From 0c5f4c813735d61a0370ea3b2d6ddad0159b5195 Mon Sep 17 00:00:00 2001
From: hj kim <backto.kim@samsung.com>
Date: Wed, 15 May 2019 15:50:40 +0900
Subject: [PATCH] Modify code not to send sqlite query directly regarding the
 playback info

Change-Id: I7af2494a073336a44f3cd44ca05098e864e9ad57
---
 src/media_controller_db.c                       | 23 +++++++++++++++++------
 svc/media_controller_db_util.c                  | 22 ++++++++++++++++++++--
 test/server_test/media_controller_server_test.c |  2 +-
 3 files changed, 38 insertions(+), 9 deletions(-)

diff --git a/src/media_controller_db.c b/src/media_controller_db.c
index 1c8702b..72986b4 100644
--- a/src/media_controller_db.c
+++ b/src/media_controller_db.c
@@ -199,19 +199,30 @@ static int __mc_db_get_count(void *handle, const char *sql_str)
 int mc_db_update_playback_info(const char *server_name, const media_controller_playback_s playback)
 {
 	int ret = MEDIA_CONTROLLER_ERROR_NONE;
-	char *_query = NULL;
 	char *sql_str = NULL;
 
 	mc_retvm_if(!server_name, MEDIA_CONTROLLER_ERROR_INVALID_PARAMETER, "Invalid server_name");
 
-	_query = sqlite3_mprintf("UPDATE '%q' SET playback_state=%d, playback_position=%llu, playlist_name=%Q, playlist_index=%Q, playback_content_type=%d, age_rating=%d;",
-				server_name, playback.state, playback.position, playback.playlist_name, playback.index, playback.content_type, playback.age_rating);
-
-	sql_str = g_strdup_printf("%s%s%s%s%d%s%s", MC_DB_CMD_UPDATE_PLAYBACK, MC_STRING_DELIMITER, server_name,  MC_STRING_DELIMITER, playback.state,  MC_STRING_DELIMITER, _query);
+	if (MC_STRING_VALID(playback.playlist_name) && MC_STRING_VALID(playback.index)) {
+		sql_str = g_strdup_printf("%s%s%s%s%d%s%llu%s%d%s%d%s%s%s%s", MC_DB_CMD_UPDATE_PLAYBACK, MC_STRING_DELIMITER,
+			server_name,  MC_STRING_DELIMITER,
+			playback.state,  MC_STRING_DELIMITER,
+			playback.position,  MC_STRING_DELIMITER,
+			playback.content_type, MC_STRING_DELIMITER,
+			playback.age_rating, MC_STRING_DELIMITER,
+			playback.playlist_name,  MC_STRING_DELIMITER,
+			playback.index);
+	} else {
+		sql_str = g_strdup_printf("%s%s%s%s%d%s%llu%s%d%s%d", MC_DB_CMD_UPDATE_PLAYBACK, MC_STRING_DELIMITER,
+			server_name,  MC_STRING_DELIMITER,
+			playback.state,  MC_STRING_DELIMITER,
+			playback.position,  MC_STRING_DELIMITER,
+			playback.content_type, MC_STRING_DELIMITER,
+			playback.age_rating);
+	}
 
 	ret = __mc_db_update_db(MC_PRIV_TYPE_SERVER, sql_str);
 
-	SQLITE3_SAFE_FREE(_query);
 	MC_SAFE_FREE(sql_str);
 
 	return ret;
diff --git a/svc/media_controller_db_util.c b/svc/media_controller_db_util.c
index e1f4126..1022bca 100644
--- a/svc/media_controller_db_util.c
+++ b/svc/media_controller_db_util.c
@@ -581,6 +581,8 @@ int mc_db_parse_and_update_db(uid_t uid, const char *data, int data_size)
 	char *sql_str = NULL;
 	gchar **params = NULL;
 	int i_value = 0;
+	int i_value_1 = 0;
+	int i_value_2 = 0;
 	unsigned long long llu_value = 0, llu_value2 = 0;
 	void* _db_handle = NULL;
 	gboolean is_query_from_client = FALSE;
@@ -598,8 +600,24 @@ int mc_db_parse_and_update_db(uid_t uid, const char *data, int data_size)
 	}
 
 	if (strncmp(MC_DB_CMD_UPDATE_PLAYBACK, params[0], strlen(MC_DB_CMD_UPDATE_PLAYBACK)) == 0) {
-		sql_str = params[3];
-		is_query_from_client = TRUE;
+		if (params[2] == NULL || params[3] == NULL || params[4] == NULL || params[5] == NULL) {
+			mc_error("invalid query");
+			ret = MEDIA_CONTROLLER_ERROR_INVALID_OPERATION;
+			goto ERROR;
+		}
+
+		mc_safe_strtoi(params[2], &i_value);
+		mc_safe_strtoull(params[3], &llu_value);
+		mc_safe_strtoi(params[4], &i_value_1);
+		mc_safe_strtoi(params[5], &i_value_2);
+
+		if (MC_STRING_VALID(params[6]) && MC_STRING_VALID(params[7])) {
+			sql_str = sqlite3_mprintf("UPDATE '%q' SET playback_state=%d, playback_position=%llu, playback_content_type=%d, age_rating=%d, playlist_name=%Q, playlist_index=%Q;",
+				params[1], i_value, llu_value, i_value_1, i_value_2, params[6], params[7]);
+		} else {
+			sql_str = sqlite3_mprintf("UPDATE '%q' SET playback_state=%d, playback_position=%llu, playback_content_type=%d, age_rating=%d, playlist_name=NULL, playlist_index=NULL;",
+				params[1], i_value, llu_value, i_value_1, i_value_2);
+		}
 
 	} else if (strncmp(MC_DB_CMD_UPDATE_META, params[0], strlen(MC_DB_CMD_UPDATE_META)) == 0) {
 		sql_str = params[1];
diff --git a/test/server_test/media_controller_server_test.c b/test/server_test/media_controller_server_test.c
index c42901d..e832d92 100755
--- a/test/server_test/media_controller_server_test.c
+++ b/test/server_test/media_controller_server_test.c
@@ -940,7 +940,7 @@ static void __display_set_info_menu(void)
 	g_print("----------------------------------------------------\n");
 	g_print("1. set server playback state\n");
 	g_print("2. set server playback position \n");
-	g_print("3. set server media id \n");
+	g_print("3. set server playlist and item index \n");
 	g_print("4. set server content type \n");
 	g_print("5. set server content age rating \n");
 	g_print("6. set server metadata name\n");
-- 
2.7.4