@paravelsystems.com>
// (C) Copyright 2006-2021 Fred Gleason <fredg@paravelsystems.com>
//
// This program is free software; you can redistribute it and/or modify
// it under the terms of the GNU General Public License version 2 as
@@ -27,33 +27,33 @@ QString ValidateCutFields()
QString sql;
sql=QString("select ")+
"PLAY_ORDER,"+ // 00
"WEIGHT,"+ // 01
"DESCRIPTION,"+ // 02
"LENGTH,"+ // 03
"LAST_PLAY_DATETIME,"+ // 04
"PLAY_COUNTER,"+ // 05
"ORIGIN_DATETIME,"+ // 06
"ORIGIN_NAME,"+ // 07
"ORIGIN_LOGIN_NAME,"+ // 08
"SOURCE_HOSTNAME,"+ // 09
"OUTCUE,"+ // 10
"CUT_NAME,"+ // 11
"LENGTH,"+ // 12 offsets begin here
"EVERGREEN,"+ // 13
"START_DATETIME,"+ // 14
"END_DATETIME,"+ // 15
"START_DAYPART,"+ // 16
"END_DAYPART,"+ // 17
"MON,"+ // 18
"TUE,"+ // 19
"WED,"+ // 20
"THU,"+ // 21
"FRI,"+ // 22
"SAT,"+ // 23
"SUN,"+ // 24
"SHA1_HASH "+ // 25
"from CUTS";
"`PLAY_ORDER`,"+ // 00
"`WEIGHT`,"+ // 01
"`DESCRIPTION`,"+ // 02
"`LENGTH`,"+ // 03
"`LAST_PLAY_DATETIME`,"+ // 04
"`PLAY_COUNTER`,"+ // 05
"`ORIGIN_DATETIME`,"+ // 06
"`ORIGIN_NAME`,"+ // 07
"`ORIGIN_LOGIN_NAME`,"+ // 08
"`SOURCE_HOSTNAME`,"+ // 09
"`OUTCUE`,"+ // 10
"`CUT_NAME`,"+ // 11
"`LENGTH`,"+ // 12 offsets begin here
"`EVERGREEN`,"+ // 13
"`START_DATETIME`,"+ // 14
"`END_DATETIME`,"+ // 15
"`START_DAYPART`,"+ // 16
"`END_DAYPART`,"+ // 17
"`MON`,"+ // 18
"`TUE`,"+ // 19
"`WED`,"+ // 20
"`THU`,"+ // 21
"`FRI`,"+ // 22
"`SAT`,"+ // 23
"`SUN`,"+ // 24
"`SHA1_HASH` "+ // 25
"from `CUTS`";
return sql;
}