From d10e5bfc1acc671b1028bfaa16b1dee24295a222 Mon Sep 17 00:00:00 2001
From: Meik Sievertsen <acydburn@phpbb.com>
Date: Fri, 14 Jul 2006 12:59:55 +0000
Subject: [PATCH] add not applied sql_escape in memberlist

git-svn-id: file:///svn/phpbb/trunk@6178 89ea8834-ac86-4346-8a33-228a782c2dd0
---
 phpBB/includes/functions.php          |  1 -
 phpBB/includes/functions_admin.php    | 19 --------
 phpBB/install/schemas/schema_data.sql |  4 +-
 phpBB/memberlist.php                  | 63 +++++++++++++++++++--------
 4 files changed, 47 insertions(+), 40 deletions(-)

diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php
index 13558acccf..e357435fcc 100644
--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@@ -2834,7 +2834,6 @@ function page_footer()
 		else if (time() - $config['database_gc'] > $config['database_last_gc'])
 		{
 			// Tidy the database
-			// This includes recalculation binary trees, ...
 			$cron_type = 'tidy_database';
 		}
 		else if (time() - $config['search_gc'] > $config['search_last_gc'])
diff --git a/phpBB/includes/functions_admin.php b/phpBB/includes/functions_admin.php
index 4fca718e06..52447ba6de 100644
--- a/phpBB/includes/functions_admin.php
+++ b/phpBB/includes/functions_admin.php
@@ -2488,26 +2488,7 @@ function tidy_database()
 {
 	global $db;
 
-	// Disabling recalculating the binary tree for the moment
-	// It might be the source of some severe problems with broken trees
 
-	/* Recalculate binary tree for forums
-	recalc_btree('forum_id', FORUMS_TABLE);
-
-	// Recalculate binary tree for modules
-	$sql = 'SELECT module_class
-		FROM ' . MODULES_TABLE . '
-		GROUP BY module_class';
-	$result = $db->sql_query($sql);
-
-	while ($row = $db->sql_fetchrow($result))
-	{	
-		recalc_btree('module_id', MODULES_TABLE, $row['module_class']);
-	}
-	$db->sql_freeresult($result);
-
-	// remove cache files.
-*/
 
 	set_config('database_last_gc', time(), true);
 }
diff --git a/phpBB/install/schemas/schema_data.sql b/phpBB/install/schemas/schema_data.sql
index 9c5511321f..25a595f663 100644
--- a/phpBB/install/schemas/schema_data.sql
+++ b/phpBB/install/schemas/schema_data.sql
@@ -417,7 +417,7 @@ INSERT INTO phpbb_user_group (group_id, user_id, user_pending, group_leader) VAL
 INSERT INTO phpbb_user_group (group_id, user_id, user_pending, group_leader) VALUES (7, 2, 0, 1);
 
 # -- Ranks
-INSERT INTO phpbb_ranks (rank_title, rank_min, rank_special, rank_image) VALUES ('Site Admin', -1, 1, NULL);
+INSERT INTO phpbb_ranks (rank_title, rank_min, rank_special, rank_image) VALUES ('Site Admin', -1, 1, '');
 
 # -- Roles data
 
@@ -544,7 +544,7 @@ INSERT INTO phpbb_acl_groups (group_id, forum_id, auth_option_id, auth_role_id,
 INSERT INTO phpbb_topics (topic_title, topic_poster, topic_time, topic_views, topic_replies, topic_replies_real, forum_id, topic_status, topic_type, topic_first_post_id, topic_first_poster_name, topic_last_post_id, topic_last_poster_id, topic_last_poster_name, topic_last_post_time, topic_last_view_time, poll_title) VALUES ('Welcome to phpBB 3', 2, 972086460, 0, 0, 0, 2, 0, 0, 1, 'Admin', 1, 2, 'Admin', 972086460, 972086460, '');
 
 # -- Demo Post
-INSERT INTO phpbb_posts (topic_id, forum_id, poster_id, icon_id, post_time, post_username, poster_ip, post_subject, post_text, post_checksum, bbcode_uid) VALUES (1, 2, 2, 1, 972086460, NULL, '127.0.0.1', 'Welcome to phpBB 3', 'This is an example post in your phpBB 3.0 installation. You may delete this post, this topic and even this forum if you like since everything seems to be working!', '5dd683b17f641daf84c040bfefc58ce9', '');
+INSERT INTO phpbb_posts (topic_id, forum_id, poster_id, icon_id, post_time, post_username, poster_ip, post_subject, post_text, post_checksum, bbcode_uid) VALUES (1, 2, 2, 1, 972086460, '', '127.0.0.1', 'Welcome to phpBB 3', 'This is an example post in your phpBB 3.0 installation. You may delete this post, this topic and even this forum if you like since everything seems to be working!', '5dd683b17f641daf84c040bfefc58ce9', '');
 
 # -- Admin posted to the demo topic
 INSERT INTO phpbb_topics_posted (user_id, topic_id, topic_posted) VALUES (2, 1, 1);
diff --git a/phpBB/memberlist.php b/phpBB/memberlist.php
index 7806f0678e..b74f265032 100644
--- a/phpBB/memberlist.php
+++ b/phpBB/memberlist.php
@@ -839,32 +839,59 @@ switch ($mode)
 
 			if ($ipdomain && $auth->acl_getf_global('m_info'))
 			{
-				$ips = (preg_match('#[a-z]#', $ipdomain)) ? implode(', ', preg_replace('#([0-9]{1,3}\.[0-9]{1,3}[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})#', "'\\1'", gethostbynamel($ipdomain))) : "'" . str_replace('*', '%', $ipdomain) . "'";
-
-				$ip_forums = array_keys($auth->acl_getf('m_info', true));
-				$sql = 'SELECT DISTINCT poster_id
-					FROM ' . POSTS_TABLE . '
-					WHERE poster_ip ' . ((preg_match('#%#', $ips)) ? 'LIKE' : 'IN') . " ($ips)
-						AND forum_id IN (0, " . implode(',', $ip_forums) . ')';
-				$result = $db->sql_query($sql);
-
-				if ($row = $db->sql_fetchrow($result))
+				if (preg_match('#[a-z]#', $ipdomain))
 				{
-					$ip_sql = array();
-					do
-					{
-						$ip_sql[] = $row['poster_id'];
-					}
-					while ($row = $db->sql_fetchrow($result));
+					$hostnames = gethostbynamel($ipdomain);
 
-					$sql_where .= ' AND u.user_id IN (' . implode(', ', $ip_sql) . ')';
+					if ($hostnames !== false)
+					{
+						$ips = "'" . implode('\', \'', array_map(array($db, 'sql_escape'), preg_replace('#([0-9]{1,3}\.[0-9]{1,3}[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})#', "\\1", gethostbynamel($ipdomain)))) . "'";
+					}
+					else
+					{
+						$ips = false;
+					}
 				}
 				else
+				{
+					$ips = "'" . str_replace('*', '%', $db->sql_escape($ipdomain)) . "'";
+				}
+
+				if ($ips === false)
 				{
 					// A minor fudge but it does the job :D
 					$sql_where .= " AND u.user_id IN ('-1')";
 				}
-				unset($ip_forums);
+				else
+				{
+					$ip_forums = array_keys($auth->acl_getf('m_info', true));
+
+					$sql = 'SELECT DISTINCT poster_id
+						FROM ' . POSTS_TABLE . '
+						WHERE poster_ip ' . ((preg_match('#%#', $ips)) ? 'LIKE' : 'IN') . " ($ips)
+							AND forum_id IN (0, " . implode(', ', $ip_forums) . ')';
+					$result = $db->sql_query($sql);
+
+					if ($row = $db->sql_fetchrow($result))
+					{
+						$ip_sql = array();
+						do
+						{
+							$ip_sql[] = $row['poster_id'];
+						}
+						while ($row = $db->sql_fetchrow($result));
+
+						$sql_where .= ' AND u.user_id IN (' . implode(', ', $ip_sql) . ')';
+					}
+					else
+					{
+						// A minor fudge but it does the job :D
+						$sql_where .= " AND u.user_id IN ('-1')";
+					}
+					unset($ip_forums);
+
+					$db->sql_freeresult($result);
+				}
 			}
 		}