diff --git a/swad_RSS.c b/swad_RSS.c index 9f98f52cd..01f6e31c5 100644 --- a/swad_RSS.c +++ b/swad_RSS.c @@ -25,8 +25,10 @@ /********************************** Headers **********************************/ /*****************************************************************************/ +#define _GNU_SOURCE // For asprintf #include // For PATH_MAX #include // For NULL +#include // For asprintf #include #include "swad_changelog.h" @@ -148,7 +150,7 @@ void RSS_UpdateRSSFileForACrs (struct Course *Crs) static void RSS_WriteNotices (FILE *FileRSS,struct Course *Crs) { extern const char *Txt_Notice; - char Query[512]; + char *Query; MYSQL_RES *mysql_res; MYSQL_ROW row; struct UsrData UsrDat; @@ -159,12 +161,13 @@ static void RSS_WriteNotices (FILE *FileRSS,struct Course *Crs) char Content[Cns_MAX_BYTES_TEXT + 1]; /***** Get active notices in course *****/ - sprintf (Query,"SELECT NotCod,UNIX_TIMESTAMP(CreatTime) AS T,UsrCod,Content" - " FROM notices" - " WHERE CrsCod=%ld AND Status=%u" - " ORDER BY T DESC", - Crs->CrsCod,(unsigned) Not_ACTIVE_NOTICE); - NumNotices = DB_QuerySELECT (Query,&mysql_res,"can not get notices from database"); + if (asprintf (&Query,"SELECT NotCod,UNIX_TIMESTAMP(CreatTime) AS T,UsrCod,Content" + " FROM notices" + " WHERE CrsCod=%ld AND Status=%u" + " ORDER BY T DESC", + Crs->CrsCod,(unsigned) Not_ACTIVE_NOTICE) < 0) + Lay_NotEnoughMemoryExit (); + NumNotices = DB_QuerySELECT_free (Query,&mysql_res,"can not get notices from database"); /***** Write items with notices *****/ if (NumNotices) @@ -245,7 +248,7 @@ static void RSS_WriteNotices (FILE *FileRSS,struct Course *Crs) static void RSS_WriteExamAnnouncements (FILE *FileRSS,struct Course *Crs) { extern const char *Txt_Exam; - char Query[512]; + char *Query; MYSQL_RES *mysql_res; MYSQL_ROW row; struct UsrData UsrDat; @@ -257,14 +260,15 @@ static void RSS_WriteExamAnnouncements (FILE *FileRSS,struct Course *Crs) if (Gbl.DB.DatabaseIsOpen) { /***** Get exam announcements (only future exams) in current course from database *****/ - sprintf (Query,"SELECT ExaCod,UNIX_TIMESTAMP(CallDate) AS T," - "DATE_FORMAT(ExamDate,'%%d/%%m/%%Y %%H:%%i')" - " FROM exam_announcements" - " WHERE CrsCod=%ld AND Status=%u AND ExamDate>=NOW()" - " ORDER BY T", - Gbl.CurrentCrs.Crs.CrsCod, - (unsigned) Exa_VISIBLE_EXAM_ANNOUNCEMENT); - NumExamAnnouncements = DB_QuerySELECT (Query,&mysql_res,"can not get exam announcements"); + if (asprintf (&Query,"SELECT ExaCod,UNIX_TIMESTAMP(CallDate) AS T," + "DATE_FORMAT(ExamDate,'%%d/%%m/%%Y %%H:%%i')" + " FROM exam_announcements" + " WHERE CrsCod=%ld AND Status=%u AND ExamDate>=NOW()" + " ORDER BY T", + Gbl.CurrentCrs.Crs.CrsCod, + (unsigned) Exa_VISIBLE_EXAM_ANNOUNCEMENT) < 0) + Lay_NotEnoughMemoryExit (); + NumExamAnnouncements = DB_QuerySELECT_free (Query,&mysql_res,"can not get exam announcements"); /***** Write items with notices *****/ if (NumExamAnnouncements) diff --git a/swad_changelog.h b/swad_changelog.h index b37785608..973a28495 100644 --- a/swad_changelog.h +++ b/swad_changelog.h @@ -355,10 +355,11 @@ En OpenSWAD: ps2pdf source.ps destination.pdf */ -#define Log_PLATFORM_VERSION "SWAD 18.7.24 (2018-10-22)" +#define Log_PLATFORM_VERSION "SWAD 18.7.25 (2018-10-22)" #define CSS_FILE "swad18.4.css" #define JS_FILE "swad17.17.1.js" /* + Version 18.7.25: Oct 22, 2018 Some sprintf for database queries changed by asprintf. (237538 lines) Version 18.7.24: Oct 22, 2018 Some sprintf for database queries changed by asprintf. (237527 lines) Version 18.7.23: Oct 21, 2018 Some sprintf for database queries changed by asprintf. (237311 lines) Version 18.7.22: Oct 21, 2018 Some sprintf for database queries changed by asprintf. (237286 lines) diff --git a/swad_test_import.c b/swad_test_import.c index ceeb66573..fddac0a8b 100644 --- a/swad_test_import.c +++ b/swad_test_import.c @@ -25,6 +25,8 @@ /*********************************** Headers *********************************/ /*****************************************************************************/ +#define _GNU_SOURCE // For asprintf +#include // For asprintf #include // For exit, system, malloc, free, etc #include // For string functions #include // For mkdir @@ -717,7 +719,7 @@ static bool TsI_CheckIfQuestionExistsInDB (void) extern const char *Tst_StrAnswerTypesDB[Tst_NUM_ANS_TYPES]; char *QueryQst; MYSQL_RES *mysql_res_qst; - char QueryAns[256]; + char *QueryAns; MYSQL_RES *mysql_res_ans; MYSQL_ROW row; bool IdenticalQuestionFound = false; @@ -735,12 +737,13 @@ static bool TsI_CheckIfQuestionExistsInDB (void) Lay_NotEnoughMemoryExit (); /* Make database query */ - sprintf (QueryQst,"SELECT QstCod FROM tst_questions" - " WHERE CrsCod=%ld AND AnsType='%s' AND Stem='%s'", - Gbl.CurrentCrs.Crs.CrsCod, - Tst_StrAnswerTypesDB[Gbl.Test.AnswerType], - Gbl.Test.Stem.Text); - NumQstsWithThisStem = (unsigned) DB_QuerySELECT (QueryQst,&mysql_res_qst,"can not check if a question exists"); + if (asprintf (&QueryQst,"SELECT QstCod FROM tst_questions" + " WHERE CrsCod=%ld AND AnsType='%s' AND Stem='%s'", + Gbl.CurrentCrs.Crs.CrsCod, + Tst_StrAnswerTypesDB[Gbl.Test.AnswerType], + Gbl.Test.Stem.Text) < 0) + Lay_NotEnoughMemoryExit (); + NumQstsWithThisStem = (unsigned) DB_QuerySELECT_free (QueryQst,&mysql_res_qst,"can not check if a question exists"); /* Free space user for query */ free ((void *) QueryQst); @@ -758,10 +761,11 @@ static bool TsI_CheckIfQuestionExistsInDB (void) Lay_ShowErrorAndExit ("Wrong code of question."); /* Get answers from this question */ - sprintf (QueryAns,"SELECT Answer FROM tst_answers" - " WHERE QstCod=%ld ORDER BY AnsInd", - QstCod); - NumOptsExistingQstInDB = (unsigned) DB_QuerySELECT (QueryAns,&mysql_res_ans,"can not get the answer of a question"); + if (asprintf (&QueryAns,"SELECT Answer FROM tst_answers" + " WHERE QstCod=%ld ORDER BY AnsInd", + QstCod) < 0) + Lay_NotEnoughMemoryExit (); + NumOptsExistingQstInDB = (unsigned) DB_QuerySELECT_free (QueryAns,&mysql_res_ans,"can not get the answer of a question"); switch (Gbl.Test.AnswerType) { diff --git a/swad_theme.c b/swad_theme.c index a4a2846ad..d6aeb5c88 100644 --- a/swad_theme.c +++ b/swad_theme.c @@ -25,7 +25,8 @@ /********************************** Headers **********************************/ /*****************************************************************************/ -#include // For fprintf, etc. +#define _GNU_SOURCE // For asprintf +#include // For fprintf, asprintf, etc. #include #include "swad_box.h" @@ -279,7 +280,7 @@ void The_ChangeTheme (void) char Path[PATH_MAX + 1 + NAME_MAX + 1 + NAME_MAX + 1]; - char Query[512]; + char *Query; /***** Get param theme *****/ Gbl.Prefs.Theme = The_GetParamTheme (); @@ -294,10 +295,11 @@ void The_ChangeTheme (void) /***** Store theme in database *****/ if (Gbl.Usrs.Me.Logged) { - sprintf (Query,"UPDATE usr_data SET Theme='%s'" - " WHERE UsrCod=%ld", - The_ThemeId[Gbl.Prefs.Theme],Gbl.Usrs.Me.UsrDat.UsrCod); - DB_QueryUPDATE (Query,"can not update your preference about theme"); + if (asprintf (&Query,"UPDATE usr_data SET Theme='%s'" + " WHERE UsrCod=%ld", + The_ThemeId[Gbl.Prefs.Theme],Gbl.Usrs.Me.UsrDat.UsrCod) < 0) + Lay_NotEnoughMemoryExit (); + DB_QueryUPDATE_free (Query,"can not update your preference about theme"); } /***** Set preferences from current IP *****/