X-Git-Url: https://git.pterodactylus.net/?a=blobdiff_plain;f=src%2Fhttp%2Fpages%2Fexecquerypage.cpp;h=09bce557235cb72652b4d5579527e17a652b9a6b;hb=9ae3b1434e51788e6feb72e1415ec800d05c535a;hp=8d46c46cd4e7989b80d2d4d2edb6109c668714e6;hpb=026dc6b2bc548c945359c4e166eff514f2c47c6a;p=fms.git

diff --git a/src/http/pages/execquerypage.cpp b/src/http/pages/execquerypage.cpp
index 8d46c46..09bce55 100644
--- a/src/http/pages/execquerypage.cpp
+++ b/src/http/pages/execquerypage.cpp
@@ -10,7 +10,7 @@ const std::string ExecQueryPage::GeneratePage(const std::string &method, const s
 	std::string content="";
 	std::string query="";
 
-	if(queryvars.find("formaction")!=queryvars.end() && (*queryvars.find("formaction")).second=="execute" && queryvars.find("query")!=queryvars.end() && (*queryvars.find("query")).second!="")
+	if(queryvars.find("formaction")!=queryvars.end() && (*queryvars.find("formaction")).second=="execute" && queryvars.find("query")!=queryvars.end() && (*queryvars.find("query")).second!="" && ValidateFormPassword(queryvars))
 	{
 		query=(*queryvars.find("query")).second;
 		SQLite3DB::Recordset rs=m_db->Query(query);
@@ -38,7 +38,7 @@ const std::string ExecQueryPage::GeneratePage(const std::string &method, const s
 				content+="<td>";
 				if(rs.GetField(i))
 				{
-					content+=rs.GetField(i);
+					content+=SanitizeOutput(std::string(rs.GetField(i)));
 				}
 				content+="</td>";
 			}
@@ -50,6 +50,7 @@ const std::string ExecQueryPage::GeneratePage(const std::string &method, const s
 
 	content+="<h2>Execute Query</h2>";
 	content+="<form name=\"frmquery\" method=\"POST\">";
+	content+=CreateFormPassword();
 	content+="<input type=\"hidden\" name=\"formaction\" value=\"execute\">";
 	content+="<textarea name=\"query\" rows=\"10\" cols=\"80\">"+StringFunctions::Replace(query,"<","&lt;")+"</textarea>";
 	content+="<input type=\"submit\" value=\"Execute Query\">";