X-Git-Url: https://git.pterodactylus.net/?a=blobdiff_plain;f=src%2Fhttp%2Fipagehandler.cpp;h=1ec7947dbba72488785cdd4085377b8082dd56a1;hb=59a5414ec47a2932a7802fcd1d98c4d80166564f;hp=52e96f6b2350cdfb53d7f3a3dd7e72054074da07;hpb=221236a4d3aac4144529d418ce368db5c98facb0;p=fms.git

diff --git a/src/http/ipagehandler.cpp b/src/http/ipagehandler.cpp
index 52e96f6..1ec7947 100644
--- a/src/http/ipagehandler.cpp
+++ b/src/http/ipagehandler.cpp
@@ -1,7 +1,6 @@
 #include "../../include/http/ipagehandler.h"
 #include "../../include/stringfunctions.h"
 #include "../../include/http/multipartparser.h"
-#include "../../include/db/sqlite3db.h"
 
 #include <Poco/Net/HTMLForm.h>
 #include <Poco/UUIDGenerator.h>
@@ -54,7 +53,7 @@ const std::string IPageHandler::CreateFormPassword()
 	{
 	}
 
-	SQLite3DB::Statement st=SQLite3DB::DB::Instance()->Prepare("INSERT INTO tmpFormPassword(Date,Password) VALUES(?,?);");
+	SQLite3DB::Statement st=m_db->Prepare("INSERT INTO tmpFormPassword(Date,Password) VALUES(?,?);");
 	st.Bind(0,Poco::DateTimeFormatter::format(date,"%Y-%m-%d %H:%M:%S"));
 	st.Bind(1,uuid.toString());
 	st.Step();
@@ -152,19 +151,29 @@ const std::string IPageHandler::SanitizeOutput(const std::string &input)
 	return output;
 }
 
+const std::string IPageHandler::SanitizeTextAreaOutput(const std::string &input)
+{
+	// must do & first because all other elements have & in them!
+	std::string output=StringFunctions::Replace(input,"&","&amp;");
+	output=StringFunctions::Replace(output,"<","&lt;");
+	output=StringFunctions::Replace(output,">","&gt;");
+	output=StringFunctions::Replace(output,"\"","&quot;");
+	return output;
+}
+
 const bool IPageHandler::ValidateFormPassword(const std::map<std::string,std::string> &vars)
 {
 	Poco::DateTime date;
 	date-=Poco::Timespan(0,1,0,0,0);
 
-	SQLite3DB::Statement st=SQLite3DB::DB::Instance()->Prepare("DELETE FROM tmpFormPassword WHERE Date<?;");
+	SQLite3DB::Statement st=m_db->Prepare("DELETE FROM tmpFormPassword WHERE Date<?;");
 	st.Bind(0,Poco::DateTimeFormatter::format(date,"%Y-%m-%d %H:%M:%S"));
 	st.Step();
 
 	std::map<std::string,std::string>::const_iterator i=vars.find("formpassword");
 	if(i!=vars.end())
 	{
-		st=SQLite3DB::DB::Instance()->Prepare("SELECT COUNT(*) FROM tmpFormPassword WHERE Password=?;");
+		st=m_db->Prepare("SELECT COUNT(*) FROM tmpFormPassword WHERE Password=?;");
 		st.Bind(0,(*i).second);
 		st.Step();
 		if(st.RowReturned())