From 0898f1447a2d6bdc893f55f4718f867734841361 Mon Sep 17 00:00:00 2001
From: elij <elij.mx@gmail.com>
Date: Wed, 11 May 2011 16:17:12 -0700
Subject: test return value from db_query before assuming it is valid

make the sql query form consistent in usage by cleaning up instances
where db_query's result was not inspected before attempting to fetch row
data from the handle

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
---
 web/html/addvote.php          | 16 ++++++++++--
 web/html/tu.php               | 17 ++++++++++---
 web/lib/acctfuncs.inc         | 59 +++++++++++++++++++++++++------------------
 web/lib/aur.inc               |  8 ++++--
 web/lib/pkgfuncs.inc          | 43 +++++++++++++++++++++----------
 web/template/actions_form.php | 52 +++++++++++++++++++++-----------------
 web/template/tu_list.php      |  8 +++++-
 7 files changed, 135 insertions(+), 68 deletions(-)

diff --git a/web/html/addvote.php b/web/html/addvote.php
index 5936d563..a4596105 100644
--- a/web/html/addvote.php
+++ b/web/html/addvote.php
@@ -21,14 +21,26 @@ if ($atype == "Trusted User" OR $atype == "Developer") {
 
 		if (!empty($_POST['user'])) {
 			$qcheck = "SELECT * FROM Users WHERE Username = '" . mysql_real_escape_string($_POST['user']) . "'";
-			$check = mysql_num_rows(db_query($qcheck, $dbh));
+			$result = db_query($qcheck, $dbh);
+			if ($result) {
+				$check = mysql_num_rows($result);
+			}
+			else {
+				$check = 0;
+			}
 
 			if ($check == 0) {
 				$error.= __("Username does not exist.");
 			} else {
 				$qcheck = "SELECT * FROM TU_VoteInfo WHERE User = '" . mysql_real_escape_string($_POST['user']) . "'";
 				$qcheck.= " AND End > UNIX_TIMESTAMP()";
-				$check = mysql_num_rows(db_query($qcheck, $dbh));
+				$result = db_query($qcheck, $dbh);
+				if ($result) {
+					$check = mysql_num_rows($result);
+				}
+				else {
+					$check = 0;
+				}
 
 				if ($check != 0) {
 					$error.= __("%s already has proposal running for them.", htmlentities($_POST['user']));
diff --git a/web/html/tu.php b/web/html/tu.php
index c5cc36b5..6ab8ae9e 100644
--- a/web/html/tu.php
+++ b/web/html/tu.php
@@ -36,7 +36,13 @@ if ($atype == "Trusted User" OR $atype == "Developer") {
 				$qvoted = "SELECT * FROM TU_Votes WHERE ";
 				$qvoted.= "VoteID = " . $row['ID'] . " AND ";
 				$qvoted.= "UserID = " . uid_from_sid($_COOKIE["AURSID"]);
-				$hasvoted = mysql_num_rows(db_query($qvoted, $dbh));
+				$result = db_query($qvoted, $dbh);
+				if ($result) {
+					$hasvoted = mysql_num_rows($result);
+				}
+				else {
+					$hasvoted = 0;
+				}
 
 				# List voters of a proposal.
 				$qwhoVoted = "SELECT tv.UserID,U.Username
@@ -85,10 +91,15 @@ if ($atype == "Trusted User" OR $atype == "Developer") {
 						$canvote = 0;
 						$errorvote = __("You've already voted for this proposal.");
 						# Update if they voted
-						$hasvoted = mysql_num_rows(db_query($qvoted, $dbh));
+						$result = db_query($qvoted, $dbh);
+						if ($result) {
+							$hasvoted = mysql_num_rows($result);
+						}
 
 						$results = db_query($q, $dbh);
-						$row = mysql_fetch_assoc($results);
+						if ($results) {
+							$row = mysql_fetch_assoc($results);
+						}
 					}
 				}
 				include("tu_details.php");
diff --git a/web/lib/acctfuncs.inc b/web/lib/acctfuncs.inc
index 8ffa2f71..5bcff8b5 100644
--- a/web/lib/acctfuncs.inc
+++ b/web/lib/acctfuncs.inc
@@ -197,7 +197,7 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="",
 	}
 
   if (!$error && !valid_username($U) && !user_is_privileged($editor_user))
-    $error = __("The username is invalid.") . "<ul>\n"
+	$error = __("The username is invalid.") . "<ul>\n"
 			."<li>" . __("It must be between %s and %s characters long",
 			USERNAME_MIN_LEN,  USERNAME_MAX_LEN )
 			. "</li>"
@@ -718,11 +718,11 @@ function valid_user( $user )
 		$q = "SELECT ID FROM Users WHERE Username = '"
 			. mysql_real_escape_string($user). "'";
 
-		$result = mysql_fetch_row(db_query($q, $dbh));
-
+		$result = db_query($q, $dbh);
 		# Is the username in the database?
-		if ($result[0]) {
-			return $result[0];
+		if ($result) {
+			$row = mysql_fetch_row($result);
+			return $row[0];
 		}
 	}
 	return;
@@ -751,25 +751,30 @@ function valid_passwd( $userID, $passwd )
 			$passwd_q = "SELECT ID FROM Users" .
 				" WHERE ID = " . $userID  . " AND Passwd = '" .
 				salted_hash($passwd, $salt) . "'";
-			$passwd_result = mysql_fetch_row(db_query($passwd_q, $dbh));
-			if ($passwd_result[0]) {
-				return true;
+			$result = db_query($passwd_q, $dbh);
+			if ($result) {
+				$passwd_result = mysql_fetch_row($result);
+				if ($passwd_result[0]) {
+					return true;
+				}
 			}
 		} else {
 			# check without salt
 			$nosalt_q = "SELECT ID FROM Users".
 				" WHERE ID = " . $userID .
 				" AND Passwd = '" . md5($passwd) . "'";
-			$nosalt_result = mysql_fetch_row(db_query($nosalt_q, $dbh));
-			if ($nosalt_result[0]) {
-				# password correct, but salt it first
-				if (!save_salt($userID, $passwd)) {
-					trigger_error("Unable to salt user's password;" .
-						" ID " . $userID, E_USER_WARNING);
-					return false;
+			$result = db_query($nosalt_q, $dbh);
+			if ($result) {
+				$nosalt_row = mysql_fetch_row($result);
+				if ($nosalt_row[0]) {
+					# password correct, but salt it first
+					if (!save_salt($userID, $passwd)) {
+						trigger_error("Unable to salt user's password;" .
+							" ID " . $userID, E_USER_WARNING);
+						return false;
+					}
+					return true;
 				}
-
-				return true;
 			}
 		}
 	}
@@ -783,9 +788,12 @@ function user_suspended( $id )
 {
 	$dbh = db_connect();
 	$q = "SELECT Suspended FROM Users WHERE ID = " . $id;
-	$result = mysql_fetch_row(db_query($q, $dbh));
-	if ($result[0] == 1 ) {
-		return true;
+	$result = db_query($q, $dbh);
+	if ($result) {
+		$row = mysql_fetch_row($result);
+		if ($result[0] == 1 ) {
+			return true;
+		}
 	}
 	return false;
 }
@@ -797,7 +805,7 @@ function user_delete( $id )
 {
 	$dbh = db_connect();
 	$q = "DELETE FROM Users WHERE ID = " . $id;
-	$result = mysql_fetch_row(db_query($q, $dbh));
+	db_query($q, $dbh);
 	return;
 }
 
@@ -809,9 +817,12 @@ function user_is_privileged( $id )
 {
 	$dbh = db_connect();
 	$q = "SELECT AccountTypeID FROM Users WHERE ID = " . $id;
-	$result = mysql_fetch_row(db_query($q, $dbh));
-	if( $result[0] > 1) {
-		return $result[0];
+	$result = db_query($q, $dbh);
+	if ($result) {
+		$row = mysql_fetch_row($result);
+		if( $result[0] > 1) {
+			return $result[0];
+		}
 	}
 	return 0;
 
diff --git a/web/lib/aur.inc b/web/lib/aur.inc
index 5eed8e74..fb267af8 100644
--- a/web/lib/aur.inc
+++ b/web/lib/aur.inc
@@ -491,8 +491,12 @@ function get_salt($user_id)
 {
 	$dbh = db_connect();
 	$salt_q = "SELECT Salt FROM Users WHERE ID = " . $user_id;
-	$salt_result = mysql_fetch_row(db_query($salt_q, $dbh));
-	return $salt_result[0];
+    $result = db_query($salt_q, $dbh);
+    if ($result) {
+        $salt_row = mysql_fetch_row($result);
+	    return $salt_row[0];
+    }
+    return;
 }
 
 function save_salt($user_id, $passwd)
diff --git a/web/lib/pkgfuncs.inc b/web/lib/pkgfuncs.inc
index 7b43e45e..2024aeb3 100644
--- a/web/lib/pkgfuncs.inc
+++ b/web/lib/pkgfuncs.inc
@@ -403,7 +403,7 @@ function pkg_search_page($SID="") {
 	$q_select = "SELECT ";
 	if ($SID) {
 		$q_select .= "CommentNotify.UserID AS Notify,
-		       PackageVotes.UsersID AS Voted, ";
+			   PackageVotes.UsersID AS Voted, ";
 	}
 	$q_select .= "Users.Username AS Maintainer,
 	PackageCategories.Category,
@@ -507,7 +507,13 @@ function pkg_search_page($SID="") {
 	$q_total = "SELECT COUNT(*) " . $q_from . $q_where;
 
 	$result = db_query($q, $dbh);
-	$total = mysql_result(db_query($q_total, $dbh), 0);
+	$result_t = db_query($q_total, $dbh);
+	if ($result_t) {
+		$total = mysql_result($result_t, 0);
+	}
+	else {
+		$total = 0;
+	}
 
 	if ($result && $total > 0) {
 		if (isset($_GET["SO"]) && $_GET["SO"] == "d"){
@@ -859,7 +865,13 @@ function pkg_notify ($atype, $ids, $action = True) {
 	# format in which it's sent requires this.
 	foreach ($ids as $pid) {
 		$q = "SELECT Name FROM Packages WHERE ID = $pid";
-		$pkgname = mysql_result(db_query($q, $dbh), 0);
+		$result = db_query($q, $dbh);
+		if ($result) {
+			$pkgname = mysql_result($result , 0);
+		}
+		else {
+			$pkgname = '';
+		}
 
 		if ($first)
 			$first = False;
@@ -872,7 +884,8 @@ function pkg_notify ($atype, $ids, $action = True) {
 			$q .= " AND PkgID = $pid";
 
 			# Notification already added. Don't add again.
-			if (!mysql_num_rows(db_query($q, $dbh))) {
+			$result = db_query($q, $dbh);
+			if (!mysql_num_rows($result)) {
 				$q = "INSERT INTO CommentNotify (PkgID, UserID) VALUES ($pid, $uid)";
 				db_query($q, $dbh);
 			}
@@ -921,14 +934,14 @@ function pkg_delete_comment($atype) {
 	$uid = uid_from_sid($_COOKIE["AURSID"]);
 	if (canDeleteComment($comment_id, $atype, $uid)) {
 
-	       $dbh = db_connect();
-	       $q = "UPDATE PackageComments ";
-	       $q.= "SET DelUsersID = ".$uid." ";
-	       $q.= "WHERE ID = ".intval($comment_id);
-	       db_query($q, $dbh);
-	       return __("Comment has been deleted.");
+		   $dbh = db_connect();
+		   $q = "UPDATE PackageComments ";
+		   $q.= "SET DelUsersID = ".$uid." ";
+		   $q.= "WHERE ID = ".intval($comment_id);
+		   db_query($q, $dbh);
+		   return __("Comment has been deleted.");
 	} else {
-	       return __("You are not allowed to delete this comment.");
+		   return __("You are not allowed to delete this comment.");
 	}
 }
 
@@ -967,8 +980,12 @@ function pkg_change_category($atype) {
 	$q.= "FROM Packages ";
 	$q.= "WHERE Packages.ID = ".$pid;
 	$result = db_query($q, $dbh);
-	echo mysql_error();
-	$pkg = mysql_fetch_assoc($result);
+	if ($result) {
+		$pkg = mysql_fetch_assoc($result);
+	}
+	else {
+		return __("You are not allowed to change this package category.");
+	}
 
 	$uid = uid_from_sid($_COOKIE["AURSID"]);
 	if ($uid == $pkg["MaintainerUID"] or
diff --git a/web/template/actions_form.php b/web/template/actions_form.php
index 45bc09bc..058002f8 100644
--- a/web/template/actions_form.php
+++ b/web/template/actions_form.php
@@ -8,39 +8,45 @@
 		#
 		$q = "SELECT * FROM PackageVotes WHERE UsersID = ". $uid;
 		$q.= " AND PackageID = ".$row["ID"];
-		if (!mysql_num_rows(db_query($q, $dbh))) {
-			echo "      <input type='submit' class='button' name='do_Vote'";
-			echo " value='".__("Vote")."' /> ";
-		} else {
-			echo "<input type='submit' class='button' name='do_UnVote'";
-			echo " value='".__("UnVote")."' /> ";
+		$result = db_query($q, $dbh);
+		if ($result) {
+			if (!mysql_num_rows($result)) {
+				echo "      <input type='submit' class='button' name='do_Vote'";
+				echo " value='".__("Vote")."' /> ";
+			} else {
+				echo "<input type='submit' class='button' name='do_UnVote'";
+				echo " value='".__("UnVote")."' /> ";
+			}
 		}
 
 		# Comment Notify Button
 		#
 		$q = "SELECT * FROM CommentNotify WHERE UserID = ". $uid;
 		$q.= " AND PkgID = ".$row["ID"];
-		if (!mysql_num_rows(db_query($q, $dbh))) {
-			echo "<input type='submit' class='button' name='do_Notify'";
-			echo " value='".__("Notify")."' title='".__("New Comment Notification")."' /> ";
-		} else {
-			echo "<input type='submit' class='button' name='do_UnNotify'";
-			echo " value='".__("UnNotify")."' title='".__("No New Comment Notification")."' /> ";
+		$result = db_query($q, $dbh);
+		if ($result) {
+			if (!mysql_num_rows($result)) {
+				echo "<input type='submit' class='button' name='do_Notify'";
+				echo " value='".__("Notify")."' title='".__("New Comment Notification")."' /> ";
+			} else {
+				echo "<input type='submit' class='button' name='do_UnNotify'";
+				echo " value='".__("UnNotify")."' title='".__("No New Comment Notification")."' /> ";
+			}
 		}
 
-if ($row["OutOfDateTS"] === NULL) {
-    echo "<input type='submit' class='button' name='do_Flag'";
-    echo " value='".__("Flag Out-of-date")."' />\n";
-} else {
-    echo "<input type='submit' class='button' name='do_UnFlag'";
-    echo " value='".__("UnFlag Out-of-date")."' />\n";
+		if ($row["OutOfDateTS"] === NULL) {
+			echo "<input type='submit' class='button' name='do_Flag'";
+			echo " value='".__("Flag Out-of-date")."' />\n";
+		} else {
+			echo "<input type='submit' class='button' name='do_UnFlag'";
+			echo " value='".__("UnFlag Out-of-date")."' />\n";
 		}
 			
-if ($row["MaintainerUID"] === NULL) {
-    echo "<input type='submit' class='button' name='do_Adopt'";
-    echo " value='".__("Adopt Packages")."' />\n";
-} else if ($uid == $row["MaintainerUID"] ||
-	$atype == "Trusted User" || $atype == "Developer") {
+		if ($row["MaintainerUID"] === NULL) {
+			echo "<input type='submit' class='button' name='do_Adopt'";
+			echo " value='".__("Adopt Packages")."' />\n";
+		} else if ($uid == $row["MaintainerUID"] ||
+			$atype == "Trusted User" || $atype == "Developer") {
 			echo "<input type='submit' class='button' name='do_Disown'";
 			echo " value='".__("Disown Packages")."' />\n";
 		}
diff --git a/web/template/tu_list.php b/web/template/tu_list.php
index 3a927d9a..75d9414e 100644
--- a/web/template/tu_list.php
+++ b/web/template/tu_list.php
@@ -40,7 +40,13 @@
 					<td class='<?php print $c ?>'>
 						<?php
 						$q = "SELECT * FROM TU_Votes WHERE VoteID = " . $row['ID'] . " AND UserID = " . uid_from_sid($_COOKIE["AURSID"]);
-						$hasvoted = mysql_num_rows(db_query($q, $dbh));
+						$result_tulist = db_query($q, $dbh);
+						if ($result_tulist) {
+							$hasvoted = mysql_num_rows($result_tulist);
+						}
+						else {
+							$hasvoted = 0;
+						}
 						?>
 						<span class='f5'><span class='blue'>
 						<?php if ($hasvoted == 0) { ?>
-- 
cgit v1.2.3-24-g4f1b