From 74cce8f8317cacc9f07404236710e68f279b3773 Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@helsinki.at>
Date: Wed, 16 Mar 2011 01:10:10 +0000
Subject: small refactoring


diff --git a/nopsyncd/qlistener.lua b/nopsyncd/qlistener.lua
index b7c74d8..e5cd4ab 100755
--- a/nopsyncd/qlistener.lua
+++ b/nopsyncd/qlistener.lua
@@ -25,6 +25,28 @@ mq = require "luamq"
 tempstorage = require "tempstorage"
 rddb = require "rddb"
 
+function handle_now(timestamp, nowcart, nowlen)
+   local results, err = rddb:getCartInfo(nowcart);
+   if results == nil then
+      io.stderr:write("can't fetch cart info: " .. err .. "\n")
+   else
+      -- TODO: insert into tempstorage
+      print(timestamp .. " Info: '" .. results.TITLE .. "' von '" .. results.ARTIST .. "' aus '" .. results.ALBUM .. "'")
+      pipe.signal()
+   end
+end
+
+function handle_message(msg)
+   local timestamp, nowcart, nowlen, nextcart, nextlen = string.match(msg, "^(%d+) (%d+) (%d+) (%d+) (%d+)$");
+   if not timestamp or not nowcart or not nowlen or not nextcart or not nextlen then
+      io.stderr:write("ignoring malformed message\n")
+   else
+      -- TODO sanity checks: is now info new or just next?
+      handle_now(timestamp, nowcart, nowlen)
+      -- TODO handle next info
+   end
+end
+
 function main_loop()
    local q, err = mq.create(queue_name, "ro")
    if q == nil then
@@ -53,19 +75,6 @@ function main_loop()
          tempstorage:close()
          os.exit(2)
       end
-      
-      local timestamp, nowcart, nowlen, nextcart, nextlen = string.match(msg, "^(%d+) (%d+) (%d+) (%d+) (%d+)$");
-      if not timestamp or not nowcart or not nowlen or not nextcart or not nextlen then
-         io.stderr:write("ignoring malformed message\n")
-      else
-         local results, err = rddb:getCartInfo(nowcart);
-         if results == nil then
-            io.stderr:write("can't fetch cart info: " .. err .. "\n")
-         else
-            -- TODO: insert into tempstorage
-            print(timestamp .. " Info: '" .. results.TITLE .. "' von '" .. results.ARTIST .. "' aus '" .. results.ALBUM .. "'")
-            pipe.signal()
-         end
-      end
+      handle_message(msg)
    end
 end
\ No newline at end of file
diff --git a/nopsyncd/rddb.lua b/nopsyncd/rddb.lua
index 1a16a4d..e7ed14e 100644
--- a/nopsyncd/rddb.lua
+++ b/nopsyncd/rddb.lua
@@ -41,8 +41,7 @@ function rddb:init()
 end
 
 function rddb:getCartInfo(cartnum)
-   -- TODO: SQL Injections!!!
-   local cur, err = self.con:execute("select TITLE,ARTIST,ALBUM from CART where NUMBER = " .. cartnum);
+   local cur, err = self.con:execute("select TITLE,ARTIST,ALBUM from CART where NUMBER = " .. self.con:escape(cartnum));
    if cur == nil then
       return nil, err
    end
@@ -55,6 +54,10 @@ function rddb:getCartInfo(cartnum)
    results, err = cur:fetch(results, "a")
    cur:close()
 
+   if results.TITLE == nil then results.TITLE = "" end
+   if results.ARTIST == nil then results.ARTIST = "" end
+   if results.ALBUM == nil then results.ALBUM = "" end
+
    return results, err
 end
 
-- 
cgit v0.10.2