projects
/
fms.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
version 0.3.33
[fms.git]
/
src
/
http
/
pages
/
execquerypage.cpp
diff --git
a/src/http/pages/execquerypage.cpp
b/src/http/pages/execquerypage.cpp
index
8ef4c48
..
97b402b
100644
(file)
--- a/
src/http/pages/execquerypage.cpp
+++ b/
src/http/pages/execquerypage.cpp
@@
-10,7
+10,7
@@
const std::string ExecQueryPage::GeneratePage(const std::string &method, const s
std::string content="";
\r
std::string query="";
\r
\r
std::string content="";
\r
std::string query="";
\r
\r
- if(queryvars.find("formaction")!=queryvars.end() && (*queryvars.find("formaction")).second=="execute" && queryvars.find("query")!=queryvars.end() && (*queryvars.find("query")).second!="")
\r
+ if(queryvars.find("formaction")!=queryvars.end() && (*queryvars.find("formaction")).second=="execute" && queryvars.find("query")!=queryvars.end() && (*queryvars.find("query")).second!=""
&& ValidateFormPassword(queryvars)
)
\r
{
\r
query=(*queryvars.find("query")).second;
\r
SQLite3DB::Recordset rs=m_db->Query(query);
\r
{
\r
query=(*queryvars.find("query")).second;
\r
SQLite3DB::Recordset rs=m_db->Query(query);
\r
@@
-30,6
+30,12
@@
const std::string ExecQueryPage::GeneratePage(const std::string &method, const s
}
\r
content+="<tr>";
\r
}
\r
}
\r
content+="<tr>";
\r
}
\r
+ else if(m_db->GetLastResult()!=SQLITE_OK)
\r
+ {
\r
+ std::string error="";
\r
+ m_db->GetLastError(error);
\r
+ content+="<tr><td>"+error+"</td></tr>";
\r
+ }
\r
while(!rs.AtEnd())
\r
{
\r
content+="<tr>";
\r
while(!rs.AtEnd())
\r
{
\r
content+="<tr>";
\r
@@
-38,7
+44,7
@@
const std::string ExecQueryPage::GeneratePage(const std::string &method, const s
content+="<td>";
\r
if(rs.GetField(i))
\r
{
\r
content+="<td>";
\r
if(rs.GetField(i))
\r
{
\r
- content+=
rs.GetField(i
);
\r
+ content+=
SanitizeOutput(std::string(rs.GetField(i))
);
\r
}
\r
content+="</td>";
\r
}
\r
}
\r
content+="</td>";
\r
}
\r
@@
-50,12
+56,13
@@
const std::string ExecQueryPage::GeneratePage(const std::string &method, const s
\r
content+="<h2>Execute Query</h2>";
\r
content+="<form name=\"frmquery\" method=\"POST\">";
\r
\r
content+="<h2>Execute Query</h2>";
\r
content+="<form name=\"frmquery\" method=\"POST\">";
\r
+ content+=CreateFormPassword();
\r
content+="<input type=\"hidden\" name=\"formaction\" value=\"execute\">";
\r
content+="<input type=\"hidden\" name=\"formaction\" value=\"execute\">";
\r
- content+="<textarea name=\"query\" rows=\"10\" cols=\"80\">"+S
anitizeOutput(query
)+"</textarea>";
\r
+ content+="<textarea name=\"query\" rows=\"10\" cols=\"80\">"+S
tringFunctions::Replace(query,"<","<"
)+"</textarea>";
\r
content+="<input type=\"submit\" value=\"Execute Query\">";
\r
content+="</form>";
\r
\r
content+="<input type=\"submit\" value=\"Execute Query\">";
\r
content+="</form>";
\r
\r
- return
"HTTP/1.1 200 OK\r\nContent-Type: text/html\r\n\r\n"+
StringFunctions::Replace(m_template,"[CONTENT]",content);
\r
+ return StringFunctions::Replace(m_template,"[CONTENT]",content);
\r
}
\r
\r
const bool ExecQueryPage::WillHandleURI(const std::string &uri)
\r
}
\r
\r
const bool ExecQueryPage::WillHandleURI(const std::string &uri)
\r