add not applied sql_escape in memberlist

git-svn-id: file:///svn/phpbb/trunk@6178 89ea8834-ac86-4346-8a33-228a782c2dd0
2025-06-28 06:08:52 +00:00 · 2006-07-14 12:59:55 +00:00 · 2006-07-14 12:59:55 +00:00 · d10e5bfc1a
commit d10e5bfc1a
parent c4f2430645
4 changed files with 47 additions and 40 deletions
--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@ -2834,7 +2834,6 @@ function page_footer()
 		else if (time() - $config['database_gc'] > $config['database_last_gc'])
 		{
 			// Tidy the database
-			// This includes recalculation binary trees, ...
 			$cron_type = 'tidy_database';
 		}
 		else if (time() - $config['search_gc'] > $config['search_last_gc'])
--- a/phpBB/includes/functions_admin.php
+++ b/phpBB/includes/functions_admin.php
@ -2488,26 +2488,7 @@ function tidy_database()
 {
 	global $db;

-	// Disabling recalculating the binary tree for the moment
-	// It might be the source of some severe problems with broken trees

-	/* Recalculate binary tree for forums
-	recalc_btree('forum_id', FORUMS_TABLE);
-
-	// Recalculate binary tree for modules
-	$sql = 'SELECT module_class
-		FROM ' . MODULES_TABLE . '
-		GROUP BY module_class';
-	$result = $db->sql_query($sql);
-
-	while ($row = $db->sql_fetchrow($result))
-	{	
-		recalc_btree('module_id', MODULES_TABLE, $row['module_class']);
-	}
-	$db->sql_freeresult($result);
-
-	// remove cache files.
-*/

 	set_config('database_last_gc', time(), true);
 }
--- a/phpBB/install/schemas/schema_data.sql
+++ b/phpBB/install/schemas/schema_data.sql
@ -417,7 +417,7 @@ INSERT INTO phpbb_user_group (group_id, user_id, user_pending, group_leader) VAL
 INSERT INTO phpbb_user_group (group_id, user_id, user_pending, group_leader) VALUES (7, 2, 0, 1);

 # -- Ranks
-INSERT INTO phpbb_ranks (rank_title, rank_min, rank_special, rank_image) VALUES ('Site Admin', -1, 1, NULL);
+INSERT INTO phpbb_ranks (rank_title, rank_min, rank_special, rank_image) VALUES ('Site Admin', -1, 1, '');

 # -- Roles data

@ -544,7 +544,7 @@ INSERT INTO phpbb_acl_groups (group_id, forum_id, auth_option_id, auth_role_id,
 INSERT INTO phpbb_topics (topic_title, topic_poster, topic_time, topic_views, topic_replies, topic_replies_real, forum_id, topic_status, topic_type, topic_first_post_id, topic_first_poster_name, topic_last_post_id, topic_last_poster_id, topic_last_poster_name, topic_last_post_time, topic_last_view_time, poll_title) VALUES ('Welcome to phpBB 3', 2, 972086460, 0, 0, 0, 2, 0, 0, 1, 'Admin', 1, 2, 'Admin', 972086460, 972086460, '');

 # -- Demo Post
-INSERT INTO phpbb_posts (topic_id, forum_id, poster_id, icon_id, post_time, post_username, poster_ip, post_subject, post_text, post_checksum, bbcode_uid) VALUES (1, 2, 2, 1, 972086460, NULL, '127.0.0.1', 'Welcome to phpBB 3', 'This is an example post in your phpBB 3.0 installation. You may delete this post, this topic and even this forum if you like since everything seems to be working!', '5dd683b17f641daf84c040bfefc58ce9', '');
+INSERT INTO phpbb_posts (topic_id, forum_id, poster_id, icon_id, post_time, post_username, poster_ip, post_subject, post_text, post_checksum, bbcode_uid) VALUES (1, 2, 2, 1, 972086460, '', '127.0.0.1', 'Welcome to phpBB 3', 'This is an example post in your phpBB 3.0 installation. You may delete this post, this topic and even this forum if you like since everything seems to be working!', '5dd683b17f641daf84c040bfefc58ce9', '');

 # -- Admin posted to the demo topic
 INSERT INTO phpbb_topics_posted (user_id, topic_id, topic_posted) VALUES (2, 1, 1);
--- a/phpBB/memberlist.php
+++ b/phpBB/memberlist.php
@ -839,9 +839,33 @@ switch ($mode)

 			if ($ipdomain && $auth->acl_getf_global('m_info'))
 			{
-				$ips = (preg_match('#[a-z]#', $ipdomain)) ? implode(', ', preg_replace('#([0-9]{1,3}\.[0-9]{1,3}[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})#', "'\\1'", gethostbynamel($ipdomain))) : "'" . str_replace('*', '%', $ipdomain) . "'";
+				if (preg_match('#[a-z]#', $ipdomain))
+				{
+					$hostnames = gethostbynamel($ipdomain);

+					if ($hostnames !== false)
+					{
+						$ips = "'" . implode('\', \'', array_map(array($db, 'sql_escape'), preg_replace('#([0-9]{1,3}\.[0-9]{1,3}[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})#', "\\1", gethostbynamel($ipdomain)))) . "'";
+					}
+					else
+					{
+						$ips = false;
+					}
+				}
+				else
+				{
+					$ips = "'" . str_replace('*', '%', $db->sql_escape($ipdomain)) . "'";
+				}
+
+				if ($ips === false)
+				{
+					// A minor fudge but it does the job :D
+					$sql_where .= " AND u.user_id IN ('-1')";
+				}
+				else
+				{
 					$ip_forums = array_keys($auth->acl_getf('m_info', true));
+
 					$sql = 'SELECT DISTINCT poster_id
 						FROM ' . POSTS_TABLE . '
 						WHERE poster_ip ' . ((preg_match('#%#', $ips)) ? 'LIKE' : 'IN') . " ($ips)
@ -865,6 +889,9 @@ switch ($mode)
 						$sql_where .= " AND u.user_id IN ('-1')";
 					}
 					unset($ip_forums);
+
+					$db->sql_freeresult($result);
+				}
 			}
 		}