version 0.3.13

[fms.git] / src / http / pages / execquerypage.cpp

diff --git a/src/http/pages/execquerypage.cpp b/src/http/pages/execquerypage.cpp
index 8d46c46..358f34a 100644 (file)
--- a/src/http/pages/execquerypage.cpp
+++ b/src/http/pages/execquerypage.cpp
@@ -10,7 +10,7 @@ const std::string ExecQueryPage::GeneratePage(const std::string &method, const s
        std::string content="";\r
        std::string query="";\r
 \r
-       if(queryvars.find("formaction")!=queryvars.end() && (*queryvars.find("formaction")).second=="execute" && queryvars.find("query")!=queryvars.end() && (*queryvars.find("query")).second!="")\r
+       if(queryvars.find("formaction")!=queryvars.end() && (*queryvars.find("formaction")).second=="execute" && queryvars.find("query")!=queryvars.end() && (*queryvars.find("query")).second!="" && ValidateFormPassword(queryvars))\r
        {\r
                query=(*queryvars.find("query")).second;\r
                SQLite3DB::Recordset rs=m_db->Query(query);\r
@@ -50,6 +50,7 @@ const std::string ExecQueryPage::GeneratePage(const std::string &method, const s
 \r
        content+="<h2>Execute Query</h2>";\r
        content+="<form name=\"frmquery\" method=\"POST\">";\r
+       content+=CreateFormPassword();\r
        content+="<input type=\"hidden\" name=\"formaction\" value=\"execute\">";\r
        content+="<textarea name=\"query\" rows=\"10\" cols=\"80\">"+StringFunctions::Replace(query,"<","&lt;")+"</textarea>";\r
        content+="<input type=\"submit\" value=\"Execute Query\">";\r