Mercurial > hgrepos > hgweb.cgi > s4
changeset 466:929a925f10d8
Group name used at the following query should be quoted.
author | HIROSE Yuuji <yuuji@gentei.org> |
---|---|
date | Tue, 22 Aug 2017 08:51:06 +0859 |
parents | 4c6a3bacfec3 |
children | 598f00f1b995 |
files | s4-blog.sh |
diffstat | 1 files changed, 2 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/s4-blog.sh Tue Aug 22 08:20:02 2017 +0859 +++ b/s4-blog.sh Tue Aug 22 08:51:06 2017 +0859 @@ -963,6 +963,7 @@ fi title=`getvalbyid blog title $rowid` owner=`getvalbyid blog owner $rowid` + qowner=`sqlquotestr "$owner"` if [ -z "$title" ]; then echo "日記番号指定が無効です。" | html p return @@ -981,7 +982,7 @@ if isuser "$owner"; then subtitle="`gecos $owner` さんの話題" else - grprowid=`query "select rowid from grp where gname=\"$owner\";"` + grprowid=`query "select rowid from grp where gname=$qowner;"` subtitle="グループ <a href=\"?grp+$grprowid\" accesskey=\"h\" title=\"H\">$owner</a> での話題 `query \"SELECT printf('(チーム:%s)', val)\