From 8e152e64ec0474e3a3395d83fbbcb005e6bbd0e2 Mon Sep 17 00:00:00 2001
From: Nishi <nishi@nishi.boats>
Date: Thu, 22 Aug 2024 02:53:30 +0000
Subject: [PATCH] fix

git-svn-id: file:///raid/svn-personal/repoview/trunk@35 7e8b2a19-8934-dd40-8cb3-db22cdd5a80f
---
 CGI/db/sqlite.c | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/CGI/db/sqlite.c b/CGI/db/sqlite.c
index 0c61455..4f48aa2 100644
--- a/CGI/db/sqlite.c
+++ b/CGI/db/sqlite.c
@@ -153,7 +153,9 @@ int sqlget(void* param, int ncol, char** row, char** col) {
 char* rv_who_has_token(const char* token) {
 	char* err;
 	count = 0;
-	char* query = rv_strcat3("select * from tokens where token = '", token, "'");
+	char* esc = escape_sql(token);
+	char* query = rv_strcat3("select * from tokens where token = '", esc, "'");
+	free(esc);
 	int ret;
 	has_username = NULL;
 	ret = sqlite3_exec(sql, query, sqlget, (void*)token, &err);
@@ -167,7 +169,9 @@ char* rv_who_has_token(const char* token) {
 
 bool rv_has_token(const char* token) {
 	char* err;
-	char* query = rv_strcat3("select * from tokens where token = '", token, "'");
+	char* esc = escape_sql(token);
+	char* query = rv_strcat3("select * from tokens where token = '", esc, "'");
+	free(esc);
 	int ret;
 	count = 0;
 	ret = sqlite3_exec(sql, query, sqlcount, NULL, &err);
@@ -180,7 +184,9 @@ bool rv_has_token(const char* token) {
 
 void rv_remove_token(const char* token) {
 	char* err;
-	char* query = rv_strcat3("delete from tokens where token = '", token, "'");
+	char* esc = escape_sql(token);
+	char* query = rv_strcat3("delete from tokens where token = '", esc, "'");
+	free(esc);
 	int ret;
 	ret = sqlite3_exec(sql, query, sqlcount, NULL, &err);
 	free(query);
-- 
2.45.2