From 14df0d4b8d95f4c0240c0bd98c6ce9b74706e3ca Mon Sep 17 00:00:00 2001 From: swiergot Date: Thu, 16 Aug 2007 00:25:04 +0000 Subject: - Applied a patch from Loui to fix session removal. - Replaced all occurences of mysql_escape_string() with mysql_real_escape_string(). --- web/html/account.php | 2 +- web/html/index.php | 4 ++-- web/html/logout.php | 4 ++-- web/html/pkgedit.php | 2 +- web/html/pkgsubmit.php | 46 +++++++++++++++++++++++----------------------- 5 files changed, 29 insertions(+), 29 deletions(-) (limited to 'web/html') diff --git a/web/html/account.php b/web/html/account.php index eeb1e40..fba90dd 100644 --- a/web/html/account.php +++ b/web/html/account.php @@ -106,7 +106,7 @@ if (isset($_COOKIE["AURSID"])) { $q.= "WHERE AccountTypes.ID = Users.AccountTypeID "; $q.= "AND Users.ID = Sessions.UsersID "; $q.= "AND Sessions.SessionID = '"; - $q.= mysql_escape_string($_COOKIE["AURSID"])."'"; + $q.= mysql_real_escape_string($_COOKIE["AURSID"])."'"; $result = db_query($q, $dbh); if (!mysql_num_rows($result)) { print __("Could not retrieve information for the specified user."); diff --git a/web/html/index.php b/web/html/index.php index 56c52a2..3915483 100644 --- a/web/html/index.php +++ b/web/html/index.php @@ -28,8 +28,8 @@ if (isset($_REQUEST["user"]) || isset($_REQUEST["pass"])) { $_REQUEST["pass"] = md5($_REQUEST["pass"]); $dbh = db_connect(); $q = "SELECT ID, Suspended FROM Users "; - $q.= "WHERE Username = '" . mysql_escape_string($_REQUEST["user"]) . "' "; - $q.= "AND Passwd = '" . mysql_escape_string($_REQUEST["pass"]) . "'"; + $q.= "WHERE Username = '" . mysql_real_escape_string($_REQUEST["user"]) . "' "; + $q.= "AND Passwd = '" . mysql_real_escape_string($_REQUEST["pass"]) . "'"; $result = db_query($q, $dbh); if (!$result) { $login_error = __("Error looking up username, %s.", diff --git a/web/html/logout.php b/web/html/logout.php index dac7831..be4027f 100644 --- a/web/html/logout.php +++ b/web/html/logout.php @@ -11,9 +11,9 @@ set_lang(); # this sets up the visitor's language # sending any HTML output. # if (isset($_COOKIE["AURSID"])) { - $q = "DELETE FROM Sessions WHERE SessionID = '"; - $q.= mysql_escape_string($_COOKIE["AURSID"]) . "'"; $dbh = db_connect(); + $q = "DELETE FROM Sessions WHERE SessionID = '"; + $q.= mysql_real_escape_string($_COOKIE["AURSID"]) . "'"; db_query($q, $dbh); setcookie("AURSID", "", time() - (60*60*24*30), "/"); setcookie("AURLANG", "", time() - (60*60*24*30), "/"); diff --git a/web/html/pkgedit.php b/web/html/pkgedit.php index bb19144..36befbb 100644 --- a/web/html/pkgedit.php +++ b/web/html/pkgedit.php @@ -73,7 +73,7 @@ if ($_REQUEST["add_Comment"]) { $q = "INSERT INTO PackageComments "; $q.= "(PackageID, UsersID, Comments, CommentTS) VALUES ("; $q.= intval($_REQUEST["ID"]).", ".uid_from_sid($_COOKIE["AURSID"]) . ", "; - $q.= "'".mysql_escape_string($_REQUEST["comment"])."', "; + $q.= "'".mysql_real_escape_string($_REQUEST["comment"])."', "; $q.= "UNIX_TIMESTAMP())"; db_query($q, $dbh); print __("Comment has been added.")."
 
\n"; diff --git a/web/html/pkgsubmit.php b/web/html/pkgsubmit.php index 9f55e54..59b4183 100644 --- a/web/html/pkgsubmit.php +++ b/web/html/pkgsubmit.php @@ -374,7 +374,7 @@ if ($_COOKIE["AURSID"]) { # purged. # $q = "SELECT * FROM Packages "; - $q.= "WHERE Name = '".mysql_escape_string($new_pkgbuild['pkgname'])."'"; + $q.= "WHERE Name = '".mysql_real_escape_string($new_pkgbuild['pkgname'])."'"; $result = db_query($q, $dbh); $pdata = mysql_fetch_assoc($result); @@ -402,13 +402,13 @@ if ($_COOKIE["AURSID"]) { } else { $q.="ModifiedTS = UNIX_TIMESTAMP(), "; } - $q.="Name='".mysql_escape_string($new_pkgbuild['pkgname'])."', "; - $q.="Version='".mysql_escape_string($new_pkgbuild['pkgver'])."-". - mysql_escape_string($new_pkgbuild['pkgrel'])."',"; - $q.="CategoryID=".mysql_escape_string($_REQUEST['category']).", "; - $q.="License='".mysql_escape_string($new_pkgbuild['license'])."', "; - $q.="Description='".mysql_escape_string($new_pkgbuild['pkgdesc'])."', "; - $q.="URL='".mysql_escape_string($new_pkgbuild['url'])."', "; + $q.="Name='".mysql_real_escape_string($new_pkgbuild['pkgname'])."', "; + $q.="Version='".mysql_real_escape_string($new_pkgbuild['pkgver'])."-". + mysql_real_escape_string($new_pkgbuild['pkgrel'])."',"; + $q.="CategoryID=".mysql_real_escape_string($_REQUEST['category']).", "; + $q.="License='".mysql_real_escape_string($new_pkgbuild['license'])."', "; + $q.="Description='".mysql_real_escape_string($new_pkgbuild['pkgdesc'])."', "; + $q.="URL='".mysql_real_escape_string($new_pkgbuild['url'])."', "; $q.="LocationID=2, "; if (account_from_sid($_COOKIE["AURSID"]) == "Trusted User" || account_from_sid($_COOKIE["AURSID"]) == "Developer") { $q.="Safe=1, VerifiedBy=".uid_from_sid($_COOKIE["AURSID"]).", "; @@ -416,9 +416,9 @@ if ($_COOKIE["AURSID"]) { $q.="Safe=0, "; } $fspath=$INCOMING_DIR.$pkg_name."/".$_FILES["pfile"]["name"]; - $q.="FSPath='".mysql_escape_string($fspath)."', "; + $q.="FSPath='".mysql_real_escape_string($fspath)."', "; $urlpath=$URL_DIR.$pkg_name."/".$_FILES["pfile"]["name"]; - $q.="URLPath='".mysql_escape_string($urlpath)."' "; + $q.="URLPath='".mysql_real_escape_string($urlpath)."' "; $q.="WHERE ID = " . $pdata["ID"]; $result = db_query($q, $dbh); @@ -461,7 +461,7 @@ if ($_COOKIE["AURSID"]) { $sources = explode(" ", $new_pkgbuild['source']); while (list($k, $v) = each($sources)) { $q = "INSERT INTO PackageSources (PackageID, Source) VALUES ("; - $q .= $pdata["ID"].", '".mysql_escape_string($v)."')"; + $q .= $pdata["ID"].", '".mysql_real_escape_string($v)."')"; db_query($q, $dbh); } @@ -470,7 +470,7 @@ if ($_COOKIE["AURSID"]) { $q = "INSERT INTO PackageComments "; $q.= "(PackageID, UsersID, Comments, CommentTS) VALUES ("; $q.= $pdata["ID"] . ", " . uid_from_sid($_COOKIE['AURSID']); - $q.= ", '" . mysql_escape_string($_REQUEST["comments"]); + $q.= ", '" . mysql_real_escape_string($_REQUEST["comments"]); $q.= "', UNIX_TIMESTAMP())"; db_query($q); @@ -484,13 +484,13 @@ if ($_COOKIE["AURSID"]) { } $q.= " SubmittedTS, SubmitterUID, MaintainerUID, FSPath, URLPath) "; $q.= "VALUES ('"; - $q.= mysql_escape_string($new_pkgbuild['pkgname'])."', '"; - $q.= mysql_escape_string($new_pkgbuild['license'])."', '"; - $q.= mysql_escape_string($new_pkgbuild['pkgver'])."-". - mysql_escape_string($new_pkgbuild['pkgrel'])."', "; - $q.= mysql_escape_string($_REQUEST['category']).", '"; - $q.= mysql_escape_string($new_pkgbuild['pkgdesc'])."', '"; - $q.= mysql_escape_string($new_pkgbuild['url']); + $q.= mysql_real_escape_string($new_pkgbuild['pkgname'])."', '"; + $q.= mysql_real_escape_string($new_pkgbuild['license'])."', '"; + $q.= mysql_real_escape_string($new_pkgbuild['pkgver'])."-". + mysql_real_escape_string($new_pkgbuild['pkgrel'])."', "; + $q.= mysql_real_escape_string($_REQUEST['category']).", '"; + $q.= mysql_real_escape_string($new_pkgbuild['pkgdesc'])."', '"; + $q.= mysql_real_escape_string($new_pkgbuild['url']); $q.= "', 2, "; if (account_from_sid($_COOKIE["AURSID"]) == "Trusted User" || account_from_sid($_COOKIE["AURSID"]) == "Developer") { $q.= "1, ".uid_from_sid($_COOKIE["AURSID"]).", "; @@ -499,9 +499,9 @@ if ($_COOKIE["AURSID"]) { $q.= uid_from_sid($_COOKIE["AURSID"]).", "; $q.= uid_from_sid($_COOKIE["AURSID"]).", '"; $fspath=$INCOMING_DIR.$pkg_name."/".$_FILES["pfile"]["name"]; - $q.= mysql_escape_string($fspath)."', '"; + $q.= mysql_real_escape_string($fspath)."', '"; $urlpath=$URL_DIR.$pkg_name."/".$_FILES["pfile"]["name"]; - $q.= mysql_escape_string($urlpath)."')"; + $q.= mysql_real_escape_string($urlpath)."')"; $result = db_query($q, $dbh); # print $result . "
"; @@ -539,7 +539,7 @@ if ($_COOKIE["AURSID"]) { $sources = explode(" ", $new_pkgbuild['source']); while (list($k, $v) = each($sources)) { $q = "INSERT INTO PackageSources (PackageID, Source) VALUES ("; - $q .= $packageID.", '".mysql_escape_string($v)."')"; + $q .= $packageID.", '".mysql_real_escape_string($v)."')"; db_query($q, $dbh); } @@ -548,7 +548,7 @@ if ($_COOKIE["AURSID"]) { $q = "INSERT INTO PackageComments "; $q.= "(PackageID, UsersID, Comments, CommentTS) VALUES ("; $q.= $packageID . ", " . uid_from_sid($_COOKIE["AURSID"]) . ", '"; - $q.= mysql_escape_string($_REQUEST["comments"]); + $q.= mysql_real_escape_string($_REQUEST["comments"]); $q.= "', UNIX_TIMESTAMP())"; db_query($q, $dbh); } -- cgit v1.2.3-70-g09d2