#include "../../include/http/ipagehandler.h"\r
#include "../../include/stringfunctions.h"\r
#include "../../include/http/multipartparser.h"\r
-#include "../../include/db/sqlite3db.h"\r
\r
#include <Poco/Net/HTMLForm.h>\r
#include <Poco/UUIDGenerator.h>\r
{\r
}\r
\r
- SQLite3DB::Statement st=SQLite3DB::DB::Instance()->Prepare("INSERT INTO tmpFormPassword(Date,Password) VALUES(?,?);");\r
+ SQLite3DB::Statement st=m_db->Prepare("INSERT INTO tmpFormPassword(Date,Password) VALUES(?,?);");\r
st.Bind(0,Poco::DateTimeFormatter::format(date,"%Y-%m-%d %H:%M:%S"));\r
st.Bind(1,uuid.toString());\r
st.Step();\r
return output;\r
}\r
\r
+const std::string IPageHandler::SanitizeTextAreaOutput(const std::string &input)\r
+{\r
+ // must do & first because all other elements have & in them!\r
+ std::string output=StringFunctions::Replace(input,"&","&");\r
+ output=StringFunctions::Replace(output,"<","<");\r
+ output=StringFunctions::Replace(output,">",">");\r
+ output=StringFunctions::Replace(output,"\"",""");\r
+ return output;\r
+}\r
+\r
const bool IPageHandler::ValidateFormPassword(const std::map<std::string,std::string> &vars)\r
{\r
Poco::DateTime date;\r
date-=Poco::Timespan(0,1,0,0,0);\r
\r
- SQLite3DB::Statement st=SQLite3DB::DB::Instance()->Prepare("DELETE FROM tmpFormPassword WHERE Date<?;");\r
+ SQLite3DB::Statement st=m_db->Prepare("DELETE FROM tmpFormPassword WHERE Date<?;");\r
st.Bind(0,Poco::DateTimeFormatter::format(date,"%Y-%m-%d %H:%M:%S"));\r
st.Step();\r
\r
std::map<std::string,std::string>::const_iterator i=vars.find("formpassword");\r
if(i!=vars.end())\r
{\r
- st=SQLite3DB::DB::Instance()->Prepare("SELECT COUNT(*) FROM tmpFormPassword WHERE Password=?;");\r
+ st=m_db->Prepare("SELECT COUNT(*) FROM tmpFormPassword WHERE Password=?;");\r
st.Bind(0,(*i).second);\r
st.Step();\r
if(st.RowReturned())\r