From cd9b1562f1f0ff507b70bf61eebe052c701d9c16 Mon Sep 17 00:00:00 2001 From: "Paul S. Owen" Date: Fri, 21 Dec 2001 16:00:41 +0000 Subject: [PATCH] More \' updates git-svn-id: file:///svn/phpbb/trunk@1663 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/functions.php | 29 ++++++++++------------------- 1 file changed, 10 insertions(+), 19 deletions(-) diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index a781ad5ddd..95b5027534 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -99,7 +99,7 @@ function get_userdata($username) { $sql = "SELECT * FROM " . USERS_TABLE . " - WHERE username = '$username' + WHERE username = '" . str_replace("\'", "''", $username) . "' AND user_id <> " . ANONYMOUS; if(!$result = $db->sql_query($sql)) { @@ -330,7 +330,7 @@ function setup_style($style) $template_path = 'templates/' ; $template_name = $row['template_name'] ; - $template = new Template($phpbb_root_path . $template_path . $template_name, $db); + $template = new Template($phpbb_root_path . $template_path . $template_name, $board_config, $db); if( $template ) { @@ -389,15 +389,6 @@ function create_date($format, $gmepoch, $tz) return (@gmdate($format, $gmepoch + (3600 * $tz))); } -// -// Create a GMT timestamp -// -function get_gmt_ts() -{ - $time = @time(); - return($time); -} - // // Pagination routine, generates // page number sequence @@ -515,11 +506,11 @@ function validate_username($username) FROM " . USERS_TABLE . " u, " . GROUPS_TABLE . " g, " . USER_GROUP_TABLE . " ug WHERE ug.user_id = u.user_id AND g.group_id = ug.group_id - AND ( LOWER(u.username) = '" . strtolower($username) . "' - OR LOWER(g.group_name) = '" . strtolower($username) . "' )"; + AND ( LOWER(u.username) = '" . strtolower(str_replace("\'", "''", $username)) . "' + OR LOWER(g.group_name) = '" . strtolower(str_replace("\'", "''", $username)) . "' )"; $sql_disallow = "SELECT disallow_username FROM " . DISALLOW_TABLE . " - WHERE '$username' LIKE disallow_username"; + WHERE '" . str_replace("\'", "''", $username) . "' LIKE disallow_username"; if($result = $db->sql_query($sql_users)) { if($db->sql_numrows($result) > 0) @@ -541,12 +532,12 @@ function validate_username($username) FROM " . USERS_TABLE . " u, " . GROUPS_TABLE . " g, " . USER_GROUP_TABLE . " ug WHERE ug.user_id = u.user_id AND g.group_id = ug.group_id - AND ( LOWER(u.username) = '" . strtolower($username) . "' - OR LOWER(g.group_name) = '" . strtolower($username) . "' ) + AND ( LOWER(u.username) = '" . strtolower(str_replace("\'", "''", $username)) . "' + OR LOWER(g.group_name) = '" . strtolower(str_replace("\'", "''", $username)) . "' ) UNION SELECT disallow_username, NULL FROM " . DISALLOW_TABLE . " - WHERE '$username' LIKE disallow_username"; + WHERE '" . str_replace("\'", "''", $username) . "' LIKE disallow_username"; if($result = $db->sql_query($sql)) { if($db->sql_numrows($result) > 0) @@ -928,7 +919,7 @@ function username_search($search_match, $is_inline_review = 0, $default_list = " $sql = "SELECT username FROM " . USERS_TABLE . " - WHERE username LIKE '$username_search' + WHERE username LIKE '" . str_replace("\'", "''", $username_search) . "' ORDER BY username"; if( !$result = $db->sql_query($sql) ) { @@ -1210,4 +1201,4 @@ function phpbb_preg_quote($str, $delimiter) return $text; } -?> +?> \ No newline at end of file