From df855843524050c97304fdc3efb0f1e3eb290526 Mon Sep 17 00:00:00 2001 From: hummypkg Date: Thu, 1 Sep 2011 22:20:53 +0000 Subject: [PATCH] fix sql queries to use escaped parameters git-svn-id: file:///root/webif/svn/humax/pkg/src/webif/trunk@339 2a923420-c742-0410-a762-8d5b09965624 --- CONTROL/control | 2 +- var/mongoose/lib/epg.class | 2 +- var/mongoose/lib/rsv.class | 8 ++++---- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/CONTROL/control b/CONTROL/control index b97f7e5..4e9d6b5 100644 --- a/CONTROL/control +++ b/CONTROL/control @@ -1,7 +1,7 @@ Package: webif Priority: optional Section: web -Version: 0.6.6 +Version: 0.6.6-1 Architecture: mipsel Maintainer: af123@hummypkg.org.uk Depends: mongoose(>=3.0-2),jim(>=0.71-1),jim-sqlite3(>=0.71-1),jim-cgi(>=0.4),jim-oo,jim-pack,service-control,busybox(>=1.18.3-1),lsof,epg(>=1.0.3),hmt(>=1.0.6),ssmtp diff --git a/var/mongoose/lib/epg.class b/var/mongoose/lib/epg.class index 99e582b..2ccdf71 100644 --- a/var/mongoose/lib/epg.class +++ b/var/mongoose/lib/epg.class @@ -136,7 +136,7 @@ epg method get_channel_info {} { set chan [lindex [$channeldb query { select szSvcName, usLcn, aucDefaultAuthority, hsvc from TBL_SVC - where usSvcId = %s} $service_id + where usSvcId = '%s'} $service_id ] 0] if {[dict exists $chan usLcn]} { set channel_num $chan(usLcn) diff --git a/var/mongoose/lib/rsv.class b/var/mongoose/lib/rsv.class index 7e6bf6f..ad4ed95 100755 --- a/var/mongoose/lib/rsv.class +++ b/var/mongoose/lib/rsv.class @@ -119,13 +119,13 @@ rsv method remove_pending {} { rsv method fix_hsvc {} { global rsvdb - set _hsvc [$rsvdb query " + set _hsvc [$rsvdb query { select hSvc from channel.TBL_SVC - where szSvcName = '$szSvcName' - or szSvcname = '\025$szSvcName' + where szSvcName = '%s' + or szSvcname = '\025%s' limit 1 - "] + } $szSvcName $szSvcName] if {[llength $_hsvc] == 1} { set hsvc [lindex [lindex $_hsvc 0] 1]