diff --git a/phpBB/includes/auth.php b/phpBB/includes/auth.php
index fe8cb16eaf..7560570e82 100644
--- a/phpBB/includes/auth.php
+++ b/phpBB/includes/auth.php
@@ -124,6 +124,7 @@ function auth($type, $forum_id, $userdata, $f_access = '')
{
message_die(GENERAL_ERROR, 'Failed obtaining forum access control lists', '', __LINE__, __FILE__, $sql);
}
+ $db->sql_freeresult($result);
$sql_fetchrow = ( $forum_id != AUTH_LIST_ALL ) ? 'sql_fetchrow' : 'sql_fetchrowset';
@@ -156,6 +157,7 @@ function auth($type, $forum_id, $userdata, $f_access = '')
{
message_die(GENERAL_ERROR, 'Failed obtaining forum access control lists', '', __LINE__, __FILE__, $sql);
}
+ $db->sql_freeresult($result);
if ( $row = $db->sql_fetchrow($result) )
{
diff --git a/phpBB/includes/page_header.php b/phpBB/includes/page_header.php
index 1eb9050e38..3d97604138 100644
--- a/phpBB/includes/page_header.php
+++ b/phpBB/includes/page_header.php
@@ -106,6 +106,7 @@ if (defined('SHOW_ONLINE'))
{
message_die(GENERAL_ERROR, 'Could not obtain user/online information', '', __LINE__, __FILE__, $sql);
}
+ $db->sql_freeresult($result);
$userlist_ary = array();
$userlist_visible = array();
diff --git a/phpBB/includes/topic_review.php b/phpBB/includes/topic_review.php
index 6e11fef8bb..3505fe18b7 100644
--- a/phpBB/includes/topic_review.php
+++ b/phpBB/includes/topic_review.php
@@ -51,6 +51,7 @@ function topic_review($topic_id, $is_inline_review)
{
message_die(GENERAL_MESSAGE, 'Topic_post_not_exist');
}
+ $db->sql_freeresult($result);
$forum_id = $forum_row['forum_id'];
$topic_title = $forum_row['topic_title'];
@@ -207,6 +208,7 @@ function topic_review($topic_id, $is_inline_review)
{
message_die(GENERAL_MESSAGE, 'Topic_post_not_exist', '', __LINE__, __FILE__, $sql);
}
+ $db->sql_freeresult($result);
$template->assign_vars(array(
'L_AUTHOR' => $lang['Author'],
diff --git a/phpBB/index.php b/phpBB/index.php
index 2d5419594a..16d76578b9 100644
--- a/phpBB/index.php
+++ b/phpBB/index.php
@@ -119,6 +119,7 @@ if( !($result = $db->sql_query($sql)) )
}
while( $category_rows[] = $db->sql_fetchrow($result) );
+$db->sql_freeresult($result);
if( ( $total_categories = count($category_rows) ) )
{
@@ -170,6 +171,7 @@ if( ( $total_categories = count($category_rows) ) )
{
$forum_data[] = $row;
}
+ $db->sql_freeresult($result);
if ( !($total_forums = count($forum_data)) )
{
@@ -197,6 +199,7 @@ if( ( $total_categories = count($category_rows) ) )
{
$new_topic_data[$topic_data['forum_id']][$topic_data['topic_id']] = $topic_data['post_time'];
}
+ $db->sql_freeresult($result);
}
//
@@ -222,6 +225,7 @@ if( ( $total_categories = count($category_rows) ) )
{
$forum_moderators[$row['forum_id']][] = '' . $row['username'] . '';
}
+ $db->sql_freeresult($result);
$sql = "SELECT aa.forum_id, g.group_id, g.group_name
FROM " . AUTH_ACCESS_TABLE . " aa, " . USER_GROUP_TABLE . " ug, " . GROUPS_TABLE . " g
@@ -241,6 +245,7 @@ if( ( $total_categories = count($category_rows) ) )
{
$forum_moderators[$row['forum_id']][] = '' . $row['group_name'] . '';
}
+ $db->sql_freeresult($result);
//
// Find which forums are visible for this user
diff --git a/phpBB/memberlist.php b/phpBB/memberlist.php
index afa4ed8b4b..fc2de14b65 100644
--- a/phpBB/memberlist.php
+++ b/phpBB/memberlist.php
@@ -269,6 +269,7 @@ if ( $row = $db->sql_fetchrow($result) )
$i++;
}
while ( $row = $db->sql_fetchrow($result) );
+ $db->sql_freeresult($result);
}
if ( $mode != 'topten' || $board_config['topics_per_page'] < 10 )
@@ -288,6 +289,7 @@ if ( $mode != 'topten' || $board_config['topics_per_page'] < 10 )
$pagination = generate_pagination("memberlist.$phpEx?mode=$mode&order=$sort_order", $total_members, $board_config['topics_per_page'], $start). ' ';
}
+ $db->sql_freeresult($result);
}
else
{
diff --git a/phpBB/posting.php b/phpBB/posting.php
index 87a320b1a2..50448cf5b7 100644
--- a/phpBB/posting.php
+++ b/phpBB/posting.php
@@ -221,6 +221,7 @@ switch ( $mode )
if ( $result = $db->sql_query($sql) )
{
$post_info = $db->sql_fetchrow($result);
+ $db->sql_freeresult($result);
$forum_id = $post_info['forum_id'];
$forum_name = $post_info['forum_name'];
@@ -259,6 +260,7 @@ if ( $result = $db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not obtain vote data for this topic', '', __LINE__, __FILE__, $sql);
}
+ $db->sql_freeresult($result);
$poll_options = array();
$poll_results_sum = 0;
@@ -397,6 +399,7 @@ else
}
$notify_user = ( $db->sql_fetchrow($result) ) ? TRUE : $userdata['user_notify'];
+ $db->sql_freeresult($result);
}
else
{
@@ -471,12 +474,12 @@ else if ( $mode == 'vote' )
FROM " . VOTE_USERS_TABLE . "
WHERE vote_id = $vote_id
AND vote_user_id = " . $userdata['user_id'];
- if ( !($result = $db->sql_query($sql)) )
+ if ( !($result2 = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not obtain user vote data for this topic', '', __LINE__, __FILE__, $sql);
}
- if ( !($row = $db->sql_fetchrow($result)) )
+ if ( !($row = $db->sql_fetchrow($result2)) )
{
$sql = "UPDATE " . VOTE_RESULTS_TABLE . "
SET vote_result = vote_result + 1
@@ -500,11 +503,13 @@ else if ( $mode == 'vote' )
{
$message = $lang['Already_voted'];
}
+ $db->sql_freeresult($result2);
}
else
{
$message = $lang['No_vote_option'];
}
+ $db->sql_freeresult($result);
$template->assign_vars(array(
'META' => '')
diff --git a/phpBB/viewtopic.php b/phpBB/viewtopic.php
index 61e157b75b..7ba0402ad7 100644
--- a/phpBB/viewtopic.php
+++ b/phpBB/viewtopic.php
@@ -357,7 +357,7 @@ $select_post_days .= '';
//
if ( !empty($HTTP_POST_VARS['postorder']) || !empty($HTTP_GET_VARS['postorder']) )
{
- $post_order = (!empty($HTTP_POST_VARS['postorder'])) ? $HTTP_POST_VARS['postorder'] : $HTTP_GET_VARS['postorder'];
+ $post_order = (!empty($HTTP_POST_VARS['postorder'])) ? htmlspecialchars($HTTP_POST_VARS['postorder']) : htmlspecialchars($HTTP_GET_VARS['postorder']);
$post_time_order = ($post_order == "asc") ? "ASC" : "DESC";
}
else