s4
changeset 466:929a925f10d8
Group name used at the following query should be quoted.
author | HIROSE Yuuji <yuuji@gentei.org> |
---|---|
date | Tue, 22 Aug 2017 08:51:06 +0859 |
parents | 4c6a3bacfec3 |
children | 598f00f1b995 |
files | s4-blog.sh |
diffstat | 1 files changed, 2 insertions(+), 1 deletions(-) [+] |
line diff
1.1 --- a/s4-blog.sh Tue Aug 22 08:20:02 2017 +0859 1.2 +++ b/s4-blog.sh Tue Aug 22 08:51:06 2017 +0859 1.3 @@ -963,6 +963,7 @@ 1.4 fi 1.5 title=`getvalbyid blog title $rowid` 1.6 owner=`getvalbyid blog owner $rowid` 1.7 + qowner=`sqlquotestr "$owner"` 1.8 if [ -z "$title" ]; then 1.9 echo "日記番号指定が無効です。" | html p 1.10 return 1.11 @@ -981,7 +982,7 @@ 1.12 if isuser "$owner"; then 1.13 subtitle="`gecos $owner` さんの話題" 1.14 else 1.15 - grprowid=`query "select rowid from grp where gname=\"$owner\";"` 1.16 + grprowid=`query "select rowid from grp where gname=$qowner;"` 1.17 subtitle="グループ 1.18 <a href=\"?grp+$grprowid\" accesskey=\"h\" title=\"H\">$owner</a> での話題 1.19 `query \"SELECT printf('(チーム:%s)', val)\