s4
changeset 431:703346e6e7de
Group names should be quoted into one argument
| author | HIROSE Yuuji <yuuji@gentei.org> |
|---|---|
| date | Wed, 21 Jun 2017 09:06:26 +0859 |
| parents | ce497c515996 |
| children | 99526bd0f2d1 |
| files | s4-funcs.sh |
| diffstat | 1 files changed, 18 insertions(+), 18 deletions(-) [+] |
line diff
1.1 --- a/s4-funcs.sh Sat May 06 18:06:48 2017 +0859 1.2 +++ b/s4-funcs.sh Wed Jun 21 09:06:26 2017 +0859 1.3 @@ -359,14 +359,14 @@ 1.4 ismember() { 1.5 # $1=user, $2=group 1.6 err ismem: "select user from grp_mem where gname=$(sqlquote $2) and user='$1';" 1.7 - test -n "`query \"select user from grp_mem where gname=$(sqlquote $2) and user='$1';\"`" 1.8 + test -n "`query \"select user from grp_mem where gname=$(sqlquote \"$2\") and user='$1';\"`" 1.9 } 1.10 isuser() { # Check if $1 is a valid user 1.11 test -n "`query \"select name from user where name='$1';\"`" 1.12 } 1.13 isgroup() { # Check if $1 is a valid group 1.14 err isgroup: "select gname from grp where gname=$(sqlquote $1);" 1.15 - test -n "`query \"select gname from grp where gname=$(sqlquote $1);\"`" 1.16 + test -n "`query \"select gname from grp where gname=$(sqlquote \"$1\");\"`" 1.17 } 1.18 isgrpowner() ( 1.19 # $1=user, $2=group 1.20 @@ -389,11 +389,11 @@ 1.21 getgroupattr() { # $1=group $2=attr 1.22 # This function is called in a backquote, so needn't to be subshellized 1.23 getvalbyid grp $2 \ 1.24 - $(query "select rowid from grp where gname=`sqlquote $1`;") 1.25 + $(query "select rowid from grp where gname=`sqlquote \"$1\"`;") 1.26 } 1.27 getgroupbyid() { 1.28 # $1=id|gname 1.29 - sql="select coalesce((select gname from grp where gname=$(sqlquote $1)), 1.30 + sql="select coalesce((select gname from grp where gname=$(sqlquote \"$1\")), 1.31 (select gname from grp where rowid=$(sqlquote $1)));" 1.32 # err ggbyid: `echo $sql` 1.33 query $sql 1.34 @@ -514,7 +514,7 @@ 1.35 fi 1.36 ) 1.37 gecos() ( 1.38 - u=`sqlquote ${1:-$user}` 1.39 + u=`sqlquote "${1:-$user}"` 1.40 query "select gecos from gecoses where name=$u;" 1.41 ) 1.42 setpar() { 1.43 @@ -615,7 +615,7 @@ 1.44 esac) 1.45 } 1.46 getparquote() { 1.47 - sqlquote `getpar $1` 1.48 + sqlquote "`getpar $1`" 1.49 } 1.50 getbinbyid() { 1.51 # $1=tbl $2=col $3=rowid $4=tmpdirForBinary 1.52 @@ -1350,7 +1350,7 @@ 1.53 } 1.54 groupupdate() { 1.55 gname=`getpar gname` 1.56 - qgname=`sqlquote $gname` 1.57 + qgname=`sqlquote "$gname"` 1.58 if [ -n "$gname" ]; then 1.59 # See ALSO same job in showgroup() 1.60 newgname=`group_safename "$gname"` 1.61 @@ -1364,7 +1364,7 @@ 1.62 # Name confliction check 1.63 parow=`getpar rowid` 1.64 ## err parow=$parow 1.65 - qgname=`sqlquote $gname` # Set again in case gname modified 1.66 + qgname=`sqlquote "$gname"` # Set again in case gname modified 1.67 query "BEGIN EXCLUSIVE;" 1.68 ## err "select count(gname) from grp where rowid != ${parow:-0} and gname = $qgname;" 1.69 count=$(query "select count(gname) from grp where rowid != ${parow:-0} and gname = $qgname;") 1.70 @@ -2091,8 +2091,8 @@ 1.71 grid=$1 1.72 fi 1.73 grp=`getgroupbyid $grid` 1.74 - qgrp=`sqlquote $grp` 1.75 -## err showgroup2: grp=$grp qgrp="[$(sqlquote $grp)]" 1.76 + qgrp=`sqlquote "$grp"` 1.77 + ## err showgroup2: grid=$grid grp=$grp qgrp="[$qgrp]" 1.78 if isgroup "$grp"; then 1.79 tf=$tmpd/title.$$ 1.80 sf=$tmpd/search.$$ 1.81 @@ -2100,7 +2100,7 @@ 1.82 WHERE gname=$qgrp AND key='regmode';"` 1.83 if ismember "$user" "$grp"; then 1.84 ismember="ismember" 1.85 - qgrp=`sqlquote $grp` 1.86 + qgrp=`sqlquote "$grp"` 1.87 bodyclass="$bodyclass${bodyclass:+ }ismember" 1.88 else 1.89 ismember="" # bodyclass="group" 1.90 @@ -2126,7 +2126,7 @@ 1.91 # Using $ismember 1.92 rowid=$2 1.93 grp=`getgroupbyid $2` 1.94 - qgrp=`sqlquote $grp` 1.95 + qgrp=`sqlquote "$grp"` 1.96 td=`getcachedir grp/"$2"` 1.97 #rowid=`sq $db "select rowid from grp where gname=$qgrp"` 1.98 if [ -z "$rowid" ]; then 1.99 @@ -2739,7 +2739,7 @@ 1.100 echo "無効な指定です($1)。" | html p 1.101 return ;; 1.102 esac 1.103 - gid=$(query "select rowid from grp where gname=`sqlquote $t_grp`;") 1.104 + gid=$(query "select rowid from grp where gname=`sqlquote \"$t_grp\"`;") 1.105 rcpts="`getgroupadminmails $t_grp` $user" 1.106 ## err admit: msgdir=$msgdir, rcpts="["$rcpts"]" 1.107 body="グループ <a href=\"?grp+$gid\">$t_grp</a> 1.108 @@ -2756,8 +2756,8 @@ 1.109 # $1=group $2=user $3=yes/no $4=email(if any $5=AsAdmin) 1.110 jss="joingrp-`date +%s`-`genrandom 12`" 1.111 addsession $jss +${memoplimitdays}days 1.112 - query "replace into par values('$jss', 'group', 'string', `sqlquote $1`), 1.113 -('$jss', 'user', 'string', `sqlquote $user`);" 1.114 + query "replace into par values('$jss', 'group', 'string', `sqlquote \"$1\"`), 1.115 +('$jss', 'user', 'string', `sqlquote \"$user\"`);" 1.116 smail "$(collectemail `getgroupadmins $1`)" "Join request to $1"<<EOF 1.117 $url 1.118 $user さんから 1.119 @@ -2804,7 +2804,7 @@ 1.120 ;; 1.121 esac 1.122 fi 1.123 - qgname=`sqlquote $1` 1.124 + qgname=`sqlquote "$1"` 1.125 grid=`query "SELECT rowid FROM grp WHERE gname=$qgname;"` 1.126 cond="where gname=$qgname and user='$2'" 1.127 if [ x"$3" = x"yes" ]; then 1.128 @@ -2908,7 +2908,7 @@ 1.129 if [ -z "$newadm" ]; then 1.130 echo "指定ユーザIDがおかしいようです。" | html p; return 1.131 fi 1.132 - err GRP_reg_adm: "replace into grp_adm values(`sqlquote $grp`, '$newadm');" 1.133 + err GRP_reg_adm: "replace into grp_adm values(`sqlquote \"$grp\"`, '$newadm');" 1.134 err ismember $newadm $grp 1.135 if ismember $newadm $grp; then 1.136 # OK, go ahead 1.137 @@ -3565,7 +3565,7 @@ 1.138 fi 1.139 cond="" 1.140 for pk in `gettblpkey $tbl`; do 1.141 - pv=$(sqlquote $(getpar $pk)) 1.142 + pv=$(sqlquote "$(getpar $pk)") 1.143 cond="$cond${cond:+ and }$pk=$pv" 1.144 done 1.145 sql="select rowid from $tbl where $cond;"