diff --git a/checkin_notes b/checkin_notes index b039a51db1..60d451d9bb 100755 --- a/checkin_notes +++ b/checkin_notes @@ -8759,3 +8759,13 @@ David 23 Dec 2003 (supplied by Rom Walton) iconwarning.ico (new) win_build/ boinc_gui.dsp + +David 23 Dec 2003 + - change string-escape function in DB code to handle \ as well as ' + (otherwise updates/inserts can fail) + + db/ + boinc_db.C + db_base.C,h + sched/ + update_stats.C diff --git a/db/boinc_db.C b/db/boinc_db.C index 9dc0b03ff4..dcde66f77a 100644 --- a/db/boinc_db.C +++ b/db/boinc_db.C @@ -17,6 +17,9 @@ // Contributor(s): // // $Log$ +// Revision 1.31 2003/12/26 06:03:02 boincadm +// *** empty log message *** +// // Revision 1.30 2003/12/24 21:49:34 boincadm // *** empty log message *** // @@ -204,14 +207,14 @@ void DB_APP_VERSION::db_parse(MYSQL_ROW &r) { } void DB_USER::db_print(char* buf){ - escape_single_quotes(email_addr); - escape_single_quotes(name); - escape_single_quotes(country); - escape_single_quotes(postal_code); - escape_single_quotes(global_prefs); - escape_single_quotes(project_prefs); - escape_single_quotes(url); - escape_single_quotes(signature); + escape_string(email_addr); + escape_string(name); + escape_string(country); + escape_string(postal_code); + escape_string(global_prefs); + escape_string(project_prefs); + escape_string(url); + escape_string(signature); sprintf(buf, "id=%d, create_time=%d, email_addr='%s', name='%s', " "authenticator='%s', " @@ -232,14 +235,14 @@ void DB_USER::db_print(char* buf){ seti_id, seti_nresults, seti_last_result_time, seti_total_cpu, signature, has_profile ); - unescape_single_quotes(email_addr); - unescape_single_quotes(name); - unescape_single_quotes(country); - unescape_single_quotes(postal_code); - unescape_single_quotes(global_prefs); - unescape_single_quotes(project_prefs); - unescape_single_quotes(url); - unescape_single_quotes(signature); + unescape_string(email_addr); + unescape_string(name); + unescape_string(country); + unescape_string(postal_code); + unescape_string(global_prefs); + unescape_string(project_prefs); + unescape_string(url); + unescape_string(signature); } void DB_USER::db_parse(MYSQL_ROW &r) { @@ -272,11 +275,11 @@ void DB_USER::db_parse(MYSQL_ROW &r) { } void DB_TEAM::db_print(char* buf){ - escape_single_quotes(name); - escape_single_quotes(name_lc); - escape_single_quotes(url); - escape_single_quotes(name_html); - escape_single_quotes(description); + escape_string(name); + escape_string(name_lc); + escape_string(url); + escape_string(name_html); + escape_string(description); sprintf(buf, "id=%d, create_time=%d, userid=%d, name='%s', " "name_lc='%s', url='%s', " @@ -298,11 +301,11 @@ void DB_TEAM::db_print(char* buf){ expavg_credit, seti_id ); - unescape_single_quotes(name); - unescape_single_quotes(name_lc); - unescape_single_quotes(url); - unescape_single_quotes(name_html); - unescape_single_quotes(description); + unescape_string(name); + unescape_string(name_lc); + unescape_string(url); + unescape_string(name_html); + unescape_string(description); } void DB_TEAM::db_parse(MYSQL_ROW &r) { @@ -325,13 +328,13 @@ void DB_TEAM::db_parse(MYSQL_ROW &r) { } void DB_HOST::db_print(char* buf){ - escape_single_quotes(domain_name); - escape_single_quotes(serialnum); - escape_single_quotes(last_ip_addr); - escape_single_quotes(p_vendor); - escape_single_quotes(p_model); - escape_single_quotes(os_name); - escape_single_quotes(os_version); + escape_string(domain_name); + escape_string(serialnum); + escape_string(last_ip_addr); + escape_string(p_vendor); + escape_string(p_model); + escape_string(os_name); + escape_string(os_version); sprintf(buf, "id=%d, create_time=%d, userid=%d, " "rpc_seqno=%d, rpc_time=%d, " @@ -364,13 +367,13 @@ void DB_HOST::db_print(char* buf){ credit_per_cpu_sec, venue, projects ); - unescape_single_quotes(domain_name); - unescape_single_quotes(serialnum); - unescape_single_quotes(last_ip_addr); - unescape_single_quotes(p_vendor); - unescape_single_quotes(p_model); - unescape_single_quotes(os_name); - unescape_single_quotes(os_version); + unescape_string(domain_name); + unescape_string(serialnum); + unescape_string(last_ip_addr); + unescape_string(p_vendor); + unescape_string(p_model); + unescape_string(os_name); + unescape_string(os_version); } void DB_HOST::db_parse(MYSQL_ROW &r) { @@ -478,8 +481,8 @@ void DB_WORKUNIT::db_parse(MYSQL_ROW &r) { } void DB_RESULT::db_print(char* buf){ - escape_single_quotes(xml_doc_out); - escape_single_quotes(stderr_out); + escape_string(xml_doc_out); + escape_string(stderr_out); sprintf( buf, "id=%d, create_time=%d, workunitid=%d, " @@ -501,8 +504,8 @@ void DB_RESULT::db_print(char* buf){ claimed_credit, granted_credit, opaque, random, client_version_num, appid, exit_status ); - unescape_single_quotes(xml_doc_out); - unescape_single_quotes(stderr_out); + unescape_string(xml_doc_out); + unescape_string(stderr_out); } void DB_RESULT::db_parse(MYSQL_ROW &r) { diff --git a/db/db_base.C b/db/db_base.C index 3c1e5ad35b..93f272fc47 100644 --- a/db/db_base.C +++ b/db/db_base.C @@ -191,14 +191,19 @@ void strcpy2(char* dest, char* src) { } #endif -// convert ' to \' in place -void escape_single_quotes(char* field) { +// convert a string into a form that allows it to be used +// in SQL queries delimited by single quotes +// +void escape_string(char* field) { char buf[MAX_QUERY_LEN]; char* q = buf, *p = field; while (*p) { if (*p == '\'') { *q++ = '\\'; *q++ = '\''; + } else if (*p == '\\') { + *q++ = '\\'; + *q++ = '\\'; } else { *q++ = *p; } @@ -208,12 +213,12 @@ void escape_single_quotes(char* field) { strcpy(field, buf); } -void unescape_single_quotes(char* p) { - char* q; - while (1) { - q = strstr(p, "\\'"); - if (!q) break; - strcpy(q, q+1); +void unescape_string(char* p) { + while (*p) { + if (*p == '\\') { + strcpy(p, p+1); + } + p++; } } diff --git a/db/db_base.h b/db/db_base.h index 4780ba2b8d..abf7b86bd2 100644 --- a/db/db_base.h +++ b/db/db_base.h @@ -74,8 +74,8 @@ public: strlcpy(x, z, sizeof(x)); \ } \ } -//void strcpy2(char* dest, char* src); -void escape_single_quotes(char* field); -void unescape_single_quotes(char* p); + +void escape_string(char* field); +void unescape_string(char* p); #endif diff --git a/html/user/intro.php b/html/user/intro.php index d41b9c3f05..620f170ada 100644 --- a/html/user/intro.php +++ b/html/user/intro.php @@ -18,7 +18,8 @@ echo " Go to the download page, download the BOINC software for your type of computer, install it, and run it. - You will be asked to enter your account ID. + You will be asked to enter the project URL + (".MASTER_URL.") and your account ID. That's it!
diff --git a/sched/update_stats.C b/sched/update_stats.C index 4eb9ac65b0..b734884296 100644 --- a/sched/update_stats.C +++ b/sched/update_stats.C @@ -43,7 +43,10 @@ int update_users() { while (!user.enumerate()) { update_average(0, 0, user.expavg_credit, user.expavg_time); retval = user.update(); - if (retval) return retval; + if (retval) { + log_messages.printf(SchedMessages::CRITICAL, "Can't update user %d\n", user.id); + return retval; + } } return 0; @@ -56,7 +59,10 @@ int update_hosts() { while (!host.enumerate()) { update_average(0, 0, host.expavg_credit, host.expavg_time); retval = host.update(); - if (retval) return retval; + if (retval) { + log_messages.printf(SchedMessages::CRITICAL, "Can't update host %d\n", host.id); + return retval; + } } return 0; @@ -117,7 +123,10 @@ int update_teams() { } retval = team.update(); - if (retval) return retval; + if (retval) { + log_messages.printf(SchedMessages::CRITICAL, "Can't update team %d\n", team.id); + return retval; + } } return 0; }