From 49422ceb232a21683a3512eda1c3f360b65bffc3 Mon Sep 17 00:00:00 2001 From: Starla Insigna Date: Fri, 19 Dec 2008 23:16:04 -0500 Subject: Replaced addslashes() Many SQL queries were using the function addslashes() to escape their content. They have been replaced with the more secure mysql_real_escape_string() function. --- includes/functions.php | 4 ++-- pages/admin.php | 18 +++++++++--------- pages/quotes.php | 4 ++-- 3 files changed, 13 insertions(+), 13 deletions(-) diff --git a/includes/functions.php b/includes/functions.php index 881bfd1..7c06077 100755 --- a/includes/functions.php +++ b/includes/functions.php @@ -115,7 +115,7 @@ function postBlogPost($title,$author,$tags,$content) { $slug = generateSlug($title,'updates'); - $inspost = "INSERT INTO updates (title,slug,author,text) VALUES (\"" . $title . "\",\"" . $slug . "\",\"" . $author . "\",\"" . addslashes($content) . "\")"; + $inspost = "INSERT INTO updates (title,slug,author,text) VALUES (\"" . $title . "\",\"" . $slug . "\",\"" . $author . "\",\"" . mysql_real_escape_string($content) . "\")"; $inspost2 = mysql_query($inspost); $id = mysql_insert_id(); @@ -284,7 +284,7 @@ if (!function_exists('unique_id')) function displayRelated($title, $avoid = 0) { - $getrelated = "SELECT *, MATCH (title, text) AGAINST (\"" . addslashes($title) . "\") AS score FROM updates WHERE MATCH (title, text) AGAINST (\"" . addslashes($title) . "\") AND id <> " . $avoid . " LIMIT 0,5"; + $getrelated = "SELECT *, MATCH (title, text) AGAINST (\"" . mysql_real_escape_string($title) . "\") AS score FROM updates WHERE MATCH (title, text) AGAINST (\"" . mysql_real_escape_string($title) . "\") AND id <> " . $avoid . " LIMIT 0,5"; $getrelated2 = mysql_query($getrelated); $i=0; while ($getrelated3[$i] = mysql_fetch_array($getrelated2)) diff --git a/pages/admin.php b/pages/admin.php index ecd90f5..90e540a 100755 --- a/pages/admin.php +++ b/pages/admin.php @@ -41,7 +41,7 @@ if (isLoggedIn()) if ($_POST['type'] == 'draft') { - $insdraft = "INSERT INTO drafts (title,author,text,slug) VALUES (\"" . addslashes($_POST['title']) . "\",\"" . sess_get('uname') . "\",\"" . addslashes($_POST['text']) . "\",\"" . generateSlug($_POST['title'],'updates') . "\")"; + $insdraft = "INSERT INTO drafts (title,author,text,slug) VALUES (\"" . mysql_real_escape_string($_POST['title']) . "\",\"" . sess_get('uname') . "\",\"" . mysql_real_escape_string($_POST['text']) . "\",\"" . generateSlug($_POST['title'],'updates') . "\")"; $insdraft2 = mysql_query($insdraft); $id = mysql_insert_id(); @@ -87,7 +87,7 @@ if (isLoggedIn()) generateError(404); } - $inspending = "INSERT INTO pending (id,title,author,text,slug) VALUES (" . $id . ",\"" . addslashes($_POST['title']) . "\",\"" . sess_get('uname') . "\",\"" . addslashes($_POST['text']) . "\",\"" . generateSlug($_POST['title'],'updates') . "\")"; + $inspending = "INSERT INTO pending (id,title,author,text,slug) VALUES (" . $id . ",\"" . mysql_real_escape_string($_POST['title']) . "\",\"" . sess_get('uname') . "\",\"" . mysql_real_escape_string($_POST['text']) . "\",\"" . generateSlug($_POST['title'],'updates') . "\")"; $inspending2 = mysql_query($inspending); addTags($id, $tags, 'pending'); @@ -131,7 +131,7 @@ if (isLoggedIn()) if ($_POST['type'] == 'draft') { - $setdraft = "UPDATE drafts SET title = \"" . addslashes($_POST['title']) . "\", text = \"" . addslashes($_POST['text']) . "\" WHERE id = " . $_GET['id']; + $setdraft = "UPDATE drafts SET title = \"" . mysql_real_escape_string($_POST['title']) . "\", text = \"" . mysql_real_escape_string($_POST['text']) . "\" WHERE id = " . $_GET['id']; $setdraft2 = mysql_query($setdraft); addTags($_GET['id'], $tags, 'draft'); @@ -179,7 +179,7 @@ if (isLoggedIn()) generateError(404); } - $inspending = "INSERT INTO pending (id,title,author,text,slug) VALUES (" . $id . ",\"" . addslashes($_POST['title']) . "\",\"" . sess_get('uname') . "\",\"" . addslashes($_POST['text']) . "\",\"" . generateSlug($_POST['title'],'updates') . "\")"; + $inspending = "INSERT INTO pending (id,title,author,text,slug) VALUES (" . $id . ",\"" . mysql_real_escape_string($_POST['title']) . "\",\"" . sess_get('uname') . "\",\"" . mysql_real_escape_string($_POST['text']) . "\",\"" . generateSlug($_POST['title'],'updates') . "\")"; $inspending2 = mysql_query($inspending); addTags($id, $tags, 'pending'); @@ -284,7 +284,7 @@ if (isLoggedIn()) } else { $tags = explode(',', $_POST['tags']); - $setpending = "UPDATE pending SET title = \"" . addslashes($_POST['title']) . "\", text = \"" . addslashes($_POST['text']) . "\" WHERE id = " . $_GET['id']; + $setpending = "UPDATE pending SET title = \"" . mysql_real_escape_string($_POST['title']) . "\", text = \"" . mysql_real_escape_string($_POST['text']) . "\" WHERE id = " . $_GET['id']; $setpending2 = mysql_query($setpending); removeTags($_GET['id'], 'pending'); @@ -454,7 +454,7 @@ if (isLoggedIn()) } else { $tags = explode(',', $_POST['tags']); - $setpost = "UPDATE updates SET title = \"" . addslashes($_POST['title']) . "\", text = \"" . addslashes($_POST['text']) . "\" WHERE id = " . $_GET['id']; + $setpost = "UPDATE updates SET title = \"" . mysql_real_escape_string($_POST['title']) . "\", text = \"" . mysql_real_escape_string($_POST['text']) . "\" WHERE id = " . $_GET['id']; $setpost2 = mysql_query($setpost); removeTags($_GET['id']); @@ -601,13 +601,13 @@ if (isLoggedIn()) $template = new FITemplate('admin/pollrss'); } else if ($_GET['step'] == 2) { - $insrss = "INSERT INTO pollrss (author,rss) VALUES (\"" . sess_get('uname') . "\",\"" . addslashes($_POST['text']) . "\")"; + $insrss = "INSERT INTO pollrss (author,rss) VALUES (\"" . sess_get('uname') . "\",\"" . mysql_real_escape_string($_POST['text']) . "\")"; $insrss2 = mysql_query($insrss); $template = new FITemplate('admin/newPoll'); } else if ($_GET['step'] == 3) { - $inspoll = "INSERT INTO polloftheweek (question,option1,option2,option3,option4) VALUES (\"" . addslashes($_POST['question']) . "\",\"" . $_POST['option1'] . "\",\"" . $_POST['option2'] . "\",\"" . $_POST['option3'] . "\",\"" . $_POST['option4'] . "\")"; + $inspoll = "INSERT INTO polloftheweek (question,option1,option2,option3,option4) VALUES (\"" . mysql_real_escape_string($_POST['question']) . "\",\"" . $_POST['option1'] . "\",\"" . $_POST['option2'] . "\",\"" . $_POST['option3'] . "\",\"" . $_POST['option4'] . "\")"; $inspoll2 = mysql_query($inspoll); $cleardid = "TRUNCATE TABLE didpollalready"; @@ -654,7 +654,7 @@ if (isLoggedIn()) if (isset($_GET['approve'])) { $today = mktime(date('G'),date('i'),date('s'),date('m'),date('d'),date('Y')); - $insquote = "INSERT INTO rash_quotes (quote,date) VALUES (\"" . addslashes($getpending3['quote']) . "\",\"" . $today . "\")"; + $insquote = "INSERT INTO rash_quotes (quote,date) VALUES (\"" . mysql_real_escape_string($getpending3['quote']) . "\",\"" . $today . "\")"; $insquote2 = mysql_query($insquote); $delpending = "DELETE FROM rash_queue WHERE id = " . $_GET['id']; diff --git a/pages/quotes.php b/pages/quotes.php index 8aaa5db..55d12d9 100755 --- a/pages/quotes.php +++ b/pages/quotes.php @@ -43,10 +43,10 @@ if ((!isset($_GET['act'])) || ($_GET['act'] == 'latest')) $template->adds_block('SUBMITTED',array('QUOTE' => (nl2br(htmlspecialchars($_POST['rash_quote'])) . "\n"))); if (!isLoggedIn()) { - $insquote = "INSERT INTO rash_queue (quote) VALUES(\"" . addslashes(htmlspecialchars($_POST['rash_quote'])) . "\")"; + $insquote = "INSERT INTO rash_queue (quote) VALUES(\"" . mysql_real_escape_string(htmlspecialchars($_POST['rash_quote'])) . "\")"; } else { $today = mktime(date('G'),date('i'),date('s'),date('m'),date('d'),date('Y')); - $insquote = "INSERT INTO rash_quotes (quote, rating, flag, date) VALUES (\"" . addslashes($_POST['rash_quote']) . "\", 0, 0, \"" . $today . "\")"; + $insquote = "INSERT INTO rash_quotes (quote, rating, flag, date) VALUES (\"" . mysql_real_escape_string($_POST['rash_quote']) . "\", 0, 0, \"" . $today . "\")"; } $insquote2 = mysql_query($insquote); } -- cgit 1.4.1