s4
changeset 829:87f72984f3aa
Make it double sure to quote user string
author | HIROSE Yuuji <yuuji@gentei.org> |
---|---|
date | Sun, 21 Jun 2020 17:41:10 +0900 |
parents | 476a70f667cf |
children | 0f947210a094 |
files | s4-funcs.sh |
diffstat | 1 files changed, 3 insertions(+), 3 deletions(-) [+] |
line diff
1.1 --- a/s4-funcs.sh Sun Jun 21 16:44:11 2020 +0900 1.2 +++ b/s4-funcs.sh Sun Jun 21 17:41:10 2020 +0900 1.3 @@ -2449,10 +2449,10 @@ 1.4 if [ -n "$2" ]; then 1.5 kwd=`echo $2 | tr -d '";\n' | tr -d "'"` 1.6 case "$kwd" in 1.7 - mem:*) 1.8 + mem:*@*) 1.9 byuser=${kwd#*mem:} 1.10 - cond1="(a.gname IN (SELECT gname FROM grp_mem WHERE user='$byuser'))" 1.11 - err cond1=$cond1 1.12 + qusr=`sqlquote "$ustr"` 1.13 + cond1="(a.gname IN (SELECT gname FROM grp_mem WHERE user=$qusr))" 1.14 ;; 1.15 esac 1.16 if [ x"$1" = x"group" ]; then