Revision: 2277
http://mrbs.svn.sourceforge.net/mrbs/?rev=2277&view=rev
Author: cimorrison
Date: 2012-03-26 09:25:53 +0000 (Mon, 26 Mar 2012)
Log Message:
-----------
Changed SQL escaping from addslashes() to PHP escape functions. (addslashes()
should not be used with PostgreSQL). Thanks to Henry S. Thompson.
Modified Paths:
--------------
mrbs/trunk/web/Themes/default/header.inc
mrbs/trunk/web/auth_db.inc
mrbs/trunk/web/auth_db_ext.inc
mrbs/trunk/web/dbsys.inc
mrbs/trunk/web/edit_area_room.php
mrbs/trunk/web/edit_users.php
mrbs/trunk/web/functions_ical.inc
mrbs/trunk/web/functions_mail.inc
mrbs/trunk/web/import.php
mrbs/trunk/web/mrbs_sql.inc
mrbs/trunk/web/mysql.inc
mrbs/trunk/web/mysqli.inc
mrbs/trunk/web/pending.php
mrbs/trunk/web/pgsql.inc
mrbs/trunk/web/report.php
mrbs/trunk/web/search.php
mrbs/trunk/web/upgrade/15/post.inc
mrbs/trunk/web/upgrade/21/post.inc
mrbs/trunk/web/upgrade/6/post.inc
Modified: mrbs/trunk/web/Themes/default/header.inc
===================================================================
--- mrbs/trunk/web/Themes/default/header.inc 2012-03-12 18:18:24 UTC (rev
2276)
+++ mrbs/trunk/web/Themes/default/header.inc 2012-03-26 09:25:53 UTC (rev
2277)
@@ -3325,7 +3325,7 @@
if (!$is_admin)
{
// Ordinary users can only see their own
- $sql .= " AND create_by='" . addslashes($user) . "'";
+ $sql .= " AND create_by='" . sql_escape($user) . "'";
}
$n_outstanding = sql_query1($sql);
echo "<div id=\"n_outstanding\"" .
Modified: mrbs/trunk/web/auth_db.inc
===================================================================
--- mrbs/trunk/web/auth_db.inc 2012-03-12 18:18:24 UTC (rev 2276)
+++ mrbs/trunk/web/auth_db.inc 2012-03-26 09:25:53 UTC (rev 2277)
@@ -36,8 +36,8 @@
{
global $tbl_users;
- $user = strtolower(addslashes($user));
- // No addslashes() required because it's put in the database as an MD5,
+ $user = strtolower(sql_escape($user));
+ // No sql_escape() required because it's put in the database as an MD5,
// which is safe.
$pass = md5($pass);
@@ -69,7 +69,7 @@
return 0;
}
- $result = sql_query1("SELECT level FROM $tbl_users WHERE name='" .
strtolower(addslashes($user)) . "' LIMIT 1");
+ $result = sql_query1("SELECT level FROM $tbl_users WHERE name='" .
strtolower(sql_escape($user)) . "' LIMIT 1");
if ($result == -1)
{
$sql_error = sql_error();
Modified: mrbs/trunk/web/auth_db_ext.inc
===================================================================
--- mrbs/trunk/web/auth_db_ext.inc 2012-03-12 18:18:24 UTC (rev 2276)
+++ mrbs/trunk/web/auth_db_ext.inc 2012-03-26 09:25:53 UTC (rev 2277)
@@ -50,7 +50,7 @@
$auth['db_ext']['db_password'],
$auth['db_ext']['db_name']);
- $user = addslashes($user);
+ $user = sql_escape($user);
$query = "SELECT " . $auth['db_ext']['column_name_password'] .
" FROM " . $auth['db_ext']['db_table'] .
Modified: mrbs/trunk/web/dbsys.inc
===================================================================
--- mrbs/trunk/web/dbsys.inc 2012-03-12 18:18:24 UTC (rev 2276)
+++ mrbs/trunk/web/dbsys.inc 2012-03-26 09:25:53 UTC (rev 2277)
@@ -55,6 +55,28 @@
}
+// Escapes special characters in a string for use in an SQL statement
+function sql_escape($str)
+{
+ if (func_num_args() > 1)
+ {
+ $handle = func_get_arg(1);
+ $db_sys = $handle['system'];
+ $db_conn = $handle['connection'];
+ }
+ else
+ {
+ global $dbsys;
+
+ $db_sys = $dbsys;
+ $db_conn = null;
+ }
+
+ $f = "sql_${db_sys}_escape";
+ return $f($str, $db_conn);
+}
+
+
// Run an SQL query that doesn't produce results
function sql_command($sql)
{
Modified: mrbs/trunk/web/edit_area_room.php
===================================================================
--- mrbs/trunk/web/edit_area_room.php 2012-03-12 18:18:24 UTC (rev 2276)
+++ mrbs/trunk/web/edit_area_room.php 2012-03-26 09:25:53 UTC (rev 2277)
@@ -309,22 +309,22 @@
$assign_array[] = "disabled=$room_disabled";
break;
case 'room_name':
- $assign_array[] = "room_name='" . addslashes($room_name) . "'";
+ $assign_array[] = "room_name='" . sql_escape($room_name) . "'";
break;
case 'sort_key':
- $assign_array[] = "sort_key='" . addslashes($sort_key) . "'";
+ $assign_array[] = "sort_key='" . sql_escape($sort_key) . "'";
break;
case 'description':
- $assign_array[] = "description='" . addslashes($description) .
"'";
+ $assign_array[] = "description='" . sql_escape($description) .
"'";
break;
case 'capacity':
$assign_array[] = "capacity=$capacity";
break;
case 'room_admin_email':
- $assign_array[] = "room_admin_email='" .
addslashes($room_admin_email) . "'";
+ $assign_array[] = "room_admin_email='" .
sql_escape($room_admin_email) . "'";
break;
case 'custom_html':
- $assign_array[] = "custom_html='" . addslashes($custom_html) .
"'";
+ $assign_array[] = "custom_html='" . sql_escape($custom_html) .
"'";
break;
// then look at any user defined fields
default:
@@ -341,7 +341,7 @@
}
break;
default:
- $$var = "'" . addslashes($$var) . "'";
+ $$var = "'" . sql_escape($$var) . "'";
break;
}
// Note that we don't have to escape or quote the fieldname
@@ -481,11 +481,11 @@
{
$sql = "UPDATE $tbl_area SET ";
$assign_array = array();
- $assign_array[] = "area_name='" . addslashes($area_name) . "'";
+ $assign_array[] = "area_name='" . sql_escape($area_name) . "'";
$assign_array[] = "disabled=" . $area_disabled;
- $assign_array[] = "timezone='" . addslashes($area_timezone) . "'";
- $assign_array[] = "area_admin_email='" . addslashes($area_admin_email) .
"'";
- $assign_array[] = "custom_html='" . addslashes($custom_html) . "'";
+ $assign_array[] = "timezone='" . sql_escape($area_timezone) . "'";
+ $assign_array[] = "area_admin_email='" . sql_escape($area_admin_email) .
"'";
+ $assign_array[] = "custom_html='" . sql_escape($custom_html) . "'";
if (!$area_enable_periods)
{
$assign_array[] = "resolution=" . $area_res_mins * 60;
Modified: mrbs/trunk/web/edit_users.php
===================================================================
--- mrbs/trunk/web/edit_users.php 2012-03-12 18:18:24 UTC (rev 2276)
+++ mrbs/trunk/web/edit_users.php 2012-03-26 09:25:53 UTC (rev 2277)
@@ -433,7 +433,7 @@
if (isset($Action) && ($Action == "Update"))
{
// If you haven't got the rights to do this, then exit
- $my_id = sql_query1("SELECT id FROM $tbl_users WHERE
name='".addslashes($user)."' LIMIT 1");
+ $my_id = sql_query1("SELECT id FROM $tbl_users WHERE
name='".sql_escape($user)."' LIMIT 1");
if (($level < $min_user_editing_level) && ($Id != $my_id ))
{
Header("Location: edit_users.php");
@@ -528,7 +528,7 @@
// If it's a new user, then to check to see if there are any rows
with that name.
// If it's an update, then check to see if there are any rows with
that name, except
// for that user.
- $query = "SELECT id FROM $tbl_users WHERE name='" .
addslashes($value) . "'";
+ $query = "SELECT id FROM $tbl_users WHERE name='" .
sql_escape($value) . "'";
if ($Id >= 0)
{
$query .= " AND id!='$Id'";
@@ -607,7 +607,7 @@
}
break;
default:
- $value = "'" . addslashes($value) . "'";
+ $value = "'" . sql_escape($value) . "'";
break;
}
Modified: mrbs/trunk/web/functions_ical.inc
===================================================================
--- mrbs/trunk/web/functions_ical.inc 2012-03-12 18:18:24 UTC (rev 2276)
+++ mrbs/trunk/web/functions_ical.inc 2012-03-26 09:25:53 UTC (rev 2277)
@@ -106,7 +106,7 @@
// Look and see if there's a component in the database
$sql = "SELECT vtimezone, last_updated
FROM $tbl_zoneinfo
- WHERE timezone='" . addslashes($tz) . "'
+ WHERE timezone='" . sql_escape($tz) . "'
AND outlook_compatible=$zoneinfo_outlook_compatible
LIMIT 1";
$res = sql_query($sql);
@@ -151,9 +151,9 @@
$vtimezone = $new_vtimezone;
// Update the database
$sql = "UPDATE $tbl_zoneinfo
- SET vtimezone='" . addslashes($vtimezone) . "',
+ SET vtimezone='" . sql_escape($vtimezone) . "',
last_updated=" . time() . "
- WHERE timezone='" . addslashes($tz) . "'
+ WHERE timezone='" . sql_escape($tz) . "'
AND outlook_compatible=$zoneinfo_outlook_compatible";
if (sql_command($sql) < 0)
{
@@ -177,9 +177,9 @@
{
$sql = "INSERT INTO $tbl_zoneinfo
(timezone, outlook_compatible, vtimezone, last_updated)
- VALUES ('" . addslashes($tz) . "',
+ VALUES ('" . sql_escape($tz) . "',
$zoneinfo_outlook_compatible,
- '" . addslashes($vtimezone) . "', " .
+ '" . sql_escape($vtimezone) . "', " .
time() . ")";
if (sql_command($sql) < 0)
{
@@ -289,7 +289,7 @@
// If we're using the 'db' auth rtpe, then look the username up in the users
table
if ($auth['type'] == 'db')
{
- $sql = "SELECT name FROM $tbl_users WHERE email='" . addslashes($email) .
"'";
+ $sql = "SELECT name FROM $tbl_users WHERE email='" . sql_escape($email) .
"'";
$res = sql_query($sql);
if ($res === FALSE)
{
Modified: mrbs/trunk/web/functions_mail.inc
===================================================================
--- mrbs/trunk/web/functions_mail.inc 2012-03-12 18:18:24 UTC (rev 2276)
+++ mrbs/trunk/web/functions_mail.inc 2012-03-26 09:25:53 UTC (rev 2277)
@@ -209,7 +209,7 @@
{
$email = sql_query1("SELECT email
FROM $tbl_users
- WHERE name='" . addslashes($user) . "'
+ WHERE name='" . sql_escape($user) . "'
LIMIT 1");
if ($email == -1)
{
Modified: mrbs/trunk/web/import.php
===================================================================
--- mrbs/trunk/web/import.php 2012-03-12 18:18:24 UTC (rev 2276)
+++ mrbs/trunk/web/import.php 2012-03-26 09:25:53 UTC (rev 2277)
@@ -40,7 +40,7 @@
// know which area to put it in.
if ($location_area == '')
{
- $sql = "SELECT COUNT(*) FROM $tbl_room WHERE room_name='" .
addslashes($location_room) . "'";
+ $sql = "SELECT COUNT(*) FROM $tbl_room WHERE room_name='" .
sql_escape($location_room) . "'";
$count = sql_query1($sql);
if ($count < 0)
{
@@ -59,7 +59,7 @@
}
else // we've got a unique room name
{
- $sql = "SELECT id FROM $tbl_room WHERE room_name='" .
addslashes($location_room) . "' LIMIT 1";
+ $sql = "SELECT id FROM $tbl_room WHERE room_name='" .
sql_escape($location_room) . "' LIMIT 1";
$id = sql_query1($sql);
if ($id < 0)
{
@@ -76,7 +76,7 @@
// First of all get the area id
$sql = "SELECT id
FROM $tbl_area
- WHERE area_name='" . addslashes($location_area) . "'
+ WHERE area_name='" . sql_escape($location_area) . "'
LIMIT 1";
$area_id = sql_query1($sql);
if ($area_id < 0)
@@ -112,7 +112,7 @@
// Now we've got the area_id get the room_id
$sql = "SELECT id
FROM $tbl_room
- WHERE room_name='" . addslashes($location_room) . "'
+ WHERE room_name='" . sql_escape($location_room) . "'
AND area_id=$area_id
LIMIT 1";
$room_id = sql_query1($sql);
Modified: mrbs/trunk/web/mrbs_sql.inc
===================================================================
--- mrbs/trunk/web/mrbs_sql.inc 2012-03-12 18:18:24 UTC (rev 2276)
+++ mrbs/trunk/web/mrbs_sql.inc 2012-03-26 09:25:53 UTC (rev 2277)
@@ -330,14 +330,14 @@
case 'ical_uid':
case 'ical_recur_id':
$sql_col[] = $key;
- $sql_val[] = "'" . addslashes($data[$key]) . "'";
+ $sql_val[] = "'" . sql_escape($data[$key]) . "'";
break;
// special case - rep_opt
case 'rep_opt':
// pgsql doesn't like empty strings
$sql_col[] = $key;
- $sql_val[] = (empty($data[$key])) ? "'0'" : "'" .
addslashes($data[$key]) . "'";
+ $sql_val[] = (empty($data[$key])) ? "'0'" : "'" .
sql_escape($data[$key]) . "'";
break;
// special case - rep_num_weeks
@@ -378,7 +378,7 @@
}
else
{
- $value = "'" . addslashes($data[$key]) . "'";
+ $value = "'" . sql_escape($data[$key]) . "'";
}
break;
} // switch ($field_natures[$key])
@@ -798,8 +798,8 @@
$now = time();
$sql = "UPDATE $table SET";
$sql .= " info_time=$now";
- $sql .= ", info_user='" . addslashes($user) . "'";
- $sql .= ", info_text='" . addslashes($note) . "'";
+ $sql .= ", info_user='" . sql_escape($user) . "'";
+ $sql .= ", info_text='" . sql_escape($note) . "'";
$sql .= " WHERE id=$id";
return sql_command($sql);
}
@@ -1065,7 +1065,7 @@
// Truncate the name field to the maximum length as a precaution.
$name = substr($name, 0, $maxlength['area.area_name']);
- $area_name_q = addslashes($name);
+ $area_name_q = sql_escape($name);
// Acquire a mutex to lock out others who might be editing the area
if (!sql_mutex_lock("$tbl_area"))
{
@@ -1110,7 +1110,7 @@
}
else
{
- $sql_val[] = "'" . addslashes($area_defaults[$key]) . "'";
+ $sql_val[] = "'" . sql_escape($area_defaults[$key]) . "'";
}
}
break;
@@ -1147,8 +1147,8 @@
$name = substr($name, 0, $maxlength['room.room_name']);
$description = substr($description, 0, $maxlength['room.description']);
// Add SQL escaping
- $room_name_q = addslashes($name);
- $description_q = addslashes($description);
+ $room_name_q = sql_escape($name);
+ $description_q = sql_escape($description);
if (empty($capacity))
{
$capacity = 0;
Modified: mrbs/trunk/web/mysql.inc
===================================================================
--- mrbs/trunk/web/mysql.inc 2012-03-12 18:18:24 UTC (rev 2276)
+++ mrbs/trunk/web/mysql.inc 2012-03-26 09:25:53 UTC (rev 2277)
@@ -34,6 +34,22 @@
}
+// Escapes special characters in a string for use in an SQL statement
+function sql_mysql_escape($str, $db_conn = null)
+{
+ sql_mysql_ensure_handle($db_conn);
+
+ if (function_exists('mysql_real_escape_string'))
+ {
+ return mysql_real_escape_string($str, $db_conn);
+ }
+ else
+ {
+ return addslashes($str);
+ }
+}
+
+
// Execute a non-SELECT SQL command (insert/update/delete).
// Returns the number of tuples affected if OK (a number >= 0).
// Returns -1 on error; use sql_error to get the error message.
@@ -260,7 +276,7 @@
{
sql_mysql_ensure_handle($db_conn);
- return " BINARY `$fieldname`='" . addslashes($s) . "'";
+ return " BINARY `$fieldname`='" . sql_mysql_escape($s) . "'";
}
// Generate non-standard SQL to match a string anywhere in a field's value
@@ -340,7 +356,7 @@
{
sql_mysql_ensure_handle($db_conn);
- $res = sql_mysql_query1("SHOW TABLES LIKE '".addslashes($table)."'");
+ $res = sql_mysql_query1("SHOW TABLES LIKE '".sql_mysql_escape($table)."'");
return ($res == -1) ? FALSE : TRUE;
}
Modified: mrbs/trunk/web/mysqli.inc
===================================================================
--- mrbs/trunk/web/mysqli.inc 2012-03-12 18:18:24 UTC (rev 2276)
+++ mrbs/trunk/web/mysqli.inc 2012-03-26 09:25:53 UTC (rev 2277)
@@ -34,6 +34,22 @@
}
+// Escapes special characters in a string for use in an SQL statement
+function sql_mysqli_escape($str, $db_conn = null)
+{
+ sql_mysqli_ensure_handle($db_conn);
+
+ if (function_exists('mysqli_real_escape_string'))
+ {
+ return mysqli_real_escape_string($db_conn, $str);
+ }
+ else
+ {
+ return addslashes($str);
+ }
+}
+
+
// Execute a non-SELECT SQL command (insert/update/delete).
// Returns the number of tuples affected if OK (a number >= 0).
// Returns -1 on error; use sql_error to get the error message.
@@ -268,7 +284,7 @@
{
sql_mysqli_ensure_handle($db_conn);
- return " BINARY `$fieldname`='" . addslashes($s) . "'";
+ return " BINARY `$fieldname`='" . sql_mysqli_escape($s) . "'";
}
// Generate non-standard SQL to match a string anywhere in a field's value
@@ -370,7 +386,7 @@
{
sql_mysqli_ensure_handle($db_conn);
- $res = sql_mysqli_query1("SHOW TABLES LIKE '".addslashes($table)."'");
+ $res = sql_mysqli_query1("SHOW TABLES LIKE '".sql_mysqli_escape($table)."'");
return ($res == -1) ? FALSE : TRUE;
}
Modified: mrbs/trunk/web/pending.php
===================================================================
--- mrbs/trunk/web/pending.php 2012-03-12 18:18:24 UTC (rev 2276)
+++ mrbs/trunk/web/pending.php 2012-03-26 09:25:53 UTC (rev 2277)
@@ -224,7 +224,7 @@
// Ordinary users can only see their own bookings
if (!$is_admin)
{
- $sql .= " AND E.create_by='" . addslashes($user) . "'";
+ $sql .= " AND E.create_by='" . sql_escape($user) . "'";
}
// We want entries for a series to appear together so that we can display
// them as a separate table below the main entry for the series.
Modified: mrbs/trunk/web/pgsql.inc
===================================================================
--- mrbs/trunk/web/pgsql.inc 2012-03-12 18:18:24 UTC (rev 2276)
+++ mrbs/trunk/web/pgsql.inc 2012-03-26 09:25:53 UTC (rev 2277)
@@ -42,6 +42,22 @@
}
+// Escapes special characters in a string for use in an SQL statement
+function sql_pgsql_escape($str, $db_conn = null)
+{
+ sql_pgsql_ensure_handle($db_conn);
+
+ if (function_exists('pg_escape_string'))
+ {
+ return pg_escape_string($db_conn, $str);
+ }
+ else
+ {
+ return addslashes($str);
+ }
+}
+
+
// Execute a non-SELECT SQL command (insert/update/delete).
// Returns the number of tuples affected if OK (a number >= 0).
// Returns -1 on error; use sql_error to get the error message.
@@ -284,7 +300,7 @@
{
sql_pgsql_ensure_handle($db_conn);
- return " \"$fieldname\"='" . addslashes($s) . "'";
+ return " \"$fieldname\"='" . sql_pgsql_escape($s) . "'";
}
@@ -374,7 +390,7 @@
sql_pgsql_ensure_handle($db_conn);
$res = sql_pgsql_query1("SELECT relname FROM pg_class ".
- "WHERE relname = '".addslashes($table)."'");
+ "WHERE relname = '".sql_pgsql_escape($table)."'");
return ($res == -1) ? FALSE : TRUE;
}
Modified: mrbs/trunk/web/report.php
===================================================================
--- mrbs/trunk/web/report.php 2012-03-12 18:18:24 UTC (rev 2276)
+++ mrbs/trunk/web/report.php 2012-03-26 09:25:53 UTC (rev 2277)
@@ -905,13 +905,13 @@
$or_array = array();
foreach ( $typematch as $type )
{
- $or_array[] = "E.type = '".addslashes($type)."'";
+ $or_array[] = "E.type = '".sql_escape($type)."'";
}
$sql .= "(". implode( " OR ", $or_array ) .")";
}
else
{
- $sql .= "E.type = '".addslashes($typematch[0])."'";
+ $sql .= "E.type = '".sql_escape($typematch[0])."'";
}
}
if (!empty($namematch))
@@ -974,7 +974,7 @@
// assume PHP5
if (strpos(strtolower($option_value), strtolower($$var)) !== FALSE)
{
- $or_array[] = "E.$key='" . addslashes($option_key) . "'";
+ $or_array[] = "E.$key='" . sql_escape($option_key) . "'";
}
}
if (count($or_array) > 0)
@@ -1026,8 +1026,8 @@
// - their own bookings, and others' public bookings if
private_override is set to 'none'
// - just their own bookings, if private_override is set to 'private'
$sql .= " AND ((A.private_override='public') OR
- (A.private_override='none' AND ((E.status&" .
STATUS_PRIVATE . "=0) OR E.create_by = '" . addslashes($user) . "')) OR
- (A.private_override='private' AND E.create_by = '" .
addslashes($user) . "'))";
+ (A.private_override='none' AND ((E.status&" .
STATUS_PRIVATE . "=0) OR E.create_by = '" . sql_escape($user) . "')) OR
+ (A.private_override='private' AND E.create_by = '" .
sql_escape($user) . "'))";
}
else
{
Modified: mrbs/trunk/web/search.php
===================================================================
--- mrbs/trunk/web/search.php 2012-03-12 18:18:24 UTC (rev 2276)
+++ mrbs/trunk/web/search.php 2012-03-26 09:25:53 UTC (rev 2277)
@@ -216,7 +216,7 @@
// assume PHP5
if (strpos(strtolower($value), strtolower($search_str)) !== FALSE)
{
- $sql_pred .= " OR E." . $field['name'] . "='" . addslashes($key) .
"'";
+ $sql_pred .= " OR E." . $field['name'] . "='" . sql_escape($key) .
"'";
}
}
}
@@ -244,8 +244,8 @@
// - their own bookings, and others' public bookings if private_override
is set to 'none'
// - just their own bookings, if private_override is set to 'private'
$sql_pred .= " AND ((A.private_override='public') OR
- (A.private_override='none' AND ((E.status&" .
STATUS_PRIVATE . "=0) OR E.create_by = '" . addslashes($user) . "')) OR
- (A.private_override='private' AND E.create_by = '" .
addslashes($user) . "'))";
+ (A.private_override='none' AND ((E.status&" .
STATUS_PRIVATE . "=0) OR E.create_by = '" . sql_escape($user) . "')) OR
+ (A.private_override='private' AND E.create_by = '" .
sql_escape($user) . "'))";
}
else
{
Modified: mrbs/trunk/web/upgrade/15/post.inc
===================================================================
--- mrbs/trunk/web/upgrade/15/post.inc 2012-03-12 18:18:24 UTC (rev 2276)
+++ mrbs/trunk/web/upgrade/15/post.inc 2012-03-26 09:25:53 UTC (rev 2277)
@@ -25,7 +25,7 @@
}
else
{
- $sql_val = "'" . addslashes($area_defaults[$key]) . "'";
+ $sql_val = "'" . sql_escape($area_defaults[$key]) . "'";
}
$sql = "UPDATE $tbl_area SET $key=$sql_val WHERE $key IS NULL";
$res = sql_command($sql);
Modified: mrbs/trunk/web/upgrade/21/post.inc
===================================================================
--- mrbs/trunk/web/upgrade/21/post.inc 2012-03-12 18:18:24 UTC (rev 2276)
+++ mrbs/trunk/web/upgrade/21/post.inc 2012-03-26 09:25:53 UTC (rev 2277)
@@ -23,7 +23,7 @@
}
else
{
- $sql_val = "'" . addslashes($area_defaults[$key]) . "'";
+ $sql_val = "'" . sql_escape($area_defaults[$key]) . "'";
}
$sql = "UPDATE $tbl_area SET $key=$sql_val WHERE $key IS NULL";
$res = sql_command($sql);
Modified: mrbs/trunk/web/upgrade/6/post.inc
===================================================================
--- mrbs/trunk/web/upgrade/6/post.inc 2012-03-12 18:18:24 UTC (rev 2276)
+++ mrbs/trunk/web/upgrade/6/post.inc 2012-03-26 09:25:53 UTC (rev 2277)
@@ -37,7 +37,7 @@
// Now populate the table with the existing admins
foreach ($auth['admin'] as $admin_name)
{
- $sql = "UPDATE $tbl_users SET level=$max_level WHERE
name='".addslashes($admin_name)."'";
+ $sql = "UPDATE $tbl_users SET level=$max_level WHERE
name='".sql_escape($admin_name)."'";
if (sql_command($sql) < 0)
{
fatal_error(0, "Error adding existing admins. " . sql_error());
This was sent by the SourceForge.net collaborative development platform, the
world's largest Open Source development site.
------------------------------------------------------------------------------
This SF email is sponsosred by:
Try Windows Azure free for 90 days Click Here
http://p.sf.net/sfu/sfd2d-msazure
_______________________________________________
Mrbs-commits mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/mrbs-commits
