# HG changeset patch # User peter # Date 1218134713 0 # Node ID 3d18290ac99383c094a36acb88db77bb80924844 # Parent 963d62dc1c8091d1b51db7223ff82d1fb20dfdd3 [feladat @ 302] Applied the patches supplied in #82 and #85. Also quoted some additional values before they are send to the database. diff -r 963d62dc1c80 -r 3d18290ac993 inc/auth.inc.php --- a/inc/auth.inc.php Thu Jul 24 17:21:33 2008 +0000 +++ b/inc/auth.inc.php Thu Aug 07 18:45:13 2008 +0000 @@ -47,7 +47,7 @@ if(isset($_SESSION["userlogin"]) && isset($_SESSION["userpwd"])) { //Username and password are set, lets try to authenticate. - $result = $db->query("SELECT id, fullname FROM users WHERE username=". $db->quote($_SESSION["userlogin"]) ." AND password=". $db->quote(md5($_SESSION["userpwd"])) ." AND active=1"); + $result = $db->query("SELECT id, fullname FROM users WHERE username=". $db->quote($_SESSION["userlogin"], 'text') ." AND password=". $db->quote(md5($_SESSION["userpwd"]), 'text') ." AND active=1"); if($result->numRows() == 1) { $rowObj = $result->fetchRow(); diff -r 963d62dc1c80 -r 3d18290ac993 inc/dns.inc.php --- a/inc/dns.inc.php Thu Jul 24 17:21:33 2008 +0000 +++ b/inc/dns.inc.php Thu Aug 07 18:45:13 2008 +0000 @@ -230,8 +230,8 @@ $query = "SELECT type, content FROM records - WHERE content = " . $db->quote($name) . " - AND (type = 'MX' OR type = 'NS')"; + WHERE content = " . $db->quote($name, 'text') . " + AND (type = ".$db->quote('MX', 'text')." OR type = ".$db->quote('NS', 'text').")"; $response = $db->query($query); if (PEAR::isError($response)) { error($response->getMessage()); return false; }; @@ -248,8 +248,8 @@ $query = "SELECT type, name FROM records - WHERE name = " . $db->quote($target) . " - AND TYPE = 'CNAME'"; + WHERE name = " . $db->quote($target, 'text') . " + AND TYPE = ".$db->quote('CNAME', 'text'); $response = $db->query($query); if (PEAR::isError($response)) { error($response->getMessage()); return false; }; diff -r 963d62dc1c80 -r 3d18290ac993 inc/record.inc.php --- a/inc/record.inc.php Thu Jul 24 17:21:33 2008 +0000 +++ b/inc/record.inc.php Thu Aug 07 18:45:13 2008 +0000 @@ -21,7 +21,7 @@ function zone_id_exists($zid) { global $db; - $query = "SELECT COUNT(id) FROM domains WHERE id = " . $db->quote($zid); + $query = "SELECT COUNT(id) FROM domains WHERE id = " . $db->quote($zid, 'integer'); $count = $db->queryOne($query); if (PEAR::isError($count)) { error($result->getMessage()); return false; } return $count; @@ -30,14 +30,14 @@ function get_zone_id_from_record_id($rid) { global $db; - $query = "SELECT domain_id FROM records WHERE id = " . $db->quote($rid); + $query = "SELECT domain_id FROM records WHERE id = " . $db->quote($rid, 'integer'); $zid = $db->queryOne($query); return $zid; } function count_zone_records($zone_id) { global $db; - $sqlq = "SELECT COUNT(id) FROM records WHERE domain_id = ".$db->quote($zone_id); + $sqlq = "SELECT COUNT(id) FROM records WHERE domain_id = ".$db->quote($zone_id, 'integer'); $record_count = $db->queryOne($sqlq); return $record_count; } @@ -46,10 +46,10 @@ { global $db; - $sqlq = "SELECT notified_serial FROM domains WHERE id = ".$db->quote($domain_id); + $sqlq = "SELECT notified_serial FROM domains WHERE id = ".$db->quote($domain_id, 'integer'); $notified_serial = $db->queryOne($sqlq); - $sqlq = "SELECT content FROM records WHERE type = 'SOA' AND domain_id = ".$db->quote($domain_id); + $sqlq = "SELECT content FROM records WHERE type = ".$db->quote('SOA', 'text')." AND domain_id = ".$db->quote($domain_id, 'integer'); $content = $db->queryOne($sqlq); $need_to_update = false; @@ -90,7 +90,7 @@ for ($i = 0; $i < count($soa); $i++) { $new_soa .= $soa[$i] . " "; } - $sqlq = "UPDATE records SET content = ".$db->quote($new_soa)." WHERE domain_id = ".$db->quote($domain_id)." AND type = 'SOA'"; + $sqlq = "UPDATE records SET content = ".$db->quote($new_soa, 'text')." WHERE domain_id = ".$db->quote($domain_id, 'integer')." AND type = ".$db->quote('SOA', 'text'); $db->Query($sqlq); return true; } @@ -123,13 +123,13 @@ if (is_numeric($record['zid'])) { if (validate_input($record['zid'], $record['type'], $record['content'], $record['name'], $record['prio'], $record['ttl'])) { $query = "UPDATE records - SET name=".$db->quote($record['name']).", - type=".$db->quote($record['type']).", - content='" . $record['content'] . "', - ttl=".$db->quote($record['ttl']).", + SET name=".$db->quote($record['name'], 'text').", + type=".$db->quote($record['type'], 'text').", + content=" . $db->quote($record['content'], 'text') . ", + ttl=".$db->quote($record['ttl'], 'integer').", prio=".$db->quote($record['prio'], 'integer').", - change_date=".$db->quote(time())." - WHERE id=".$db->quote($record['rid']); + change_date=".$db->quote(time(), 'integer')." + WHERE id=".$db->quote($record['rid'], 'integer'); $result = $db->Query($query); if (PEAR::isError($result)) { error($result->getMessage()); @@ -173,13 +173,13 @@ if (validate_input($zoneid, $type, $content, $name, $prio, $ttl) ) { $change = time(); $query = "INSERT INTO records (domain_id, name, type, content, ttl, prio, change_date) VALUES (" - . $db->quote($zoneid) . "," - . $db->quote($name) . "," - . $db->quote($type) . "," - . $db->quote($content) . "," - . $db->quote($ttl) . "," + . $db->quote($zoneid, 'integer') . "," + . $db->quote($name, 'text') . "," + . $db->quote($type, 'text') . "," + . $db->quote($content, 'text') . "," + . $db->quote($ttl, 'integer') . "," . $db->quote($prio, 'integer') . "," - . $db->quote($change) . ")"; + . $db->quote($change, 'integer') . ")"; $response = $db->query($query); if (PEAR::isError($response)) { error($response->getMessage()); @@ -215,7 +215,7 @@ error(ERR_SM_EXISTS); return false; } else { - $db->query("INSERT INTO supermasters VALUES (".$db->quote($master_ip).", ".$db->quote($ns_name).", ".$db->quote($account).")"); + $db->query("INSERT INTO supermasters VALUES (".$db->quote($master_ip, 'text').", ".$db->quote($ns_name, 'text').", ".$db->quote($account, 'text').")"); return true; } } @@ -224,7 +224,7 @@ global $db; if (is_valid_ipv4($master_ip) || is_valid_ipv6($master_ip)) { - $db->query("DELETE FROM supermasters WHERE ip = ".$db->quote($master_ip)); + $db->query("DELETE FROM supermasters WHERE ip = ".$db->quote($master_ip, 'text')); return true; } else @@ -238,7 +238,7 @@ global $db; if (is_valid_ipv4($master_ip) || is_valid_ipv6($master_ip)) { - $result = $db->queryRow("SELECT ip,nameserver,account FROM supermasters WHERE ip = ".$db->quote($master_ip)); + $result = $db->queryRow("SELECT ip,nameserver,account FROM supermasters WHERE ip = ".$db->quote($master_ip, 'text')); $ret = array( "master_ip" => $result["ip"], @@ -258,7 +258,7 @@ global $db; - $query = "SELECT id AS rid, domain_id AS zid, name, type, content, ttl, prio, change_date FROM records WHERE id = " . $db->quote($rid) ; + $query = "SELECT id AS rid, domain_id AS zid, name, type, content, ttl, prio, change_date FROM records WHERE id = " . $db->quote($rid, 'integer') ; $response = $db->query($query); if (PEAR::isError($response)) { error($response->getMessage()); return false; } @@ -287,7 +287,7 @@ if ($record['type'] == "SOA") { error(_('You are trying to delete the SOA record. If are not allowed to remove it, unless you remove the entire zone.')); } else { - $query = "DELETE FROM records WHERE id = " . $db->quote($rid); + $query = "DELETE FROM records WHERE id = " . $db->quote($rid, 'integer'); $response = $db->query($query); if (PEAR::isError($response)) { error($response->getMessage()); return false; } return true; @@ -327,17 +327,17 @@ (eregi('in-addr.arpa', $domain) && $owner) || $type=="SLAVE" && $domain && $owner && $slave_master) { - $response = $db->query("INSERT INTO domains (name, type) VALUES (".$db->quote($domain).", ".$db->quote($type).")"); + $response = $db->query("INSERT INTO domains (name, type) VALUES (".$db->quote($domain, 'text').", ".$db->quote($type, 'text').")"); if (PEAR::isError($response)) { error($response->getMessage()); return false; } $domain_id = $db->lastInsertId('domains', 'id'); if (PEAR::isError($domain_id)) { error($id->getMessage()); return false; } - $response = $db->query("INSERT INTO zones (domain_id, owner) VALUES (".$db->quote($domain_id).", ".$db->quote($owner).")"); + $response = $db->query("INSERT INTO zones (domain_id, owner) VALUES (".$db->quote($domain_id, 'integer').", ".$db->quote($owner, 'integer').")"); if (PEAR::isError($response)) { error($response->getMessage()); return false; } if ($type == "SLAVE") { - $response = $db->query("UPDATE domains SET master = ".$db->quote($slave_master)." WHERE id = ".$db->quote($domain_id)); + $response = $db->query("UPDATE domains SET master = ".$db->quote($slave_master, 'text')." WHERE id = ".$db->quote($domain_id, 'integer')); if (PEAR::isError($response)) { error($response->getMessage()); return false; } return true; } else { @@ -348,13 +348,13 @@ $ttl = $dns_ttl; $query = "INSERT INTO records (domain_id, name, content, type, ttl, prio, change_date) VALUES (" - . $db->quote($domain_id) . "," - . $db->quote($domain) . "," - . $db->quote($ns1.' '.$hm.' 1') . "," - . $db->quote('SOA')."," - . $db->quote($ttl) - . ", 0, " - . $db->quote($now).")"; + . $db->quote($domain_id, 'integer') . "," + . $db->quote($domain, 'text') . "," + . $db->quote($ns1.' '.$hm.' 1', 'text') . "," + . $db->quote('SOA', 'text')."," + . $db->quote($ttl, 'integer')."," + . $db->quote(0, 'integer'). "," + . $db->quote($now, 'integer').")"; $response = $db->query($query); if (PEAR::isError($response)) { error($response->getMessage()); return false; } } elseif ($domain_id) { @@ -375,13 +375,13 @@ } $query = "INSERT INTO records (domain_id, name, type, content, ttl, prio, change_date) VALUES (" - . $db->quote($domain_id) . "," - . $db->quote($name) . "," - . $db->quote($type) . "," - . $db->quote($content) . "," - . $db->quote($ttl) . "," + . $db->quote($domain_id, 'integer') . "," + . $db->quote($name, 'text') . "," + . $db->quote($type, 'text') . "," + . $db->quote($content, 'text') . "," + . $db->quote($ttl, 'integer') . "," . $db->quote($prio, 'integer') . "," - . $db->quote($now) . ")"; + . $db->quote($now, 'integer') . ")"; $response = $db->query($query); if (PEAR::isError($response)) { error($response->getMessage()); return false; } } @@ -416,9 +416,9 @@ if ( $perm_edit == "all" || ( $perm_edit == "own" && $user_is_zone_owner == "1") ) { if (is_numeric($id)) { - $db->query("DELETE FROM zones WHERE domain_id=".$db->quote($id)); - $db->query("DELETE FROM domains WHERE id=".$db->quote($id)); - $db->query("DELETE FROM records WHERE domain_id=".$db->quote($id)); + $db->query("DELETE FROM zones WHERE domain_id=".$db->quote($id, 'integer')); + $db->query("DELETE FROM domains WHERE id=".$db->quote($id, 'integer')); + $db->query("DELETE FROM records WHERE domain_id=".$db->quote($id, 'integer')); return true; } else { error(sprintf(ERR_INV_ARGC, "delete_domain", "id must be a number")); @@ -439,7 +439,7 @@ global $db; if (is_numeric($id)) { - $result = $db->query("SELECT domain_id FROM records WHERE id=".$db->quote($id)); + $result = $db->query("SELECT domain_id FROM records WHERE id=".$db->quote($id, 'integer')); $r = $result->fetchRow(); return $r["domain_id"]; } @@ -461,9 +461,9 @@ // User is allowed to make change to meta data of this zone. if (is_numeric($zone_id) && is_numeric($user_id) && is_valid_user($user_id)) { - if($db->queryOne("SELECT COUNT(id) FROM zones WHERE owner=".$db->quote($user_id)." AND domain_id=".$db->quote($zone_id)) == 0) + if($db->queryOne("SELECT COUNT(id) FROM zones WHERE owner=".$db->quote($user_id, 'integer')." AND domain_id=".$db->quote($zone_id, 'integer')) == 0) { - $db->query("INSERT INTO zones (domain_id, owner) VALUES(".$db->quote($zone_id).", ".$db->quote($user_id).")"); + $db->query("INSERT INTO zones (domain_id, owner) VALUES(".$db->quote($zone_id, 'integer').", ".$db->quote($user_id, 'integer').")"); } return true; } else { @@ -483,9 +483,9 @@ if (is_numeric($zone_id) && is_numeric($user_id) && is_valid_user($user_id)) { // TODO: Next if() required, why not just execute DELETE query? - if($db->queryOne("SELECT COUNT(id) FROM zones WHERE owner=".$db->quote($user_id)." AND domain_id=".$db->quote($zone_id)) != 0) + if($db->queryOne("SELECT COUNT(id) FROM zones WHERE owner=".$db->quote($user_id, 'integer')." AND domain_id=".$db->quote($zone_id, 'integer')) != 0) { - $db->query("DELETE FROM zones WHERE owner=".$db->quote($user_id)." AND domain_id=".$db->quote($zone_id)); + $db->query("DELETE FROM zones WHERE owner=".$db->quote($user_id, 'integer')." AND domain_id=".$db->quote($zone_id, 'integer')); } return true; } else { @@ -528,7 +528,7 @@ // Get the domain id. $domid = recid_to_domid($recid); - $result = $db->query("select id, type from records where domain_id=".$db->quote($recid)." and type=".$db->quote($type)); + $result = $db->query("select id, type from records where domain_id=".$db->quote($recid, 'integer')." and type=".$db->quote($type, 'text')); return $result; } @@ -542,7 +542,7 @@ global $db; if (is_numeric($id)) { - $result = $db->query("SELECT type FROM records WHERE id=".$db->quote($id)); + $result = $db->query("SELECT type FROM records WHERE id=".$db->quote($id, 'integer')); $r = $result->fetchRow(); return $r["type"]; } @@ -561,7 +561,7 @@ { global $db; if (is_numeric($id)) { - $result = $db->query("SELECT name FROM records WHERE id=".$db->quote($id)); + $result = $db->query("SELECT name FROM records WHERE id=".$db->quote($id, 'integer')); $r = $result->fetchRow(); return $r["name"]; } else { @@ -576,7 +576,7 @@ if (is_numeric($zid)) { - $result = $db->query("SELECT name FROM domains WHERE id=".$db->quote($zid)); + $result = $db->query("SELECT name FROM domains WHERE id=".$db->quote($zid, 'integer')); $rows = $result->numRows() ; if ($rows == 1) { $r = $result->fetchRow(); @@ -611,7 +611,7 @@ domains.master AS master_ip, count(records.domain_id) AS record_count FROM domains LEFT OUTER JOIN records ON domains.id = records.domain_id - WHERE domains.id = " . $db->quote($zid) . " + WHERE domains.id = " . $db->quote($zid, 'integer') . " GROUP BY domains.id, domains.type, domains.name, domains.master"; $result = $db->query($query); if (PEAR::isError($result)) { error($result->getMessage()); return false; } @@ -642,7 +642,7 @@ global $db; if (is_valid_hostname_fqdn($domain,0)) { - $result = $db->query("SELECT id FROM domains WHERE name=".$db->quote($domain)); + $result = $db->query("SELECT id FROM domains WHERE name=".$db->quote($domain, 'text')); if ($result->numRows() == 0) { return false; } elseif ($result->numRows() >= 1) { @@ -681,7 +681,7 @@ global $db; if (is_valid_ipv4($master_ip) || is_valid_ipv6($master_ip)) { - $result = $db->query("SELECT ip FROM supermasters WHERE ip = ".$db->quote($master_ip)); + $result = $db->query("SELECT ip FROM supermasters WHERE ip = ".$db->quote($master_ip, 'text')); if ($result->numRows() == 0) { return false; @@ -711,10 +711,10 @@ { if ($perm == "own") { $sql_add = " AND zones.domain_id = domains.id - AND zones.owner = ".$db->quote($userid); + AND zones.owner = ".$db->quote($userid, 'integer'); } if ($letterstart!='all' && $letterstart!=1) { - $sql_add .=" AND domains.name LIKE ".$db->quote($letterstart."%")." "; + $sql_add .=" AND domains.name LIKE ".$db->quote($db->quote($letterstart, 'text', false, true)."%", 'text')." "; } elseif ($letterstart==1) { $sql_add .=" AND substring(domains.name,1,1) ".$sql_regexp." '^[[:digit:]]'"; } @@ -761,11 +761,11 @@ { if ($perm == "own") { $sql_add = " AND zones.domain_id = domains.id - AND zones.owner = ".$db->quote($_SESSION['userid']); + AND zones.owner = ".$db->quote($_SESSION['userid'], 'integer'); $fromTable .= ',zones'; } if ($letterstart!='all' && $letterstart!=1) { - $sql_add .=" AND domains.name LIKE ".$db->quote($letterstart."%")." "; + $sql_add .=" AND domains.name LIKE ".$db->quote($db->quote($letterstart, 'text', false, true)."%", 'text')." "; } elseif ($letterstart==1) { $sql_add .=" AND substring(domains.name,1,1) ".$sql_regexp." '^[[:digit:]]'"; } @@ -783,7 +783,7 @@ global $db; $query = "SELECT COUNT(domain_id) FROM zones - WHERE owner = " . $db->quote($uid) . " + WHERE owner = " . $db->quote($uid, 'integer') . " ORDER BY domain_id"; $zone_count = $db->queryOne($query); return $zone_count; @@ -800,7 +800,7 @@ global $db; if (is_numeric($id)) { - $result = $db->query("SELECT id, domain_id, name, type, content, ttl, prio, change_date FROM records WHERE id=".$db->quote($id)); + $result = $db->query("SELECT id, domain_id, name, type, content, ttl, prio, change_date FROM records WHERE id=".$db->quote($id, 'integer')); if($result->numRows() == 0) { return -1; @@ -844,9 +844,9 @@ $db->setLimit($rowamount, $rowstart); $result = $db->query("SELECT record_owners.record_id as id FROM record_owners,domains,records - WHERE record_owners.user_id = " . $db->quote($_SESSION["userid"]) . " + WHERE record_owners.user_id = " . $db->quote($_SESSION["userid"], 'integer') . " AND record_owners.record_id = records.id - AND records.domain_id = " . $db->quote($id) . " + AND records.domain_id = " . $db->quote($id, 'integer') . " GROUP BY record_owners.record_id"); $ret = array(); @@ -866,7 +866,7 @@ } else { $db->setLimit($rowamount, $rowstart); - $result = $db->query("SELECT id FROM records WHERE domain_id=".$db->quote($id)); + $result = $db->query("SELECT id FROM records WHERE domain_id=".$db->quote($id, 'integer')); $ret = array(); if($result->numRows() == 0) { @@ -896,7 +896,7 @@ function get_users_from_domain_id($id) { global $db; - $sqlq = "SELECT owner FROM zones WHERE domain_id =" .$db->quote($id); + $sqlq = "SELECT owner FROM zones WHERE domain_id =" .$db->quote($id, 'integer'); $id_owners = $db->query($sqlq); if ($id_owners->numRows() == 0) { return -1; @@ -936,7 +936,7 @@ // Search for matching domains if ($perm == "own") { $sql_add_from = ", zones "; - $sql_add_where = " AND zones.domain_id = domains.id AND zones.owner = " . $db->quote($_SESSION['userid']); + $sql_add_where = " AND zones.domain_id = domains.id AND zones.owner = " . $db->quote($_SESSION['userid'], 'integer'); } $query = "SELECT @@ -945,7 +945,7 @@ domains.type AS type, domains.master AS master FROM domains" . $sql_add_from . " - WHERE domains.name LIKE " . $db->quote($holy_grail) + WHERE domains.name LIKE " . $db->quote($holy_grail, 'text') . $sql_add_where ; $response = $db->query($query); @@ -963,7 +963,7 @@ if ($perm == "own") { $sql_add_from = ", zones "; - $sql_add_where = " AND zones.domain_id = records.domain_id AND zones.owner = " . $db->quote($_SESSION['userid']); + $sql_add_where = " AND zones.domain_id = records.domain_id AND zones.owner = " . $db->quote($_SESSION['userid'], 'integer'); } $query = "SELECT @@ -975,7 +975,7 @@ records.prio AS prio, records.domain_id AS zid FROM records" . $sql_add_from . " - WHERE (records.name LIKE " . $db->quote($holy_grail) . " OR records.content LIKE " . $db->quote($holy_grail) . ")" + WHERE (records.name LIKE " . $db->quote($holy_grail, 'text') . " OR records.content LIKE " . $db->quote($holy_grail, 'text') . ")" . $sql_add_where ; $response = $db->query($query); @@ -997,7 +997,7 @@ function get_domain_type($id) { global $db; if (is_numeric($id)) { - $type = $db->queryOne("SELECT type FROM domains WHERE id = ".$db->quote($id)); + $type = $db->queryOne("SELECT type FROM domains WHERE id = ".$db->quote($id, 'integer')); if ($type == "") { $type = "NATIVE"; } @@ -1010,7 +1010,7 @@ function get_domain_slave_master($id){ global $db; if (is_numeric($id)) { - $slave_master = $db->queryOne("SELECT master FROM domains WHERE type = 'SLAVE' and id = ".$db->quote($id)); + $slave_master = $db->queryOne("SELECT master FROM domains WHERE type = 'SLAVE' and id = ".$db->quote($id, 'integer')); return $slave_master; } else { error(sprintf(ERR_INV_ARG, "get_domain_slave_master", "no or no valid zoneid given")); @@ -1028,9 +1028,9 @@ // ignore the field if the type isn't something else then slave. But then again, // it's much clearer this way. if ($type != "SLAVE") { - $add = ", master=''"; + $add = ", master=".$db->quote('', 'text'); } - $result = $db->query("UPDATE domains SET type = " . $db->quote($type) . $add . " WHERE id = ".$db->quote($id)); + $result = $db->query("UPDATE domains SET type = " . $db->quote($type, 'text') . $add . " WHERE id = ".$db->quote($id, 'integer')); } else { error(sprintf(ERR_INV_ARG, "change_domain_type", "no or no valid zoneid given")); } @@ -1040,7 +1040,7 @@ global $db; if (is_numeric($zone_id)) { if (is_valid_ipv4($ip_slave_master) || is_valid_ipv6($ip_slave_master)) { - $result = $db->query("UPDATE domains SET master = " .$db->quote($ip_slave_master). " WHERE id = ".$db->quote($zone_id)); + $result = $db->query("UPDATE domains SET master = " .$db->quote($ip_slave_master, 'text'). " WHERE id = ".$db->quote($zone_id, 'integer')); } else { error(sprintf(ERR_INV_ARGC, "change_domain_ip_slave_master", "This is not a valid IPv4 or IPv6 address: $ip_slave_master")); } @@ -1052,7 +1052,7 @@ function get_serial_by_zid($zid) { global $db; if (is_numeric($zid)) { - $query = "SELECT content FROM records where TYPE = 'SOA' and domain_id = " . $db->quote($zid); + $query = "SELECT content FROM records where TYPE = ".$db->quote('SOA', 'text')." and domain_id = " . $db->quote($zid, 'integer'); $rr_soa = $db->queryOne($query); if (PEAR::isError($rr_soa)) { error($rr_soa->getMessage()); return false; } $rr_soa_fields = explode(" ", $rr_soa); diff -r 963d62dc1c80 -r 3d18290ac993 inc/toolkit.inc.php --- a/inc/toolkit.inc.php Thu Jul 24 17:21:33 2008 +0000 +++ b/inc/toolkit.inc.php Thu Aug 07 18:45:13 2008 +0000 @@ -243,7 +243,7 @@ domains.name AS domainname FROM domains LEFT JOIN zones ON domains.id=zones.domain_id - WHERE substring(domains.name,1,1) ".$sql_regexp." ".$db->quote("^".$letter); + WHERE substring(domains.name,1,1) ".$sql_regexp." ".$db->quote("^".$letter, 'text'); $db->setLimit(1); $result = $db->query($query); $numrows = $result->numRows(); diff -r 963d62dc1c80 -r 3d18290ac993 inc/users.inc.php --- a/inc/users.inc.php Thu Jul 24 17:21:33 2008 +0000 +++ b/inc/users.inc.php Thu Aug 07 18:45:13 2008 +0000 @@ -40,19 +40,19 @@ // Set current user ID. $userid=$_SESSION['userid']; - $query = 'SELECT id FROM perm_items WHERE name='.$db->quote('user_is_ueberuser'); + $query = 'SELECT id FROM perm_items WHERE name='.$db->quote('user_is_ueberuser', 'text'); $ueberUserId = $db->queryOne($query); // Find the template ID that this user has been assigned. $query = "SELECT perm_templ FROM users - WHERE id = " . $db->quote($userid) ; + WHERE id = " . $db->quote($userid, 'integer') ; $templ_id = $db->queryOne($query); // Does this user have ueberuser rights? $query = "SELECT id FROM perm_templ_items - WHERE templ_id = " . $db->quote($templ_id) . " + WHERE templ_id = " . $db->quote($templ_id, 'integer') . " AND perm_id = ".$ueberUserId; $response = $db->query($query); if (PEAR::isError($response)) { error($response->getMessage()); return false; } @@ -63,14 +63,14 @@ // Find the permission ID for the requested permission. $query = "SELECT id FROM perm_items - WHERE name = " . $db->quote($permission) ; + WHERE name = " . $db->quote($permission, 'text') ; $perm_id = $db->queryOne($query); // Check if the permission ID is assigned to the template ID. $query = "SELECT id FROM perm_templ_items - WHERE templ_id = " . $db->quote($templ_id) . " - AND perm_id = " . $db->quote($perm_id) ; + WHERE templ_id = " . $db->quote($templ_id, 'integer') . " + AND perm_id = " . $db->quote($perm_id, 'integer') ; if (PEAR::isError($response)) { error($response->getMessage()); return false; } $response = $db->query($query); if ( $response->numRows() > 0 ) { @@ -108,7 +108,7 @@ $add = ''; if(is_numeric($id)) { //When a user id is given, it is excluded from the userlist returned. - $add = " WHERE users.id!=".$db->quote($id); + $add = " WHERE users.id!=".$db->quote($id, 'integer'); } // Make a huge query. @@ -161,7 +161,7 @@ { global $db; if(is_numeric($id)) { - $response = $db->query("SELECT id FROM users WHERE id=".$db->quote($id)); + $response = $db->query("SELECT id FROM users WHERE id=".$db->quote($id, 'integer')); if (PEAR::isError($response)) { error($response->getMessage()); return false; } if ($response->numRows() == 1) { return true; @@ -179,7 +179,7 @@ function user_exists($user) { global $db; - $response = $db->query("SELECT id FROM users WHERE username=".$db->quote($user)); + $response = $db->query("SELECT id FROM users WHERE username=".$db->quote($user, 'text')); if (PEAR::isError($response)) { error($response->getMessage()); return false; } if ($response->numRows() == 0) { return false; @@ -215,11 +215,11 @@ } } - $query = "DELETE FROM zones WHERE owner = " . $db->quote($uid) ; + $query = "DELETE FROM zones WHERE owner = " . $db->quote($uid, 'integer') ; $response = $db->query($query); if (PEAR::isError($response)) { error($response->getMessage()); return false; } - $query = "DELETE FROM users WHERE id = " . $db->quote($uid) ; + $query = "DELETE FROM users WHERE id = " . $db->quote($uid, 'integer') ; $response = $db->query($query); if (PEAR::isError($response)) { error($response->getMessage()); return false; } } @@ -284,7 +284,7 @@ // user, the username should apparantly changed. If so, check if the "new" // username already exists. - $query = "SELECT username FROM users WHERE id = " . $db->quote($id); + $query = "SELECT username FROM users WHERE id = " . $db->quote($id, 'integer'); $response = $db->query($query); if (PEAR::isError($response)) { error($response->getMessage()); return false; } @@ -297,7 +297,7 @@ // we have been given. User wants a change of username. Now, make // sure it doesn't already exist. - $query = "SELECT id FROM users WHERE username = " . $db->quote($user); + $query = "SELECT id FROM users WHERE username = " . $db->quote($user, 'integer'); $response = $db->query($query); if (PEAR::isError($response)) { error($response->getMessage()); return false; } @@ -311,18 +311,18 @@ // another user that goes by the wanted username. So, go ahead! $query = "UPDATE users SET - username = " . $db->quote($user) . ", - fullname = " . $db->quote($fullname) . ", - email = " . $db->quote($email) . ", - perm_templ = " . $db->quote($perm_templ) . ", - description = " . $db->quote($description) . ", - active = " . $db->quote($active) ; + username = " . $db->quote($user, 'text') . ", + fullname = " . $db->quote($fullname, 'text') . ", + email = " . $db->quote($email, 'text') . ", + perm_templ = " . $db->quote($perm_templ, 'integer') . ", + description = " . $db->quote($description, 'text') . ", + active = " . $db->quote($active, 'integer') ; if($password != "") { - $query .= ", password = " . $db->quote(md5($password)) ; + $query .= ", password = " . $db->quote(md5($password), 'text') ; } - $query .= " WHERE id = " . $db->quote($id) ; + $query .= " WHERE id = " . $db->quote($id, 'integer') ; $response = $db->query($query); if (PEAR::isError($response)) { error($response->getMessage()); return false; } @@ -347,14 +347,14 @@ return false; } - $query = "SELECT id, password FROM users WHERE username = " . $db->quote($_SESSION["userlogin"]); + $query = "SELECT id, password FROM users WHERE username = " . $db->quote($_SESSION["userlogin"], 'text'); $response = $db->query($query); if (PEAR::isError($response)) { error($response->getMessage()); return false; } $rinfo = $response->fetchRow(); if(md5($details['currentpass']) == $rinfo['password']) { - $query = "UPDATE users SET password = " . $db->quote(md5($details['newpass'])) . " WHERE id = " . $db->quote($rinfo['id']) ; + $query = "UPDATE users SET password = " . $db->quote(md5($details['newpass']), 'text') . " WHERE id = " . $db->quote($rinfo['id'], 'integer') ; $response = $db->query($query); if (PEAR::isError($response)) { error($response->getMessage()); return false; } @@ -373,7 +373,7 @@ function get_fullname_from_userid($id) { global $db; if (is_numeric($id)) { - $response = $db->query("SELECT fullname FROM users WHERE id=".$db->quote($id)); + $response = $db->query("SELECT fullname FROM users WHERE id=".$db->quote($id, 'integer')); if (PEAR::isError($response)) { error($response->getMessage()); return false; } $r = $response->fetchRow(); return $r["fullname"]; @@ -393,7 +393,7 @@ global $db; if (is_numeric($id)) { - $response = $db->query("SELECT fullname FROM users WHERE id=".$db->quote($id)); + $response = $db->query("SELECT fullname FROM users WHERE id=".$db->quote($id, 'integer')); if (PEAR::isError($response)) { error($response->getMessage()); return false; } if ($response->numRows() == 1) { @@ -419,7 +419,7 @@ global $db; if (is_numeric($id)) { - $response = $db->query("SELECT users.id, users.fullname FROM users, zones WHERE zones.domain_id=".$db->quote($id)." AND zones.owner=users.id ORDER by fullname"); + $response = $db->query("SELECT users.id, users.fullname FROM users, zones WHERE zones.domain_id=".$db->quote($id, 'integer')." AND zones.owner=users.id ORDER by fullname"); if (PEAR::isError($response)) { error($response->getMessage()); return false; } if ($response->numRows() == 0) { return ""; @@ -444,8 +444,8 @@ if (is_numeric($zoneid)) { $response = $db->query("SELECT zones.id FROM zones - WHERE zones.owner = " . $db->quote($userid) . " - AND zones.domain_id = ". $db->quote($zoneid)) ; + WHERE zones.owner = " . $db->quote($userid, 'integer') . " + AND zones.domain_id = ". $db->quote($zoneid, 'integer')) ; if (PEAR::isError($response)) { error($response->getMessage()); return false; } if ($response->numRows() == 0) { return "0"; @@ -464,12 +464,12 @@ if (v_num($specific)) { - $sql_add = "AND users.id = " . $db->quote($specific) ; + $sql_add = "AND users.id = " . $db->quote($specific, 'integer') ; } else { if (verify_permission('user_view_others')) { $sql_add = ""; } else { - $sql_add = "AND users.id = " . $db->quote($userid) ; + $sql_add = "AND users.id = " . $db->quote($userid, 'integer') ; } } @@ -517,7 +517,7 @@ if ($templ_id > 0) { $limit = ", perm_templ_items - WHERE perm_templ_items.templ_id = " . $db->quote($templ_id) . " + WHERE perm_templ_items.templ_id = " . $db->quote($templ_id, 'integer') . " AND perm_templ_items.perm_id = perm_items.id"; } @@ -553,7 +553,7 @@ $query = "SELECT * FROM perm_templ - WHERE perm_templ.id = " . $db->quote($templ_id); + WHERE perm_templ.id = " . $db->quote($templ_id, 'integer'); $response = $db->query($query); if (PEAR::isError($response)) { error($response->getMessage()); return false; } @@ -593,8 +593,8 @@ $query = "INSERT INTO perm_templ (name, descr) VALUES (" - . $db->quote($details['templ_name']) . ", " - . $db->quote($details['templ_descr']) . ")"; + . $db->quote($details['templ_name'], 'text') . ", " + . $db->quote($details['templ_descr'], 'text') . ")"; $response = $db->query($query); if (PEAR::isError($response)) { error($response->getMessage()); return false; } @@ -602,7 +602,7 @@ $perm_templ_id = $db->lastInsertId('perm_templ', 'id'); foreach ($details['perm_id'] AS $perm_id) { - $query = "INSERT INTO perm_templ_items (templ_id, perm_id) VALUES (" . $db->quote($perm_templ_id) . "," . $db->quote($perm_id) . ")"; + $query = "INSERT INTO perm_templ_items (templ_id, perm_id) VALUES (" . $db->quote($perm_templ_id, 'integer') . "," . $db->quote($perm_id, 'integer') . ")"; $response = $db->query($query); if (PEAR::isError($response)) { error($response->getMessage()); return false; } } @@ -618,9 +618,9 @@ // Fix permission template name and description first. $query = "UPDATE perm_templ - SET name = " . $db->quote($details['templ_name']) . ", - descr = " . $db->quote($details['templ_descr']) . " - WHERE id = " . $db->quote($details['templ_id']) ; + SET name = " . $db->quote($details['templ_name'], 'text') . ", + descr = " . $db->quote($details['templ_descr'], 'text') . " + WHERE id = " . $db->quote($details['templ_id'], 'integer') ; $response = $db->query($query); if (PEAR::isError($response)) { error($response->getMessage()); return false; } @@ -636,7 +636,7 @@ if (PEAR::isError($response)) { error($response->getMessage()); return false; } foreach ($details['perm_id'] AS $perm_id) { - $query = "INSERT INTO perm_templ_items (templ_id, perm_id) VALUES (" . $db->quote($details['templ_id']) . "," . $db->quote($perm_id) . ")"; + $query = "INSERT INTO perm_templ_items (templ_id, perm_id) VALUES (" . $db->quote($details['templ_id'], 'integer') . "," . $db->quote($perm_id, 'integer') . ")"; $response = $db->query($query); if (PEAR::isError($response)) { error($response->getMessage()); return false; } } @@ -674,7 +674,7 @@ // current username is not the same as the username that was given by the // user, the username should apparantly changed. If so, check if the "new" // username already exists. - $query = "SELECT username FROM users WHERE id = " . $db->quote($details['uid']); + $query = "SELECT username FROM users WHERE id = " . $db->quote($details['uid'], 'integer'); $response = $db->query($query); if (PEAR::isError($response)) { error($response->getMessage()); return false; } @@ -685,7 +685,7 @@ // Username of user ID in the database is different from the name // we have been given. User wants a change of username. Now, make // sure it doesn't already exist. - $query = "SELECT id FROM users WHERE username = " . $db->quote($details['username']); + $query = "SELECT id FROM users WHERE username = " . $db->quote($details['username'], 'text'); $response = $db->query($query); if (PEAR::isError($response)) { error($response->getMessage()); return false; } @@ -699,23 +699,23 @@ // another user that goes by the wanted username. So, go ahead! $query = "UPDATE users SET - username = " . $db->quote($details['username']) . ", - fullname = " . $db->quote($details['fullname']) . ", - email = " . $db->quote($details['email']) . ", - description = " . $db->quote($details['descr']) . ", - active = " . $db->quote($active) ; + username = " . $db->quote($details['username'], 'text') . ", + fullname = " . $db->quote($details['fullname'], 'text') . ", + email = " . $db->quote($details['email'], 'text') . ", + description = " . $db->quote($details['descr'], 'text') . ", + active = " . $db->quote($active, 'integer') ; // If the user is alllowed to change the permission template, set it. if ($perm_templ_perm_edit == "1") { - $query .= ", perm_templ = " . $db->quote($details['templ_id']) ; + $query .= ", perm_templ = " . $db->quote($details['templ_id'], 'integer') ; } if(isset($details['password']) && $details['password'] != "") { - $query .= ", password = '" . md5($db->quote($details['password'])) . "' "; + $query .= ", password = " . $db->quote(md5($details['password']), 'text'); } - $query .= " WHERE id = " . $db->quote($details['uid']) ; + $query .= " WHERE id = " . $db->quote($details['uid'], 'integer') ; $response = $db->query($query); if (PEAR::isError($response)) { error($response->getMessage()); return false; } @@ -748,13 +748,13 @@ } $query = "INSERT INTO users (username, password, fullname, email, description, perm_templ, active) VALUES (" - . $db->quote($details['username']) . ", " - . $db->quote(md5($details['password'])) . ", " - . $db->quote($details['fullname']) . ", " - . $db->quote($details['email']) . ", " - . $db->quote($details['descr']) . ", " - . $db->quote($details['perm_templ']) . ", " - . $db->quote($active) + . $db->quote($details['username'], 'text') . ", " + . $db->quote(md5($details['password']), 'text') . ", " + . $db->quote($details['fullname'], 'text') . ", " + . $db->quote($details['email'], 'text') . ", " + . $db->quote($details['descr'], 'text') . ", " + . $db->quote($details['perm_templ'], 'integer') . ", " + . $db->quote($active, 'integer') . ")"; $response = $db->query($query);