2021-04-19 Fred Gleason <fredg@paravelsystems.com>

* Escaped all SQL identifiers in 'rdlogedit/'. * Replaced " with ' delimiters in all SQL literal strings in 'rdlogedit/'. Signed-off-by: Fred Gleason <fredg@paravelsystems.com>
2025-07-25 08:58:13 +02:00 · 2021-04-19 20:17:18 -04:00 · 2021-04-19 20:17:18 -04:00 · c45cc83e15
commit c45cc83e15
parent ad56584012
4 changed files with 21 additions and 27 deletions
--- a/4
+++ b/4
@ -21507,3 +21507,7 @@
 	* Escaped all SQL identifiers in 'rdlibrary/'.
 	* Replaced " with ' delimiters in all SQL literal strings in
 	'rdlibrary/'.
+2021-04-19 Fred Gleason <fredg@paravelsystems.com>
+	* Escaped all SQL identifiers in 'rdlogedit/'.
+	* Replaced " with ' delimiters in all SQL literal strings in
+	'rdlogedit/'.
--- a/rdlogedit/edit_chain.cpp
+++ b/rdlogedit/edit_chain.cpp
@ -2,7 +2,7 @@
 //
 // Edit a Rivendell Log Chain Entry
 //
-//   (C) Copyright 2002-2019 Fred Gleason <fredg@paravelsystems.com>
+//   (C) Copyright 2002-2021 Fred Gleason <fredg@paravelsystems.com>
 //
 //   This program is free software; you can redistribute it and/or modify
 //   it under the terms of the GNU General Public License version 2 as
@ -18,9 +18,6 @@
 //   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 //

-#include <qpushbutton.h>
-#include <qmessagebox.h>
-
 #include <rdapplication.h>
 #include <rddb.h>
 #include <rdescape_string.h>
@ -106,8 +103,8 @@ void EditChain::selectLogData()
 void EditChain::labelChangedData(const QString &logname)
 {
  QString sql=
-    QString("select DESCRIPTION from LOGS where ")+
-    "NAME=\""+RDEscapeString(logname)+"\"";
+    QString("select `DESCRIPTION` from `LOGS` where ")+
+    "`NAME`='"+RDEscapeString(logname)+"'";
  RDSqlQuery *q=new RDSqlQuery(sql);
  if(!q->first()) {
    delete q;
--- a/rdlogedit/edit_log.cpp
+++ b/rdlogedit/edit_log.cpp
@ -99,14 +99,11 @@ EditLog::EditLog(QString logname,QString *filter,QString *group,
  // Log Name
  //
  edit_modified_label=new QLabel(this);
-  //  edit_modified_label->setBackgroundColor(QColor(system_mid_color));
  edit_modified_label->setAlignment(Qt::AlignCenter|Qt::AlignVCenter);
  edit_modified_label->setFont(progressFont());
  edit_logname_label=new QLabel(logname,this);
-  //  edit_logname_label->setBackgroundColor(QColor(system_mid_color));
  edit_logname_label->setAlignment(Qt::AlignLeft|Qt::AlignVCenter);
  edit_logname_label_label=new QLabel(tr("Log Name:"),this);
-  //  edit_logname_label_label->setBackgroundColor(QColor(system_mid_color));
  edit_logname_label_label->setFont(labelFont());
  edit_logname_label_label->setAlignment(Qt::AlignRight|Qt::AlignVCenter);

@ -114,10 +111,8 @@ EditLog::EditLog(QString logname,QString *filter,QString *group,
  // Track Counts
  //
  edit_track_label=new QLabel(this);
-  //  edit_track_label->setBackgroundColor(QColor(system_mid_color));
  edit_track_label->setAlignment(Qt::AlignLeft|Qt::AlignVCenter);
  edit_track_label_label=new QLabel(tr("Tracks:"),this);
-  //  edit_track_label_label->setBackgroundColor(QColor(system_mid_color));
  edit_track_label_label->setFont(labelFont());
  edit_track_label_label->setAlignment(Qt::AlignRight|Qt::AlignVCenter);

@ -128,10 +123,8 @@ EditLog::EditLog(QString logname,QString *filter,QString *group,
    new QLabel(edit_log->originUser()+QString(" - ")+
 	       edit_log->originDatetime().toString("MM/dd/yyyy - hh:mm:ss"),
 	       this);
-  //  edit_origin_label->setBackgroundColor(QColor(system_mid_color));
  edit_origin_label->setAlignment(Qt::AlignLeft|Qt::AlignVCenter);
  edit_origin_label_label=new QLabel(tr("Origin:"),this);
-  //  edit_origin_label_label->setBackgroundColor(QColor(system_mid_color));
  edit_origin_label_label->setFont(labelFont());
  edit_origin_label_label->setAlignment(Qt::AlignRight|Qt::AlignVCenter);

@ -464,7 +457,7 @@ EditLog::EditLog(QString logname,QString *filter,QString *group,
    edit_purgedate_box->setChecked(true);
    edit_purgedate_edit->setDate(purge_date);
  }
-  sql=QString("select NAME from SERVICES");
+  sql=QString("select `NAME` from `SERVICES`");
  q=new RDSqlQuery(sql);
  while(q->next()) {
    services_list.append( q->value(0).toString() );
--- a/rdlogedit/rdlogedit.cpp
+++ b/rdlogedit/rdlogedit.cpp
@ -446,19 +446,19 @@ void MainWidget::reportData()
  // Report Body
  //
  sql=QString("select ")+
-    "NAME,"+               // 00
-    "DESCRIPTION,"+        // 01
-    "SERVICE,"+            // 02
-    "MUSIC_LINKS,"+        // 03
-    "MUSIC_LINKED,"+       // 04
-    "TRAFFIC_LINKS,"+      // 05
-    "TRAFFIC_LINKED,"+     // 06
-    "COMPLETED_TRACKS,"+   // 07
-    "SCHEDULED_TRACKS,"+   // 08
-    "START_DATE,"+         // 09
-    "END_DATE,"+           // 10
-    "MODIFIED_DATETIME "+  // 11
-    "from LOGS order by NAME ";
+    "`NAME`,"+               // 00
+    "`DESCRIPTION`,"+        // 01
+    "`SERVICE`,"+            // 02
+    "`MUSIC_LINKS`,"+        // 03
+    "`MUSIC_LINKED`,"+       // 04
+    "`TRAFFIC_LINKS`,"+      // 05
+    "`TRAFFIC_LINKED`,"+     // 06
+    "`COMPLETED_TRACKS`,"+   // 07
+    "`SCHEDULED_TRACKS`,"+   // 08
+    "`START_DATE`,"+         // 09
+    "`END_DATE`,"+           // 10
+    "`MODIFIED_DATETIME` "+  // 11
+    "from `LOGS` order by `NAME` ";
  q=new RDSqlQuery(sql);
  while(q->next()) {
    //