Commit: efa8fa543bd8ebb808407be4f2dcc7c3204a615b Author: kovacs.ferenc <[email protected]> Wed, 11 Jun 2014 12:20:15 +0200 Parents: 9404bdc83562397e78c35e6daf2c91bf8a886f60 Branches: master
Link: http://git.php.net/?p=web/master.git;a=commitdiff;h=efa8fa543bd8ebb808407be4f2dcc7c3204a615b Log: escape the $name, $email, $username and $note variables coming from $_REQUEST magic_quote_gpc makes this not exploitable, but we should move away from that sooner or later Changed paths: M entry/svn-account.php Diff: diff --git a/entry/svn-account.php b/entry/svn-account.php index c349ec8..5874981 100644 --- a/entry/svn-account.php +++ b/entry/svn-account.php @@ -73,15 +73,20 @@ $passwd = strip($passwd); $svnpasswd = gen_svn_pass($username, $passwd); $note = hsc($note); +$escaped_name = mysql_real_escape_string($name); +$escaped_email = mysql_real_escape_string($email); +$escaped_username = mysql_real_escape_string($username); + $query = "INSERT INTO users (name,email,svnpasswd,username) VALUES "; -$query .= "('$name','$email','$svnpasswd','$username')"; +$query .= "('$ecaped_name','$escaped_email','$svnpasswd','$escaped_username')"; //echo "<!--$query-->\n"; if (@mysql_query($query)) { $new_id = mysql_insert_id(); + $escaped_note = mysql_real_escape_string("$note [group: $group]"); mysql_query("INSERT INTO users_note (userid, note, entered)" - ." VALUES ($new_id, '$note [group: $group]', NOW())"); + ." VALUES ($new_id, '$escaped_note', NOW())"); $msg = $note; $from = "\"$name\" <$email>"; -- PHP Webmaster List Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
