Commit 510d025a authored by jan.koester's avatar jan.koester
Browse files

test

parent 718cca01
Loading
Loading
Loading
Loading
+16 −13
Original line number Diff line number Diff line
@@ -60,11 +60,12 @@ namespace blogi {
            char url[512];
            blogi::SQL sql;
            blogi::DBResult res;
            std::vector<char> sbuf;

            int ncount=0;

            if (tag) {
                sql = "SELECT id FROM tags where name='"; sql.escaped(tag) << "' LIMIT 1";
                sql << "SELECT id FROM tags where name='" << SQL::escaped(sbuf,tag) << "' LIMIT 1";
                if(Args->database[tid]->exec(&sql,res)<1){
                    excep[libhttppp::HTTPException::Critical] << "no tag data found for this name!";
                    throw excep;
@@ -220,6 +221,7 @@ namespace blogi {

        void addPostPage(const int tid,libhttppp::HttpRequest *curreq,libhtmlpp::HtmlElement &page,const char *sessionid){
            char url[512];
            std::vector<char> sbuf;

            if(!Args->auth->isLoggedIn(tid,curreq,sessionid)){
                libhttppp::HTTPException exp;
@@ -282,10 +284,10 @@ namespace blogi {
                    localtime_r(&t,&time);
                    asctime_r(&time,ttmp);

                    sql << "INSERT INTO content (title,descrition,text,author,created) VALUES ('";
                    sql.escaped(title.c_str()) << "','";
                    sql.escaped(descrition.c_str()) <<"','";
                    sql.escaped(text.c_str()) <<"','"<< author <<"','" << ttmp << "') RETURNING id;";
                    sql << "INSERT INTO content (title,descrition,text,author,created) VALUES ('" <<
                    SQL::escaped(sbuf,title.c_str()) << "','" <<
                    SQL::escaped(sbuf,descrition.c_str()) <<"','" <<
                    SQL::escaped(sbuf,text.c_str()) <<"','"<< author <<"','" << ttmp << "') RETURNING id;";

                    try {
                        Args->database[tid]->exec(&sql,res);
@@ -312,11 +314,11 @@ namespace blogi {
                                }

                                sql = "select id,name from tags where name='";
                                sql.escaped(tag.c_str()) << "' LIMIT 1;";
                                sql << SQL::escaped(sbuf,tag.c_str()) << "' LIMIT 1;";

                                if (Args->database[tid]->exec(&sql,res) != 1) {
                                    sql = "insert into tags (name) VALUES ('";
                                    sql.escaped(tag.c_str()) <<"');";
                                    sql << SQL::escaped(sbuf,tag.c_str()) <<"');";
                                    Args->database[tid]->exec(&sql,res);
                                    ++tries;
                                    goto TAGNAMECHECK;
@@ -473,6 +475,7 @@ namespace blogi {

            blogi::SQL sql;
            blogi::DBResult res;
            std::vector<char> sbuf;

            libhttppp::HttpForm curform;
            curform.parse(curreq);
@@ -504,10 +507,10 @@ namespace blogi {

                if (!text.empty() && !title.empty() && !descrition.empty()) {
                    blogi::SQL sqltext;
                    sqltext << "UPDATE content SET title='";
                    sqltext.escaped(title.c_str()) << "',descrition='";
                    sqltext.escaped(descrition.c_str()) << "',text='";
                    sqltext.escaped(text.c_str())  << "' where id='" << cid << "';";
                    sqltext << "UPDATE content SET title='" <<
                    SQL::escaped(sbuf,title.c_str()) << "',descrition='" <<
                    SQL::escaped(sbuf,descrition.c_str()) << "',text='" <<
                    SQL::escaped(sbuf,text.c_str())  << "' where id='" << cid << "';";

                    blogi::DBResult textres;

@@ -541,7 +544,7 @@ namespace blogi {
                                    throw excep;
                                }
                                sql="select id,name from tags where name='";
                                sql.escaped(tag.c_str()) << "' LIMIT 1;";
                                sql << SQL::escaped(sbuf,tag.c_str()) << "' LIMIT 1;";

                                int tamount;

@@ -552,7 +555,7 @@ namespace blogi {

                                if (tamount != 1) {
                                    sql="insert into tags (name) VALUES ('";
                                    sql.escaped(tag.c_str()) << "');";
                                    sql << SQL::escaped(sbuf,tag.c_str()) << "');";
                                    Args->database[tid]->exec(&sql,res);
                                    ++tries;
                                    goto TAGNAMECHECK;
+13 −8
Original line number Diff line number Diff line
@@ -68,6 +68,7 @@ namespace blogi {
            std::string albumname;
            blogi::SQL sql,sql2;
            blogi::DBResult res,res2;
            std::vector<char> sbuf;

            sql << "select id,username from users";

@@ -88,7 +89,7 @@ namespace blogi {
                char ttmp[26];
                localtime_r(&t,&time);
                asctime_r(&time,ttmp);
                sql2 << "INSERT INTO media_albums (name,owner,created) VALUES ('"; sql2.escaped(albumname.c_str()) << "','" << id << "','" << ttmp<< "')";
                sql2 << "INSERT INTO media_albums (name,owner,created) VALUES ('"<< SQL::escaped(sbuf,albumname.c_str()) << "','" << id << "','" << ttmp<< "')";
                Args->database[tid]->exec(&sql2,res2);
            }

@@ -124,9 +125,10 @@ namespace blogi {

            blogi::SQL sql;
            blogi::DBResult res;
            std::vector<char> sbuf;

            if(!name.empty()){
                sql << "UPDATE media_albums set name='"; sql.escaped(name.c_str()) <<"' WHERE id='" << id << "'";
                sql << "UPDATE media_albums set name='" << SQL::escaped(sbuf,name.c_str()) <<"' WHERE id='" << id << "'";
                Args->database[tid]->exec(&sql,res);
                sql.clear();
            }
@@ -197,8 +199,9 @@ namespace blogi {

                blogi::SQL sql;
                blogi::DBResult res;
                std::vector<char> sbuf;

                sql << "SELECT id FROM media_type where ext='"; sql.escaped(ext.c_str()) <<"' LIMIT 1";
                sql << "SELECT id FROM media_type where ext='" << sql.escaped(sbuf,ext.c_str()) <<"' LIMIT 1";

                int n = Args->database[tid]->exec(&sql,res);

@@ -217,7 +220,7 @@ namespace blogi {
                          std::inserter<std::string>(pname,pname.begin()));


                sql << "INSERT INTO media_items (album_id,name) VALUES('" << id << "','"; sql.escaped(pname.c_str()) << "') RETURNING id";
                sql << "INSERT INTO media_items (album_id,name) VALUES('" << id << "','" << sql.escaped(sbuf,pname.c_str()) << "') RETURNING id";

                Args->database[tid]->exec(&sql,res);
                sql.clear();
@@ -360,8 +363,9 @@ namespace blogi {
            if(mtype>=0 && !mfext.empty() && !mctype.empty()){
                blogi::SQL sql;
                blogi::DBResult res;
                std::vector<char> sbuf;

                sql << "INSERT INTO media_type (type,ext,ctype) VALUES ('" << mtype <<"','"; sql.escaped(mfext.c_str()) << "','";  sql.escaped(mctype.c_str()) << "')";
                sql << "INSERT INTO media_type (type,ext,ctype) VALUES ('" << mtype <<"','"<< sql.escaped(sbuf,mfext.c_str()) << "','" <<  sql.escaped(sbuf,mctype.c_str()) << "')";

                Args->database[tid]->exec(&sql,res);
            }
@@ -393,7 +397,7 @@ namespace blogi {
                   <<"</form></tr></table></div>";
        }

        void Settings(const int tid,libhttppp::HttpRequest * req, libhtmlpp::HtmlString & setdiv){
        void Settings(const int tid,libhttppp::HttpRequest * req, libhtmlpp::HtmlString & setdiv,const char *sessionid){
            char url[512];

            std::string suburl;
@@ -518,9 +522,10 @@ namespace blogi {

                blogi::SQL sql;
                blogi::DBResult res;
                std::vector<char> sbuf;

                sql << "SELECT media_type.ctype FROM media_items_files LEFT JOIN media_type ON media_items_files.media_Type_id=media_type.id WHERE media_items_files.redis_uuid='";
                sql.escaped(suuid.data()) <<"'";
                sql << "SELECT media_type.ctype FROM media_items_files LEFT JOIN media_type ON media_items_files.media_Type_id=media_type.id WHERE media_items_files.redis_uuid='"
                    << SQL::escaped(sbuf,suuid.data()) <<"'";

                int n = Args->database[tid]->exec(&sql,res);

+14 −7
Original line number Diff line number Diff line
@@ -177,6 +177,7 @@ namespace blogi {
            int navid=-1,rem_itemid=-1;
            blogi::SQL sql;
            blogi::DBResult res;
            std::vector<char> sbuf;

            std::string navname,container_id,newitem_name,newitem_url,newitem_type;

@@ -213,7 +214,8 @@ namespace blogi {
                sscanf(key,"navitem_name_%d",&iid);
                blogi::SQL sql2;
                blogi::DBResult res2;
                sql2 << "UPDATE navbar_items SET name='"; sql2.escaped(value) << "' WHERE navbar_id='" << navid << "' AND id='" << iid << "'";
                std::vector<char> sbuf;
                sql2 << "UPDATE navbar_items SET name='"<< sql2.escaped(sbuf,value) << "' WHERE navbar_id='" << navid << "' AND id='" << iid << "'";
                Args->database[tid]->exec(&sql2,res2);
                sql2.clear();
            };
@@ -223,7 +225,8 @@ namespace blogi {
                sscanf(key,"navitem_url_%d",&iid);
                blogi::SQL sql2;
                blogi::DBResult res2;
                sql2 << "UPDATE navbar_items SET url='"; sql2.escaped(value) << "' WHERE navbar_id='" << navid << "' AND id='" << iid << "'";
                std::vector<char> sbuf;
                sql2 << "UPDATE navbar_items SET url='"<< sql2.escaped(sbuf,value) << "' WHERE navbar_id='" << navid << "' AND id='" << iid << "'";
                Args->database[tid]->exec(&sql2,res2);
                sql2.clear();

@@ -234,7 +237,8 @@ namespace blogi {
                sscanf(key,"navitem_type_%d",&iid);
                blogi::SQL sql2;
                blogi::DBResult res2;
                sql2 << "UPDATE navbar_items SET type='"; sql2.escaped(value) << "' WHERE navbar_id='" << navid << "' AND id='" << iid << "'";
                std::vector<char> sbuf;
                sql2 << "UPDATE navbar_items SET type='" << sql2.escaped(sbuf,value) << "' WHERE navbar_id='" << navid << "' AND id='" << iid << "'";
                Args->database[tid]->exec(&sql2,res2);
                sql2.clear();

@@ -256,20 +260,22 @@ namespace blogi {
            }

            if(!navname.empty()){
                sql << "UPDATE navbar SET name='"; sql.escaped(navname.c_str()) << "' WHERE id='" << navid << "'";
                sql << "UPDATE navbar SET name='" << sql.escaped(sbuf,navname.c_str()) << "' WHERE id='" << navid << "'";
                Args->database[tid]->exec(&sql,res);
                sql.clear();
            }

            if(!container_id.empty()){
                sql << "UPDATE navbar SET container_id='"; sql.escaped(container_id.c_str()) << "' WHERE id='" << navid << "'";
                sql << "UPDATE navbar SET container_id='" << sql.escaped(sbuf,container_id.c_str()) << "' WHERE id='" << navid << "'";
                Args->database[tid]->exec(&sql,res);
                sql.clear();
            }


            if(!newitem_name.empty() && !newitem_url.empty() && !newitem_type.empty()){
                sql << "INSERT INTO navbar_items (name,url,navbar_id,type) VALUES('"; sql.escaped(newitem_name.c_str()) << "','"; sql.escaped(newitem_url.c_str()) << "','" << navid << "'," << newitem_type.c_str() <<")";
                sql << "INSERT INTO navbar_items (name,url,navbar_id,type) VALUES('"
                    << sql.escaped(sbuf,newitem_name.c_str()) << "','" << sql.escaped(sbuf,newitem_url.c_str())
                    << "','" << navid << "'," << newitem_type.c_str() <<")";
                Args->database[tid]->exec(&sql,res);
                sql.clear();
            }
@@ -333,8 +339,9 @@ namespace blogi {
            if(!navname.empty() && !navcontainer.empty()){
                blogi::SQL sql;
                blogi::DBResult res;
                std::vector<char> sbuf;

                sql << "INSERT INTO navbar (name,container_id) VALUES ('"; sql.escaped(navname.c_str()) <<"','";  sql.escaped(navcontainer.c_str()) << "')";
                sql << "INSERT INTO navbar (name,container_id) VALUES ('" << sql.escaped(sbuf,navname.c_str()) <<"','" <<  sql.escaped(sbuf,navcontainer.c_str()) << "')";

                Args->database[tid]->exec(&sql,res);

+10 −6
Original line number Diff line number Diff line
@@ -118,6 +118,7 @@ void blogi::StaticPage::newPage(const int tid,libhttppp::HttpRequest* req, libht
    char url[512];
    blogi::SQL sql;
    blogi::DBResult res;
    std::vector<char> sbuf;

    libhttppp::HttpForm form;
    form.parse(req);
@@ -151,10 +152,10 @@ void blogi::StaticPage::newPage(const int tid,libhttppp::HttpRequest* req, libht
    }catch(...){};

    if(!surl.empty() && ( !text.empty() && text.validate(&err) ) ){
        sql << "INSERT INTO static_content (url,meta,text) VALUES('";
        sql.escaped(surl.c_str()) << "','";
        sql.escaped(meta.c_str()) << "','";
        sql.escaped(text.c_str()) <<"');";
        sql << "INSERT INTO static_content (url,meta,text) VALUES('"
            << sql.escaped(sbuf,surl.c_str()) << "','"
            << sql.escaped(sbuf,meta.c_str()) << "','"
            << sql.escaped(sbuf,text.c_str()) <<"');";
        Args->database[tid]->exec(&sql,res);
        sql.clear();
        setdiv << "<div id=\"staticsettings\"><span>Added succesfully! </span></div>";
@@ -186,6 +187,7 @@ void blogi::StaticPage::delPage(const int tid,libhttppp::HttpRequest* req, libht
    int id=-1;
    blogi::SQL sql;
    blogi::DBResult res;

    bool confirmed=false;

    libhttppp::HttpForm form;
@@ -224,6 +226,7 @@ void blogi::StaticPage::editPage(const int tid,libhttppp::HttpRequest* req, libh
    int id=-1;
    blogi::SQL sql;
    blogi::DBResult res;
    std::vector<char> sbuf;

    libhttppp::HttpForm form;
    form.parse(req);
@@ -271,7 +274,7 @@ void blogi::StaticPage::editPage(const int tid,libhttppp::HttpRequest* req, libh
                        libhtmlpp::HtmlEncode(data.data(),&result);
                        sql<< "update static_content set meta='" << result.c_str() << "' where id='" << id <<"'; ";
                    }else if(strcmp(curctdisp->getValue(),"text")==0){
                        sql<< "update static_content set text='"; sql.escaped(data.data()) << "' where id='" << id <<"'; ";
                        sql<< "update static_content set text='"<< sql.escaped(sbuf,data.data()) << "' where id='" << id <<"'; ";
                    }
                }
            }
@@ -351,8 +354,9 @@ bool blogi::StaticPage::Controller(const int tid,libhttppp::HttpRequest *req,lib

        blogi::SQL sql;
        blogi::DBResult res;
        std::vector<char> sbuf;

        sql << "select url,text,meta from static_content where url='"; sql.escaped(surl.c_str()) << "' LIMIT 1";
        sql << "select url,text,meta from static_content where url='" << sql.escaped(sbuf,surl.c_str()) << "' LIMIT 1";

        if (Args->database[tid]->exec(&sql,res)<1) {
            excep[libhttppp::HTTPException::Error] << "Staticpage with this url not found!";
+6 −3
Original line number Diff line number Diff line
@@ -74,7 +74,10 @@ bool blogi::Auth::login(const int tid,const char* username, const char* password
bool blogi::Auth::locallogin(const int tid,const char* username, const char* password, const char *ssid){
    blogi::SQL sql;
    blogi::DBResult res;
    sql = "SELECT sid,id,username FROM users WHERE username='"; sql.escaped(username) << "' LIMIT 1;";

    std::vector<char> sbuf;

    sql << "SELECT sid,id,username FROM users WHERE username='" << SQL::escaped(sbuf,username) << "' LIMIT 1;";
    return false;
}

@@ -210,8 +213,8 @@ LDAPLOGINUSERFOUND:

        Session sess(*_dbconn);

        sess.addSessionData(ssid,"uid",sid,strlen(ssid)+1);
        sess.addSessionData(ssid,"username",username,strlen(ssid)+1);
        sess.addSessionData(ssid,"uid",sid);
        sess.addSessionData(ssid,"username",username);

        std::cout << "User : " << sid << " are logged in" << std::endl;

Loading