Changeset 28899 for main/trunk/greenstone2/runtime-src/src/recpt/sqlqueryaction.cpp

Timestamp:

2014-03-14T22:46:25+13:00 (10 years ago)

Author:

ak19

Message:

Third commit for security, for ensuring cgiargs macros are websafe. This time all the changes to the runtime action classes.

File:

• main/trunk/greenstone2/runtime-src/src/recpt/sqlqueryaction.cpp (modified) (1 diff)

main/trunk/greenstone2/runtime-src/src/recpt/sqlqueryaction.cpp

@@ -270 +270 @@
   if (args["qt"]=="0" && args["sqlqto"] != "1") { // normal text search
     unsafe_cgi_arg("ALL", args["q"]);
-    formattedstring = "SELECT DISTINCT docOID FROM document_metadata WHERE " + args["q"];    
+    formattedstring = "SELECT DISTINCT docOID FROM document_metadata WHERE " + encodeForSQL(args["q"]);    
   }
   else if (args["qt"]=="1" || args["sqlqto"]=="1"){ // form search