Mercurial > hgrepos > hgweb.cgi > s4
changeset 829:87f72984f3aa
Make it double sure to quote user string
author | HIROSE Yuuji <yuuji@gentei.org> |
---|---|
date | Sun, 21 Jun 2020 17:41:10 +0900 |
parents | 476a70f667cf |
children | 0f947210a094 |
files | s4-funcs.sh |
diffstat | 1 files changed, 3 insertions(+), 3 deletions(-) [+] |
line wrap: on
line diff
--- a/s4-funcs.sh Sun Jun 21 16:44:11 2020 +0900 +++ b/s4-funcs.sh Sun Jun 21 17:41:10 2020 +0900 @@ -2449,10 +2449,10 @@ if [ -n "$2" ]; then kwd=`echo $2 | tr -d '";\n' | tr -d "'"` case "$kwd" in - mem:*) + mem:*@*) byuser=${kwd#*mem:} - cond1="(a.gname IN (SELECT gname FROM grp_mem WHERE user='$byuser'))" - err cond1=$cond1 + qusr=`sqlquote "$ustr"` + cond1="(a.gname IN (SELECT gname FROM grp_mem WHERE user=$qusr))" ;; esac if [ x"$1" = x"group" ]; then