From d7175b70b67951531febed80655a1e043471f20e Mon Sep 17 00:00:00 2001
From: Daniel Berteaud <daniel@firewall-services.com>
Date: Tue, 14 Oct 2014 19:12:12 +0200
Subject: [PATCH] Cleanup SQL query in signalmaster

---
 signalmaster/server.js | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/signalmaster/server.js b/signalmaster/server.js
index 55f179d..d92b0dd 100644
--- a/signalmaster/server.js
+++ b/signalmaster/server.js
@@ -38,7 +38,12 @@ function safeCb(cb) {
 }
 
 function checkRoom(room,token,user,cb) {
-   var q = "SELECT `participant` FROM `room_participants` WHERE `participant`=" + sql.escape(user) + " AND `room_id` IN (SELECT `id` FROM `rooms` WHERE `name`=" + sql.escape(room) + " AND `token`=" + sql.escape(token) + ");";
+   var q = 'SELECT `p`.`participant` FROM ' +
+              '`room_participants` `p`, `rooms` `r` ' +
+              'WHERE `p`.`participant`=' + sql.escape(user) + 
+              '  AND `p`.`room_id`=`r`.`id` ' +
+              '  AND `r`.`name`=' + sql.escape(room) +
+              '  AND `r`.`token`=' + sql.escape(token);
    console.log('Checking if ' + user + ' is allowed to join room ' + room + ' using token ' + token);
    sql.query(q, function(err, rows, fields) {
       if (err){