makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-08 04:18:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

- fix sql escaping for non-mysql db's (we forgot this one, or removed it accidently)

Browse source 
git-svn-id: file:///svn/phpbb/branches/phpBB-2_0_0@5356 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Meik Sievertsen 2005-12-19 18:01:36 +00:00
parent 79e57f8a0c
commit 1a94e75c38
2 changed files with 3 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
phpBB/docs/CHANGELOG.html
View file

@ -71,8 +71,9 @@ p,ul,td {font-size:10pt;}
<li>[Fix] added session keys table to backup</li> <li>[Fix] added session keys table to backup</li>
<li>[Fix] changes to support MySQL 5.0</li> <li>[Fix] changes to support MySQL 5.0</li>
<li>[Fix] changes to some of the admin files to improve efficiency and remove a potential error condition when building the menu (cxib)</li> <li>[Fix] changes to some of the admin files to improve efficiency and remove a potential error condition when building the menu (cxib)</li>
<li>[Fix] change truncation of username length in usercp_register.php (BFUK) <li>[Fix] change truncation of username length in usercp_register.php - BFUK</li>
<li>[Fix] incorrect path to avatars in admin_users.php (Bug #667)</li> <li>[Fix] incorrect path to avatars in admin_users.php (Bug #667)</li>
<li>[Fix] fixed get_userdata to support correct sql escaping (non-mysql dbs) - jarnaez</li>
</ul> </ul>

2
phpBB/includes/functions.php
View file

@ -158,7 +158,7 @@ function get_userdata($user, $force_str = false)
$sql = "SELECT * $sql = "SELECT *
FROM " . USERS_TABLE . " FROM " . USERS_TABLE . "
WHERE "; WHERE ";
$sql .= ( ( is_integer($user) ) ? "user_id = $user" : "username = '" . $user . "'" ) . " AND user_id <> " . ANONYMOUS; $sql .= ( ( is_integer($user) ) ? "user_id = $user" : "username = '" . str_replace("\'", "''", $user) . "'" ) . " AND user_id <> " . ANONYMOUS;
if ( !($result = $db->sql_query($sql)) ) if ( !($result = $db->sql_query($sql)) )
{ {
message_die(GENERAL_ERROR, 'Tried obtaining data for a non-existent user', '', __LINE__, __FILE__, $sql); message_die(GENERAL_ERROR, 'Tried obtaining data for a non-existent user', '', __LINE__, __FILE__, $sql);