From 0b92839bee80fc2ba6ea67be1e48d176c0d242bc Mon Sep 17 00:00:00 2001 From: swiergot Date: Thu, 20 Sep 2007 15:33:04 +0000 Subject: - Applied a patch from Loui to fix session removal. - Replaced all occurences of mysql_escape_string() with mysql_real_escape_string(). --- web/lib/acctfuncs.inc | 36 ++++++++++++++++++------------------ web/lib/aur.inc | 22 +++++++++++----------- web/lib/pkgfuncs.inc | 26 +++++++++++++------------- 3 files changed, 42 insertions(+), 42 deletions(-) (limited to 'web/lib') diff --git a/web/lib/acctfuncs.inc b/web/lib/acctfuncs.inc index fe8aefb..fa6df45 100644 --- a/web/lib/acctfuncs.inc +++ b/web/lib/acctfuncs.inc @@ -206,7 +206,7 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="", # NOTE: a race condition exists here if we care... # $q = "SELECT COUNT(*) AS CNT FROM Users "; - $q.= "WHERE Username = '".mysql_escape_string($U)."'"; + $q.= "WHERE Username = '".mysql_real_escape_string($U)."'"; if ($TYPE == "edit") { $q.= " AND ID != ".intval($UID); } @@ -224,7 +224,7 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="", # NOTE: a race condition exists here if we care... # $q = "SELECT COUNT(*) AS CNT FROM Users "; - $q.= "WHERE Email = '".mysql_escape_string($E)."'"; + $q.= "WHERE Email = '".mysql_real_escape_string($E)."'"; if ($TYPE == "edit") { $q.= " AND ID != ".intval($UID); } @@ -250,12 +250,12 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="", $P = md5($P); $q = "INSERT INTO Users (AccountTypeID, Suspended, Username, Email, "; $q.= "Passwd, RealName, LangPreference, IRCNick, NewPkgNotify) "; - $q.= "VALUES (1, 0, '".mysql_escape_string($U)."'"; - $q.= ", '".mysql_escape_string($E)."'"; - $q.= ", '".mysql_escape_string($P)."'"; - $q.= ", '".mysql_escape_string($R)."'"; - $q.= ", '".mysql_escape_string($L)."'"; - $q.= ", '".mysql_escape_string($I)."'"; + $q.= "VALUES (1, 0, '".mysql_real_escape_string($U)."'"; + $q.= ", '".mysql_real_escape_string($E)."'"; + $q.= ", '".mysql_real_escape_string($P)."'"; + $q.= ", '".mysql_real_escape_string($R)."'"; + $q.= ", '".mysql_real_escape_string($L)."'"; + $q.= ", '".mysql_real_escape_string($I)."'"; if ($N) { $q.= ", 1)"; } else { @@ -281,7 +281,7 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="", #md5 hash the password $q = "UPDATE Users SET "; - $q.= "Username = '".mysql_escape_string($U)."'"; + $q.= "Username = '".mysql_real_escape_string($U)."'"; if ($T) { $q.= ", AccountTypeID = ".intval($T); } @@ -290,13 +290,13 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="", } else { $q.= ", Suspended = 0"; } - $q.= ", Email = '".mysql_escape_string($E)."'"; + $q.= ", Email = '".mysql_real_escape_string($E)."'"; if ($P) { - $q.= ", Passwd = '".mysql_escape_string(md5($P))."'"; + $q.= ", Passwd = '".mysql_real_escape_string(md5($P))."'"; } - $q.= ", RealName = '".mysql_escape_string($R)."'"; - $q.= ", LangPreference = '".mysql_escape_string($L)."'"; - $q.= ", IRCNick = '".mysql_escape_string($I)."'"; + $q.= ", RealName = '".mysql_real_escape_string($R)."'"; + $q.= ", LangPreference = '".mysql_real_escape_string($L)."'"; + $q.= ", IRCNick = '".mysql_real_escape_string($I)."'"; $q.= ", NewPkgNotify = "; if ($N) { $q.= "1 "; @@ -435,19 +435,19 @@ function search_results_page($UTYPE,$O=0,$SB="",$U="",$T="", $search_vars[] = "S"; } if ($U) { - $q.= "AND Username LIKE '%".mysql_escape_string($U)."%' "; + $q.= "AND Username LIKE '%".mysql_real_escape_string($U)."%' "; $search_vars[] = "U"; } if ($E) { - $q.= "AND Email LIKE '%".mysql_escape_string($E)."%' "; + $q.= "AND Email LIKE '%".mysql_real_escape_string($E)."%' "; $search_vars[] = "E"; } if ($R) { - $q.= "AND RealName LIKE '%".mysql_escape_string($R)."%' "; + $q.= "AND RealName LIKE '%".mysql_real_escape_string($R)."%' "; $search_vars[] = "R"; } if ($I) { - $q.= "AND IRCNick LIKE '%".mysql_escape_string($I)."%' "; + $q.= "AND IRCNick LIKE '%".mysql_real_escape_string($I)."%' "; $search_vars[] = "I"; } switch ($SB) { diff --git a/web/lib/aur.inc b/web/lib/aur.inc index 4614631..063f903 100644 --- a/web/lib/aur.inc +++ b/web/lib/aur.inc @@ -93,7 +93,7 @@ function check_sid() { # $dbh = db_connect(); $q = "SELECT LastUpdateTS, UNIX_TIMESTAMP() FROM Sessions "; - $q.= "WHERE SessionID = '" . mysql_escape_string($_COOKIE["AURSID"]) . "'"; + $q.= "WHERE SessionID = '" . mysql_real_escape_string($_COOKIE["AURSID"]) . "'"; $result = db_query($q, $dbh); if (!$result) { # Invalid SessionID - hacker alert! @@ -118,7 +118,7 @@ function check_sid() { # the main page where they can log in again. # $q = "DELETE FROM Sessions WHERE SessionID = '"; - $q.= mysql_escape_string($_COOKIE["AURSID"]) . "'"; + $q.= mysql_real_escape_string($_COOKIE["AURSID"]) . "'"; db_query($q, $dbh); setcookie("AURSID", "", time() - (60*60*24*30), "/"); @@ -129,7 +129,7 @@ function check_sid() { # and update the idle timestamp # $q = "UPDATE Sessions SET LastUpdateTS = UNIX_TIMESTAMP() "; - $q.= "WHERE SessionID = '".mysql_escape_string($_COOKIE["AURSID"])."'"; + $q.= "WHERE SessionID = '".mysql_real_escape_string($_COOKIE["AURSID"])."'"; db_query($q, $dbh); } } @@ -172,7 +172,7 @@ function username_from_id($id="") { return ""; } $dbh = db_connect(); - $q = "SELECT Username FROM Users WHERE ID = " . mysql_escape_string($id); + $q = "SELECT Username FROM Users WHERE ID = " . mysql_real_escape_string($id); $result = db_query($q, $dbh); if (!$result) { return "None"; @@ -193,7 +193,7 @@ function username_from_sid($sid="") { $q = "SELECT Username "; $q.= "FROM Users, Sessions "; $q.= "WHERE Users.ID = Sessions.UsersID "; - $q.= "AND Sessions.SessionID = '" . mysql_escape_string($sid) . "'"; + $q.= "AND Sessions.SessionID = '" . mysql_real_escape_string($sid) . "'"; $result = db_query($q, $dbh); if (!$result) { return ""; @@ -213,7 +213,7 @@ function email_from_sid($sid="") { $q = "SELECT Email "; $q.= "FROM Users, Sessions "; $q.= "WHERE Users.ID = Sessions.UsersID "; - $q.= "AND Sessions.SessionID = '" . mysql_escape_string($sid) . "'"; + $q.= "AND Sessions.SessionID = '" . mysql_real_escape_string($sid) . "'"; $result = db_query($q, $dbh); if (!$result) { return ""; @@ -235,7 +235,7 @@ function account_from_sid($sid="") { $q.= "FROM Users, AccountTypes, Sessions "; $q.= "WHERE Users.ID = Sessions.UsersID "; $q.= "AND AccountTypes.ID = Users.AccountTypeID "; - $q.= "AND Sessions.SessionID = '" . mysql_escape_string($sid) . "'"; + $q.= "AND Sessions.SessionID = '" . mysql_real_escape_string($sid) . "'"; $result = db_query($q, $dbh); if (!$result) { return ""; @@ -255,7 +255,7 @@ function uid_from_sid($sid="") { $q = "SELECT Users.ID "; $q.= "FROM Users, Sessions "; $q.= "WHERE Users.ID = Sessions.UsersID "; - $q.= "AND Sessions.SessionID = '" . mysql_escape_string($sid) . "'"; + $q.= "AND Sessions.SessionID = '" . mysql_real_escape_string($sid) . "'"; $result = db_query($q, $dbh); if (!$result) { return 0; @@ -329,7 +329,7 @@ function set_lang() { $q = "SELECT LangPreference FROM Users, Sessions "; $q.= "WHERE Users.ID = Sessions.UsersID "; $q.= "AND Sessions.SessionID = '"; - $q.= mysql_escape_string($_COOKIE["AURSID"])."'"; + $q.= mysql_real_escape_string($_COOKIE["AURSID"])."'"; $result = db_query($q, $dbh); if (!$result) { $LANG = "en"; @@ -491,7 +491,7 @@ function can_overwrite_pkg($name="", $sid="") { if (!$name || !$sid) {return 0;} $dbh = db_connect(); $q = "SELECT SubmitterUID, MaintainerUID, AURMaintainerUID "; - $q.= "FROM Packages WHERE Name = '".mysql_escape_string($name)."'"; + $q.= "FROM Packages WHERE Name = '".mysql_real_escape_string($name)."'"; $result = db_query($q, $dbh); if (!$result) {return 0;} $row = mysql_fetch_row($result); @@ -561,7 +561,7 @@ function uid_from_username($username="") return ""; } $dbh = db_connect(); - $q = "SELECT ID FROM Users WHERE Username = '".mysql_escape_string($username) + $q = "SELECT ID FROM Users WHERE Username = '".mysql_real_escape_string($username) ."'"; $result = db_query($q, $dbh); if (!$result) { diff --git a/web/lib/pkgfuncs.inc b/web/lib/pkgfuncs.inc index de2f16c..d1da9bc 100644 --- a/web/lib/pkgfuncs.inc +++ b/web/lib/pkgfuncs.inc @@ -125,7 +125,7 @@ function package_exists($name="") { if (!$name) {return NULL;} $dbh = db_connect(); $q = "SELECT ID FROM Packages "; - $q.= "WHERE Name = '".mysql_escape_string($name)."' "; + $q.= "WHERE Name = '".mysql_real_escape_string($name)."' "; $q.= "AND DummyPkg = 0"; $result = db_query($q, $dbh); if (!$result) {return NULL;} @@ -141,7 +141,7 @@ function package_dependencies($pkgid=0) { $dbh = db_connect(); $q = "SELECT DepPkgID, Name, DummyPkg, DepCondition FROM PackageDepends, Packages "; $q.= "WHERE PackageDepends.DepPkgID = Packages.ID "; - $q.= "AND PackageDepends.PackageID = ".mysql_escape_string($pkgid); + $q.= "AND PackageDepends.PackageID = ".mysql_real_escape_string($pkgid); $q.= " ORDER BY Name"; $result = db_query($q, $dbh); if (!$result) {return array();} @@ -161,14 +161,14 @@ function create_dummy($pname="", $sid="") { if (!$uid) {return NULL;} $dbh = db_connect(); $q = "SELECT ID FROM Packages WHERE Name = '"; - $q.= mysql_escape_string($pname)."'"; + $q.= mysql_real_escape_string($pname)."'"; $result = db_query($q, $dbh); if (!mysql_num_rows($result)) { # Insert the dummy # $q = "INSERT INTO Packages (Name, Description, URL, SubmittedTS, "; $q.= "SubmitterUID, DummyPkg) VALUES ('"; - $q.= mysql_escape_string($pname)."', 'A dummy package', '/#', "; + $q.= mysql_real_escape_string($pname)."', 'A dummy package', '/#', "; $q.= "UNIX_TIMESTAMP(), ".$uid.", 1)"; $result = db_query($q, $dbh); if (!$result) { @@ -193,7 +193,7 @@ function package_comments($pkgid=0) { $q = "SELECT PackageComments.ID, UserName, UsersID, Comments, CommentTS "; $q.= "FROM PackageComments, Users "; $q.= "WHERE PackageComments.UsersID = Users.ID"; - $q.= " AND PackageID = ".mysql_escape_string($pkgid); + $q.= " AND PackageID = ".mysql_real_escape_string($pkgid); $q.= " AND DelUsersID = 0"; # only display non-deleted comments $q.= " ORDER BY CommentTS DESC"; $result = db_query($q, $dbh); @@ -212,7 +212,7 @@ function package_sources($pkgid=0) { if ($pkgid) { $dbh = db_connect(); $q = "SELECT Source FROM PackageSources "; - $q.= "WHERE PackageID = ".mysql_escape_string($pkgid); + $q.= "WHERE PackageID = ".mysql_real_escape_string($pkgid); $q.= " ORDER BY Source"; $result = db_query($q, $dbh); if (!$result) {return array();} @@ -234,7 +234,7 @@ function pkgvotes_from_sid($sid="") { $q.= "FROM PackageVotes, Users, Sessions "; $q.= "WHERE Users.ID = Sessions.UsersID "; $q.= "AND Users.ID = PackageVotes.UsersID "; - $q.= "AND Sessions.SessionID = '".mysql_escape_string($sid)."'"; + $q.= "AND Sessions.SessionID = '".mysql_real_escape_string($sid)."'"; $result = db_query($q, $dbh); if ($result) { while ($row = mysql_fetch_row($result)) { @@ -901,10 +901,10 @@ function pkg_search_page($SID="") { #search by maintainer if ($_REQUEST["SeB"] == "m"){ if (!$has_where) { - $q.= "WHERE Username = '".mysql_escape_string($K)."' "; + $q.= "WHERE Username = '".mysql_real_escape_string($K)."' "; $has_where = 1; } else { - $q.= "AND Username = '".mysql_escape_string($K)."' "; + $q.= "AND Username = '".mysql_real_escape_string($K)."' "; } } elseif ($_REQUEST["SeB"] == "s") { if (!$has_where) { @@ -916,12 +916,12 @@ function pkg_search_page($SID="") { # the default behaivior, query the name/description } else { if (!$has_where) { - $q.= "WHERE (Name LIKE '%".mysql_escape_string($K)."%' OR "; - $q.= "Description LIKE '%".mysql_escape_string($K)."%') "; + $q.= "WHERE (Name LIKE '%".mysql_real_escape_string($K)."%' OR "; + $q.= "Description LIKE '%".mysql_real_escape_string($K)."%') "; $has_where = 1; } else { - $q.= "AND (Name LIKE '%".mysql_escape_string($K)."%' OR "; - $q.= "Description LIKE '%".mysql_escape_string($K)."%') "; + $q.= "AND (Name LIKE '%".mysql_real_escape_string($K)."%' OR "; + $q.= "Description LIKE '%".mysql_real_escape_string($K)."%') "; } } } -- cgit v1.2.3-54-g00ecf