diff options
author | swiergot <swiergot> | 2007-08-16 02:25:04 +0200 |
---|---|---|
committer | swiergot <swiergot> | 2007-08-16 02:25:04 +0200 |
commit | 14df0d4b8d95f4c0240c0bd98c6ce9b74706e3ca (patch) | |
tree | 6aa8f1250ffe26ffe980d5aa77205586a236dfb0 /web/lib | |
parent | fe84915465ac941356f50cc07925e3fd42615955 (diff) | |
download | aur-14df0d4b8d95f4c0240c0bd98c6ce9b74706e3ca.tar.gz aur-14df0d4b8d95f4c0240c0bd98c6ce9b74706e3ca.tar.xz |
- Applied a patch from Loui to fix session removal.
- Replaced all occurences of mysql_escape_string()
with mysql_real_escape_string().
Diffstat (limited to 'web/lib')
-rw-r--r-- | web/lib/acctfuncs.inc | 36 | ||||
-rw-r--r-- | web/lib/aur.inc | 22 | ||||
-rw-r--r-- | web/lib/pkgfuncs.inc | 26 |
3 files changed, 42 insertions, 42 deletions
diff --git a/web/lib/acctfuncs.inc b/web/lib/acctfuncs.inc index fe8aefbd..fa6df458 100644 --- a/web/lib/acctfuncs.inc +++ b/web/lib/acctfuncs.inc @@ -206,7 +206,7 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="", # NOTE: a race condition exists here if we care... # $q = "SELECT COUNT(*) AS CNT FROM Users "; - $q.= "WHERE Username = '".mysql_escape_string($U)."'"; + $q.= "WHERE Username = '".mysql_real_escape_string($U)."'"; if ($TYPE == "edit") { $q.= " AND ID != ".intval($UID); } @@ -224,7 +224,7 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="", # NOTE: a race condition exists here if we care... # $q = "SELECT COUNT(*) AS CNT FROM Users "; - $q.= "WHERE Email = '".mysql_escape_string($E)."'"; + $q.= "WHERE Email = '".mysql_real_escape_string($E)."'"; if ($TYPE == "edit") { $q.= " AND ID != ".intval($UID); } @@ -250,12 +250,12 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="", $P = md5($P); $q = "INSERT INTO Users (AccountTypeID, Suspended, Username, Email, "; $q.= "Passwd, RealName, LangPreference, IRCNick, NewPkgNotify) "; - $q.= "VALUES (1, 0, '".mysql_escape_string($U)."'"; - $q.= ", '".mysql_escape_string($E)."'"; - $q.= ", '".mysql_escape_string($P)."'"; - $q.= ", '".mysql_escape_string($R)."'"; - $q.= ", '".mysql_escape_string($L)."'"; - $q.= ", '".mysql_escape_string($I)."'"; + $q.= "VALUES (1, 0, '".mysql_real_escape_string($U)."'"; + $q.= ", '".mysql_real_escape_string($E)."'"; + $q.= ", '".mysql_real_escape_string($P)."'"; + $q.= ", '".mysql_real_escape_string($R)."'"; + $q.= ", '".mysql_real_escape_string($L)."'"; + $q.= ", '".mysql_real_escape_string($I)."'"; if ($N) { $q.= ", 1)"; } else { @@ -281,7 +281,7 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="", #md5 hash the password $q = "UPDATE Users SET "; - $q.= "Username = '".mysql_escape_string($U)."'"; + $q.= "Username = '".mysql_real_escape_string($U)."'"; if ($T) { $q.= ", AccountTypeID = ".intval($T); } @@ -290,13 +290,13 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="", } else { $q.= ", Suspended = 0"; } - $q.= ", Email = '".mysql_escape_string($E)."'"; + $q.= ", Email = '".mysql_real_escape_string($E)."'"; if ($P) { - $q.= ", Passwd = '".mysql_escape_string(md5($P))."'"; + $q.= ", Passwd = '".mysql_real_escape_string(md5($P))."'"; } - $q.= ", RealName = '".mysql_escape_string($R)."'"; - $q.= ", LangPreference = '".mysql_escape_string($L)."'"; - $q.= ", IRCNick = '".mysql_escape_string($I)."'"; + $q.= ", RealName = '".mysql_real_escape_string($R)."'"; + $q.= ", LangPreference = '".mysql_real_escape_string($L)."'"; + $q.= ", IRCNick = '".mysql_real_escape_string($I)."'"; $q.= ", NewPkgNotify = "; if ($N) { $q.= "1 "; @@ -435,19 +435,19 @@ function search_results_page($UTYPE,$O=0,$SB="",$U="",$T="", $search_vars[] = "S"; } if ($U) { - $q.= "AND Username LIKE '%".mysql_escape_string($U)."%' "; + $q.= "AND Username LIKE '%".mysql_real_escape_string($U)."%' "; $search_vars[] = "U"; } if ($E) { - $q.= "AND Email LIKE '%".mysql_escape_string($E)."%' "; + $q.= "AND Email LIKE '%".mysql_real_escape_string($E)."%' "; $search_vars[] = "E"; } if ($R) { - $q.= "AND RealName LIKE '%".mysql_escape_string($R)."%' "; + $q.= "AND RealName LIKE '%".mysql_real_escape_string($R)."%' "; $search_vars[] = "R"; } if ($I) { - $q.= "AND IRCNick LIKE '%".mysql_escape_string($I)."%' "; + $q.= "AND IRCNick LIKE '%".mysql_real_escape_string($I)."%' "; $search_vars[] = "I"; } switch ($SB) { diff --git a/web/lib/aur.inc b/web/lib/aur.inc index 46146318..063f9037 100644 --- a/web/lib/aur.inc +++ b/web/lib/aur.inc @@ -93,7 +93,7 @@ function check_sid() { # $dbh = db_connect(); $q = "SELECT LastUpdateTS, UNIX_TIMESTAMP() FROM Sessions "; - $q.= "WHERE SessionID = '" . mysql_escape_string($_COOKIE["AURSID"]) . "'"; + $q.= "WHERE SessionID = '" . mysql_real_escape_string($_COOKIE["AURSID"]) . "'"; $result = db_query($q, $dbh); if (!$result) { # Invalid SessionID - hacker alert! @@ -118,7 +118,7 @@ function check_sid() { # the main page where they can log in again. # $q = "DELETE FROM Sessions WHERE SessionID = '"; - $q.= mysql_escape_string($_COOKIE["AURSID"]) . "'"; + $q.= mysql_real_escape_string($_COOKIE["AURSID"]) . "'"; db_query($q, $dbh); setcookie("AURSID", "", time() - (60*60*24*30), "/"); @@ -129,7 +129,7 @@ function check_sid() { # and update the idle timestamp # $q = "UPDATE Sessions SET LastUpdateTS = UNIX_TIMESTAMP() "; - $q.= "WHERE SessionID = '".mysql_escape_string($_COOKIE["AURSID"])."'"; + $q.= "WHERE SessionID = '".mysql_real_escape_string($_COOKIE["AURSID"])."'"; db_query($q, $dbh); } } @@ -172,7 +172,7 @@ function username_from_id($id="") { return ""; } $dbh = db_connect(); - $q = "SELECT Username FROM Users WHERE ID = " . mysql_escape_string($id); + $q = "SELECT Username FROM Users WHERE ID = " . mysql_real_escape_string($id); $result = db_query($q, $dbh); if (!$result) { return "None"; @@ -193,7 +193,7 @@ function username_from_sid($sid="") { $q = "SELECT Username "; $q.= "FROM Users, Sessions "; $q.= "WHERE Users.ID = Sessions.UsersID "; - $q.= "AND Sessions.SessionID = '" . mysql_escape_string($sid) . "'"; + $q.= "AND Sessions.SessionID = '" . mysql_real_escape_string($sid) . "'"; $result = db_query($q, $dbh); if (!$result) { return ""; @@ -213,7 +213,7 @@ function email_from_sid($sid="") { $q = "SELECT Email "; $q.= "FROM Users, Sessions "; $q.= "WHERE Users.ID = Sessions.UsersID "; - $q.= "AND Sessions.SessionID = '" . mysql_escape_string($sid) . "'"; + $q.= "AND Sessions.SessionID = '" . mysql_real_escape_string($sid) . "'"; $result = db_query($q, $dbh); if (!$result) { return ""; @@ -235,7 +235,7 @@ function account_from_sid($sid="") { $q.= "FROM Users, AccountTypes, Sessions "; $q.= "WHERE Users.ID = Sessions.UsersID "; $q.= "AND AccountTypes.ID = Users.AccountTypeID "; - $q.= "AND Sessions.SessionID = '" . mysql_escape_string($sid) . "'"; + $q.= "AND Sessions.SessionID = '" . mysql_real_escape_string($sid) . "'"; $result = db_query($q, $dbh); if (!$result) { return ""; @@ -255,7 +255,7 @@ function uid_from_sid($sid="") { $q = "SELECT Users.ID "; $q.= "FROM Users, Sessions "; $q.= "WHERE Users.ID = Sessions.UsersID "; - $q.= "AND Sessions.SessionID = '" . mysql_escape_string($sid) . "'"; + $q.= "AND Sessions.SessionID = '" . mysql_real_escape_string($sid) . "'"; $result = db_query($q, $dbh); if (!$result) { return 0; @@ -329,7 +329,7 @@ function set_lang() { $q = "SELECT LangPreference FROM Users, Sessions "; $q.= "WHERE Users.ID = Sessions.UsersID "; $q.= "AND Sessions.SessionID = '"; - $q.= mysql_escape_string($_COOKIE["AURSID"])."'"; + $q.= mysql_real_escape_string($_COOKIE["AURSID"])."'"; $result = db_query($q, $dbh); if (!$result) { $LANG = "en"; @@ -491,7 +491,7 @@ function can_overwrite_pkg($name="", $sid="") { if (!$name || !$sid) {return 0;} $dbh = db_connect(); $q = "SELECT SubmitterUID, MaintainerUID, AURMaintainerUID "; - $q.= "FROM Packages WHERE Name = '".mysql_escape_string($name)."'"; + $q.= "FROM Packages WHERE Name = '".mysql_real_escape_string($name)."'"; $result = db_query($q, $dbh); if (!$result) {return 0;} $row = mysql_fetch_row($result); @@ -561,7 +561,7 @@ function uid_from_username($username="") return ""; } $dbh = db_connect(); - $q = "SELECT ID FROM Users WHERE Username = '".mysql_escape_string($username) + $q = "SELECT ID FROM Users WHERE Username = '".mysql_real_escape_string($username) ."'"; $result = db_query($q, $dbh); if (!$result) { diff --git a/web/lib/pkgfuncs.inc b/web/lib/pkgfuncs.inc index de2f16cc..d1da9bc6 100644 --- a/web/lib/pkgfuncs.inc +++ b/web/lib/pkgfuncs.inc @@ -125,7 +125,7 @@ function package_exists($name="") { if (!$name) {return NULL;} $dbh = db_connect(); $q = "SELECT ID FROM Packages "; - $q.= "WHERE Name = '".mysql_escape_string($name)."' "; + $q.= "WHERE Name = '".mysql_real_escape_string($name)."' "; $q.= "AND DummyPkg = 0"; $result = db_query($q, $dbh); if (!$result) {return NULL;} @@ -141,7 +141,7 @@ function package_dependencies($pkgid=0) { $dbh = db_connect(); $q = "SELECT DepPkgID, Name, DummyPkg, DepCondition FROM PackageDepends, Packages "; $q.= "WHERE PackageDepends.DepPkgID = Packages.ID "; - $q.= "AND PackageDepends.PackageID = ".mysql_escape_string($pkgid); + $q.= "AND PackageDepends.PackageID = ".mysql_real_escape_string($pkgid); $q.= " ORDER BY Name"; $result = db_query($q, $dbh); if (!$result) {return array();} @@ -161,14 +161,14 @@ function create_dummy($pname="", $sid="") { if (!$uid) {return NULL;} $dbh = db_connect(); $q = "SELECT ID FROM Packages WHERE Name = '"; - $q.= mysql_escape_string($pname)."'"; + $q.= mysql_real_escape_string($pname)."'"; $result = db_query($q, $dbh); if (!mysql_num_rows($result)) { # Insert the dummy # $q = "INSERT INTO Packages (Name, Description, URL, SubmittedTS, "; $q.= "SubmitterUID, DummyPkg) VALUES ('"; - $q.= mysql_escape_string($pname)."', 'A dummy package', '/#', "; + $q.= mysql_real_escape_string($pname)."', 'A dummy package', '/#', "; $q.= "UNIX_TIMESTAMP(), ".$uid.", 1)"; $result = db_query($q, $dbh); if (!$result) { @@ -193,7 +193,7 @@ function package_comments($pkgid=0) { $q = "SELECT PackageComments.ID, UserName, UsersID, Comments, CommentTS "; $q.= "FROM PackageComments, Users "; $q.= "WHERE PackageComments.UsersID = Users.ID"; - $q.= " AND PackageID = ".mysql_escape_string($pkgid); + $q.= " AND PackageID = ".mysql_real_escape_string($pkgid); $q.= " AND DelUsersID = 0"; # only display non-deleted comments $q.= " ORDER BY CommentTS DESC"; $result = db_query($q, $dbh); @@ -212,7 +212,7 @@ function package_sources($pkgid=0) { if ($pkgid) { $dbh = db_connect(); $q = "SELECT Source FROM PackageSources "; - $q.= "WHERE PackageID = ".mysql_escape_string($pkgid); + $q.= "WHERE PackageID = ".mysql_real_escape_string($pkgid); $q.= " ORDER BY Source"; $result = db_query($q, $dbh); if (!$result) {return array();} @@ -234,7 +234,7 @@ function pkgvotes_from_sid($sid="") { $q.= "FROM PackageVotes, Users, Sessions "; $q.= "WHERE Users.ID = Sessions.UsersID "; $q.= "AND Users.ID = PackageVotes.UsersID "; - $q.= "AND Sessions.SessionID = '".mysql_escape_string($sid)."'"; + $q.= "AND Sessions.SessionID = '".mysql_real_escape_string($sid)."'"; $result = db_query($q, $dbh); if ($result) { while ($row = mysql_fetch_row($result)) { @@ -901,10 +901,10 @@ function pkg_search_page($SID="") { #search by maintainer if ($_REQUEST["SeB"] == "m"){ if (!$has_where) { - $q.= "WHERE Username = '".mysql_escape_string($K)."' "; + $q.= "WHERE Username = '".mysql_real_escape_string($K)."' "; $has_where = 1; } else { - $q.= "AND Username = '".mysql_escape_string($K)."' "; + $q.= "AND Username = '".mysql_real_escape_string($K)."' "; } } elseif ($_REQUEST["SeB"] == "s") { if (!$has_where) { @@ -916,12 +916,12 @@ function pkg_search_page($SID="") { # the default behaivior, query the name/description } else { if (!$has_where) { - $q.= "WHERE (Name LIKE '%".mysql_escape_string($K)."%' OR "; - $q.= "Description LIKE '%".mysql_escape_string($K)."%') "; + $q.= "WHERE (Name LIKE '%".mysql_real_escape_string($K)."%' OR "; + $q.= "Description LIKE '%".mysql_real_escape_string($K)."%') "; $has_where = 1; } else { - $q.= "AND (Name LIKE '%".mysql_escape_string($K)."%' OR "; - $q.= "Description LIKE '%".mysql_escape_string($K)."%') "; + $q.= "AND (Name LIKE '%".mysql_real_escape_string($K)."%' OR "; + $q.= "Description LIKE '%".mysql_real_escape_string($K)."%') "; } } } |