From: hj kim Date: Wed, 23 May 2018 23:49:00 +0000 (+0900) Subject: Change the way of making db update query. Client send parameters and Controller Serve... X-Git-Tag: submit/tizen/20180528.002901~3 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=e8a88cd63612eaac3b164a21097173f14ca1c60d;p=platform%2Fcore%2Fapi%2Fmedia-controller.git Change the way of making db update query. Client send parameters and Controller Server make the query for the security issues Change-Id: If60a2ebdcdf58039cfbc7ed5bf25ab63783027bd --- diff --git a/include/media_controller_db.h b/include/media_controller_db.h index 1239f85..2dedf50 100755 --- a/include/media_controller_db.h +++ b/include/media_controller_db.h @@ -33,13 +33,6 @@ #define DB_SELECT_METADATA_FROM_DB "SELECT * FROM '%q';" #define DB_SELECT_VALUE_OF_KEY "SELECT %s FROM '%q';" -#define DB_UPDATE_SHUFFLE_MODE_INTO_SERVER_TABLE "UPDATE '%q' SET shuffle_mode=%d;" -#define DB_UPDATE_REPEAT_MODE_INTO_SERVER_TABLE "UPDATE '%q' SET repeat_mode=%d;" -#define DB_UPDATE_METADATA_INFO_INFO_SERVER_TABLE "UPDATE '%q' SET title=%Q, artist=%Q, album=%Q, author=%Q, genre=%Q, duration=%Q, date=%Q, copyright=%Q, description=%Q, track_num=%Q, picture=%Q" - -#define DB_INSERT_INTO_SERVER_TABLE "INSERT INTO '%q' (server_name) VALUES ('%q');" -#define DB_DELETE_FROM_SERVER_TABLE "DELETE FROM %q WHERE server_name = '%q';" - #define DB_SELECT_LATEST_SERVER_NAME "SELECT server_name FROM "MC_DB_TABLE_LATEST_SERVER";" #define DB_SELECT_ALL_SERVER_LIST "SELECT server_name FROM "MC_DB_TABLE_SERVER_LIST";" @@ -64,11 +57,10 @@ int mc_db_get_shuffle_mode(void *handle, const char *server_name, mc_shuffle_mod int mc_db_get_repeat_mode(void *handle, const char *server_name, mc_repeat_mode_e *mode); int mc_db_get_playlist(void *handle, const char *server_name, char **playlist_name, bundle **playlist); -int mc_db_insert_server_address_into_table(void *db_handle, const char *table_name, char *address); -int mc_db_delete_server_address_from_table(void *db_handle, const char *table_name, char *address); +int mc_db_insert_server_address_into_server_list(void *db_handle, const char *address); +int mc_db_delete_server_address_from_table(void *db_handle, const char *address); int mc_db_foreach_server_list(void *handle, mc_activated_server_cb callback, void *user_data); -int mc_db_update_server_state(void *handle, const char *server_name, mc_server_state_e server_state); int mc_db_update_server_and_playback_state(void *handle, const char *server_name, mc_server_state_e server_state, mc_playback_states_e playback_state); int mc_db_update_latest_server_table(void *handle, const char *server_name); int mc_db_remove_playlist(void *handle, const char *server_name); diff --git a/include/media_controller_private.h b/include/media_controller_private.h index bb7903d..03e0923 100755 --- a/include/media_controller_private.h +++ b/include/media_controller_private.h @@ -168,6 +168,20 @@ extern "C" { #define MC_COMMAND_PLAY_PLAYLIST "_playlist_cmd_" +#define MC_DB_CMD_CREATE_SERVER "DB_CMD_CREATE_SERVER" /* Create New Server Table*/ +#define MC_DB_CMD_UPDATE_SERVER_LIST "DB_CMD_UPDATE_SERVER_LIST" /* Update Server Name*/ +#define MC_DB_CMD_UPDATE_PLAYBACK "DB_CMD_UPDATE_PLAYBACK" /* Update Server Playback info*/ +#define MC_DB_CMD_UPDATE_STATE_PLAYBACK "DB_CMD_UPDATE_STATE_PLAYBACK" /* Update Server State and Playback state*/ +#define MC_DB_CMD_UPDATE_META "DB_CMD_UPDATE_META" /* Update Server Meta info*/ +#define MC_DB_CMD_UPDATE_SHUFFLE "DB_CMD_UPDATE_SHUFFLE" /* Update Server Shuffle mode*/ +#define MC_DB_CMD_UPDATE_REPEAT "DB_CMD_UPDATE_REPEAT" /* Update Server Repeat mode*/ +#define MC_DB_CMD_UPDATE_LATEST "DB_CMD_UPDATE_LATEST" /* Update Latest Server info*/ +#define MC_DB_CMD_UPDATE_PLAYLIST "DB_CMD_UPDATE_PLAYLIST" /* Update Server Playlist*/ +#define MC_DB_CMD_REMOVE_SERVER "DB_CMD_REMOVE_SERVER" /* Remove Server info*/ +#define MC_DB_CMD_REMOVE_PLAYLIST "DB_CMD_REMOVE_PLAYLIST" /* Remove Server State*/ +#define MC_DB_CMD_REMOVE_SERVER_LIST "DB_CMD_REMOVE_SERVER_LIST" /* Remove Server from Server List*/ + + #define DEFAULT_USER_UID 5001 /* owner */ #define MC_MILLISEC_SLEEP(msec) \ diff --git a/packaging/capi-media-controller.spec b/packaging/capi-media-controller.spec index e5783c4..376d1c4 100755 --- a/packaging/capi-media-controller.spec +++ b/packaging/capi-media-controller.spec @@ -1,6 +1,6 @@ Name: capi-media-controller Summary: A media controller library in Tizen Native API -Version: 0.1.56 +Version: 0.1.57 Release: 1 Group: Multimedia/API License: Apache-2.0 diff --git a/src/media_controller_db.c b/src/media_controller_db.c index eba136d..f023404 100755 --- a/src/media_controller_db.c +++ b/src/media_controller_db.c @@ -278,11 +278,16 @@ int mc_db_update_playback_info(void *handle, const char *server_name, int playba mc_retvm_if(handle == NULL, MEDIA_CONTROLLER_ERROR_INVALID_PARAMETER, "Handle is NULL"); mc_retvm_if(server_name == NULL, MEDIA_CONTROLLER_ERROR_INVALID_PARAMETER, "server_name is NULL"); - sql_str = sqlite3_mprintf("UPDATE '%q' SET playback_state=%d, playback_position=%llu, playlist_index=%Q;", server_name, playback_state, playback_position, index); + sql_str = g_strdup_printf("%s%s%s%s%d%s%llu%s%s", MC_DB_CMD_UPDATE_PLAYBACK, MC_STRING_DELIMITER, + server_name, MC_STRING_DELIMITER, + playback_state, MC_STRING_DELIMITER, + playback_position, MC_STRING_DELIMITER, + index); + mc_retvm_if(sql_str == NULL, MEDIA_CONTROLLER_ERROR_INVALID_OPERATION, "fail making sql_str"); ret = __mc_db_update_db(handle, sql_str); - SQLITE3_SAFE_FREE(sql_str); + MC_SAFE_FREE(sql_str); return ret; } @@ -297,12 +302,23 @@ int mc_db_update_whole_metadata(void *handle, const char *server_name, mc_retvm_if(handle == NULL, MEDIA_CONTROLLER_ERROR_INVALID_PARAMETER, "Handle is NULL"); mc_retvm_if(server_name == NULL, MEDIA_CONTROLLER_ERROR_INVALID_PARAMETER, "server_name is NULL"); - sql_str = sqlite3_mprintf(DB_UPDATE_METADATA_INFO_INFO_SERVER_TABLE, server_name, - title, artist, album, author, genre, duration, date, copyright, description, track_num, picture); + sql_str = g_strdup_printf("%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s", MC_DB_CMD_UPDATE_META, MC_STRING_DELIMITER, server_name, MC_STRING_DELIMITER, + title, MC_STRING_DELIMITER, + artist, MC_STRING_DELIMITER, + album, MC_STRING_DELIMITER, + author, MC_STRING_DELIMITER, + genre, MC_STRING_DELIMITER, + duration, MC_STRING_DELIMITER, + date, MC_STRING_DELIMITER, + copyright, MC_STRING_DELIMITER, + description, MC_STRING_DELIMITER, + track_num, MC_STRING_DELIMITER, + picture); + ret = __mc_db_update_db(handle, sql_str); - SQLITE3_SAFE_FREE(sql_str); + MC_SAFE_FREE(sql_str); return ret; } @@ -315,11 +331,11 @@ int mc_db_update_shuffle_mode(void *handle, const char *server_name, int shuffle mc_retvm_if(handle == NULL, MEDIA_CONTROLLER_ERROR_INVALID_PARAMETER, "Handle is NULL"); mc_retvm_if(server_name == NULL, MEDIA_CONTROLLER_ERROR_INVALID_PARAMETER, "server_name is NULL"); - sql_str = sqlite3_mprintf(DB_UPDATE_SHUFFLE_MODE_INTO_SERVER_TABLE, server_name, shuffle_mode); + sql_str = g_strdup_printf("%s%s%s%s%d", MC_DB_CMD_UPDATE_SHUFFLE, MC_STRING_DELIMITER, server_name, MC_STRING_DELIMITER, shuffle_mode); ret = __mc_db_update_db(handle, sql_str); - SQLITE3_SAFE_FREE(sql_str); + MC_SAFE_FREE(sql_str); return ret; } @@ -332,11 +348,11 @@ int mc_db_update_repeat_mode(void *handle, const char *server_name, int repeat_m mc_retvm_if(handle == NULL, MEDIA_CONTROLLER_ERROR_INVALID_PARAMETER, "Handle is NULL"); mc_retvm_if(server_name == NULL, MEDIA_CONTROLLER_ERROR_INVALID_PARAMETER, "server_name is NULL"); - sql_str = sqlite3_mprintf(DB_UPDATE_REPEAT_MODE_INTO_SERVER_TABLE, server_name, repeat_mode); + sql_str = g_strdup_printf("%s%s%s%s%d", MC_DB_CMD_UPDATE_REPEAT, MC_STRING_DELIMITER, server_name, MC_STRING_DELIMITER, repeat_mode); ret = __mc_db_update_db(handle, sql_str); - SQLITE3_SAFE_FREE(sql_str); + MC_SAFE_FREE(sql_str); return ret; } @@ -553,34 +569,36 @@ int mc_db_get_playlist(void *handle, const char *server_name, char **playlist_na return __db_get_playlist(handle, server_name, playlist_name, playlist); } -int mc_db_insert_server_address_into_table(void *handle, const char *table_name, char *address) +int mc_db_insert_server_address_into_server_list(void *handle, const char *address) { int ret = MEDIA_CONTROLLER_ERROR_NONE; char *sql_str = NULL; mc_retvm_if(handle == NULL, MEDIA_CONTROLLER_ERROR_INVALID_PARAMETER, "Handle is NULL"); + mc_retvm_if(!MC_STRING_VALID(address), MEDIA_CONTROLLER_ERROR_INVALID_PARAMETER, "invalid address"); - sql_str = sqlite3_mprintf(DB_INSERT_INTO_SERVER_TABLE, table_name, address); + sql_str = g_strdup_printf("%s%s%s", MC_DB_CMD_UPDATE_SERVER_LIST, MC_STRING_DELIMITER, address); ret = __mc_db_update_db(handle, sql_str); - SQLITE3_SAFE_FREE(sql_str); + MC_SAFE_FREE(sql_str); return ret; } -int mc_db_delete_server_address_from_table(void *handle, const char *table_name, char *address) +int mc_db_delete_server_address_from_table(void *handle, const char *address) { int ret = MEDIA_CONTROLLER_ERROR_NONE; char *sql_str = NULL; mc_retvm_if(handle == NULL, MEDIA_CONTROLLER_ERROR_INVALID_PARAMETER, "Handle is NULL"); + mc_retvm_if(!MC_STRING_VALID(address), MEDIA_CONTROLLER_ERROR_INVALID_PARAMETER, "invalid address"); - sql_str = sqlite3_mprintf(DB_DELETE_FROM_SERVER_TABLE, table_name, address); + sql_str = g_strdup_printf("%s%s%s", MC_DB_CMD_REMOVE_SERVER_LIST, MC_STRING_DELIMITER, address); ret = __mc_db_update_db(handle, sql_str); - SQLITE3_SAFE_FREE(sql_str); + MC_SAFE_FREE(sql_str); return ret; } @@ -612,31 +630,11 @@ int mc_db_create_server_table(void *handle, const char *server_name) mc_retvm_if(handle == NULL, MEDIA_CONTROLLER_ERROR_INVALID_PARAMETER, "Handle is NULL"); mc_retvm_if(server_name == NULL, MEDIA_CONTROLLER_ERROR_INVALID_PARAMETER, "server_name is NULL"); - sql_str = sqlite3_mprintf("CREATE TABLE IF NOT EXISTS '%q' (\ - server_name TEXT PRIMARY KEY, \ - server_state INTEGER DEFAULT 1, \ - playback_state INTEGER DEFAULT 0, \ - playback_position INTEGER DEFAULT 0, \ - playlist_index TEXT, \ - title TEXT, \ - artist TEXT, \ - album TEXT, \ - author TEXT, \ - genre TEXT, \ - duration INTEGER DEFAULT 0, \ - date TEXT, \ - copyright TEXT, \ - description TEXT, \ - track_num TEXT, \ - picture TEXT, \ - shuffle_mode INTEGER DEFAULT 1, \ - repeat_mode INTEGER DEFAULT 1 \ - );", - server_name); + sql_str = g_strdup_printf("%s%s%s", MC_DB_CMD_CREATE_SERVER, MC_STRING_DELIMITER, server_name); ret = __mc_db_update_db(handle, sql_str); - SQLITE3_SAFE_FREE(sql_str); + MC_SAFE_FREE(sql_str); return ret; } @@ -649,11 +647,11 @@ int mc_db_delete_server_table(void *handle, const char *server_name) mc_retvm_if(handle == NULL, MEDIA_CONTROLLER_ERROR_INVALID_PARAMETER, "Handle is NULL"); mc_retvm_if(server_name == NULL, MEDIA_CONTROLLER_ERROR_INVALID_PARAMETER, "server_name is NULL"); - sql_str = sqlite3_mprintf("DROP TABLE IF EXISTS '%q'", server_name); + sql_str = g_strdup_printf("%s%s%s", MC_DB_CMD_REMOVE_SERVER, MC_STRING_DELIMITER, server_name); ret = __mc_db_update_db(handle, sql_str); - SQLITE3_SAFE_FREE(sql_str); + MC_SAFE_FREE(sql_str); return ret; } @@ -745,23 +743,6 @@ int mc_db_foreach_server_list(void *handle, mc_activated_server_cb callback, voi return MEDIA_CONTROLLER_ERROR_NONE; } -int mc_db_update_server_state(void *handle, const char *server_name, mc_server_state_e server_state) -{ - int ret = MEDIA_CONTROLLER_ERROR_NONE; - char *sql_str = NULL; - - mc_retvm_if(handle == NULL, MEDIA_CONTROLLER_ERROR_INVALID_PARAMETER, "Handle is NULL"); - mc_retvm_if(server_name == NULL, MEDIA_CONTROLLER_ERROR_INVALID_PARAMETER, "server_name is NULL"); - - sql_str = sqlite3_mprintf("UPDATE '%q' SET server_state=%d;", server_name, server_state); - - ret = __mc_db_update_db(handle, sql_str); - - SQLITE3_SAFE_FREE(sql_str); - - return ret; -} - int mc_db_update_server_and_playback_state(void *handle, const char *server_name, mc_server_state_e server_state, mc_playback_states_e playback_state) { int ret = MEDIA_CONTROLLER_ERROR_NONE; @@ -770,11 +751,11 @@ int mc_db_update_server_and_playback_state(void *handle, const char *server_name mc_retvm_if(handle == NULL, MEDIA_CONTROLLER_ERROR_INVALID_PARAMETER, "Handle is NULL"); mc_retvm_if(server_name == NULL, MEDIA_CONTROLLER_ERROR_INVALID_PARAMETER, "server_name is NULL"); - sql_str = sqlite3_mprintf("UPDATE '%q' SET server_state=%d, playback_state=%d;", server_name, server_state, playback_state); + sql_str = g_strdup_printf("%s%s%s%s%d%s%d", MC_DB_CMD_UPDATE_STATE_PLAYBACK, MC_STRING_DELIMITER, server_name, MC_STRING_DELIMITER, server_state, MC_STRING_DELIMITER, playback_state); ret = __mc_db_update_db(handle, sql_str); - SQLITE3_SAFE_FREE(sql_str); + MC_SAFE_FREE(sql_str); return ret; } @@ -787,11 +768,11 @@ int mc_db_update_latest_server_table(void *handle, const char *server_name) mc_retvm_if(handle == NULL, MEDIA_CONTROLLER_ERROR_INVALID_PARAMETER, "Handle is NULL"); mc_retvm_if(server_name == NULL, MEDIA_CONTROLLER_ERROR_INVALID_PARAMETER, "server_name is NULL"); - sql_str = sqlite3_mprintf("DELETE FROM '%q'; INSERT INTO '%q' (server_name) VALUES ('%q');", MC_DB_TABLE_LATEST_SERVER, MC_DB_TABLE_LATEST_SERVER, server_name); + sql_str = g_strdup_printf("%s%s%s", MC_DB_CMD_UPDATE_LATEST, MC_STRING_DELIMITER, server_name); ret = __mc_db_update_db(handle, sql_str); - SQLITE3_SAFE_FREE(sql_str); + MC_SAFE_FREE(sql_str); return ret; } @@ -804,11 +785,11 @@ int mc_db_remove_playlist(void *handle, const char *server_name) mc_retvm_if(handle == NULL, MEDIA_CONTROLLER_ERROR_INVALID_PARAMETER, "Handle is NULL"); mc_retvm_if(server_name == NULL, MEDIA_CONTROLLER_ERROR_INVALID_PARAMETER, "server_name is NULL"); - sql_str = sqlite3_mprintf("DELETE FROM '%q' WHERE server_name='%q';", MC_DB_TABLE_PLAYLIST, server_name); + sql_str = g_strdup_printf("%s%s%s", MC_DB_CMD_REMOVE_PLAYLIST, MC_STRING_DELIMITER, server_name); ret = __mc_db_update_db(handle, sql_str); - SQLITE3_SAFE_FREE(sql_str); + MC_SAFE_FREE(sql_str); return ret; } @@ -817,7 +798,6 @@ int mc_db_update_playlist(void *handle, const char *server_name, const char *pla { int ret = MEDIA_CONTROLLER_ERROR_NONE; char *sql_str = NULL; - const char *db_fields = "server_name, playlist_name, data, data_size"; bundle_raw *raw_data = NULL; int size_r = 0; @@ -830,12 +810,13 @@ int mc_db_update_playlist(void *handle, const char *server_name, const char *pla mc_retvm_if(ret != MEDIA_CONTROLLER_ERROR_NONE, MEDIA_CONTROLLER_ERROR_INVALID_OPERATION, "fail while encoding bundle [%d]", ret); } - sql_str = sqlite3_mprintf("INSERT INTO '%q' (%q) VALUES (%Q, %Q, %Q, %d);", MC_DB_TABLE_PLAYLIST, db_fields, server_name, playlist_name, raw_data, size_r); + sql_str = g_strdup_printf("%s%s%s%s%s%s%s%s%d", MC_DB_CMD_UPDATE_PLAYLIST, MC_STRING_DELIMITER, server_name, + MC_STRING_DELIMITER, playlist_name, MC_STRING_DELIMITER, raw_data, MC_STRING_DELIMITER, size_r); ret = __mc_db_update_db(handle, sql_str); - SQLITE3_SAFE_FREE(sql_str); MC_SAFE_FREE(raw_data); + MC_SAFE_FREE(sql_str); return ret; } diff --git a/src/media_controller_server.c b/src/media_controller_server.c index 9addb88..d2697fd 100755 --- a/src/media_controller_server.c +++ b/src/media_controller_server.c @@ -979,7 +979,7 @@ int mc_server_create(mc_server_h *server) if (table_exist && is_latest) { //To keep latest server's metadata - ret = mc_db_delete_server_address_from_table(mc_server->db_handle, MC_DB_TABLE_SERVER_LIST, mc_server->server_name); + ret = mc_db_delete_server_address_from_table(mc_server->db_handle, mc_server->server_name); if (ret != MEDIA_CONTROLLER_ERROR_NONE) { mc_error("mc_db_delete_server_address_from_table failed [%d]", ret); __mc_server_destoy(mc_server); @@ -1000,7 +1000,7 @@ int mc_server_create(mc_server_h *server) __mc_server_destoy(mc_server); return ret; } - ret = mc_db_delete_server_address_from_table(mc_server->db_handle, MC_DB_TABLE_SERVER_LIST, mc_server->server_name); + ret = mc_db_delete_server_address_from_table(mc_server->db_handle, mc_server->server_name); if (ret != MEDIA_CONTROLLER_ERROR_NONE) { mc_error("mc_db_delete_server_address_from_table failed [%d]", ret); __mc_server_destoy(mc_server); @@ -1015,16 +1015,9 @@ int mc_server_create(mc_server_h *server) __mc_server_destoy(mc_server); return ret; } - - ret = mc_db_insert_server_address_into_table(mc_server->db_handle, mc_server->server_name, mc_server->server_name); - if (ret != MEDIA_CONTROLLER_ERROR_NONE) { - mc_error("fail mc_db_insert_server_address_into_table [%d]", ret); - __mc_server_destoy(mc_server); - return ret; - } } - ret = mc_db_insert_server_address_into_table(mc_server->db_handle, MC_DB_TABLE_SERVER_LIST, mc_server->server_name); + ret = mc_db_insert_server_address_into_server_list(mc_server->db_handle, mc_server->server_name); if (ret != MEDIA_CONTROLLER_ERROR_NONE) { mc_error("fail mc_db_insert_server_address_into_table [%d]", ret); __mc_server_destoy(mc_server); @@ -1056,7 +1049,7 @@ int mc_server_destroy(mc_server_h server) if (ret != MEDIA_CONTROLLER_ERROR_NONE) mc_error("fail mc_ipc_unregister_all_listener [%d]", ret); - ret = mc_db_delete_server_address_from_table(mc_server->db_handle, MC_DB_TABLE_SERVER_LIST, mc_server->server_name); + ret = mc_db_delete_server_address_from_table(mc_server->db_handle, mc_server->server_name); if (ret != MEDIA_CONTROLLER_ERROR_NONE) mc_error("fail mc_db_delete_server_address_from_table [%d]", ret); diff --git a/svc/include/media_controller_db_util.h b/svc/include/media_controller_db_util.h index d179e2b..cb8a8bb 100755 --- a/svc/include/media_controller_db_util.h +++ b/svc/include/media_controller_db_util.h @@ -26,5 +26,7 @@ int mc_db_util_create_tables(void *handle); int mc_db_util_update_db(void *handle, const char *sql_str); int mc_db_util_delete_whole_server_tables(void *handle); int mc_db_util_init_latest_server_table(void *handle); +int mc_db_parse_and_update_db(const char *data, int data_size, char **result_query); + #endif /*__TIZEN_MEDIA_CONTROLLER_DB_UTIL_H__*/ diff --git a/svc/media_controller_db_util.c b/svc/media_controller_db_util.c index d6b2fd8..637d534 100755 --- a/svc/media_controller_db_util.c +++ b/svc/media_controller_db_util.c @@ -205,6 +205,42 @@ static char* __mc_get_db_name(uid_t uid) return result_psswd_rtn; } +int mc_safe_strtoi(const char *buffer, int *value) +{ + char *end = NULL; + errno = 0; + mc_retvm_if(buffer == NULL || value == NULL, MEDIA_CONTROLLER_ERROR_INVALID_PARAMETER, "invalid parameter"); + + const long sl = strtol(buffer, &end, 10); + + mc_retvm_if(end == buffer, MEDIA_CONTROLLER_ERROR_INVALID_OPERATION, "not a decimal number"); + mc_retvm_if('\0' != *end, MEDIA_CONTROLLER_ERROR_INVALID_OPERATION, "extra characters at end of input: %s", end); + mc_retvm_if((LONG_MIN == sl || LONG_MAX == sl) && (ERANGE == errno), MEDIA_CONTROLLER_ERROR_INVALID_OPERATION, "out of range of type long"); + mc_retvm_if(sl > INT_MAX, MEDIA_CONTROLLER_ERROR_INVALID_OPERATION, "greater than INT_MAX"); + mc_retvm_if(sl < INT_MIN, MEDIA_CONTROLLER_ERROR_INVALID_OPERATION, "smaller than INT_MIN"); + + *value = (int)sl; + + return MEDIA_CONTROLLER_ERROR_NONE; +} + +int mc_safe_strtoull(const char *buffer, unsigned long long *value) +{ + char *end = NULL; + errno = 0; + mc_retvm_if(buffer == NULL || value == NULL, MEDIA_CONTROLLER_ERROR_INVALID_PARAMETER, "invalid parameter"); + + const unsigned long long ull = strtoull(buffer, &end, 10); + + mc_retvm_if(end == buffer, MEDIA_CONTROLLER_ERROR_INVALID_OPERATION, "not a decimal number"); + mc_retvm_if('\0' != *end, MEDIA_CONTROLLER_ERROR_INVALID_OPERATION, "extra characters at end of input: %s", end); + mc_retvm_if((ULLONG_MAX == ull) && (ERANGE == errno), MEDIA_CONTROLLER_ERROR_INVALID_OPERATION, "out of range of type long"); + + *value = (unsigned long long)ull; + + return MEDIA_CONTROLLER_ERROR_NONE; +} + int mc_db_util_connect(void **handle, uid_t uid) { int ret = MEDIA_CONTROLLER_ERROR_NONE; @@ -410,3 +446,144 @@ int mc_db_util_init_latest_server_table(void *handle) return ret; } + +int mc_db_parse_and_update_db(const char *data, int data_size, char **result_query) +{ + int ret = MEDIA_CONTROLLER_ERROR_NONE; + char *sql_str = NULL; + gchar **params = NULL; + int i_value = 0; + int i_value_1 = 0; + unsigned long long llu_value = 0; + + mc_retvm_if(data == NULL, MEDIA_CONTROLLER_ERROR_INVALID_PARAMETER, "data is NULL"); + mc_retvm_if(data_size <= 0 , MEDIA_CONTROLLER_ERROR_INVALID_PARAMETER, "invalid data_size"); + + params = g_strsplit(data, MC_STRING_DELIMITER, 0); + mc_retvm_if(params == NULL, MEDIA_CONTROLLER_ERROR_INVALID_OPERATION, "fail to parsing query"); + + if (params[0] == NULL || params[1] == NULL) { + mc_error("wrong query"); + ret = MEDIA_CONTROLLER_ERROR_INVALID_OPERATION; + goto ERROR; + } + + if (strncmp(MC_DB_CMD_CREATE_SERVER, params[0], strlen(MC_DB_CMD_CREATE_SERVER)) == 0) { + sql_str = sqlite3_mprintf("CREATE TABLE IF NOT EXISTS '%q' (\ + server_name TEXT PRIMARY KEY, \ + server_state INTEGER DEFAULT 1, \ + playback_state INTEGER DEFAULT 0, \ + playback_position INTEGER DEFAULT 0, \ + playlist_index TEXT, \ + title TEXT, \ + artist TEXT, \ + album TEXT, \ + author TEXT, \ + genre TEXT, \ + duration INTEGER DEFAULT 0, \ + date TEXT, \ + copyright TEXT, \ + description TEXT, \ + track_num TEXT, \ + picture TEXT, \ + shuffle_mode INTEGER DEFAULT 1, \ + repeat_mode INTEGER DEFAULT 1 \ + );INSERT INTO '%q' (server_name) VALUES ('%q');", + params[1], params[1], params[1]); + + } else if (strncmp(MC_DB_CMD_UPDATE_SERVER_LIST, params[0], strlen(MC_DB_CMD_UPDATE_SERVER_LIST)) == 0) { + sql_str = sqlite3_mprintf("INSERT INTO '%q' (server_name) VALUES ('%q');", MC_DB_TABLE_SERVER_LIST, params[1]); + + } else if (strncmp(MC_DB_CMD_UPDATE_STATE_PLAYBACK, params[0], strlen(MC_DB_CMD_UPDATE_STATE_PLAYBACK)) == 0) { + if (params[2] == NULL || params[3] == NULL) { + mc_error("wrong query"); + ret = MEDIA_CONTROLLER_ERROR_INVALID_OPERATION; + goto ERROR; + } + + mc_safe_strtoi(params[2], &i_value); + mc_safe_strtoi(params[3], &i_value_1); + + sql_str = sqlite3_mprintf("UPDATE '%q' SET server_state=%d, playback_state=%d;", params[1], i_value, i_value_1); + + } else if (strncmp(MC_DB_CMD_UPDATE_PLAYBACK, params[0], strlen(MC_DB_CMD_UPDATE_PLAYBACK)) == 0) { + if (params[2] == NULL || params[3] == NULL || params[4] == NULL) { + mc_error("wrong query"); + ret = MEDIA_CONTROLLER_ERROR_INVALID_OPERATION; + goto ERROR; + } + + mc_safe_strtoi(params[2], &i_value); + mc_safe_strtoull(params[3], &llu_value); + sql_str = sqlite3_mprintf("UPDATE '%q' SET playback_state=%d, playback_position=%llu, playlist_index=%Q;", params[1], i_value, llu_value, params[4]); + + } else if (strncmp(MC_DB_CMD_UPDATE_META, params[0], strlen(MC_DB_CMD_UPDATE_META)) == 0) { + sql_str = sqlite3_mprintf("UPDATE '%q' SET title=%Q, artist=%Q, album=%Q, author=%Q, genre=%Q, duration=%Q, date=%Q, copyright=%Q, description=%Q, track_num=%Q, picture=%Q", + params[1], params[2], params[3], params[4], params[5], params[6], params[7], params[8], params[9], params[10], params[11], params[12]); + + } else if (strncmp(MC_DB_CMD_UPDATE_SHUFFLE, params[0], strlen(MC_DB_CMD_UPDATE_SHUFFLE)) == 0) { + if (params[2] == NULL) { + mc_error("wrong query"); + ret = MEDIA_CONTROLLER_ERROR_INVALID_OPERATION; + goto ERROR; + } + + mc_safe_strtoi(params[2], &i_value); + sql_str = sqlite3_mprintf("UPDATE '%q' SET shuffle_mode=%d;", params[1], i_value); + + } else if (strncmp(MC_DB_CMD_UPDATE_REPEAT, params[0], strlen(MC_DB_CMD_UPDATE_REPEAT)) == 0) { + if (params[2] == NULL) { + mc_error("wrong query"); + ret = MEDIA_CONTROLLER_ERROR_INVALID_OPERATION; + goto ERROR; + } + + mc_safe_strtoi(params[2], &i_value); + sql_str = sqlite3_mprintf("UPDATE '%q' SET repeat_mode=%d;", params[1], i_value); + + } else if (strncmp(MC_DB_CMD_UPDATE_LATEST, params[0], strlen(MC_DB_CMD_UPDATE_LATEST)) == 0) { + sql_str = sqlite3_mprintf("DELETE FROM '%q'; INSERT INTO '%q' (server_name) VALUES ('%q');", MC_DB_TABLE_LATEST_SERVER, MC_DB_TABLE_LATEST_SERVER, params[1]); + + } else if (strncmp(MC_DB_CMD_UPDATE_PLAYLIST, params[0], strlen(MC_DB_CMD_UPDATE_PLAYLIST)) == 0) { + if (params[2] == NULL || params[3] == NULL || params[4] == NULL) { + mc_error("wrong query"); + ret = MEDIA_CONTROLLER_ERROR_INVALID_OPERATION; + goto ERROR; + } + + mc_safe_strtoi(params[4], &i_value); + + sql_str = sqlite3_mprintf("INSERT INTO '%q' (server_name, playlist_name, data, data_size) VALUES (%Q, %Q, %Q, %d);", MC_DB_TABLE_PLAYLIST, + params[1], params[2], params[3], i_value); + + } else if (strncmp(MC_DB_CMD_REMOVE_SERVER_LIST, params[0], strlen(MC_DB_CMD_REMOVE_SERVER_LIST)) == 0) { + sql_str = sqlite3_mprintf("DELETE FROM %q WHERE server_name = '%q';", MC_DB_TABLE_SERVER_LIST, params[1]); + + } else if (strncmp(MC_DB_CMD_REMOVE_SERVER, params[0], strlen(MC_DB_CMD_REMOVE_SERVER)) == 0) { + sql_str = sqlite3_mprintf("DROP TABLE IF EXISTS '%q'", params[1]); + + } else if (strncmp(MC_DB_CMD_REMOVE_PLAYLIST, params[0], strlen(MC_DB_CMD_REMOVE_PLAYLIST)) == 0) { + sql_str = sqlite3_mprintf("DELETE FROM '%q' WHERE server_name='%q';", MC_DB_TABLE_PLAYLIST, params[1]); + + } else { + mc_error("wrong request"); + ret = MEDIA_CONTROLLER_ERROR_INVALID_OPERATION; + goto ERROR; + } + + if (sql_str == NULL) { + mc_error("sql_str is NULL"); + ret = MEDIA_CONTROLLER_ERROR_OUT_OF_MEMORY; + goto ERROR; + } + +ERROR: + g_strfreev(params); + + if (sql_str != NULL) { + *result_query = g_strdup(sql_str); + SQLITE3_SAFE_FREE(sql_str); + } + + return ret; +} diff --git a/svc/media_controller_svc.c b/svc/media_controller_svc.c index 4786d4c..ae2ff9a 100755 --- a/svc/media_controller_svc.c +++ b/svc/media_controller_svc.c @@ -408,24 +408,38 @@ gboolean _mc_service_process(gpointer data) } if (request_msg->msg_type == MC_MSG_DB_UPDATE) { - char *sql_query = NULL; - sql_query = strndup(request_msg->msg, request_msg->msg_size); - if (sql_query != NULL) { - void* _db_handle; - res = mc_db_util_connect(&_db_handle, request_msg->uid); - if (res != MEDIA_CONTROLLER_ERROR_NONE) - mc_error("mc_db_util_connect error : %d", res); - - res = mc_db_util_update_db(_db_handle, sql_query); - if (res != MEDIA_CONTROLLER_ERROR_NONE) - mc_error("media_db_update_db error : %d", res); - - mc_db_util_disconnect(_db_handle); - - send_msg = res; - MC_SAFE_FREE(sql_query); + char *query_data = NULL; + char *result_query = NULL; + void* _db_handle; + + if (!MC_STRING_VALID(request_msg->msg) || request_msg->msg_size == 0) { + mc_error("wrong msg [%d]", request_msg->msg_size); + send_msg = MEDIA_CONTROLLER_ERROR_INVALID_OPERATION; } else { - send_msg = MEDIA_CONTROLLER_ERROR_OUT_OF_MEMORY; + query_data = strndup(request_msg->msg, request_msg->msg_size); + if (query_data != NULL) { + res = mc_db_parse_and_update_db(query_data, request_msg->msg_size, &result_query); + if ((res == MEDIA_CONTROLLER_ERROR_NONE) && (result_query != NULL)) { + + res = mc_db_util_connect(&_db_handle, request_msg->uid); + if (res != MEDIA_CONTROLLER_ERROR_NONE) + mc_error("mc_db_util_connect error : %d", res); + + res = mc_db_util_update_db(_db_handle, result_query); + if (res != MEDIA_CONTROLLER_ERROR_NONE) + mc_error("media_db_update_db error : %d", res); + + mc_db_util_disconnect(_db_handle); + } else { + mc_error("mc_db_parse_and_update_db error : %d", res); + } + + send_msg = res; + MC_SAFE_FREE(query_data); + MC_SAFE_FREE(result_query); + } else { + send_msg = MEDIA_CONTROLLER_ERROR_OUT_OF_MEMORY; + } } } else if (request_msg->msg_type == MC_MSG_CLIENT_SET) { send_msg = _mc_service_set_data(&(_service_data->connected), request_msg);