makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-28 06:08:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

add not applied sql_escape in memberlist

Browse source 
git-svn-id: file:///svn/phpbb/trunk@6178 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Meik Sievertsen 2006-07-14 12:59:55 +00:00
parent c4f2430645
commit d10e5bfc1a
4 changed files with 47 additions and 40 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
phpBB/includes/functions.php
View file

@ -2834,7 +2834,6 @@ function page_footer()
else if (time() - $config['database_gc'] > $config['database_last_gc']) else if (time() - $config['database_gc'] > $config['database_last_gc'])
{ {
// Tidy the database // Tidy the database
// This includes recalculation binary trees, ...
$cron_type = 'tidy_database'; $cron_type = 'tidy_database';
} }
else if (time() - $config['search_gc'] > $config['search_last_gc']) else if (time() - $config['search_gc'] > $config['search_last_gc'])

19
phpBB/includes/functions_admin.php
View file

@ -2488,26 +2488,7 @@ function tidy_database()
{ {
global $db; global $db;
// Disabling recalculating the binary tree for the moment
// It might be the source of some severe problems with broken trees
/* Recalculate binary tree for forums
recalc_btree('forum_id', FORUMS_TABLE);
// Recalculate binary tree for modules
$sql = 'SELECT module_class
FROM ' . MODULES_TABLE . '
GROUP BY module_class';
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
{
recalc_btree('module_id', MODULES_TABLE, $row['module_class']);
}
$db->sql_freeresult($result);
// remove cache files.
*/
set_config('database_last_gc', time(), true); set_config('database_last_gc', time(), true);
} }

4
phpBB/install/schemas/schema_data.sql
View file

@ -417,7 +417,7 @@ INSERT INTO phpbb_user_group (group_id, user_id, user_pending, group_leader) VAL
INSERT INTO phpbb_user_group (group_id, user_id, user_pending, group_leader) VALUES (7, 2, 0, 1); INSERT INTO phpbb_user_group (group_id, user_id, user_pending, group_leader) VALUES (7, 2, 0, 1);
# -- Ranks # -- Ranks
INSERT INTO phpbb_ranks (rank_title, rank_min, rank_special, rank_image) VALUES ('Site Admin', -1, 1, NULL); INSERT INTO phpbb_ranks (rank_title, rank_min, rank_special, rank_image) VALUES ('Site Admin', -1, 1, '');
# -- Roles data # -- Roles data
@ -544,7 +544,7 @@ INSERT INTO phpbb_acl_groups (group_id, forum_id, auth_option_id, auth_role_id,
INSERT INTO phpbb_topics (topic_title, topic_poster, topic_time, topic_views, topic_replies, topic_replies_real, forum_id, topic_status, topic_type, topic_first_post_id, topic_first_poster_name, topic_last_post_id, topic_last_poster_id, topic_last_poster_name, topic_last_post_time, topic_last_view_time, poll_title) VALUES ('Welcome to phpBB 3', 2, 972086460, 0, 0, 0, 2, 0, 0, 1, 'Admin', 1, 2, 'Admin', 972086460, 972086460, ''); INSERT INTO phpbb_topics (topic_title, topic_poster, topic_time, topic_views, topic_replies, topic_replies_real, forum_id, topic_status, topic_type, topic_first_post_id, topic_first_poster_name, topic_last_post_id, topic_last_poster_id, topic_last_poster_name, topic_last_post_time, topic_last_view_time, poll_title) VALUES ('Welcome to phpBB 3', 2, 972086460, 0, 0, 0, 2, 0, 0, 1, 'Admin', 1, 2, 'Admin', 972086460, 972086460, '');
# -- Demo Post # -- Demo Post
INSERT INTO phpbb_posts (topic_id, forum_id, poster_id, icon_id, post_time, post_username, poster_ip, post_subject, post_text, post_checksum, bbcode_uid) VALUES (1, 2, 2, 1, 972086460, NULL, '127.0.0.1', 'Welcome to phpBB 3', 'This is an example post in your phpBB 3.0 installation. You may delete this post, this topic and even this forum if you like since everything seems to be working!', '5dd683b17f641daf84c040bfefc58ce9', ''); INSERT INTO phpbb_posts (topic_id, forum_id, poster_id, icon_id, post_time, post_username, poster_ip, post_subject, post_text, post_checksum, bbcode_uid) VALUES (1, 2, 2, 1, 972086460, '', '127.0.0.1', 'Welcome to phpBB 3', 'This is an example post in your phpBB 3.0 installation. You may delete this post, this topic and even this forum if you like since everything seems to be working!', '5dd683b17f641daf84c040bfefc58ce9', '');
# -- Admin posted to the demo topic # -- Admin posted to the demo topic
INSERT INTO phpbb_topics_posted (user_id, topic_id, topic_posted) VALUES (2, 1, 1); INSERT INTO phpbb_topics_posted (user_id, topic_id, topic_posted) VALUES (2, 1, 1);

31
phpBB/memberlist.php
View file

@ -839,13 +839,37 @@ switch ($mode)
if ($ipdomain && $auth->acl_getf_global('m_info')) if ($ipdomain && $auth->acl_getf_global('m_info'))
{ {
$ips = (preg_match('#[a-z]#', $ipdomain)) ? implode(', ', preg_replace('#([0-9]{1,3}\.[0-9]{1,3}[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})#', "'\\1'", gethostbynamel($ipdomain))) : "'" . str_replace('*', '%', $ipdomain) . "'"; if (preg_match('#[a-z]#', $ipdomain))
{
$hostnames = gethostbynamel($ipdomain);
if ($hostnames !== false)
{
$ips = "'" . implode('\', \'', array_map(array($db, 'sql_escape'), preg_replace('#([0-9]{1,3}\.[0-9]{1,3}[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})#', "\\1", gethostbynamel($ipdomain)))) . "'";
}
else
{
$ips = false;
}
}
else
{
$ips = "'" . str_replace('*', '%', $db->sql_escape($ipdomain)) . "'";
}
if ($ips === false)
{
// A minor fudge but it does the job :D
$sql_where .= " AND u.user_id IN ('-1')";
}
else
{
$ip_forums = array_keys($auth->acl_getf('m_info', true)); $ip_forums = array_keys($auth->acl_getf('m_info', true));
$sql = 'SELECT DISTINCT poster_id $sql = 'SELECT DISTINCT poster_id
FROM ' . POSTS_TABLE . ' FROM ' . POSTS_TABLE . '
WHERE poster_ip ' . ((preg_match('#%#', $ips)) ? 'LIKE' : 'IN') . " ($ips) WHERE poster_ip ' . ((preg_match('#%#', $ips)) ? 'LIKE' : 'IN') . " ($ips)
AND forum_id IN (0, " . implode(',', $ip_forums) . ')'; AND forum_id IN (0, " . implode(', ', $ip_forums) . ')';
$result = $db->sql_query($sql); $result = $db->sql_query($sql);
if ($row = $db->sql_fetchrow($result)) if ($row = $db->sql_fetchrow($result))
@ -865,6 +889,9 @@ switch ($mode)
$sql_where .= " AND u.user_id IN ('-1')"; $sql_where .= " AND u.user_id IN ('-1')";
} }
unset($ip_forums); unset($ip_forums);
$db->sql_freeresult($result);
}
} }
} }