[feladat @ 302]
authorpeter
Thu, 07 Aug 2008 18:45:13 +0000
changeset 192 3d18290ac993
parent 191 963d62dc1c80
child 193 6a87ca695244
[feladat @ 302] Applied the patches supplied in #82 and #85. Also quoted some additional values before they are send to the database.
inc/auth.inc.php
inc/dns.inc.php
inc/record.inc.php
inc/toolkit.inc.php
inc/users.inc.php
--- a/inc/auth.inc.php	Thu Jul 24 17:21:33 2008 +0000
+++ b/inc/auth.inc.php	Thu Aug 07 18:45:13 2008 +0000
@@ -47,7 +47,7 @@
 	if(isset($_SESSION["userlogin"]) && isset($_SESSION["userpwd"]))
 	{
 		//Username and password are set, lets try to authenticate.
-		$result = $db->query("SELECT id, fullname FROM users WHERE username=". $db->quote($_SESSION["userlogin"])  ." AND password=". $db->quote(md5($_SESSION["userpwd"]))  ." AND active=1");
+		$result = $db->query("SELECT id, fullname FROM users WHERE username=". $db->quote($_SESSION["userlogin"], 'text')  ." AND password=". $db->quote(md5($_SESSION["userpwd"]), 'text')  ." AND active=1");
 		if($result->numRows() == 1)
 		{
 			$rowObj = $result->fetchRow();
--- a/inc/dns.inc.php	Thu Jul 24 17:21:33 2008 +0000
+++ b/inc/dns.inc.php	Thu Aug 07 18:45:13 2008 +0000
@@ -230,8 +230,8 @@
 
 	$query = "SELECT type, content 
 			FROM records 
-			WHERE content = " . $db->quote($name) . "
-			AND (type = 'MX' OR type = 'NS')";
+			WHERE content = " . $db->quote($name, 'text') . "
+			AND (type = ".$db->quote('MX', 'text')." OR type = ".$db->quote('NS', 'text').")";
 	
 	$response = $db->query($query);
 	if (PEAR::isError($response)) { error($response->getMessage()); return false; };
@@ -248,8 +248,8 @@
 	
 	$query = "SELECT type, name
 			FROM records
-			WHERE name = " . $db->quote($target) . "
-			AND TYPE = 'CNAME'";
+			WHERE name = " . $db->quote($target, 'text') . "
+			AND TYPE = ".$db->quote('CNAME', 'text');
 
 	$response = $db->query($query);
 	if (PEAR::isError($response)) { error($response->getMessage()); return false; };
--- a/inc/record.inc.php	Thu Jul 24 17:21:33 2008 +0000
+++ b/inc/record.inc.php	Thu Aug 07 18:45:13 2008 +0000
@@ -21,7 +21,7 @@
 
 function zone_id_exists($zid) {
 	global $db;
-	$query = "SELECT COUNT(id) FROM domains WHERE id = " . $db->quote($zid);
+	$query = "SELECT COUNT(id) FROM domains WHERE id = " . $db->quote($zid, 'integer');
 	$count = $db->queryOne($query);
 	if (PEAR::isError($count)) { error($result->getMessage()); return false; }
 	return $count;
@@ -30,14 +30,14 @@
 
 function get_zone_id_from_record_id($rid) {
 	global $db;
-	$query = "SELECT domain_id FROM records WHERE id = " . $db->quote($rid);
+	$query = "SELECT domain_id FROM records WHERE id = " . $db->quote($rid, 'integer');
 	$zid = $db->queryOne($query);
 	return $zid;
 }
 
 function count_zone_records($zone_id) {
 	global $db;
-	$sqlq = "SELECT COUNT(id) FROM records WHERE domain_id = ".$db->quote($zone_id);
+	$sqlq = "SELECT COUNT(id) FROM records WHERE domain_id = ".$db->quote($zone_id, 'integer');
 	$record_count = $db->queryOne($sqlq);
 	return $record_count;
 }
@@ -46,10 +46,10 @@
 {
 	global $db;
 
-	$sqlq = "SELECT notified_serial FROM domains WHERE id = ".$db->quote($domain_id);
+	$sqlq = "SELECT notified_serial FROM domains WHERE id = ".$db->quote($domain_id, 'integer');
 	$notified_serial = $db->queryOne($sqlq);
 
-	$sqlq = "SELECT content FROM records WHERE type = 'SOA' AND domain_id = ".$db->quote($domain_id);
+	$sqlq = "SELECT content FROM records WHERE type = ".$db->quote('SOA', 'text')." AND domain_id = ".$db->quote($domain_id, 'integer');
 	$content = $db->queryOne($sqlq);
 	$need_to_update = false;
 
@@ -90,7 +90,7 @@
 		for ($i = 0; $i < count($soa); $i++) {	
 			$new_soa .= $soa[$i] . " "; 
 		}
-		$sqlq = "UPDATE records SET content = ".$db->quote($new_soa)." WHERE domain_id = ".$db->quote($domain_id)." AND type = 'SOA'";
+		$sqlq = "UPDATE records SET content = ".$db->quote($new_soa, 'text')." WHERE domain_id = ".$db->quote($domain_id, 'integer')." AND type = ".$db->quote('SOA', 'text');
 		$db->Query($sqlq);
 		return true;
 	}
@@ -123,13 +123,13 @@
 		if (is_numeric($record['zid'])) {
 			if (validate_input($record['zid'], $record['type'], $record['content'], $record['name'], $record['prio'], $record['ttl'])) {
 				$query = "UPDATE records 
-					SET name=".$db->quote($record['name']).", 
-					type=".$db->quote($record['type']).", 
-					content='" . $record['content'] . "', 
-					ttl=".$db->quote($record['ttl']).", 
+					SET name=".$db->quote($record['name'], 'text').", 
+					type=".$db->quote($record['type'], 'text').", 
+					content=" . $db->quote($record['content'], 'text') . ", 
+					ttl=".$db->quote($record['ttl'], 'integer').", 
 					prio=".$db->quote($record['prio'], 'integer').", 
-					change_date=".$db->quote(time())." 
-					WHERE id=".$db->quote($record['rid']);
+					change_date=".$db->quote(time(), 'integer')." 
+					WHERE id=".$db->quote($record['rid'], 'integer');
 				$result = $db->Query($query);
 				if (PEAR::isError($result)) {
 					error($result->getMessage());
@@ -173,13 +173,13 @@
 		if (validate_input($zoneid, $type, $content, $name, $prio, $ttl) ) {
 			$change = time();
 			$query = "INSERT INTO records (domain_id, name, type, content, ttl, prio, change_date) VALUES ("
-						. $db->quote($zoneid) . ","
-						. $db->quote($name) . "," 
-						. $db->quote($type) . "," 
-						. $db->quote($content) . ","
-						. $db->quote($ttl) . ","
+						. $db->quote($zoneid, 'integer') . ","
+						. $db->quote($name, 'text') . "," 
+						. $db->quote($type, 'text') . "," 
+						. $db->quote($content, 'text') . ","
+						. $db->quote($ttl, 'integer') . ","
 						. $db->quote($prio, 'integer') . ","
-						. $db->quote($change) . ")";
+						. $db->quote($change, 'integer') . ")";
 			$response = $db->query($query);
 			if (PEAR::isError($response)) {
 				error($response->getMessage());
@@ -215,7 +215,7 @@
                 error(ERR_SM_EXISTS);
 		return false;
         } else {
-                $db->query("INSERT INTO supermasters VALUES (".$db->quote($master_ip).", ".$db->quote($ns_name).", ".$db->quote($account).")");
+                $db->query("INSERT INTO supermasters VALUES (".$db->quote($master_ip, 'text').", ".$db->quote($ns_name, 'text').", ".$db->quote($account, 'text').")");
                 return true;
         }
 }
@@ -224,7 +224,7 @@
 	global $db;
         if (is_valid_ipv4($master_ip) || is_valid_ipv6($master_ip))
         {
-                $db->query("DELETE FROM supermasters WHERE ip = ".$db->quote($master_ip));
+                $db->query("DELETE FROM supermasters WHERE ip = ".$db->quote($master_ip, 'text'));
                 return true;
         }
         else
@@ -238,7 +238,7 @@
 	global $db;
         if (is_valid_ipv4($master_ip) || is_valid_ipv6($master_ip))
 	{
-	        $result = $db->queryRow("SELECT ip,nameserver,account FROM supermasters WHERE ip = ".$db->quote($master_ip));
+	        $result = $db->queryRow("SELECT ip,nameserver,account FROM supermasters WHERE ip = ".$db->quote($master_ip, 'text'));
 
 		$ret = array(
 		"master_ip"	=>              $result["ip"],
@@ -258,7 +258,7 @@
 
 	global $db;
 
-	$query = "SELECT id AS rid, domain_id AS zid, name, type, content, ttl, prio, change_date FROM records WHERE id = " . $db->quote($rid) ;
+	$query = "SELECT id AS rid, domain_id AS zid, name, type, content, ttl, prio, change_date FROM records WHERE id = " . $db->quote($rid, 'integer') ;
 
 	$response = $db->query($query);
 	if (PEAR::isError($response)) { error($response->getMessage()); return false; }
@@ -287,7 +287,7 @@
 		if ($record['type'] == "SOA") {
 			error(_('You are trying to delete the SOA record. If are not allowed to remove it, unless you remove the entire zone.'));
 		} else {
-			$query = "DELETE FROM records WHERE id = " . $db->quote($rid);
+			$query = "DELETE FROM records WHERE id = " . $db->quote($rid, 'integer');
 			$response = $db->query($query);
 			if (PEAR::isError($response)) { error($response->getMessage()); return false; }
 			return true;
@@ -327,17 +327,17 @@
 				(eregi('in-addr.arpa', $domain) && $owner) || 
 				$type=="SLAVE" && $domain && $owner && $slave_master) {
 
-			$response = $db->query("INSERT INTO domains (name, type) VALUES (".$db->quote($domain).", ".$db->quote($type).")");
+			$response = $db->query("INSERT INTO domains (name, type) VALUES (".$db->quote($domain, 'text').", ".$db->quote($type, 'text').")");
 			if (PEAR::isError($response)) { error($response->getMessage()); return false; }
 
 			$domain_id = $db->lastInsertId('domains', 'id');
 			if (PEAR::isError($domain_id)) { error($id->getMessage()); return false; }
 
-			$response = $db->query("INSERT INTO zones (domain_id, owner) VALUES (".$db->quote($domain_id).", ".$db->quote($owner).")");
+			$response = $db->query("INSERT INTO zones (domain_id, owner) VALUES (".$db->quote($domain_id, 'integer').", ".$db->quote($owner, 'integer').")");
 			if (PEAR::isError($response)) { error($response->getMessage()); return false; }
 
 			if ($type == "SLAVE") {
-				$response = $db->query("UPDATE domains SET master = ".$db->quote($slave_master)." WHERE id = ".$db->quote($domain_id));
+				$response = $db->query("UPDATE domains SET master = ".$db->quote($slave_master, 'text')." WHERE id = ".$db->quote($domain_id, 'integer'));
 				if (PEAR::isError($response)) { error($response->getMessage()); return false; }
 				return true;
 			} else {
@@ -348,13 +348,13 @@
 					$ttl = $dns_ttl;
 
 					$query = "INSERT INTO records (domain_id, name, content, type, ttl, prio, change_date) VALUES (" 
-							. $db->quote($domain_id) . "," 
-							. $db->quote($domain) . "," 
-							. $db->quote($ns1.' '.$hm.' 1') . ","
-							. $db->quote('SOA').","
-							. $db->quote($ttl) 
-							. ", 0, "
-							. $db->quote($now).")";
+							. $db->quote($domain_id, 'integer') . "," 
+							. $db->quote($domain, 'text') . "," 
+							. $db->quote($ns1.' '.$hm.' 1', 'text') . ","
+							. $db->quote('SOA', 'text').","
+							. $db->quote($ttl, 'integer')."," 
+							. $db->quote(0, 'integer'). ","
+							. $db->quote($now, 'integer').")";
 					$response = $db->query($query);
 					if (PEAR::isError($response)) { error($response->getMessage()); return false; }
 				} elseif ($domain_id) {
@@ -375,13 +375,13 @@
 							}
 
 							$query = "INSERT INTO records (domain_id, name, type, content, ttl, prio, change_date) VALUES (" 
-									. $db->quote($domain_id) . ","
-									. $db->quote($name) . ","
-									. $db->quote($type) . ","
-									. $db->quote($content) . ","
-									. $db->quote($ttl) . ","
+									. $db->quote($domain_id, 'integer') . ","
+									. $db->quote($name, 'text') . ","
+									. $db->quote($type, 'text') . ","
+									. $db->quote($content, 'text') . ","
+									. $db->quote($ttl, 'integer') . ","
 									. $db->quote($prio, 'integer') . ","
-									. $db->quote($now) . ")";
+									. $db->quote($now, 'integer') . ")";
 							$response = $db->query($query);
 							if (PEAR::isError($response)) { error($response->getMessage()); return false; }
 						}
@@ -416,9 +416,9 @@
 
         if ( $perm_edit == "all" || ( $perm_edit == "own" && $user_is_zone_owner == "1") ) {    
 		if (is_numeric($id)) {
-			$db->query("DELETE FROM zones WHERE domain_id=".$db->quote($id));
-			$db->query("DELETE FROM domains WHERE id=".$db->quote($id));
-			$db->query("DELETE FROM records WHERE domain_id=".$db->quote($id));
+			$db->query("DELETE FROM zones WHERE domain_id=".$db->quote($id, 'integer'));
+			$db->query("DELETE FROM domains WHERE id=".$db->quote($id, 'integer'));
+			$db->query("DELETE FROM records WHERE domain_id=".$db->quote($id, 'integer'));
 			return true;
 		} else {
 			error(sprintf(ERR_INV_ARGC, "delete_domain", "id must be a number"));
@@ -439,7 +439,7 @@
 	global $db;
 	if (is_numeric($id))
 	{
-		$result = $db->query("SELECT domain_id FROM records WHERE id=".$db->quote($id));
+		$result = $db->query("SELECT domain_id FROM records WHERE id=".$db->quote($id, 'integer'));
 		$r = $result->fetchRow();
 		return $r["domain_id"];
 	}
@@ -461,9 +461,9 @@
 		// User is allowed to make change to meta data of this zone.
 		if (is_numeric($zone_id) && is_numeric($user_id) && is_valid_user($user_id))
 		{
-			if($db->queryOne("SELECT COUNT(id) FROM zones WHERE owner=".$db->quote($user_id)." AND domain_id=".$db->quote($zone_id)) == 0)
+			if($db->queryOne("SELECT COUNT(id) FROM zones WHERE owner=".$db->quote($user_id, 'integer')." AND domain_id=".$db->quote($zone_id, 'integer')) == 0)
 			{
-				$db->query("INSERT INTO zones (domain_id, owner) VALUES(".$db->quote($zone_id).", ".$db->quote($user_id).")");
+				$db->query("INSERT INTO zones (domain_id, owner) VALUES(".$db->quote($zone_id, 'integer').", ".$db->quote($user_id, 'integer').")");
 			}
 			return true;
 		} else {
@@ -483,9 +483,9 @@
 		if (is_numeric($zone_id) && is_numeric($user_id) && is_valid_user($user_id))
 		{
 			// TODO: Next if() required, why not just execute DELETE query?
-			if($db->queryOne("SELECT COUNT(id) FROM zones WHERE owner=".$db->quote($user_id)." AND domain_id=".$db->quote($zone_id)) != 0)
+			if($db->queryOne("SELECT COUNT(id) FROM zones WHERE owner=".$db->quote($user_id, 'integer')." AND domain_id=".$db->quote($zone_id, 'integer')) != 0)
 			{
-				$db->query("DELETE FROM zones WHERE owner=".$db->quote($user_id)." AND domain_id=".$db->quote($zone_id));
+				$db->query("DELETE FROM zones WHERE owner=".$db->quote($user_id, 'integer')." AND domain_id=".$db->quote($zone_id, 'integer'));
 			}
 			return true;
 		} else {
@@ -528,7 +528,7 @@
 	// Get the domain id.
 	$domid = recid_to_domid($recid);
 
-	$result = $db->query("select id, type from records where domain_id=".$db->quote($recid)." and type=".$db->quote($type));
+	$result = $db->query("select id, type from records where domain_id=".$db->quote($recid, 'integer')." and type=".$db->quote($type, 'text'));
 	return $result;
 }
 
@@ -542,7 +542,7 @@
 	global $db;
 	if (is_numeric($id))
 	{
-		$result = $db->query("SELECT type FROM records WHERE id=".$db->quote($id));
+		$result = $db->query("SELECT type FROM records WHERE id=".$db->quote($id, 'integer'));
 		$r = $result->fetchRow();
 		return $r["type"];
 	}
@@ -561,7 +561,7 @@
 {
 	global $db;
 	if (is_numeric($id)) {
-		$result = $db->query("SELECT name FROM records WHERE id=".$db->quote($id));
+		$result = $db->query("SELECT name FROM records WHERE id=".$db->quote($id, 'integer'));
 		$r = $result->fetchRow();
 		return $r["name"];
 	} else {
@@ -576,7 +576,7 @@
 
 	if (is_numeric($zid))
 	{
-		$result = $db->query("SELECT name FROM domains WHERE id=".$db->quote($zid));
+		$result = $db->query("SELECT name FROM domains WHERE id=".$db->quote($zid, 'integer'));
 		$rows = $result->numRows() ;
 		if ($rows == 1) {
  			$r = $result->fetchRow();
@@ -611,7 +611,7 @@
 					domains.master AS master_ip,
 					count(records.domain_id) AS record_count
 					FROM domains LEFT OUTER JOIN records ON domains.id = records.domain_id 
-					WHERE domains.id = " . $db->quote($zid) . "
+					WHERE domains.id = " . $db->quote($zid, 'integer') . "
 					GROUP BY domains.id, domains.type, domains.name, domains.master";
 		$result = $db->query($query);
 		if (PEAR::isError($result)) { error($result->getMessage()); return false; }
@@ -642,7 +642,7 @@
 	global $db;
 
 	if (is_valid_hostname_fqdn($domain,0)) {
-		$result = $db->query("SELECT id FROM domains WHERE name=".$db->quote($domain));
+		$result = $db->query("SELECT id FROM domains WHERE name=".$db->quote($domain, 'text'));
 		if ($result->numRows() == 0) {
 			return false;
 		} elseif ($result->numRows() >= 1) {
@@ -681,7 +681,7 @@
         global $db;
         if (is_valid_ipv4($master_ip) || is_valid_ipv6($master_ip))
         {
-                $result = $db->query("SELECT ip FROM supermasters WHERE ip = ".$db->quote($master_ip));
+                $result = $db->query("SELECT ip FROM supermasters WHERE ip = ".$db->quote($master_ip, 'text'));
                 if ($result->numRows() == 0)
                 {
                         return false;
@@ -711,10 +711,10 @@
 	{
 		if ($perm == "own") {
 			$sql_add = " AND zones.domain_id = domains.id
-				AND zones.owner = ".$db->quote($userid);
+				AND zones.owner = ".$db->quote($userid, 'integer');
 		}
 		if ($letterstart!='all' && $letterstart!=1) {
-			$sql_add .=" AND domains.name LIKE ".$db->quote($letterstart."%")." ";
+			$sql_add .=" AND domains.name LIKE ".$db->quote($db->quote($letterstart, 'text', false, true)."%", 'text')." ";
 		} elseif ($letterstart==1) {
 			$sql_add .=" AND substring(domains.name,1,1) ".$sql_regexp." '^[[:digit:]]'";
 		}
@@ -761,11 +761,11 @@
 	{
 		if ($perm == "own") {
 			$sql_add = " AND zones.domain_id = domains.id
-					AND zones.owner = ".$db->quote($_SESSION['userid']);
+					AND zones.owner = ".$db->quote($_SESSION['userid'], 'integer');
 			$fromTable .= ',zones';
 		}
 		if ($letterstart!='all' && $letterstart!=1) {
-			$sql_add .=" AND domains.name LIKE ".$db->quote($letterstart."%")." ";
+			$sql_add .=" AND domains.name LIKE ".$db->quote($db->quote($letterstart, 'text', false, true)."%", 'text')." ";
 		} elseif ($letterstart==1) {
 			$sql_add .=" AND substring(domains.name,1,1) ".$sql_regexp." '^[[:digit:]]'";
 		}
@@ -783,7 +783,7 @@
 	global $db;
 	$query = "SELECT COUNT(domain_id) 
 			FROM zones 
-			WHERE owner = " . $db->quote($uid) . " 
+			WHERE owner = " . $db->quote($uid, 'integer') . " 
 			ORDER BY domain_id";
 	$zone_count = $db->queryOne($query);
 	return $zone_count;
@@ -800,7 +800,7 @@
 	global $db;
 	if (is_numeric($id))
 	{
-		$result = $db->query("SELECT id, domain_id, name, type, content, ttl, prio, change_date FROM records WHERE id=".$db->quote($id));
+		$result = $db->query("SELECT id, domain_id, name, type, content, ttl, prio, change_date FROM records WHERE id=".$db->quote($id, 'integer'));
 		if($result->numRows() == 0)
 		{
 			return -1;
@@ -844,9 +844,9 @@
 			$db->setLimit($rowamount, $rowstart);
 			$result = $db->query("SELECT record_owners.record_id as id
 					FROM record_owners,domains,records
-					WHERE record_owners.user_id = " . $db->quote($_SESSION["userid"]) . "
+					WHERE record_owners.user_id = " . $db->quote($_SESSION["userid"], 'integer') . "
 					AND record_owners.record_id = records.id
-					AND records.domain_id = " . $db->quote($id) . "
+					AND records.domain_id = " . $db->quote($id, 'integer') . "
 					GROUP BY record_owners.record_id");
 
 			$ret = array();
@@ -866,7 +866,7 @@
 
 		} else {
 			$db->setLimit($rowamount, $rowstart);
-			$result = $db->query("SELECT id FROM records WHERE domain_id=".$db->quote($id));
+			$result = $db->query("SELECT id FROM records WHERE domain_id=".$db->quote($id, 'integer'));
 			$ret = array();
 			if($result->numRows() == 0)
 			{
@@ -896,7 +896,7 @@
 
 function get_users_from_domain_id($id) {
 	global $db;
-	$sqlq = "SELECT owner FROM zones WHERE domain_id =" .$db->quote($id);
+	$sqlq = "SELECT owner FROM zones WHERE domain_id =" .$db->quote($id, 'integer');
 	$id_owners = $db->query($sqlq);
 	if ($id_owners->numRows() == 0) {
 		return -1;
@@ -936,7 +936,7 @@
 	// Search for matching domains
 	if ($perm == "own") {
 		$sql_add_from = ", zones ";
-		$sql_add_where = " AND zones.domain_id = domains.id AND zones.owner = " . $db->quote($_SESSION['userid']);
+		$sql_add_where = " AND zones.domain_id = domains.id AND zones.owner = " . $db->quote($_SESSION['userid'], 'integer');
 	}
 	
 	$query = "SELECT 
@@ -945,7 +945,7 @@
 			domains.type AS type,
 			domains.master AS master
 			FROM domains" . $sql_add_from . "
-			WHERE domains.name LIKE " . $db->quote($holy_grail)
+			WHERE domains.name LIKE " . $db->quote($holy_grail, 'text')
 			. $sql_add_where ;
 	
 	$response = $db->query($query);
@@ -963,7 +963,7 @@
 
 	if ($perm == "own") {
 		$sql_add_from = ", zones ";
-		$sql_add_where = " AND zones.domain_id = records.domain_id AND zones.owner = " . $db->quote($_SESSION['userid']);
+		$sql_add_where = " AND zones.domain_id = records.domain_id AND zones.owner = " . $db->quote($_SESSION['userid'], 'integer');
 	}
 
 	$query = "SELECT
@@ -975,7 +975,7 @@
 			records.prio AS prio,
 			records.domain_id AS zid
 			FROM records" . $sql_add_from . "
-			WHERE (records.name LIKE " . $db->quote($holy_grail) . " OR records.content LIKE " . $db->quote($holy_grail) . ")"
+			WHERE (records.name LIKE " . $db->quote($holy_grail, 'text') . " OR records.content LIKE " . $db->quote($holy_grail, 'text') . ")"
 			. $sql_add_where ;
 
 	$response = $db->query($query);
@@ -997,7 +997,7 @@
 function get_domain_type($id) {
 	global $db;
         if (is_numeric($id)) {
-		$type = $db->queryOne("SELECT type FROM domains WHERE id = ".$db->quote($id));
+		$type = $db->queryOne("SELECT type FROM domains WHERE id = ".$db->quote($id, 'integer'));
 		if ($type == "") {
 			$type = "NATIVE";
 		}
@@ -1010,7 +1010,7 @@
 function get_domain_slave_master($id){
 	global $db;
         if (is_numeric($id)) {
-		$slave_master = $db->queryOne("SELECT master FROM domains WHERE type = 'SLAVE' and id = ".$db->quote($id));
+		$slave_master = $db->queryOne("SELECT master FROM domains WHERE type = 'SLAVE' and id = ".$db->quote($id, 'integer'));
 		return $slave_master;
         } else {
                 error(sprintf(ERR_INV_ARG, "get_domain_slave_master", "no or no valid zoneid given"));
@@ -1028,9 +1028,9 @@
 		// ignore the field if the type isn't something else then slave. But then again,
 		// it's much clearer this way.
 		if ($type != "SLAVE") {
-			$add = ", master=''";
+			$add = ", master=".$db->quote('', 'text');
 		}
-		$result = $db->query("UPDATE domains SET type = " . $db->quote($type) . $add . " WHERE id = ".$db->quote($id));
+		$result = $db->query("UPDATE domains SET type = " . $db->quote($type, 'text') . $add . " WHERE id = ".$db->quote($id, 'integer'));
 	} else {
                 error(sprintf(ERR_INV_ARG, "change_domain_type", "no or no valid zoneid given"));
         }
@@ -1040,7 +1040,7 @@
 	global $db;
         if (is_numeric($zone_id)) {
        		if (is_valid_ipv4($ip_slave_master) || is_valid_ipv6($ip_slave_master)) {
-			$result = $db->query("UPDATE domains SET master = " .$db->quote($ip_slave_master). " WHERE id = ".$db->quote($zone_id));
+			$result = $db->query("UPDATE domains SET master = " .$db->quote($ip_slave_master, 'text'). " WHERE id = ".$db->quote($zone_id, 'integer'));
 		} else {
 			error(sprintf(ERR_INV_ARGC, "change_domain_ip_slave_master", "This is not a valid IPv4 or IPv6 address: $ip_slave_master"));
 		}
@@ -1052,7 +1052,7 @@
 function get_serial_by_zid($zid) {
 	global $db;
 	if (is_numeric($zid)) {
-		$query = "SELECT content FROM records where TYPE = 'SOA' and domain_id = " . $db->quote($zid);
+		$query = "SELECT content FROM records where TYPE = ".$db->quote('SOA', 'text')." and domain_id = " . $db->quote($zid, 'integer');
 		$rr_soa = $db->queryOne($query);
 		if (PEAR::isError($rr_soa)) { error($rr_soa->getMessage()); return false; }
 		$rr_soa_fields = explode(" ", $rr_soa);
--- a/inc/toolkit.inc.php	Thu Jul 24 17:21:33 2008 +0000
+++ b/inc/toolkit.inc.php	Thu Aug 07 18:45:13 2008 +0000
@@ -243,7 +243,7 @@
 			domains.name AS domainname
 			FROM domains
 			LEFT JOIN zones ON domains.id=zones.domain_id 
-			WHERE substring(domains.name,1,1) ".$sql_regexp." ".$db->quote("^".$letter);
+			WHERE substring(domains.name,1,1) ".$sql_regexp." ".$db->quote("^".$letter, 'text');
 	$db->setLimit(1);
         $result = $db->query($query);
         $numrows = $result->numRows();
--- a/inc/users.inc.php	Thu Jul 24 17:21:33 2008 +0000
+++ b/inc/users.inc.php	Thu Aug 07 18:45:13 2008 +0000
@@ -40,19 +40,19 @@
         // Set current user ID.
         $userid=$_SESSION['userid'];
 
-		$query = 'SELECT id FROM perm_items WHERE name='.$db->quote('user_is_ueberuser');
+		$query = 'SELECT id FROM perm_items WHERE name='.$db->quote('user_is_ueberuser', 'text');
 		$ueberUserId = $db->queryOne($query);
 
         // Find the template ID that this user has been assigned.
         $query = "SELECT perm_templ
 			FROM users 
-			WHERE id = " . $db->quote($userid) ;
+			WHERE id = " . $db->quote($userid, 'integer') ;
         $templ_id = $db->queryOne($query);
 
         // Does this user have ueberuser rights?
         $query = "SELECT id 
 			FROM perm_templ_items 
-			WHERE templ_id = " . $db->quote($templ_id) . " 
+			WHERE templ_id = " . $db->quote($templ_id, 'integer') . " 
 			AND perm_id = ".$ueberUserId;
         $response = $db->query($query);
 	if (PEAR::isError($response)) { error($response->getMessage()); return false; }
@@ -63,14 +63,14 @@
         // Find the permission ID for the requested permission.
         $query = "SELECT id 
 			FROM perm_items 
-			WHERE name = " . $db->quote($permission) ;
+			WHERE name = " . $db->quote($permission, 'text') ;
         $perm_id = $db->queryOne($query);
 
         // Check if the permission ID is assigned to the template ID. 
         $query = "SELECT id 
 			FROM perm_templ_items 
-			WHERE templ_id = " . $db->quote($templ_id) . " 
-			AND perm_id = " . $db->quote($perm_id) ;
+			WHERE templ_id = " . $db->quote($templ_id, 'integer') . " 
+			AND perm_id = " . $db->quote($perm_id, 'integer') ;
 	if (PEAR::isError($response)) { error($response->getMessage()); return false; }
         $response = $db->query($query);
         if ( $response->numRows() > 0 ) {
@@ -108,7 +108,7 @@
 	$add = '';
  	if(is_numeric($id)) {
                  //When a user id is given, it is excluded from the userlist returned.
-                 $add = " WHERE users.id!=".$db->quote($id);
+                 $add = " WHERE users.id!=".$db->quote($id, 'integer');
 	}
 
 	// Make a huge query.
@@ -161,7 +161,7 @@
 {
 	global $db;
 	if(is_numeric($id)) {
-		$response = $db->query("SELECT id FROM users WHERE id=".$db->quote($id));
+		$response = $db->query("SELECT id FROM users WHERE id=".$db->quote($id, 'integer'));
 		if (PEAR::isError($response)) { error($response->getMessage()); return false; }
 		if ($response->numRows() == 1) {
 			return true;
@@ -179,7 +179,7 @@
 function user_exists($user)
 {
 	global $db;
-	$response = $db->query("SELECT id FROM users WHERE username=".$db->quote($user));
+	$response = $db->query("SELECT id FROM users WHERE username=".$db->quote($user, 'text'));
 	if (PEAR::isError($response)) { error($response->getMessage()); return false; }
 	if ($response->numRows() == 0) {
                  return false;
@@ -215,11 +215,11 @@
 			}
 		}
 
-		$query = "DELETE FROM zones WHERE owner = " . $db->quote($uid) ;
+		$query = "DELETE FROM zones WHERE owner = " . $db->quote($uid, 'integer') ;
 		$response = $db->query($query);
 		if (PEAR::isError($response)) { error($response->getMessage()); return false; }
 
-		$query = "DELETE FROM users WHERE id = " . $db->quote($uid) ;
+		$query = "DELETE FROM users WHERE id = " . $db->quote($uid, 'integer') ;
 		$response = $db->query($query);
 		if (PEAR::isError($response)) { error($response->getMessage()); return false; }
 	}
@@ -284,7 +284,7 @@
 		// user, the username should apparantly changed. If so, check if the "new" 
 		// username already exists.
 
-		$query = "SELECT username FROM users WHERE id = " . $db->quote($id);
+		$query = "SELECT username FROM users WHERE id = " . $db->quote($id, 'integer');
 		$response = $db->query($query);
 		if (PEAR::isError($response)) { error($response->getMessage()); return false; }
 
@@ -297,7 +297,7 @@
 			// we have been given. User wants a change of username. Now, make
 			// sure it doesn't already exist.
 			
-			$query = "SELECT id FROM users WHERE username = " . $db->quote($user);
+			$query = "SELECT id FROM users WHERE username = " . $db->quote($user, 'integer');
 			$response = $db->query($query);
 			if (PEAR::isError($response)) { error($response->getMessage()); return false; }
 
@@ -311,18 +311,18 @@
 		// another user that goes by the wanted username. So, go ahead!
 
 		$query = "UPDATE users SET
-				username = " . $db->quote($user) . ",
-				fullname = " . $db->quote($fullname) . ",
-				email = " . $db->quote($email) . ",
-				perm_templ = " . $db->quote($perm_templ) . ",
-				description = " . $db->quote($description) . ", 
-				active = " . $db->quote($active) ;
+				username = " . $db->quote($user, 'text') . ",
+				fullname = " . $db->quote($fullname, 'text') . ",
+				email = " . $db->quote($email, 'text') . ",
+				perm_templ = " . $db->quote($perm_templ, 'integer') . ",
+				description = " . $db->quote($description, 'text') . ", 
+				active = " . $db->quote($active, 'integer') ;
 
 		if($password != "") {
-			$query .= ", password = " . $db->quote(md5($password)) ;
+			$query .= ", password = " . $db->quote(md5($password), 'text') ;
 		}
 
-		$query .= " WHERE id = " . $db->quote($id) ;
+		$query .= " WHERE id = " . $db->quote($id, 'integer') ;
 
 		$response = $db->query($query);
 		if (PEAR::isError($response)) { error($response->getMessage()); return false; }
@@ -347,14 +347,14 @@
 		return false;
 	}
 
-	$query = "SELECT id, password FROM users WHERE username = " . $db->quote($_SESSION["userlogin"]);
+	$query = "SELECT id, password FROM users WHERE username = " . $db->quote($_SESSION["userlogin"], 'text');
 	$response = $db->query($query);
 	if (PEAR::isError($response)) { error($response->getMessage()); return false; }
 
 	$rinfo = $response->fetchRow();
 
 	if(md5($details['currentpass']) == $rinfo['password']) {
-		$query = "UPDATE users SET password = " . $db->quote(md5($details['newpass'])) . " WHERE id = " . $db->quote($rinfo['id']) ;
+		$query = "UPDATE users SET password = " . $db->quote(md5($details['newpass']), 'text') . " WHERE id = " . $db->quote($rinfo['id'], 'integer') ;
 		$response = $db->query($query);
 		if (PEAR::isError($response)) { error($response->getMessage()); return false; }
 
@@ -373,7 +373,7 @@
 function get_fullname_from_userid($id) {
 	global $db;
 	if (is_numeric($id)) {
-		$response = $db->query("SELECT fullname FROM users WHERE id=".$db->quote($id));
+		$response = $db->query("SELECT fullname FROM users WHERE id=".$db->quote($id, 'integer'));
 		if (PEAR::isError($response)) { error($response->getMessage()); return false; }
 		$r = $response->fetchRow();
 		return $r["fullname"];
@@ -393,7 +393,7 @@
 	global $db;
 	if (is_numeric($id))
 	{
-		$response = $db->query("SELECT fullname FROM users WHERE id=".$db->quote($id));
+		$response = $db->query("SELECT fullname FROM users WHERE id=".$db->quote($id, 'integer'));
 		if (PEAR::isError($response)) { error($response->getMessage()); return false; }
 		if ($response->numRows() == 1)
 		{
@@ -419,7 +419,7 @@
 
 	global $db;
 	if (is_numeric($id)) {
-		$response = $db->query("SELECT users.id, users.fullname FROM users, zones WHERE zones.domain_id=".$db->quote($id)." AND zones.owner=users.id ORDER by fullname");
+		$response = $db->query("SELECT users.id, users.fullname FROM users, zones WHERE zones.domain_id=".$db->quote($id, 'integer')." AND zones.owner=users.id ORDER by fullname");
 		if (PEAR::isError($response)) { error($response->getMessage()); return false; }
 		if ($response->numRows() == 0) {
 			return "";
@@ -444,8 +444,8 @@
 	if (is_numeric($zoneid)) {
 		$response = $db->query("SELECT zones.id 
 				FROM zones 
-				WHERE zones.owner = " . $db->quote($userid) . "
-				AND zones.domain_id = ". $db->quote($zoneid)) ;
+				WHERE zones.owner = " . $db->quote($userid, 'integer') . "
+				AND zones.domain_id = ". $db->quote($zoneid, 'integer')) ;
 		if (PEAR::isError($response)) { error($response->getMessage()); return false; }
 		if ($response->numRows() == 0) {
 			return "0";
@@ -464,12 +464,12 @@
 
 
 	if (v_num($specific)) {
-		$sql_add = "AND users.id = " . $db->quote($specific) ;
+		$sql_add = "AND users.id = " . $db->quote($specific, 'integer') ;
 	} else {
 		if (verify_permission('user_view_others')) {
 			$sql_add = "";
 		} else {
-			$sql_add = "AND users.id = " . $db->quote($userid) ;
+			$sql_add = "AND users.id = " . $db->quote($userid, 'integer') ;
 		}
 	}
 
@@ -517,7 +517,7 @@
 	
 	if ($templ_id > 0) {
 		$limit = ", perm_templ_items 
-			WHERE perm_templ_items.templ_id = " . $db->quote($templ_id) . "
+			WHERE perm_templ_items.templ_id = " . $db->quote($templ_id, 'integer') . "
 			AND perm_templ_items.perm_id = perm_items.id";
 	}
 
@@ -553,7 +553,7 @@
 
 	$query = "SELECT *
 			FROM perm_templ
-			WHERE perm_templ.id = " . $db->quote($templ_id);
+			WHERE perm_templ.id = " . $db->quote($templ_id, 'integer');
 
 	$response = $db->query($query);
 	if (PEAR::isError($response)) { error($response->getMessage()); return false; }
@@ -593,8 +593,8 @@
 
 	$query = "INSERT INTO perm_templ (name, descr)
 			VALUES (" 
-				. $db->quote($details['templ_name']) . ", " 
-				. $db->quote($details['templ_descr']) . ")";
+				. $db->quote($details['templ_name'], 'text') . ", " 
+				. $db->quote($details['templ_descr'], 'text') . ")";
 
 	$response = $db->query($query);
 	if (PEAR::isError($response)) { error($response->getMessage()); return false; }
@@ -602,7 +602,7 @@
 	$perm_templ_id = $db->lastInsertId('perm_templ', 'id');
 
 	foreach ($details['perm_id'] AS $perm_id) {
-		$query = "INSERT INTO perm_templ_items (templ_id, perm_id) VALUES (" . $db->quote($perm_templ_id) . "," . $db->quote($perm_id) . ")";
+		$query = "INSERT INTO perm_templ_items (templ_id, perm_id) VALUES (" . $db->quote($perm_templ_id, 'integer') . "," . $db->quote($perm_id, 'integer') . ")";
 		$response = $db->query($query);
 		if (PEAR::isError($response)) { error($response->getMessage()); return false; }
 	}
@@ -618,9 +618,9 @@
 	// Fix permission template name and description first. 
 
 	$query = "UPDATE perm_templ 
-			SET name = " . $db->quote($details['templ_name']) . ",
-			descr = " . $db->quote($details['templ_descr']) . "
-			WHERE id = " . $db->quote($details['templ_id']) ;
+			SET name = " . $db->quote($details['templ_name'], 'text') . ",
+			descr = " . $db->quote($details['templ_descr'], 'text') . "
+			WHERE id = " . $db->quote($details['templ_id'], 'integer') ;
 	$response = $db->query($query);
 	if (PEAR::isError($response)) { error($response->getMessage()); return false; }
 
@@ -636,7 +636,7 @@
 	if (PEAR::isError($response)) { error($response->getMessage()); return false; }
 
 	foreach ($details['perm_id'] AS $perm_id) {
-		$query = "INSERT INTO perm_templ_items (templ_id, perm_id) VALUES (" . $db->quote($details['templ_id']) . "," . $db->quote($perm_id) . ")";
+		$query = "INSERT INTO perm_templ_items (templ_id, perm_id) VALUES (" . $db->quote($details['templ_id'], 'integer') . "," . $db->quote($perm_id, 'integer') . ")";
 		$response = $db->query($query);
 		if (PEAR::isError($response)) { error($response->getMessage()); return false; }
 	}
@@ -674,7 +674,7 @@
 		// current username is not the same as the username that was given by the 
 		// user, the username should apparantly changed. If so, check if the "new" 
 		// username already exists.
-		$query = "SELECT username FROM users WHERE id = " . $db->quote($details['uid']);
+		$query = "SELECT username FROM users WHERE id = " . $db->quote($details['uid'], 'integer');
 		$response = $db->query($query);
 		if (PEAR::isError($response)) { error($response->getMessage()); return false; }
 
@@ -685,7 +685,7 @@
 			// Username of user ID in the database is different from the name
 			// we have been given. User wants a change of username. Now, make
 			// sure it doesn't already exist.
-			$query = "SELECT id FROM users WHERE username = " . $db->quote($details['username']);
+			$query = "SELECT id FROM users WHERE username = " . $db->quote($details['username'], 'text');
 			$response = $db->query($query);
 			if (PEAR::isError($response)) { error($response->getMessage()); return false; }
 
@@ -699,23 +699,23 @@
 		// another user that goes by the wanted username. So, go ahead!
 
 		$query = "UPDATE users SET
-				username = " . $db->quote($details['username']) . ",
-				fullname = " . $db->quote($details['fullname']) . ",
-				email = " . $db->quote($details['email']) . ",
-				description = " . $db->quote($details['descr']) . ", 
-				active = " . $db->quote($active) ;
+				username = " . $db->quote($details['username'], 'text') . ",
+				fullname = " . $db->quote($details['fullname'], 'text') . ",
+				email = " . $db->quote($details['email'], 'text') . ",
+				description = " . $db->quote($details['descr'], 'text') . ", 
+				active = " . $db->quote($active, 'integer') ;
 
 		// If the user is alllowed to change the permission template, set it.
 		if ($perm_templ_perm_edit == "1") {
-			$query .= ", perm_templ = " . $db->quote($details['templ_id']) ;
+			$query .= ", perm_templ = " . $db->quote($details['templ_id'], 'integer') ;
 
 		}
 
 		if(isset($details['password']) && $details['password'] != "") {
-			$query .= ", password = '" . md5($db->quote($details['password'])) . "' ";
+			$query .= ", password = " . $db->quote(md5($details['password']), 'text');
 		}
 
-		$query .= " WHERE id = " . $db->quote($details['uid']) ;
+		$query .= " WHERE id = " . $db->quote($details['uid'], 'integer') ;
 
 		$response = $db->query($query);
 		if (PEAR::isError($response)) { error($response->getMessage()); return false; }
@@ -748,13 +748,13 @@
 	}
 
 	$query = "INSERT INTO users (username, password, fullname, email, description, perm_templ, active) VALUES ("
-			. $db->quote($details['username']) . ", "
-			. $db->quote(md5($details['password'])) . ", "
-			. $db->quote($details['fullname']) . ", "
-			. $db->quote($details['email']) . ", "
-			. $db->quote($details['descr']) . ", "
-			. $db->quote($details['perm_templ']) . ", "
-			. $db->quote($active) 
+			. $db->quote($details['username'], 'text') . ", "
+			. $db->quote(md5($details['password']), 'text') . ", "
+			. $db->quote($details['fullname'], 'text') . ", "
+			. $db->quote($details['email'], 'text') . ", "
+			. $db->quote($details['descr'], 'text') . ", "
+			. $db->quote($details['perm_templ'], 'integer') . ", "
+			. $db->quote($active, 'integer') 
 			. ")";
 
 	$response = $db->query($query);