X-Git-Url: https://git.pterodactylus.net/?p=fms.git;a=blobdiff_plain;f=src%2Fhttp%2Fpages%2Fexecquerypage.cpp;h=97b402b60a586699f475e78c43e557b3fc462c1b;hp=8ef4c48bd9ec76a9ac6499ec81e3c39f579dd13b;hb=HEAD;hpb=3dc3ac3cfe10b7196a7977e9c041c29fa141c35e
diff --git a/src/http/pages/execquerypage.cpp b/src/http/pages/execquerypage.cpp
index 8ef4c48..97b402b 100644
--- a/src/http/pages/execquerypage.cpp
+++ b/src/http/pages/execquerypage.cpp
@@ -10,7 +10,7 @@ const std::string ExecQueryPage::GeneratePage(const std::string &method, const s
std::string content="";
std::string query="";
- if(queryvars.find("formaction")!=queryvars.end() && (*queryvars.find("formaction")).second=="execute" && queryvars.find("query")!=queryvars.end() && (*queryvars.find("query")).second!="")
+ if(queryvars.find("formaction")!=queryvars.end() && (*queryvars.find("formaction")).second=="execute" && queryvars.find("query")!=queryvars.end() && (*queryvars.find("query")).second!="" && ValidateFormPassword(queryvars))
{
query=(*queryvars.find("query")).second;
SQLite3DB::Recordset rs=m_db->Query(query);
@@ -30,6 +30,12 @@ const std::string ExecQueryPage::GeneratePage(const std::string &method, const s
}
content+="";
}
+ else if(m_db->GetLastResult()!=SQLITE_OK)
+ {
+ std::string error="";
+ m_db->GetLastError(error);
+ content+="
| "+error+" |
";
+ }
while(!rs.AtEnd())
{
content+="";
@@ -38,7 +44,7 @@ const std::string ExecQueryPage::GeneratePage(const std::string &method, const s
content+="| ";
if(rs.GetField(i))
{
- content+=rs.GetField(i);
+ content+=SanitizeOutput(std::string(rs.GetField(i)));
}
content+=" | ";
}
@@ -50,12 +56,13 @@ const std::string ExecQueryPage::GeneratePage(const std::string &method, const s
content+="Execute Query
";
content+="";
- return "HTTP/1.1 200 OK\r\nContent-Type: text/html\r\n\r\n"+StringFunctions::Replace(m_template,"[CONTENT]",content);
+ return StringFunctions::Replace(m_template,"[CONTENT]",content);
}
const bool ExecQueryPage::WillHandleURI(const std::string &uri)