ScriptFanix/AtOM
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

copyFiles_action: protect '"' from SQL

Browse Source
This commit is contained in:
Vincent Riquer 2013-04-09 18:13:14 +02:00
parent 249cf7a2ff
commit e880ed1c59
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lib/copy/copyFiles_action
View File

@ -37,6 +37,7 @@ copyFiles_action() {
rest=${rest#*|} rest=${rest#*|}
destfileid=${rest%%|*} destfileid=${rest%%|*}
rest=${rest#*|} rest=${rest#*|}
sourcedir=${sourcefilename%/*}
echo 'SELECT IFNULL( ( echo 'SELECT IFNULL( (
SELECT destination_files.filename SELECT destination_files.filename
FROM destination_files FROM destination_files
@ -48,7 +49,8 @@ copyFiles_action() {
INNER JOIN destinations INNER JOIN destinations
ON destinations.id=destination_files.destination_id ON destinations.id=destination_files.destination_id
WHERE destinations.id = '$destinationid' WHERE destinations.id = '$destinationid'
AND source_files.filename LIKE "'"${sourcefilename%/*}"'/%" AND source_files.filename LIKE
"'"${sourcedir//\"/\"\"}"'/%"
AND mime_type_actions.action = 1 AND mime_type_actions.action = 1
LIMIT 1 LIMIT 1
),"AtOM:NotFound"); ),"AtOM:NotFound");