s4
changeset 179:479b57681014
Subshellize acclog() and sanitize rowid
| author | HIROSE Yuuji <yuuji@gentei.org> |
|---|---|
| date | Sat, 20 Feb 2016 10:03:59 +0859 |
| parents | ed2915aa2826 |
| children | 59bd085848ec |
| files | s4-funcs.sh |
| diffstat | 1 files changed, 6 insertions(+), 5 deletions(-) [+] |
line diff
1.1 --- a/s4-funcs.sh Sat Feb 20 09:13:33 2016 +0859 1.2 +++ b/s4-funcs.sh Sat Feb 20 10:03:59 2016 +0859 1.3 @@ -420,14 +420,15 @@ 1.4 fi 1.5 echo "\">`gecos $1`</a>" 1.6 } 1.7 -acclog() { 1.8 +acclog() ( 1.9 # $1=table, $2=rowid 1.10 - if [ -n "$2" ]; then 1.11 + n=${2%%[!0-9]*} # Remove non-digit chars from $2(should be rowid) 1.12 + if [ -n "$n" ]; then 1.13 now=`date +"%F %T"` 1.14 - query "replace into acclog values('$user', '$1', '$2', '$now');" 1.15 - #query "replace into acclog values('$user', '$1', $2, '$now');" 1.16 + #query "replace into acclog values('$user', '$1', '$n', '$now');" 1.17 + query "replace into acclog values('$user', '$1', $n, '$now');" 1.18 fi 1.19 -} 1.20 +) 1.21 gecos() ( 1.22 u=`sqlquote ${1:-$user}` 1.23 #gecos=`query "select val from user_s where name='$u' and key='gecos';"`