makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-28 14:18:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

Hopefully this addresses the \' and '' problems with MSSQL, etc. ... I'd like opinions on the security of doing this.

Browse source 
git-svn-id: file:///svn/phpbb/trunk@1661 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Paul S. Owen 2001-12-21 15:51:31 +00:00
parent f5afff4c55
commit 6c2e3922b1
4 changed files with 16 additions and 27 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
phpBB/groupcp.php
View file

@ -316,7 +316,7 @@ else if( $group_id )
$sql = "SELECT user_id, user_email $sql = "SELECT user_id, user_email
FROM " . USERS_TABLE . " FROM " . USERS_TABLE . "
WHERE username = '$username'"; WHERE username = '" . str_replace("\'", "''", $username) . "'";
if( !$result = $db->sql_query($sql) ) if( !$result = $db->sql_query($sql) )
{ {
message_die(GENERAL_ERROR, "Could not get user information", $lang['Error'], __LINE__, __FILE__, $sql); message_die(GENERAL_ERROR, "Could not get user information", $lang['Error'], __LINE__, __FILE__, $sql);

2
phpBB/login.php
View file

@ -49,7 +49,7 @@ if( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) || isset($
$sql = "SELECT user_id, username, user_password, user_active, user_level $sql = "SELECT user_id, username, user_password, user_active, user_level
FROM ".USERS_TABLE." FROM ".USERS_TABLE."
WHERE username = '$username'"; WHERE username = '" . str_replace("\'", "''", $username) . "'";
$result = $db->sql_query($sql); $result = $db->sql_query($sql);
if(!$result) if(!$result)
{ {

33
phpBB/posting.php
View file

@ -280,7 +280,6 @@ function add_search_words($post_id, $post_text, $post_title = "")
$stopword_array = @file($phpbb_root_path . "language/lang_" . $board_config['default_lang'] . "/search_stopwords.txt"); $stopword_array = @file($phpbb_root_path . "language/lang_" . $board_config['default_lang'] . "/search_stopwords.txt");
$synonym_array = @file($phpbb_root_path . "language/lang_" . $board_config['default_lang'] . "/search_synonyms.txt"); $synonym_array = @file($phpbb_root_path . "language/lang_" . $board_config['default_lang'] . "/search_synonyms.txt");
// 0.3s
$search_text = clean_words($post_text, $stopword_array, $synonym_array); $search_text = clean_words($post_text, $stopword_array, $synonym_array);
$search_matches = split_words($search_text); $search_matches = split_words($search_text);
@ -371,16 +370,6 @@ function add_search_words($post_id, $post_text, $post_title = "")
} }
} }
/*
$mtime = explode(" ",microtime());
$starttime = $mtime[1] + $mtime[0];
$mtime = explode(" ", microtime());
$endtime = $mtime[1] + $mtime[0];
echo "<BR><BR> TIMING1 >>>>>>>>> " . ($endtime - $starttime) . "<BR><BR>\n";
*/
remove_common(0.15, $word_id_list); remove_common(0.15, $word_id_list);
return; return;
@ -1204,7 +1193,7 @@ if( ( $submit || $confirm || $mode == "delete" ) && !$error )
if( $mode == "newtopic" ) if( $mode == "newtopic" )
{ {
$sql = "INSERT INTO " . TOPICS_TABLE . " (topic_title, topic_poster, topic_time, forum_id, topic_status, topic_type, topic_vote) $sql = "INSERT INTO " . TOPICS_TABLE . " (topic_title, topic_poster, topic_time, forum_id, topic_status, topic_type, topic_vote)
VALUES ('$post_subject', " . $userdata['user_id'] . ", $current_time, $forum_id, " . TOPIC_UNLOCKED . ", $topic_type, $topic_vote)"; VALUES ('" . str_replace("\'", "''", $post_subject) . "', " . $userdata['user_id'] . ", $current_time, $forum_id, " . TOPIC_UNLOCKED . ", $topic_type, $topic_vote)";
if( $result = $db->sql_query($sql, BEGIN_TRANSACTION) ) if( $result = $db->sql_query($sql, BEGIN_TRANSACTION) )
{ {
@ -1221,7 +1210,7 @@ if( ( $submit || $confirm || $mode == "delete" ) && !$error )
if( $is_auth['auth_pollcreate'] && $topic_vote ) if( $is_auth['auth_pollcreate'] && $topic_vote )
{ {
$sql = "INSERT INTO " . VOTE_DESC_TABLE . " (topic_id, vote_text, vote_start, vote_length) $sql = "INSERT INTO " . VOTE_DESC_TABLE . " (topic_id, vote_text, vote_start, vote_length)
VALUES ($new_topic_id, '$poll_title', $current_time, " . ( $poll_length * 86400 ) . ")"; VALUES ($new_topic_id, '" . str_replace("\'", "''", $poll_title) . "', $current_time, " . ( $poll_length * 86400 ) . ")";
if( $result = $db->sql_query($sql) ) if( $result = $db->sql_query($sql) )
{ {
$new_vote_id = $db->sql_nextid(); $new_vote_id = $db->sql_nextid();
@ -1230,7 +1219,7 @@ if( ( $submit || $confirm || $mode == "delete" ) && !$error )
while( list($option_id, $option_text) = each($poll_option_list) ) while( list($option_id, $option_text) = each($poll_option_list) )
{ {
$sql = "INSERT INTO " . VOTE_RESULTS_TABLE . " (vote_id, vote_option_id, vote_option_text, vote_result) $sql = "INSERT INTO " . VOTE_RESULTS_TABLE . " (vote_id, vote_option_id, vote_option_text, vote_result)
VALUES ($new_vote_id, $poll_option_id, '$option_text', 0)"; VALUES ($new_vote_id, $poll_option_id, '" . str_replace("\'", "''", $option_text) . "', 0)";
if( !$result = $db->sql_query($sql) ) if( !$result = $db->sql_query($sql) )
{ {
// Rollback ... // Rollback ...
@ -1267,7 +1256,7 @@ if( ( $submit || $confirm || $mode == "delete" ) && !$error )
} }
$sql = "INSERT INTO " . POSTS_TABLE . " (topic_id, forum_id, poster_id, post_username, post_time, poster_ip, enable_bbcode, enable_html, enable_smilies, enable_sig) $sql = "INSERT INTO " . POSTS_TABLE . " (topic_id, forum_id, poster_id, post_username, post_time, poster_ip, enable_bbcode, enable_html, enable_smilies, enable_sig)
VALUES ($new_topic_id, $forum_id, " . $userdata['user_id'] . ", '$post_username', $current_time, '$user_ip', $bbcode_on, $html_on, $smilies_on, $attach_sig)"; VALUES ($new_topic_id, $forum_id, " . $userdata['user_id'] . ", '" . str_replace("\'", "''", $post_username) . "', $current_time, '$user_ip', $bbcode_on, $html_on, $smilies_on, $attach_sig)";
$result = ($mode == "reply") ? $db->sql_query($sql, BEGIN_TRANSACTION) : $db->sql_query($sql); $result = ($mode == "reply") ? $db->sql_query($sql, BEGIN_TRANSACTION) : $db->sql_query($sql);
if( $result ) if( $result )
@ -1275,7 +1264,7 @@ if( ( $submit || $confirm || $mode == "delete" ) && !$error )
$new_post_id = $db->sql_nextid(); $new_post_id = $db->sql_nextid();
$sql = "INSERT INTO " . POSTS_TEXT_TABLE . " (post_id, post_subject, bbcode_uid, post_text) $sql = "INSERT INTO " . POSTS_TEXT_TABLE . " (post_id, post_subject, bbcode_uid, post_text)
VALUES ($new_post_id, '$post_subject', '$bbcode_uid', '$post_message')"; VALUES ($new_post_id, '" . str_replace("\'", "''", $post_subject) . "', '$bbcode_uid', '" . str_replace("\'", "''", $post_message) . "')";
if( $db->sql_query($sql) ) if( $db->sql_query($sql) )
{ {
@ -1904,7 +1893,7 @@ if( ( $submit || $confirm || $mode == "delete" ) && !$error )
if($db->sql_query($sql)) if($db->sql_query($sql))
{ {
$sql = "UPDATE " . POSTS_TEXT_TABLE . " $sql = "UPDATE " . POSTS_TEXT_TABLE . "
SET post_text = '$post_message', bbcode_uid = '$bbcode_uid', post_subject = '$post_subject' SET post_text = '" . str_replace("\'", "''", $post_message) . "', bbcode_uid = '$bbcode_uid', post_subject = '" . str_replace("\'", "''", $post_subject) . "'
WHERE post_id = $post_id"; WHERE post_id = $post_id";
if( $is_first_post_topic ) if( $is_first_post_topic )
@ -1918,7 +1907,7 @@ if( ( $submit || $confirm || $mode == "delete" ) && !$error )
// Update topics table here // Update topics table here
// //
$sql = "UPDATE " . TOPICS_TABLE . " $sql = "UPDATE " . TOPICS_TABLE . "
SET topic_title = '$post_subject', topic_type = $topic_type" . $sql_topic_vote_edit . " SET topic_title = '" . str_replace("\'", "''", $post_subject) . "', topic_type = $topic_type" . $sql_topic_vote_edit . "
WHERE topic_id = $topic_id"; WHERE topic_id = $topic_id";
if($db->sql_query($sql, END_TRANSACTION)) if($db->sql_query($sql, END_TRANSACTION))
{ {
@ -1950,7 +1939,7 @@ if( ( $submit || $confirm || $mode == "delete" ) && !$error )
// Previous entry with no results (or a moderator), update // Previous entry with no results (or a moderator), update
// //
$sql = "UPDATE " . VOTE_DESC_TABLE . " $sql = "UPDATE " . VOTE_DESC_TABLE . "
SET vote_text = '$poll_title', vote_length = " . ( $poll_length * 86400 ) . " SET vote_text = '" . str_replace("\'", "''", $poll_title) . "', vote_length = " . ( $poll_length * 86400 ) . "
WHERE topic_id = $topic_id"; WHERE topic_id = $topic_id";
if( $result = $db->sql_query($sql, BEGIN_TRANSACTION) ) if( $result = $db->sql_query($sql, BEGIN_TRANSACTION) )
{ {
@ -1964,7 +1953,7 @@ if( ( $submit || $confirm || $mode == "delete" ) && !$error )
$vote_result = ( $old_poll_result[$option_id] ) ? $old_poll_result[$option_id] : 0; $vote_result = ( $old_poll_result[$option_id] ) ? $old_poll_result[$option_id] : 0;
$sql = "INSERT INTO " . VOTE_RESULTS_TABLE . " (vote_id, vote_option_id, vote_option_text, vote_result) $sql = "INSERT INTO " . VOTE_RESULTS_TABLE . " (vote_id, vote_option_id, vote_option_text, vote_result)
VALUES ($vote_id, $poll_option_id, '$option_text', $vote_result)"; VALUES ($vote_id, $poll_option_id, '" . str_replace("\'", "''", $option_text) . "', $vote_result)";
if( !$result = $db->sql_query($sql) ) if( !$result = $db->sql_query($sql) )
{ {
message_die(GENERAL_ERROR, "Couldn't insert new poll options", "", __LINE__, __FILE__, $sql); message_die(GENERAL_ERROR, "Couldn't insert new poll options", "", __LINE__, __FILE__, $sql);
@ -1989,7 +1978,7 @@ if( ( $submit || $confirm || $mode == "delete" ) && !$error )
// No previous entry, create new // No previous entry, create new
// //
$sql = "INSERT INTO " . VOTE_DESC_TABLE . " (topic_id, vote_text, vote_start, vote_length) $sql = "INSERT INTO " . VOTE_DESC_TABLE . " (topic_id, vote_text, vote_start, vote_length)
VALUES ($topic_id, '$poll_title', $current_time, " . ( $poll_length * 86400 ) . ")"; VALUES ($topic_id, '" . str_replace("\'", "''", $poll_title) . "', $current_time, " . ( $poll_length * 86400 ) . ")";
if( $result = $db->sql_query($sql, BEGIN_TRANSACTION) ) if( $result = $db->sql_query($sql, BEGIN_TRANSACTION) )
{ {
$new_vote_id = $db->sql_nextid(); $new_vote_id = $db->sql_nextid();
@ -1998,7 +1987,7 @@ if( ( $submit || $confirm || $mode == "delete" ) && !$error )
while( list($option_id, $option_text) = each($poll_option_list) ) while( list($option_id, $option_text) = each($poll_option_list) )
{ {
$sql = "INSERT INTO " . VOTE_RESULTS_TABLE . " (vote_id, vote_option_id, vote_option_text, vote_result) $sql = "INSERT INTO " . VOTE_RESULTS_TABLE . " (vote_id, vote_option_id, vote_option_text, vote_result)
VALUES ($new_vote_id, $poll_option_id, '$option_text', 0)"; VALUES ($new_vote_id, $poll_option_id, '" . str_replace("\'", "''", $option_text) . "', 0)";
if( !$result = $db->sql_query($sql) ) if( !$result = $db->sql_query($sql) )
{ {
// Rollback ... // Rollback ...

6
phpBB/search.php
View file

@ -294,7 +294,7 @@ else if( $query_keywords != "" || $query_author != "" || $search_id )
$sql = "SELECT user_id $sql = "SELECT user_id
FROM ".USERS_TABLE." FROM ".USERS_TABLE."
WHERE username LIKE '$query_author'"; WHERE username LIKE '" . str_replace("\'", "''", $query_author) . "'";
$result = $db->sql_query($sql); $result = $db->sql_query($sql);
if( !$result ) if( !$result )
{ {
@ -507,7 +507,7 @@ else if( $query_keywords != "" || $query_author != "" || $search_id )
// //
if( $query_author != "" ) if( $query_author != "" )
{ {
$query_author = str_replace("*", "%", trim($query_author)); $query_author = str_replace("*", "%", trim(str_replace("\'", "''", $query_author)));
} }
// //
@ -734,7 +734,7 @@ else if( $query_keywords != "" || $query_author != "" || $search_id )
if( !$result || !$db->sql_affectedrows() ) if( !$result || !$db->sql_affectedrows() )
{ {
$sql = "INSERT INTO " . SEARCH_TABLE . " (search_id, session_id, search_array) $sql = "INSERT INTO " . SEARCH_TABLE . " (search_id, session_id, search_array)
VALUES($search_id, '" . $userdata['session_id'] . "', '$result_array')"; VALUES($search_id, '" . $userdata['session_id'] . "', '" . str_replace("\'", "''", $result_array) . "')";
if( !$result = $db->sql_query($sql) ) if( !$result = $db->sql_query($sql) )
{ {
message_die(GENERAL_ERROR, "Couldn't insert search results", "", __LINE__, __FILE__, $sql); message_die(GENERAL_ERROR, "Couldn't insert search results", "", __LINE__, __FILE__, $sql);