about summary refs log tree commit diff stats
path: root/central/trunk/xmlrpc.php
diff options
context:
space:
mode:
Diffstat (limited to 'central/trunk/xmlrpc.php')
-rw-r--r--central/trunk/xmlrpc.php26
1 files changed, 13 insertions, 13 deletions
diff --git a/central/trunk/xmlrpc.php b/central/trunk/xmlrpc.php index cd0bb06..5ac5868 100644 --- a/central/trunk/xmlrpc.php +++ b/central/trunk/xmlrpc.php
@@ -21,12 +21,12 @@ function deleteItem($username, $verification, $verificationID, $id)
21{ 21{
22 if (instaDisc_checkVerification($username, $verification, $verificationID, 'users', 'username', 'password')) 22 if (instaDisc_checkVerification($username, $verification, $verificationID, 'users', 'username', 'password'))
23 { 23 {
24 $getitem = "SELECT * FROM inbox WHERE username = \"" . mysql_escape_string($username) . "\" AND itemID = " . $id; 24 $getitem = "SELECT * FROM inbox WHERE username = \"" . mysql_real_escape_string($username) . "\" AND itemID = " . $id;
25 $getitem2 = mysql_query($getitem); 25 $getitem2 = mysql_query($getitem);
26 $getitem3 = mysql_fetch_array($getitem2); 26 $getitem3 = mysql_fetch_array($getitem2);
27 if ($getitem3['id'] == $id) 27 if ($getitem3['id'] == $id)
28 { 28 {
29 $delitem = "DELETE FROM inbox WHERE username = \"" . mysql_escape_string($username) . "\" AND itemID = " . $id; 29 $delitem = "DELETE FROM inbox WHERE username = \"" . mysql_real_escape_string($username) . "\" AND itemID = " . $id;
30 $delitem2 = mysql_query($delitem); 30 $delitem2 = mysql_query($delitem);
31 31
32 return new xmlrpcresp(new xmlrpcval(0, "int")); 32 return new xmlrpcresp(new xmlrpcval(0, "int"));
@@ -40,7 +40,7 @@ function resendItem($username, $verification, $verificationID, $id)
40{ 40{
41 if (instaDisc_checkVerification($username, $verification, $verificationID, 'users', 'username', 'password')) 41 if (instaDisc_checkVerification($username, $verification, $verificationID, 'users', 'username', 'password'))
42 { 42 {
43 $getitem = "SELECT * FROM inbox WHERE username = \"" . mysql_escape_string($username) . "\" AND itemID = " . $id; 43 $getitem = "SELECT * FROM inbox WHERE username = \"" . mysql_real_escape_string($username) . "\" AND itemID = " . $id;
44 $getitem2 = mysql_query($getitem); 44 $getitem2 = mysql_query($getitem);
45 $getitem3 = mysql_fetch_array($getitem2); 45 $getitem3 = mysql_fetch_array($getitem2);
46 if ($getitem3['id'] == $id) 46 if ($getitem3['id'] == $id)
@@ -58,7 +58,7 @@ function requestRetained($username, $verification, $veriicationID)
58{ 58{
59 if (instaDisc_checkVerification($username, $verification, $verificationID, 'users', 'username', 'password')) 59 if (instaDisc_checkVerification($username, $verification, $verificationID, 'users', 'username', 'password'))
60 { 60 {
61 $getitems = "SELECT * FROM inbox WHERE username = \"" . mysql_escape_string($username) . "\""; 61 $getitems = "SELECT * FROM inbox WHERE username = \"" . mysql_real_escape_string($username) . "\"";
62 $getitems2 = mysql_query($getitems); 62 $getitems2 = mysql_query($getitems);
63 $i=0; 63 $i=0;
64 while ($getitems3[$i] = mysql_fetch_array($getitems2)) 64 while ($getitems3[$i] = mysql_fetch_array($getitems2))
@@ -77,13 +77,13 @@ function sendFromUpdate($username, $verification, $verificationID, $subscription
77{ 77{
78 if (instaDisc_checkVerification($username, $verification, $verificationID, 'users', 'username', 'password')) 78 if (instaDisc_checkVerification($username, $verification, $verificationID, 'users', 'username', 'password'))
79 { 79 {
80 $getusubs = "SELECT * FROM subscriptions WHERE username = \"" . mysql_escape_string($username) . "\" AND uri = \"" . mysql_escape_string($subscription) . "\" AND owner = \"true\""; 80 $getusubs = "SELECT * FROM subscriptions WHERE username = \"" . mysql_real_escape_string($username) . "\" AND uri = \"" . mysql_real_escape_string($subscription) . "\" AND owner = \"true\"";
81 $getusubs2 = mysql_query($getusubs); 81 $getusubs2 = mysql_query($getusubs);
82 $getusubs3 = mysql_fetch_array($getusubs2); 82 $getusubs3 = mysql_fetch_array($getusubs2);
83 if ($getusubs['username'] == $username) 83 if ($getusubs['username'] == $username)
84 { 84 {
85 $cserver = $_SERVER['HTTP_HOST']; 85 $cserver = $_SERVER['HTTP_HOST'];
86 $getuk = "SELECT * FROM centralServers WHERE url = \"" . mysql_escape_string($cserver) . "\""; 86 $getuk = "SELECT * FROM centralServers WHERE url = \"" . mysql_real_escape_string($cserver) . "\"";
87 $getuk2 = mysql_query($getuk); 87 $getuk2 = mysql_query($getuk);
88 $getuk3 = mysql_fetch_array($getuk2); 88 $getuk3 = mysql_fetch_array($getuk2);
89 89
@@ -126,7 +126,7 @@ function sendFromCentral($cserver, $verification, $verificationID, $subscription
126 } else if ($softwareVersion < instaDisc_getConfig('softwareVersion')) 126 } else if ($softwareVersion < instaDisc_getConfig('softwareVersion'))
127 { 127 {
128 $cserver2 = $_SERVER['HTTP_HOST']; 128 $cserver2 = $_SERVER['HTTP_HOST'];
129 $getuk = "SELECT * FROM centralServers WHERE url = \"" . mysql_escape_string($cserver2) . "\""; 129 $getuk = "SELECT * FROM centralServers WHERE url = \"" . mysql_real_escape_string($cserver2) . "\"";
130 $getuk2 = mysql_query($getuk); 130 $getuk2 = mysql_query($getuk);
131 $getuk3 = mysql_fetch_array($getuk2); 131 $getuk3 = mysql_fetch_array($getuk2);
132 132
@@ -143,7 +143,7 @@ function sendFromCentral($cserver, $verification, $verificationID, $subscription
143 if ($databaseVersion > instaDisc_getConfig('databaseVersion')) 143 if ($databaseVersion > instaDisc_getConfig('databaseVersion'))
144 { 144 {
145 $cserver2 = $_SERVER['HTTP_HOST']; 145 $cserver2 = $_SERVER['HTTP_HOST'];
146 $getuk = "SELECT * FROM centralServers WHERE url = \"" . mysql_escape_string($cserver2) . "\""; 146 $getuk = "SELECT * FROM centralServers WHERE url = \"" . mysql_real_escape_string($cserver2) . "\"";
147 $getuk2 = mysql_query($getuk); 147 $getuk2 = mysql_query($getuk);
148 $getuk3 = mysql_fetch_array($getuk2); 148 $getuk3 = mysql_fetch_array($getuk2);
149 149
@@ -160,7 +160,7 @@ function sendFromCentral($cserver, $verification, $verificationID, $subscription
160 instaDisc_sendDatabase($cserver); 160 instaDisc_sendDatabase($cserver);
161 } 161 }
162 162
163 $getsed = "SELECT * FROM subscriptions WHERE uri = \"" . mysql_escape_string($subscription) . "\""; 163 $getsed = "SELECT * FROM subscriptions WHERE uri = \"" . mysql_real_escape_string($subscription) . "\"";
164 $getsed2 = mysql_query($getsed); 164 $getsed2 = mysql_query($getsed);
165 $i=0; 165 $i=0;
166 while ($getsed3[$i] = mysql_fetch_array($getsed2)) 166 while ($getsed3[$i] = mysql_fetch_array($getsed2))
@@ -209,12 +209,12 @@ function deleteSubscription($username, $verification, $verificationID, $subscrip
209{ 209{
210 if (instaDisc_checkVerification($username, $verification, $verificationID, 'users', 'username', 'password')) 210 if (instaDisc_checkVerification($username, $verification, $verificationID, 'users', 'username', 'password'))
211 { 211 {
212 $getsub = "SELECT * FROM subscriptions WHERE url = \"" . mysql_escape_string($subscription) . "\" AND username = \"" . mysql_escape_string($username) . "\" AND owner = \"false\""; 212 $getsub = "SELECT * FROM subscriptions WHERE url = \"" . mysql_real_escape_string($subscription) . "\" AND username = \"" . mysql_real_escape_string($username) . "\" AND owner = \"false\"";
213 $getsub2 = mysql_query($getsub); 213 $getsub2 = mysql_query($getsub);
214 $getsub3 = mysql_fetch_array($getsub2); 214 $getsub3 = mysql_fetch_array($getsub2);
215 if ($getsub3['url'] == $subscription) 215 if ($getsub3['url'] == $subscription)
216 { 216 {
217 $delsub = "DELETE FROM subscriptions WHERE url = \"" . mysql_escape_string($subscription) . "\" AND username = \"" . mysql_escape_string($username) . "\" AND owner = \"false\""; 217 $delsub = "DELETE FROM subscriptions WHERE url = \"" . mysql_real_escape_string($subscription) . "\" AND username = \"" . mysql_real_escape_string($username) . "\" AND owner = \"false\"";
218 $delsub2 = mysql_query($delsub); 218 $delsub2 = mysql_query($delsub);
219 219
220 return new xmlrpcresp(new xmlrpcval(0, "int")); 220 return new xmlrpcresp(new xmlrpcval(0, "int"));
@@ -228,7 +228,7 @@ function addSubscription($username, $verification, $verificationID, $subscriptio
228{ 228{
229 if (instaDisc_checkVerification($username, $verification, $verificationID, 'users', 'username', 'password')) 229 if (instaDisc_checkVerification($username, $verification, $verificationID, 'users', 'username', 'password'))
230 { 230 {
231 $inssub = "INSERT INTO subscriptions (url, username, owner) VALUES (\"" . mysql_escape_string($subscription) . "\", \"" . mysql_escape_string($username) . "\", \"false\")"; 231 $inssub = "INSERT INTO subscriptions (url, username, owner) VALUES (\"" . mysql_real_escape_string($subscription) . "\", \"" . mysql_real_escape_string($username) . "\", \"false\")";
232 $inssub2 = mysql_query($inssub); 232 $inssub2 = mysql_query($inssub);
233 233
234 return new xmlrpcresp(new xmlrpcval(0, "int")); 234 return new xmlrpcresp(new xmlrpcval(0, "int"));
@@ -254,7 +254,7 @@ function sendDatabase($cserver, $verification, $verificationID, $db)
254 254
255 foreach($db as $name => $value) 255 foreach($db as $name => $value)
256 { 256 {
257 $insdb = "INSERT INTO centralServers (url, key, xmlrpc) VALUES (\"" . mysql_escape_string($name) . "\", \"" . mysql_escape_string($value['key']) . "\", \"" . mysql_escape_string($value['xmlrpc']) . "\")"; 257 $insdb = "INSERT INTO centralServers (url, key, xmlrpc) VALUES (\"" . mysql_real_escape_string($name) . "\", \"" . mysql_real_escape_string($value['key']) . "\", \"" . mysql_real_escape_string($value['xmlrpc']) . "\")";
258 $insdb2 = mysql_query($insdb); 258 $insdb2 = mysql_query($insdb);
259 } 259 }
260 260