summaryrefslogtreecommitdiffstats
path: root/weblog-model.lua
diff options
context:
space:
mode:
Diffstat (limited to 'weblog-model.lua')
-rw-r--r--weblog-model.lua9
1 files changed, 5 insertions, 4 deletions
diff --git a/weblog-model.lua b/weblog-model.lua
index 2222815..78b2ea0 100644
--- a/weblog-model.lua
+++ b/weblog-model.lua
@@ -60,9 +60,10 @@ local function assert (v, m)
return v, m
end
--- Escape special characters in sql statements
-local escape = function(sql)
+-- Escape special characters in sql statements and truncate to length
+local escape = function(sql, length)
sql = sql or ""
+ if length then sql = string.sub(sql, 1, length) end
sql = string.gsub(sql, "'", "''")
return string.gsub(sql, "\\", "\\\\")
end
@@ -181,7 +182,7 @@ end
local importsquidlog = function(entry, sourcename)
if entry then
local sql = string.format("INSERT INTO weblog VALUES ('%s', '%s', '%s', '%s', '%s', '%s')",
- escape(sourcename), escape(entry.clientip), escape(entry.clientuserid):lower(),
+ escape(sourcename), escape(entry.clientip), escape(entry.clientuserid, 64):lower(),
escape(entry.logdatetime), escape(entry.URL), escape(entry.bytes))
local res = assert (con:execute(sql))
end
@@ -190,7 +191,7 @@ end
local importdglog = function(entry, sourcename)
if entry then
local sql = string.format("INSERT INTO blocklog VALUES ('%s', '0.0.0.0', '%s', '%s', '%s', '%s', '%s', '%s', '%s')",
- escape(sourcename), escape(entry.clientuserid:lower()), escape(entry.logdatetime), escape(entry.URL),
+ escape(sourcename), escape(entry.clientuserid:lower(), 64), escape(entry.logdatetime), escape(entry.URL),
escape(entry.bytes), escape(entry.reason), escape(entry.score or "0"), escape(entry.shortreason))
local res = assert (con:execute(sql))
end
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-06 14:17:08 +0000