projects
/
fms.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
version 0.3.13
[fms.git]
/
src
/
http
/
pages
/
execquerypage.cpp
diff --git
a/src/http/pages/execquerypage.cpp
b/src/http/pages/execquerypage.cpp
index
b09b32e
..
358f34a
100644
(file)
--- a/
src/http/pages/execquerypage.cpp
+++ b/
src/http/pages/execquerypage.cpp
@@
-10,7
+10,7
@@
const std::string ExecQueryPage::GeneratePage(const std::string &method, const s
std::string content="";
\r
std::string query="";
\r
\r
std::string content="";
\r
std::string query="";
\r
\r
- if(queryvars.find("formaction")!=queryvars.end() && (*queryvars.find("formaction")).second=="execute" && queryvars.find("query")!=queryvars.end() && (*queryvars.find("query")).second!="")
\r
+ if(queryvars.find("formaction")!=queryvars.end() && (*queryvars.find("formaction")).second=="execute" && queryvars.find("query")!=queryvars.end() && (*queryvars.find("query")).second!=""
&& ValidateFormPassword(queryvars)
)
\r
{
\r
query=(*queryvars.find("query")).second;
\r
SQLite3DB::Recordset rs=m_db->Query(query);
\r
{
\r
query=(*queryvars.find("query")).second;
\r
SQLite3DB::Recordset rs=m_db->Query(query);
\r
@@
-50,8
+50,9
@@
const std::string ExecQueryPage::GeneratePage(const std::string &method, const s
\r
content+="<h2>Execute Query</h2>";
\r
content+="<form name=\"frmquery\" method=\"POST\">";
\r
\r
content+="<h2>Execute Query</h2>";
\r
content+="<form name=\"frmquery\" method=\"POST\">";
\r
+ content+=CreateFormPassword();
\r
content+="<input type=\"hidden\" name=\"formaction\" value=\"execute\">";
\r
content+="<input type=\"hidden\" name=\"formaction\" value=\"execute\">";
\r
- content+="<textarea name=\"query\" rows=\"10\" cols=\"80\">"+S
anitizeOutput(query
)+"</textarea>";
\r
+ content+="<textarea name=\"query\" rows=\"10\" cols=\"80\">"+S
tringFunctions::Replace(query,"<","<"
)+"</textarea>";
\r
content+="<input type=\"submit\" value=\"Execute Query\">";
\r
content+="</form>";
\r
\r
content+="<input type=\"submit\" value=\"Execute Query\">";
\r
content+="</form>";
\r
\r