version 0.2.0

[fms.git] / src / http / pages / execquerypage.cpp

diff --git a/src/http/pages/execquerypage.cpp b/src/http/pages/execquerypage.cpp
index 50d3f0c..8ef4c48 100644 (file)
--- a/src/http/pages/execquerypage.cpp
+++ b/src/http/pages/execquerypage.cpp
@@ -8,10 +8,12 @@
 const std::string ExecQueryPage::GeneratePage(const std::string &method, const std::map<std::string,std::string> &queryvars)\r
 {\r
        std::string content="";\r
+       std::string query="";\r
 \r
        if(queryvars.find("formaction")!=queryvars.end() && (*queryvars.find("formaction")).second=="execute" && queryvars.find("query")!=queryvars.end() && (*queryvars.find("query")).second!="")\r
        {\r
-               SQLite3DB::Recordset rs=m_db->Query((*queryvars.find("query")).second);\r
+               query=(*queryvars.find("query")).second;\r
+               SQLite3DB::Recordset rs=m_db->Query(query);\r
 \r
                content+="<table>";\r
                if(rs.Count()>0)\r
@@ -49,7 +51,7 @@ const std::string ExecQueryPage::GeneratePage(const std::string &method, const s
        content+="<h2>Execute Query</h2>";\r
        content+="<form name=\"frmquery\" method=\"POST\">";\r
        content+="<input type=\"hidden\" name=\"formaction\" value=\"execute\">";\r
-       content+="<textarea name=\"query\" rows=\"10\" cols=\"80\"></textarea>";\r
+       content+="<textarea name=\"query\" rows=\"10\" cols=\"80\">"+SanitizeOutput(query)+"</textarea>";\r
        content+="<input type=\"submit\" value=\"Execute Query\">";\r
        content+="</form>";\r
 \r