From 0b7565403dd1d951ac0bddf288d11618d78cd990 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Paul=20H=C3=A4nsch?= Date: Wed, 22 Jan 2020 17:36:19 +0100 Subject: [PATCH] field escaping when handling storage --- therapies/index.cgi | 8 +------- therapies/update_therapy.sh | 9 ++++----- 2 files changed, 5 insertions(+), 12 deletions(-) mode change 100755 => 100644 therapies/update_therapy.sh diff --git a/therapies/index.cgi b/therapies/index.cgi index f142d21..6284c00 100755 --- a/therapies/index.cgi +++ b/therapies/index.cgi @@ -46,12 +46,6 @@ esac . $_EXEC/pdiread.sh . $_EXEC/therapies/l10n.sh -# unescape() { [ $# = 0 ] && sed -E 's;\\(.);\1;g' || printf %s "$*" |sed -E 's;\\(.);\1;g'; } -# upcase=' y;abcdefghijklmnopqrstuvwxyzäöüé;ABCDEFGHIJKLMNOPQRSTUVWXYZÄÖÜÉ;; ' - -BR=' -' - id="${_PATH#/therapies/}" id="${id%/*}.${id#*/}" @@ -69,7 +63,7 @@ tpy="$(sed '1s;^;\n;; s/:/;:/' "$tpyfile")" VCF(){ pdi_value "$vcf" "$@"; } MPX(){ pdi_value "$mpx" "$@"; } -TPY(){ pdi_value "$tpy" "$@"; } +TPY(){ pdi_value "$tpy" "$@" >/dev/null && pdi_value "$tpy" "$@" |pdi_unescape; } . $_EXEC/therapies/page.sh \ | yield_page therapy /therapies/therapy.css diff --git a/therapies/update_therapy.sh b/therapies/update_therapy.sh old mode 100755 new mode 100644 index a8d7801..dafa1b2 --- a/therapies/update_therapy.sh +++ b/therapies/update_therapy.sh @@ -17,8 +17,7 @@ # You should have received a copy of the GNU Affero General Public License # along with Confetti. If not, see . -BR=' -' +. "$_EXEC/pdiread.sh" tpy=$(POST id) tpyfile="$_DATA/therapies/${tpy}.tpy" @@ -27,9 +26,9 @@ tempfile="$_DATA/temp/${tpy}.tpy" # serialize POST array into file for key in $(POST_KEYS); do case "$key" in - imagedata) true ;; + imagedata) : ;; session*_date) - value="$(POST "$key" |sed ':X;N;$!bX; s;\n;\\n;g;')" + value="$(POST "$key")" y=0 mon=0 dom=0 case $value in *.*.*) IFS=. read dom mon y <<-END @@ -58,7 +57,7 @@ for key in $(POST_KEYS); do date -d "${y}-${mon}-${dom}" + && printf %s:%s\\n "$key" "$(date -d "${y}-${mon}-${dom}" +%F)" \ || printf %s:\\n "$key" ;; - *) printf %s:%s\\n "$key" "$(POST "$key" |sed ':X;N;$!bX; s;\n;\\n;g;')" ;; + *) printf %s:%s\\n "$key" "$(pdi_escape "$(POST "$key")")" ;; esac done >"$tempfile" 2>&- -- 2.39.2