diff options
| author | Starla Insigna <hatkirby@fourisland.com> | 2008-12-19 23:16:04 -0500 |
|---|---|---|
| committer | Starla Insigna <hatkirby@fourisland.com> | 2008-12-19 23:16:04 -0500 |
| commit | 49422ceb232a21683a3512eda1c3f360b65bffc3 (patch) | |
| tree | 21468bc013af5ba83c2d1ff0d41246f12aeab219 /pages | |
| parent | 0cf887cd8679223a7a3ef12c697f6d4e1144b0e3 (diff) | |
| download | fourisland-49422ceb232a21683a3512eda1c3f360b65bffc3.tar.gz fourisland-49422ceb232a21683a3512eda1c3f360b65bffc3.tar.bz2 fourisland-49422ceb232a21683a3512eda1c3f360b65bffc3.zip | |
Replaced addslashes()
Many SQL queries were using the function addslashes() to escape their content. They have been replaced with the more secure mysql_real_escape_string() function.
Diffstat (limited to 'pages')
| -rwxr-xr-x | pages/admin.php | 18 | ||||
| -rwxr-xr-x | pages/quotes.php | 4 |
2 files changed, 11 insertions, 11 deletions
| diff --git a/pages/admin.php b/pages/admin.php index ecd90f5..90e540a 100755 --- a/pages/admin.php +++ b/pages/admin.php | |||
| @@ -41,7 +41,7 @@ if (isLoggedIn()) | |||
| 41 | 41 | ||
| 42 | if ($_POST['type'] == 'draft') | 42 | if ($_POST['type'] == 'draft') |
| 43 | { | 43 | { |
| 44 | $insdraft = "INSERT INTO drafts (title,author,text,slug) VALUES (\"" . addslashes($_POST['title']) . "\",\"" . sess_get('uname') . "\",\"" . addslashes($_POST['text']) . "\",\"" . generateSlug($_POST['title'],'updates') . "\")"; | 44 | $insdraft = "INSERT INTO drafts (title,author,text,slug) VALUES (\"" . mysql_real_escape_string($_POST['title']) . "\",\"" . sess_get('uname') . "\",\"" . mysql_real_escape_string($_POST['text']) . "\",\"" . generateSlug($_POST['title'],'updates') . "\")"; |
| 45 | $insdraft2 = mysql_query($insdraft); | 45 | $insdraft2 = mysql_query($insdraft); |
| 46 | 46 | ||
| 47 | $id = mysql_insert_id(); | 47 | $id = mysql_insert_id(); |
| @@ -87,7 +87,7 @@ if (isLoggedIn()) | |||
| 87 | generateError(404); | 87 | generateError(404); |
| 88 | } | 88 | } |
| 89 | 89 | ||
| 90 | $inspending = "INSERT INTO pending (id,title,author,text,slug) VALUES (" . $id . ",\"" . addslashes($_POST['title']) . "\",\"" . sess_get('uname') . "\",\"" . addslashes($_POST['text']) . "\",\"" . generateSlug($_POST['title'],'updates') . "\")"; | 90 | $inspending = "INSERT INTO pending (id,title,author,text,slug) VALUES (" . $id . ",\"" . mysql_real_escape_string($_POST['title']) . "\",\"" . sess_get('uname') . "\",\"" . mysql_real_escape_string($_POST['text']) . "\",\"" . generateSlug($_POST['title'],'updates') . "\")"; |
| 91 | $inspending2 = mysql_query($inspending); | 91 | $inspending2 = mysql_query($inspending); |
| 92 | 92 | ||
| 93 | addTags($id, $tags, 'pending'); | 93 | addTags($id, $tags, 'pending'); |
| @@ -131,7 +131,7 @@ if (isLoggedIn()) | |||
| 131 | 131 | ||
| 132 | if ($_POST['type'] == 'draft') | 132 | if ($_POST['type'] == 'draft') |
| 133 | { | 133 | { |
| 134 | $setdraft = "UPDATE drafts SET title = \"" . addslashes($_POST['title']) . "\", text = \"" . addslashes($_POST['text']) . "\" WHERE id = " . $_GET['id']; | 134 | $setdraft = "UPDATE drafts SET title = \"" . mysql_real_escape_string($_POST['title']) . "\", text = \"" . mysql_real_escape_string($_POST['text']) . "\" WHERE id = " . $_GET['id']; |
| 135 | $setdraft2 = mysql_query($setdraft); | 135 | $setdraft2 = mysql_query($setdraft); |
| 136 | 136 | ||
| 137 | addTags($_GET['id'], $tags, 'draft'); | 137 | addTags($_GET['id'], $tags, 'draft'); |
| @@ -179,7 +179,7 @@ if (isLoggedIn()) | |||
| 179 | generateError(404); | 179 | generateError(404); |
| 180 | } | 180 | } |
| 181 | 181 | ||
| 182 | $inspending = "INSERT INTO pending (id,title,author,text,slug) VALUES (" . $id . ",\"" . addslashes($_POST['title']) . "\",\"" . sess_get('uname') . "\",\"" . addslashes($_POST['text']) . "\",\"" . generateSlug($_POST['title'],'updates') . "\")"; | 182 | $inspending = "INSERT INTO pending (id,title,author,text,slug) VALUES (" . $id . ",\"" . mysql_real_escape_string($_POST['title']) . "\",\"" . sess_get('uname') . "\",\"" . mysql_real_escape_string($_POST['text']) . "\",\"" . generateSlug($_POST['title'],'updates') . "\")"; |
| 183 | $inspending2 = mysql_query($inspending); | 183 | $inspending2 = mysql_query($inspending); |
| 184 | 184 | ||
| 185 | addTags($id, $tags, 'pending'); | 185 | addTags($id, $tags, 'pending'); |
| @@ -284,7 +284,7 @@ if (isLoggedIn()) | |||
| 284 | } else { | 284 | } else { |
| 285 | $tags = explode(',', $_POST['tags']); | 285 | $tags = explode(',', $_POST['tags']); |
| 286 | 286 | ||
| 287 | $setpending = "UPDATE pending SET title = \"" . addslashes($_POST['title']) . "\", text = \"" . addslashes($_POST['text']) . "\" WHERE id = " . $_GET['id']; | 287 | $setpending = "UPDATE pending SET title = \"" . mysql_real_escape_string($_POST['title']) . "\", text = \"" . mysql_real_escape_string($_POST['text']) . "\" WHERE id = " . $_GET['id']; |
| 288 | $setpending2 = mysql_query($setpending); | 288 | $setpending2 = mysql_query($setpending); |
| 289 | 289 | ||
| 290 | removeTags($_GET['id'], 'pending'); | 290 | removeTags($_GET['id'], 'pending'); |
| @@ -454,7 +454,7 @@ if (isLoggedIn()) | |||
| 454 | } else { | 454 | } else { |
| 455 | $tags = explode(',', $_POST['tags']); | 455 | $tags = explode(',', $_POST['tags']); |
| 456 | 456 | ||
| 457 | $setpost = "UPDATE updates SET title = \"" . addslashes($_POST['title']) . "\", text = \"" . addslashes($_POST['text']) . "\" WHERE id = " . $_GET['id']; | 457 | $setpost = "UPDATE updates SET title = \"" . mysql_real_escape_string($_POST['title']) . "\", text = \"" . mysql_real_escape_string($_POST['text']) . "\" WHERE id = " . $_GET['id']; |
| 458 | $setpost2 = mysql_query($setpost); | 458 | $setpost2 = mysql_query($setpost); |
| 459 | 459 | ||
| 460 | removeTags($_GET['id']); | 460 | removeTags($_GET['id']); |
| @@ -601,13 +601,13 @@ if (isLoggedIn()) | |||
| 601 | $template = new FITemplate('admin/pollrss'); | 601 | $template = new FITemplate('admin/pollrss'); |
| 602 | } else if ($_GET['step'] == 2) | 602 | } else if ($_GET['step'] == 2) |
| 603 | { | 603 | { |
| 604 | $insrss = "INSERT INTO pollrss (author,rss) VALUES (\"" . sess_get('uname') . "\",\"" . addslashes($_POST['text']) . "\")"; | 604 | $insrss = "INSERT INTO pollrss (author,rss) VALUES (\"" . sess_get('uname') . "\",\"" . mysql_real_escape_string($_POST['text']) . "\")"; |
| 605 | $insrss2 = mysql_query($insrss); | 605 | $insrss2 = mysql_query($insrss); |
| 606 | 606 | ||
| 607 | $template = new FITemplate('admin/newPoll'); | 607 | $template = new FITemplate('admin/newPoll'); |
| 608 | } else if ($_GET['step'] == 3) | 608 | } else if ($_GET['step'] == 3) |
| 609 | { | 609 | { |
| 610 | $inspoll = "INSERT INTO polloftheweek (question,option1,option2,option3,option4) VALUES (\"" . addslashes($_POST['question']) . "\",\"" . $_POST['option1'] . "\",\"" . $_POST['option2'] . "\",\"" . $_POST['option3'] . "\",\"" . $_POST['option4'] . "\")"; | 610 | $inspoll = "INSERT INTO polloftheweek (question,option1,option2,option3,option4) VALUES (\"" . mysql_real_escape_string($_POST['question']) . "\",\"" . $_POST['option1'] . "\",\"" . $_POST['option2'] . "\",\"" . $_POST['option3'] . "\",\"" . $_POST['option4'] . "\")"; |
| 611 | $inspoll2 = mysql_query($inspoll); | 611 | $inspoll2 = mysql_query($inspoll); |
| 612 | 612 | ||
| 613 | $cleardid = "TRUNCATE TABLE didpollalready"; | 613 | $cleardid = "TRUNCATE TABLE didpollalready"; |
| @@ -654,7 +654,7 @@ if (isLoggedIn()) | |||
| 654 | if (isset($_GET['approve'])) | 654 | if (isset($_GET['approve'])) |
| 655 | { | 655 | { |
| 656 | $today = mktime(date('G'),date('i'),date('s'),date('m'),date('d'),date('Y')); | 656 | $today = mktime(date('G'),date('i'),date('s'),date('m'),date('d'),date('Y')); |
| 657 | $insquote = "INSERT INTO rash_quotes (quote,date) VALUES (\"" . addslashes($getpending3['quote']) . "\",\"" . $today . "\")"; | 657 | $insquote = "INSERT INTO rash_quotes (quote,date) VALUES (\"" . mysql_real_escape_string($getpending3['quote']) . "\",\"" . $today . "\")"; |
| 658 | $insquote2 = mysql_query($insquote); | 658 | $insquote2 = mysql_query($insquote); |
| 659 | 659 | ||
| 660 | $delpending = "DELETE FROM rash_queue WHERE id = " . $_GET['id']; | 660 | $delpending = "DELETE FROM rash_queue WHERE id = " . $_GET['id']; |
| diff --git a/pages/quotes.php b/pages/quotes.php index 8aaa5db..55d12d9 100755 --- a/pages/quotes.php +++ b/pages/quotes.php | |||
| @@ -43,10 +43,10 @@ if ((!isset($_GET['act'])) || ($_GET['act'] == 'latest')) | |||
| 43 | $template->adds_block('SUBMITTED',array('QUOTE' => (nl2br(htmlspecialchars($_POST['rash_quote'])) . "\n"))); | 43 | $template->adds_block('SUBMITTED',array('QUOTE' => (nl2br(htmlspecialchars($_POST['rash_quote'])) . "\n"))); |
| 44 | if (!isLoggedIn()) | 44 | if (!isLoggedIn()) |
| 45 | { | 45 | { |
| 46 | $insquote = "INSERT INTO rash_queue (quote) VALUES(\"" . addslashes(htmlspecialchars($_POST['rash_quote'])) . "\")"; | 46 | $insquote = "INSERT INTO rash_queue (quote) VALUES(\"" . mysql_real_escape_string(htmlspecialchars($_POST['rash_quote'])) . "\")"; |
| 47 | } else { | 47 | } else { |
| 48 | $today = mktime(date('G'),date('i'),date('s'),date('m'),date('d'),date('Y')); | 48 | $today = mktime(date('G'),date('i'),date('s'),date('m'),date('d'),date('Y')); |
| 49 | $insquote = "INSERT INTO rash_quotes (quote, rating, flag, date) VALUES (\"" . addslashes($_POST['rash_quote']) . "\", 0, 0, \"" . $today . "\")"; | 49 | $insquote = "INSERT INTO rash_quotes (quote, rating, flag, date) VALUES (\"" . mysql_real_escape_string($_POST['rash_quote']) . "\", 0, 0, \"" . $today . "\")"; |
| 50 | } | 50 | } |
| 51 | $insquote2 = mysql_query($insquote); | 51 | $insquote2 = mysql_query($insquote); |
| 52 | } | 52 | } |