Central: MySQL-escaped query strings

Wrapped strings in MySQL queries with mysql_escape_string() to prevent errors and XSS-attacks.
author: Kelly Rauchenberger <fefferburbia@gmail.com> 2008-08-01 18:34:35 +0000
committer: Kelly Rauchenberger <fefferburbia@gmail.com> 2008-08-01 18:34:35 +0000
commit: edc9d436c4e4f9fa3cb00256652190359a4ddc20 (patch)
tree: 38cf352c9501dfcbb283565d83f9e16c8eff3c60 /central
parent: 0114b7b5ddaf919a61b108f5006a256b81178c3d (diff)
download: instadisc-edc9d436c4e4f9fa3cb00256652190359a4ddc20.tar.gz
instadisc-edc9d436c4e4f9fa3cb00256652190359a4ddc20.tar.bz2
instadisc-edc9d436c4e4f9fa3cb00256652190359a4ddc20.zip
2 files changed, 15 insertions, 15 deletions
diff --git a/central/trunk/instadisc.php b/central/trunk/instadisc.php
index f4fcd1e..d32d2d7 100644
--- a/central/trunk/instadisc.php
+++ b/central/trunk/instadisc.php

@@ -6,7 +6,7 @@ include_once('db.php');
 function instaDisc_checkVerification($username, $verification, $verificationID, $table, $nameField, $passField)
 {
-        $getitem = "SELECT * FROM " . $table . " WHERE " . $nameField . " = \"" . $username . "\"";
+        $getitem = "SELECT * FROM " . $table . " WHERE " . $nameField . " = \"" . mysql_escape_string($username) . "\"";
        $getitem2 = mysql_query($getitem);
        $getitem3 = mysql_fetch_array($getitem2);
        if ($getitem3[$nameField] == $username)
@@ -41,16 +41,16 @@ function instaDisc_sendDatabase($cserver)
 function instaDisc_addItem($username, $subscription, $title, $author, $url, $semantics)
 {
-        $getuser = "SELECT * FROM users WHERE username = \"" . $username . "\"";
+        $getuser = "SELECT * FROM users WHERE username = \"" . mysql_escape_string($username) . "\"";
        $getuser2 = mysql_query($getuser);
        $getuser3 = mysql_fetch_array($getuser2);
        if ($getuser3['username'] == $username)
        {
                $itemID = $getuser3['nextItemID'];
-                $setuser = "UPDATE users SET nextItemID = nextItemID+1 WHERE username = \"" . $username . "\"";
+                $setuser = "UPDATE users SET nextItemID = nextItemID+1 WHERE username = \"" . mysql_escape_string($username) . "\"";
                $setuser2 = mysql_query($setuser);
-                $insitem = "INSERT INTO inbox (username, itemID, subscription, title, author, url, semantics) VALUES (\"" . $username . "\", " . $itemID . ", \"" . $subscription . "\", \"" . $title . "\", \"" . $author . "\", \"" . $url . "\", \"" . serialize($semantics) . "\")";
+                $insitem = "INSERT INTO inbox (username, itemID, subscription, title, author, url, semantics) VALUES (\"" . mysql_escape_string($username) . "\", " . $itemID . ", \"" . mysql_escape_string($subscription) . "\", \"" . mysql_escape_string($title) . "\", \"" . mysql_escape_string($author) . "\", \"" . mysql_escape_string($url) . "\", \"" . mysql_escape_string(serialize($semantics)) . "\")";
                $insitem2 = mysql_query($insitem);
                instaDisc_sendItem($username, $itemID);
diff --git a/central/trunk/xmlrpc.php b/central/trunk/xmlrpc.php
index 16a2c29..68ff92d 100644
--- a/central/trunk/xmlrpc.php
+++ b/central/trunk/xmlrpc.php

@@ -21,12 +21,12 @@ function deleteItem($username, $verification, $verificationID, $id)
 {
        if (instaDisc_checkVerification($username, $verification, $verificationID, 'users', 'username', 'password'))
        {
-                $getitem = "SELECT * FROM inbox WHERE username = \"" . $username . "\" AND itemID = " . $id;
+                $getitem = "SELECT * FROM inbox WHERE username = \"" . mysql_escape_string($username) . "\" AND itemID = " . $id;
                $getitem2 = mysql_query($getitem);
                $getitem3 = mysql_fetch_array($getitem2);
                if ($getitem3['id'] == $id)
                {
-                        $delitem = "DELETE inbox WHERE username = \"" . $username . "\" AND itemID = " . $id;
+                        $delitem = "DELETE inbox WHERE username = \"" . mysql_escape_string($username) . "\" AND itemID = " . $id;
                        $delitem2 = mysql_query($delitem);
                        return new xmlrpcresp(new xmlrpcval(0, "int"));
@@ -40,7 +40,7 @@ function resendItem($username, $verification, $verificationID, $id)
 {
        if (instaDisc_checkVerification($username, $verification, $verificationID, 'users', 'username', 'password'))
        {
-                $getitem = "SELECT * FROM inbox WHERE username = \"" . $username . "\" AND itemID = " . $id;
+                $getitem = "SELECT * FROM inbox WHERE username = \"" . mysql_escape_string($username) . "\" AND itemID = " . $id;
                $getitem2 = mysql_query($getitem);
                $getitem3 = mysql_fetch_array($getitem2);
                if ($getitem3['id'] == $id)
@@ -58,13 +58,13 @@ function sendFromUpdate($username, $verification, $verificationID, $subscription
 {
        if (instaDisc_checkVerification($username, $verification, $verificationID, 'users', 'username', 'password'))
        {
-                $getusubs = "SELECT * FROM subscriptions WHERE username = \"" . $username . "\" AND uri = \"" . $subscription . "\" AND owner = \"true\"";
+                $getusubs = "SELECT * FROM subscriptions WHERE username = \"" . mysql_escape_string($username) . "\" AND uri = \"" . mysql_escape_string($subscription) . "\" AND owner = \"true\"";
                $getusubs2 = mysql_query($getusubs);
                $getusubs3 = mysql_fetch_array($getusubs2);
                if ($getusubs['username'] == $username)
                {
                        $cserver = $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'];
-                        $getuk = "SELECT * FROM centralServers WHERE url = \"" . $cserver . "\"";
+                        $getuk = "SELECT * FROM centralServers WHERE url = \"" . mysql_escape_string($cserver) . "\"";
                        $getuk2 = mysql_query($getuk);
                        $getuk3 = mysql_fetch_array($getuk2);
@@ -107,7 +107,7 @@ function sendFromCentral($cserver, $verification, $verificationID, $subscription
                } else if ($softwareVersion < getConfig('softwareVersion'))
                {
                        $cserver2 = $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'];
-                        $getuk = "SELECT * FROM centralServers WHERE url = \"" . $cserver2 . "\"";
+                        $getuk = "SELECT * FROM centralServers WHERE url = \"" . mysql_escape_string($cserver2) . "\"";
                        $getuk2 = mysql_query($getuk);
                        $getuk3 = mysql_fetch_array($getuk2);
@@ -124,7 +124,7 @@ function sendFromCentral($cserver, $verification, $verificationID, $subscription
                if ($databaseVersion > getConfig('databaseVersion'))
                {
                        $cserver2 = $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'];
-                        $getuk = "SELECT * FROM centralServers WHERE url = \"" . $cserver2 . "\"";
+                        $getuk = "SELECT * FROM centralServers WHERE url = \"" . mysql_escape_string($cserver2) . "\"";
                        $getuk2 = mysql_query($getuk);
                        $getuk3 = mysql_fetch_array($getuk2);
@@ -141,7 +141,7 @@ function sendFromCentral($cserver, $verification, $verificationID, $subscription
                        instaDisc_sendDatabase($cserver);
                }
-                $getsed = "SELECT * FROM subscriptions WHERE uri = \"" . $subscription . "\"";
+                $getsed = "SELECT * FROM subscriptions WHERE uri = \"" . mysql_escape_string($subscription) . "\"";
                $getsed2 = mysql_query($getsed);
                $i=0;
                while ($getsed3[$i] = mysql_fetch_array($getsed2))
@@ -190,12 +190,12 @@ function deleteSubscription($username, $verification, $verificationID, $subscrip
 {
        if (instaDisc_checkVerification($username, $verification, $verificationID, 'users', 'username', 'password'))
        {
-                $getsub = "SELECT * FROM subscriptions WHERE url = \"" . $subscription . "\" AND username = \"" . $username . "\" AND owner = \"false\"";
+                $getsub = "SELECT * FROM subscriptions WHERE url = \"" . mysql_escape_string($subscription) . "\" AND username = \"" . mysql_escape_string($username) . "\" AND owner = \"false\"";
                $getsub2 = mysql_query($getsub);
                $getsub3 = mysql_fetch_array($getsub2);
                if ($getsub3['url'] == $subscription)   
                {
-                        $delsub = "DELETE subscriptions WHERE url = \"" . $subscription . "\" AND username = \"" . $username . "\" AND owner = \"false\"";
+                        $delsub = "DELETE subscriptions WHERE url = \"" . mysql_escape_string($subscription) . "\" AND username = \"" . mysql_escape_string($username . "\" AND owner = \"false\"";
                        $delsub2 = mysql_query($delsub);
                        return new xmlrpcresp(new xmlrpcval(0, "int"));
@@ -209,7 +209,7 @@ function addSubscription($username, $verification, $verificationID, $subscriptio
 {
        if (instaDisc_checkVerification($username, $verification, $verificationID, 'users', 'username', 'password'))
        {
-                $inssub = "INSERT INTO subscriptions (url, username, owner) VALUES (\"" . $subscription . "\", \"" . $username . "\", \"false\")";
+                $inssub = "INSERT INTO subscriptions (url, username, owner) VALUES (\"" . mysql_escape_string($subscription) . "\", \"" . mysql_escape_string($username) . "\", \"false\")";
                $inssub2 = mysql_query($inssub);
                return new xmlrpcresp(new xmlrpcval(0, "int"));
author	Kelly Rauchenberger <fefferburbia@gmail.com>	2008-08-01 18:34:35 +0000
committer	Kelly Rauchenberger <fefferburbia@gmail.com>	2008-08-01 18:34:35 +0000
commit	edc9d436c4e4f9fa3cb00256652190359a4ddc20 (patch)
tree	38cf352c9501dfcbb283565d83f9e16c8eff3c60 /central
parent	0114b7b5ddaf919a61b108f5006a256b81178c3d (diff)
download	instadisc-edc9d436c4e4f9fa3cb00256652190359a4ddc20.tar.gz instadisc-edc9d436c4e4f9fa3cb00256652190359a4ddc20.tar.bz2 instadisc-edc9d436c4e4f9fa3cb00256652190359a4ddc20.zip

diff --git a/central/trunk/instadisc.php b/central/trunk/instadisc.php index f4fcd1e..d32d2d7 100644 --- a/central/trunk/instadisc.php +++ b/central/trunk/instadisc.php
@@ -6,7 +6,7 @@ include_once('db.php');
6		6
7	function instaDisc_checkVerification($username, $verification, $verificationID, $table, $nameField, $passField)	7	function instaDisc_checkVerification($username, $verification, $verificationID, $table, $nameField, $passField)
8	{	8	{
9	$getitem = "SELECT * FROM " . $table . " WHERE " . $nameField . " = \"" . $username . "\"";	9	$getitem = "SELECT * FROM " . $table . " WHERE " . $nameField . " = \"" . mysql_escape_string($username) . "\"";
10	$getitem2 = mysql_query($getitem);	10	$getitem2 = mysql_query($getitem);
11	$getitem3 = mysql_fetch_array($getitem2);	11	$getitem3 = mysql_fetch_array($getitem2);
12	if ($getitem3[$nameField] == $username)	12	if ($getitem3[$nameField] == $username)
@@ -41,16 +41,16 @@ function instaDisc_sendDatabase($cserver)
41		41
42	function instaDisc_addItem($username, $subscription, $title, $author, $url, $semantics)	42	function instaDisc_addItem($username, $subscription, $title, $author, $url, $semantics)
43	{	43	{
44	$getuser = "SELECT * FROM users WHERE username = \"" . $username . "\"";	44	$getuser = "SELECT * FROM users WHERE username = \"" . mysql_escape_string($username) . "\"";
45	$getuser2 = mysql_query($getuser);	45	$getuser2 = mysql_query($getuser);
46	$getuser3 = mysql_fetch_array($getuser2);	46	$getuser3 = mysql_fetch_array($getuser2);
47	if ($getuser3['username'] == $username)	47	if ($getuser3['username'] == $username)
48	{	48	{
49	$itemID = $getuser3['nextItemID'];	49	$itemID = $getuser3['nextItemID'];
50	$setuser = "UPDATE users SET nextItemID = nextItemID+1 WHERE username = \"" . $username . "\"";	50	$setuser = "UPDATE users SET nextItemID = nextItemID+1 WHERE username = \"" . mysql_escape_string($username) . "\"";
51	$setuser2 = mysql_query($setuser);	51	$setuser2 = mysql_query($setuser);
52		52
53	$insitem = "INSERT INTO inbox (username, itemID, subscription, title, author, url, semantics) VALUES (\"" . $username . "\", " . $itemID . ", \"" . $subscription . "\", \"" . $title . "\", \"" . $author . "\", \"" . $url . "\", \"" . serialize($semantics) . "\")";	53	$insitem = "INSERT INTO inbox (username, itemID, subscription, title, author, url, semantics) VALUES (\"" . mysql_escape_string($username) . "\", " . $itemID . ", \"" . mysql_escape_string($subscription) . "\", \"" . mysql_escape_string($title) . "\", \"" . mysql_escape_string($author) . "\", \"" . mysql_escape_string($url) . "\", \"" . mysql_escape_string(serialize($semantics)) . "\")";
54	$insitem2 = mysql_query($insitem);	54	$insitem2 = mysql_query($insitem);
55		55
56	instaDisc_sendItem($username, $itemID);	56	instaDisc_sendItem($username, $itemID);


diff --git a/central/trunk/xmlrpc.php b/central/trunk/xmlrpc.php index 16a2c29..68ff92d 100644 --- a/central/trunk/xmlrpc.php +++ b/central/trunk/xmlrpc.php
@@ -21,12 +21,12 @@ function deleteItem($username, $verification, $verificationID, $id)
21	{	21	{
22	if (instaDisc_checkVerification($username, $verification, $verificationID, 'users', 'username', 'password'))	22	if (instaDisc_checkVerification($username, $verification, $verificationID, 'users', 'username', 'password'))
23	{	23	{
24	$getitem = "SELECT * FROM inbox WHERE username = \"" . $username . "\" AND itemID = " . $id;	24	$getitem = "SELECT * FROM inbox WHERE username = \"" . mysql_escape_string($username) . "\" AND itemID = " . $id;
25	$getitem2 = mysql_query($getitem);	25	$getitem2 = mysql_query($getitem);
26	$getitem3 = mysql_fetch_array($getitem2);	26	$getitem3 = mysql_fetch_array($getitem2);
27	if ($getitem3['id'] == $id)	27	if ($getitem3['id'] == $id)
28	{	28	{
29	$delitem = "DELETE inbox WHERE username = \"" . $username . "\" AND itemID = " . $id;	29	$delitem = "DELETE inbox WHERE username = \"" . mysql_escape_string($username) . "\" AND itemID = " . $id;
30	$delitem2 = mysql_query($delitem);	30	$delitem2 = mysql_query($delitem);
31		31
32	return new xmlrpcresp(new xmlrpcval(0, "int"));	32	return new xmlrpcresp(new xmlrpcval(0, "int"));
@@ -40,7 +40,7 @@ function resendItem($username, $verification, $verificationID, $id)
40	{	40	{
41	if (instaDisc_checkVerification($username, $verification, $verificationID, 'users', 'username', 'password'))	41	if (instaDisc_checkVerification($username, $verification, $verificationID, 'users', 'username', 'password'))
42	{	42	{
43	$getitem = "SELECT * FROM inbox WHERE username = \"" . $username . "\" AND itemID = " . $id;	43	$getitem = "SELECT * FROM inbox WHERE username = \"" . mysql_escape_string($username) . "\" AND itemID = " . $id;
44	$getitem2 = mysql_query($getitem);	44	$getitem2 = mysql_query($getitem);
45	$getitem3 = mysql_fetch_array($getitem2);	45	$getitem3 = mysql_fetch_array($getitem2);
46	if ($getitem3['id'] == $id)	46	if ($getitem3['id'] == $id)
@@ -58,13 +58,13 @@ function sendFromUpdate($username, $verification, $verificationID, $subscription
58	{	58	{
59	if (instaDisc_checkVerification($username, $verification, $verificationID, 'users', 'username', 'password'))	59	if (instaDisc_checkVerification($username, $verification, $verificationID, 'users', 'username', 'password'))
60	{	60	{
61	$getusubs = "SELECT * FROM subscriptions WHERE username = \"" . $username . "\" AND uri = \"" . $subscription . "\" AND owner = \"true\"";	61	$getusubs = "SELECT * FROM subscriptions WHERE username = \"" . mysql_escape_string($username) . "\" AND uri = \"" . mysql_escape_string($subscription) . "\" AND owner = \"true\"";
62	$getusubs2 = mysql_query($getusubs);	62	$getusubs2 = mysql_query($getusubs);
63	$getusubs3 = mysql_fetch_array($getusubs2);	63	$getusubs3 = mysql_fetch_array($getusubs2);
64	if ($getusubs['username'] == $username)	64	if ($getusubs['username'] == $username)
65	{	65	{
66	$cserver = $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'];	66	$cserver = $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'];
67	$getuk = "SELECT * FROM centralServers WHERE url = \"" . $cserver . "\"";	67	$getuk = "SELECT * FROM centralServers WHERE url = \"" . mysql_escape_string($cserver) . "\"";
68	$getuk2 = mysql_query($getuk);	68	$getuk2 = mysql_query($getuk);
69	$getuk3 = mysql_fetch_array($getuk2);	69	$getuk3 = mysql_fetch_array($getuk2);
70		70
@@ -107,7 +107,7 @@ function sendFromCentral($cserver, $verification, $verificationID, $subscription
107	} else if ($softwareVersion < getConfig('softwareVersion'))	107	} else if ($softwareVersion < getConfig('softwareVersion'))
108	{	108	{
109	$cserver2 = $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'];	109	$cserver2 = $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'];
110	$getuk = "SELECT * FROM centralServers WHERE url = \"" . $cserver2 . "\"";	110	$getuk = "SELECT * FROM centralServers WHERE url = \"" . mysql_escape_string($cserver2) . "\"";
111	$getuk2 = mysql_query($getuk);	111	$getuk2 = mysql_query($getuk);
112	$getuk3 = mysql_fetch_array($getuk2);	112	$getuk3 = mysql_fetch_array($getuk2);
113		113
@@ -124,7 +124,7 @@ function sendFromCentral($cserver, $verification, $verificationID, $subscription
124	if ($databaseVersion > getConfig('databaseVersion'))	124	if ($databaseVersion > getConfig('databaseVersion'))
125	{	125	{
126	$cserver2 = $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'];	126	$cserver2 = $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'];
127	$getuk = "SELECT * FROM centralServers WHERE url = \"" . $cserver2 . "\"";	127	$getuk = "SELECT * FROM centralServers WHERE url = \"" . mysql_escape_string($cserver2) . "\"";
128	$getuk2 = mysql_query($getuk);	128	$getuk2 = mysql_query($getuk);
129	$getuk3 = mysql_fetch_array($getuk2);	129	$getuk3 = mysql_fetch_array($getuk2);
130		130
@@ -141,7 +141,7 @@ function sendFromCentral($cserver, $verification, $verificationID, $subscription
141	instaDisc_sendDatabase($cserver);	141	instaDisc_sendDatabase($cserver);
142	}	142	}
143		143
144	$getsed = "SELECT * FROM subscriptions WHERE uri = \"" . $subscription . "\"";	144	$getsed = "SELECT * FROM subscriptions WHERE uri = \"" . mysql_escape_string($subscription) . "\"";
145	$getsed2 = mysql_query($getsed);	145	$getsed2 = mysql_query($getsed);
146	$i=0;	146	$i=0;
147	while ($getsed3[$i] = mysql_fetch_array($getsed2))	147	while ($getsed3[$i] = mysql_fetch_array($getsed2))
@@ -190,12 +190,12 @@ function deleteSubscription($username, $verification, $verificationID, $subscrip
190	{	190	{
191	if (instaDisc_checkVerification($username, $verification, $verificationID, 'users', 'username', 'password'))	191	if (instaDisc_checkVerification($username, $verification, $verificationID, 'users', 'username', 'password'))
192	{	192	{
193	$getsub = "SELECT * FROM subscriptions WHERE url = \"" . $subscription . "\" AND username = \"" . $username . "\" AND owner = \"false\"";	193	$getsub = "SELECT * FROM subscriptions WHERE url = \"" . mysql_escape_string($subscription) . "\" AND username = \"" . mysql_escape_string($username) . "\" AND owner = \"false\"";
194	$getsub2 = mysql_query($getsub);	194	$getsub2 = mysql_query($getsub);
195	$getsub3 = mysql_fetch_array($getsub2);	195	$getsub3 = mysql_fetch_array($getsub2);
196	if ($getsub3['url'] == $subscription)	196	if ($getsub3['url'] == $subscription)
197	{	197	{
198	$delsub = "DELETE subscriptions WHERE url = \"" . $subscription . "\" AND username = \"" . $username . "\" AND owner = \"false\"";	198	$delsub = "DELETE subscriptions WHERE url = \"" . mysql_escape_string($subscription) . "\" AND username = \"" . mysql_escape_string($username . "\" AND owner = \"false\"";
199	$delsub2 = mysql_query($delsub);	199	$delsub2 = mysql_query($delsub);
200		200
201	return new xmlrpcresp(new xmlrpcval(0, "int"));	201	return new xmlrpcresp(new xmlrpcval(0, "int"));
@@ -209,7 +209,7 @@ function addSubscription($username, $verification, $verificationID, $subscriptio
209	{	209	{
210	if (instaDisc_checkVerification($username, $verification, $verificationID, 'users', 'username', 'password'))	210	if (instaDisc_checkVerification($username, $verification, $verificationID, 'users', 'username', 'password'))
211	{	211	{
212	$inssub = "INSERT INTO subscriptions (url, username, owner) VALUES (\"" . $subscription . "\", \"" . $username . "\", \"false\")";	212	$inssub = "INSERT INTO subscriptions (url, username, owner) VALUES (\"" . mysql_escape_string($subscription) . "\", \"" . mysql_escape_string($username) . "\", \"false\")";
213	$inssub2 = mysql_query($inssub);	213	$inssub2 = mysql_query($inssub);
214		214
215	return new xmlrpcresp(new xmlrpcval(0, "int"));	215	return new xmlrpcresp(new xmlrpcval(0, "int"));