Mercurial > hgrepos > hgweb.cgi > s4
changeset 431:703346e6e7de
Group names should be quoted into one argument
author | HIROSE Yuuji <yuuji@gentei.org> |
---|---|
date | Wed, 21 Jun 2017 09:06:26 +0859 |
parents | ce497c515996 |
children | 99526bd0f2d1 |
files | s4-funcs.sh |
diffstat | 1 files changed, 18 insertions(+), 18 deletions(-) [+] |
line wrap: on
line diff
--- a/s4-funcs.sh Sat May 06 18:06:48 2017 +0859 +++ b/s4-funcs.sh Wed Jun 21 09:06:26 2017 +0859 @@ -359,14 +359,14 @@ ismember() { # $1=user, $2=group err ismem: "select user from grp_mem where gname=$(sqlquote $2) and user='$1';" - test -n "`query \"select user from grp_mem where gname=$(sqlquote $2) and user='$1';\"`" + test -n "`query \"select user from grp_mem where gname=$(sqlquote \"$2\") and user='$1';\"`" } isuser() { # Check if $1 is a valid user test -n "`query \"select name from user where name='$1';\"`" } isgroup() { # Check if $1 is a valid group err isgroup: "select gname from grp where gname=$(sqlquote $1);" - test -n "`query \"select gname from grp where gname=$(sqlquote $1);\"`" + test -n "`query \"select gname from grp where gname=$(sqlquote \"$1\");\"`" } isgrpowner() ( # $1=user, $2=group @@ -389,11 +389,11 @@ getgroupattr() { # $1=group $2=attr # This function is called in a backquote, so needn't to be subshellized getvalbyid grp $2 \ - $(query "select rowid from grp where gname=`sqlquote $1`;") + $(query "select rowid from grp where gname=`sqlquote \"$1\"`;") } getgroupbyid() { # $1=id|gname - sql="select coalesce((select gname from grp where gname=$(sqlquote $1)), + sql="select coalesce((select gname from grp where gname=$(sqlquote \"$1\")), (select gname from grp where rowid=$(sqlquote $1)));" # err ggbyid: `echo $sql` query $sql @@ -514,7 +514,7 @@ fi ) gecos() ( - u=`sqlquote ${1:-$user}` + u=`sqlquote "${1:-$user}"` query "select gecos from gecoses where name=$u;" ) setpar() { @@ -615,7 +615,7 @@ esac) } getparquote() { - sqlquote `getpar $1` + sqlquote "`getpar $1`" } getbinbyid() { # $1=tbl $2=col $3=rowid $4=tmpdirForBinary @@ -1350,7 +1350,7 @@ } groupupdate() { gname=`getpar gname` - qgname=`sqlquote $gname` + qgname=`sqlquote "$gname"` if [ -n "$gname" ]; then # See ALSO same job in showgroup() newgname=`group_safename "$gname"` @@ -1364,7 +1364,7 @@ # Name confliction check parow=`getpar rowid` ## err parow=$parow - qgname=`sqlquote $gname` # Set again in case gname modified + qgname=`sqlquote "$gname"` # Set again in case gname modified query "BEGIN EXCLUSIVE;" ## err "select count(gname) from grp where rowid != ${parow:-0} and gname = $qgname;" count=$(query "select count(gname) from grp where rowid != ${parow:-0} and gname = $qgname;") @@ -2091,8 +2091,8 @@ grid=$1 fi grp=`getgroupbyid $grid` - qgrp=`sqlquote $grp` -## err showgroup2: grp=$grp qgrp="[$(sqlquote $grp)]" + qgrp=`sqlquote "$grp"` + ## err showgroup2: grid=$grid grp=$grp qgrp="[$qgrp]" if isgroup "$grp"; then tf=$tmpd/title.$$ sf=$tmpd/search.$$ @@ -2100,7 +2100,7 @@ WHERE gname=$qgrp AND key='regmode';"` if ismember "$user" "$grp"; then ismember="ismember" - qgrp=`sqlquote $grp` + qgrp=`sqlquote "$grp"` bodyclass="$bodyclass${bodyclass:+ }ismember" else ismember="" # bodyclass="group" @@ -2126,7 +2126,7 @@ # Using $ismember rowid=$2 grp=`getgroupbyid $2` - qgrp=`sqlquote $grp` + qgrp=`sqlquote "$grp"` td=`getcachedir grp/"$2"` #rowid=`sq $db "select rowid from grp where gname=$qgrp"` if [ -z "$rowid" ]; then @@ -2739,7 +2739,7 @@ echo "無効な指定です($1)。" | html p return ;; esac - gid=$(query "select rowid from grp where gname=`sqlquote $t_grp`;") + gid=$(query "select rowid from grp where gname=`sqlquote \"$t_grp\"`;") rcpts="`getgroupadminmails $t_grp` $user" ## err admit: msgdir=$msgdir, rcpts="["$rcpts"]" body="グループ <a href=\"?grp+$gid\">$t_grp</a> @@ -2756,8 +2756,8 @@ # $1=group $2=user $3=yes/no $4=email(if any $5=AsAdmin) jss="joingrp-`date +%s`-`genrandom 12`" addsession $jss +${memoplimitdays}days - query "replace into par values('$jss', 'group', 'string', `sqlquote $1`), -('$jss', 'user', 'string', `sqlquote $user`);" + query "replace into par values('$jss', 'group', 'string', `sqlquote \"$1\"`), +('$jss', 'user', 'string', `sqlquote \"$user\"`);" smail "$(collectemail `getgroupadmins $1`)" "Join request to $1"<<EOF $url $user さんから @@ -2804,7 +2804,7 @@ ;; esac fi - qgname=`sqlquote $1` + qgname=`sqlquote "$1"` grid=`query "SELECT rowid FROM grp WHERE gname=$qgname;"` cond="where gname=$qgname and user='$2'" if [ x"$3" = x"yes" ]; then @@ -2908,7 +2908,7 @@ if [ -z "$newadm" ]; then echo "指定ユーザIDがおかしいようです。" | html p; return fi - err GRP_reg_adm: "replace into grp_adm values(`sqlquote $grp`, '$newadm');" + err GRP_reg_adm: "replace into grp_adm values(`sqlquote \"$grp\"`, '$newadm');" err ismember $newadm $grp if ismember $newadm $grp; then # OK, go ahead @@ -3565,7 +3565,7 @@ fi cond="" for pk in `gettblpkey $tbl`; do - pv=$(sqlquote $(getpar $pk)) + pv=$(sqlquote "$(getpar $pk)") cond="$cond${cond:+ and }$pk=$pv" done sql="select rowid from $tbl where $cond;"