* Do some additional SQL escaping.
This commit is contained in:
Justin Maggard
parent
1de4ef8bc1
commit
2d0ae24009
28
upnphttp.c
28
upnphttp.c
@ -1428,12 +1428,11 @@ SendResp_albumArt(struct upnphttp * h, char * object)
|
||||
{
|
||||
char header[512];
|
||||
char *path;
|
||||
char *dash;
|
||||
char date[30];
|
||||
time_t curtime = time(NULL);
|
||||
off_t size;
|
||||
int fd;
|
||||
int ret;
|
||||
long long id;
|
||||
int fd, ret;
|
||||
|
||||
if( h->reqflags & (FLAG_XFERSTREAMING|FLAG_RANGE) )
|
||||
{
|
||||
@ -1442,18 +1441,16 @@ SendResp_albumArt(struct upnphttp * h, char * object)
|
||||
return;
|
||||
}
|
||||
|
||||
dash = strchr(object, '-');
|
||||
if( dash )
|
||||
*dash = '\0';
|
||||
id = strtoll(object, NULL, 10);
|
||||
|
||||
path = sql_get_text_field(db, "SELECT PATH from ALBUM_ART where ID = '%s'", object);
|
||||
path = sql_get_text_field(db, "SELECT PATH from ALBUM_ART where ID = '%lld'", id);
|
||||
if( !path )
|
||||
{
|
||||
DPRINTF(E_WARN, L_HTTP, "ALBUM_ART ID %s not found, responding ERROR 404\n", object);
|
||||
Send404(h);
|
||||
return;
|
||||
}
|
||||
DPRINTF(E_INFO, L_HTTP, "Serving album art ID: %s [%s]\n", object, path);
|
||||
DPRINTF(E_INFO, L_HTTP, "Serving album art ID: %lld [%s]\n", id, path);
|
||||
|
||||
fd = open(path, O_RDONLY);
|
||||
if( fd < 0 ) {
|
||||
@ -1496,17 +1493,19 @@ SendResp_caption(struct upnphttp * h, char * object)
|
||||
char date[30];
|
||||
time_t curtime = time(NULL);
|
||||
off_t size;
|
||||
long long id;
|
||||
int fd, ret;
|
||||
|
||||
strip_ext(object);
|
||||
path = sql_get_text_field(db, "SELECT PATH from CAPTIONS where ID = %s", object);
|
||||
id = strtoll(object, NULL, 10);
|
||||
|
||||
path = sql_get_text_field(db, "SELECT PATH from CAPTIONS where ID = %lld", id);
|
||||
if( !path )
|
||||
{
|
||||
DPRINTF(E_WARN, L_HTTP, "CAPTION ID %s not found, responding ERROR 404\n", object);
|
||||
Send404(h);
|
||||
return;
|
||||
}
|
||||
DPRINTF(E_INFO, L_HTTP, "Serving caption ID: %s [%s]\n", object, path);
|
||||
DPRINTF(E_INFO, L_HTTP, "Serving caption ID: %lld [%s]\n", id, path);
|
||||
|
||||
fd = open(path, O_RDONLY);
|
||||
if( fd < 0 ) {
|
||||
@ -1545,6 +1544,7 @@ SendResp_thumbnail(struct upnphttp * h, char * object)
|
||||
char *path;
|
||||
char date[30];
|
||||
time_t curtime = time(NULL);
|
||||
long long id;
|
||||
int ret;
|
||||
ExifData *ed;
|
||||
ExifLoader *l;
|
||||
@ -1556,15 +1556,15 @@ SendResp_thumbnail(struct upnphttp * h, char * object)
|
||||
return;
|
||||
}
|
||||
|
||||
strip_ext(object);
|
||||
path = sql_get_text_field(db, "SELECT PATH from DETAILS where ID = '%s'", object);
|
||||
id = strtoll(object, NULL, 10);
|
||||
path = sql_get_text_field(db, "SELECT PATH from DETAILS where ID = '%lld'", id);
|
||||
if( !path )
|
||||
{
|
||||
DPRINTF(E_WARN, L_HTTP, "DETAIL ID %s not found, responding ERROR 404\n", object);
|
||||
Send404(h);
|
||||
return;
|
||||
}
|
||||
DPRINTF(E_INFO, L_HTTP, "Serving thumbnail for ObjectId: %s [%s]\n", object, path);
|
||||
DPRINTF(E_INFO, L_HTTP, "Serving thumbnail for ObjectId: %lld [%s]\n", id, path);
|
||||
|
||||
if( access(path, F_OK) != 0 )
|
||||
{
|
||||
|
||||
22
upnpsoap.c
22
upnpsoap.c
@ -1205,7 +1205,7 @@ BrowseContentDirectory(struct upnphttp * h, const char * action)
|
||||
{
|
||||
ptr = sql_get_text_field(db, "SELECT OBJECT_ID from OBJECTS"
|
||||
" where OBJECT_ID in "
|
||||
"('"MUSIC_ID"$%s', '"VIDEO_ID"$%s', '"IMAGE_ID"$%s')",
|
||||
"('"MUSIC_ID"$%q', '"VIDEO_ID"$%q', '"IMAGE_ID"$%q')",
|
||||
ObjectID, ObjectID, ObjectID);
|
||||
if( ptr )
|
||||
{
|
||||
@ -1246,7 +1246,7 @@ BrowseContentDirectory(struct upnphttp * h, const char * action)
|
||||
args.requested = 1;
|
||||
sql = sqlite3_mprintf("SELECT %s, " COLUMNS
|
||||
"from OBJECTS o left join DETAILS d on (d.ID = o.DETAIL_ID)"
|
||||
" where OBJECT_ID = '%s';",
|
||||
" where OBJECT_ID = '%q';",
|
||||
(args.flags & FLAG_ROOT_CONTAINER) ? "0, -1" : "o.OBJECT_ID, o.PARENT_ID",
|
||||
ObjectID);
|
||||
ret = sqlite3_exec(db, sql, callback, (void *) &args, &zErrMsg);
|
||||
@ -1254,7 +1254,7 @@ BrowseContentDirectory(struct upnphttp * h, const char * action)
|
||||
}
|
||||
else
|
||||
{
|
||||
ret = sql_get_int_field(db, "SELECT count(*) from OBJECTS where PARENT_ID = '%s'", ObjectID);
|
||||
ret = sql_get_int_field(db, "SELECT count(*) from OBJECTS where PARENT_ID = '%q'", ObjectID);
|
||||
totalMatches = (ret > 0) ? ret : 0;
|
||||
ret = 0;
|
||||
if( SortCriteria )
|
||||
@ -1295,7 +1295,7 @@ BrowseContentDirectory(struct upnphttp * h, const char * action)
|
||||
|
||||
sql = sqlite3_mprintf( SELECT_COLUMNS
|
||||
"from OBJECTS o left join DETAILS d on (d.ID = o.DETAIL_ID)"
|
||||
" where PARENT_ID = '%s' %s limit %d, %d;",
|
||||
" where PARENT_ID = '%q' %s limit %d, %d;",
|
||||
ObjectID, orderBy, StartingIndex, RequestedCount);
|
||||
DPRINTF(E_DEBUG, L_HTTP, "Browse SQL: %s\n", sql);
|
||||
ret = sqlite3_exec(db, sql, callback, (void *) &args, &zErrMsg);
|
||||
@ -1311,7 +1311,7 @@ BrowseContentDirectory(struct upnphttp * h, const char * action)
|
||||
/* Does the object even exist? */
|
||||
if( !totalMatches )
|
||||
{
|
||||
ret = sql_get_int_field(db, "SELECT count(*) from OBJECTS where OBJECT_ID = '%s'", ObjectID);
|
||||
ret = sql_get_int_field(db, "SELECT count(*) from OBJECTS where OBJECT_ID = '%q'", ObjectID);
|
||||
if( ret <= 0 )
|
||||
{
|
||||
SoapError(h, 701, "No such object error");
|
||||
@ -1403,7 +1403,7 @@ SearchContentDirectory(struct upnphttp * h, const char * action)
|
||||
{
|
||||
ptr = sql_get_text_field(db, "SELECT OBJECT_ID from OBJECTS"
|
||||
" where OBJECT_ID in "
|
||||
"('"MUSIC_ID"$%s', '"VIDEO_ID"$%s', '"IMAGE_ID"$%s')",
|
||||
"('"MUSIC_ID"$%q', '"VIDEO_ID"$%q', '"IMAGE_ID"$%q')",
|
||||
ContainerID, ContainerID, ContainerID);
|
||||
if( ptr )
|
||||
{
|
||||
@ -1473,10 +1473,10 @@ SearchContentDirectory(struct upnphttp * h, const char * action)
|
||||
|
||||
totalMatches = sql_get_int_field(db, "SELECT (select count(distinct DETAIL_ID)"
|
||||
" from OBJECTS o left join DETAILS d on (o.DETAIL_ID = d.ID)"
|
||||
" where (OBJECT_ID glob '%s$*') and (%s))"
|
||||
" where (OBJECT_ID glob '%q$*') and (%s))"
|
||||
" + "
|
||||
"(select count(*) from OBJECTS o left join DETAILS d on (o.DETAIL_ID = d.ID)"
|
||||
" where (OBJECT_ID = '%s') and (%s))",
|
||||
" where (OBJECT_ID = '%q') and (%s))",
|
||||
ContainerID, SearchCriteria, ContainerID, SearchCriteria);
|
||||
if( totalMatches < 0 )
|
||||
{
|
||||
@ -1509,14 +1509,14 @@ SearchContentDirectory(struct upnphttp * h, const char * action)
|
||||
|
||||
sql = sqlite3_mprintf( SELECT_COLUMNS
|
||||
"from OBJECTS o left join DETAILS d on (d.ID = o.DETAIL_ID)"
|
||||
" where OBJECT_ID glob '%s$*' and (%s) %s "
|
||||
" where OBJECT_ID glob '%q$*' and (%s) %s "
|
||||
"%z %s"
|
||||
" limit %d, %d",
|
||||
ContainerID, SearchCriteria, groupBy,
|
||||
(*ContainerID == '*') ? NULL :
|
||||
sqlite3_mprintf("UNION ALL " SELECT_COLUMNS
|
||||
"from OBJECTS o left join DETAILS d on (d.ID = o.DETAIL_ID)"
|
||||
" where OBJECT_ID = '%s' and (%s) ", ContainerID, SearchCriteria),
|
||||
" where OBJECT_ID = '%q' and (%s) ", ContainerID, SearchCriteria),
|
||||
orderBy, StartingIndex, RequestedCount);
|
||||
DPRINTF(E_DEBUG, L_HTTP, "Search SQL: %s\n", sql);
|
||||
ret = sqlite3_exec(db, sql, callback, (void *) &args, &zErrMsg);
|
||||
@ -1630,7 +1630,7 @@ SamsungSetBookmark(struct upnphttp * h, const char * action)
|
||||
int ret;
|
||||
ret = sql_exec(db, "INSERT OR REPLACE into BOOKMARKS"
|
||||
" VALUES "
|
||||
"((select DETAIL_ID from OBJECTS where OBJECT_ID = '%s'), %s)", ObjectID, PosSecond);
|
||||
"((select DETAIL_ID from OBJECTS where OBJECT_ID = '%q'), %q)", ObjectID, PosSecond);
|
||||
if( ret != SQLITE_OK )
|
||||
DPRINTF(E_WARN, L_METADATA, "Error setting bookmark %s on ObjectID='%s'\n", PosSecond, ObjectID);
|
||||
BuildSendAndCloseSoapResp(h, resp, sizeof(resp)-1);
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user