From 2af16b67c9ac6af734d6c40b9e43eacf23207f69 Mon Sep 17 00:00:00 2001
From: Kelly Rauchenberger <fefferburbia@gmail.com>
Date: Sun, 3 Aug 2008 20:12:23 +0000
Subject: Central: Updated MySQL escape wrappers

Previously ([37]), MySQL query strings were updated to use the MySQL escape function mysql_escape_string(). Now, to add even more protection, the function
mysql_real_escape_string() is used instead.
---
 central/trunk/xmlrpc.php | 26 +++++++++++++-------------
 1 file changed, 13 insertions(+), 13 deletions(-)

(limited to 'central/trunk/xmlrpc.php')

diff --git a/central/trunk/xmlrpc.php b/central/trunk/xmlrpc.php
index cd0bb06..5ac5868 100644
--- a/central/trunk/xmlrpc.php
+++ b/central/trunk/xmlrpc.php
@@ -21,12 +21,12 @@ function deleteItem($username, $verification, $verificationID, $id)
 {
 	if (instaDisc_checkVerification($username, $verification, $verificationID, 'users', 'username', 'password'))
 	{
-		$getitem = "SELECT * FROM inbox WHERE username = \"" . mysql_escape_string($username) . "\" AND itemID = " . $id;
+		$getitem = "SELECT * FROM inbox WHERE username = \"" . mysql_real_escape_string($username) . "\" AND itemID = " . $id;
 		$getitem2 = mysql_query($getitem);
 		$getitem3 = mysql_fetch_array($getitem2);
 		if ($getitem3['id'] == $id)
 		{
-			$delitem = "DELETE FROM inbox WHERE username = \"" . mysql_escape_string($username) . "\" AND itemID = " . $id;
+			$delitem = "DELETE FROM inbox WHERE username = \"" . mysql_real_escape_string($username) . "\" AND itemID = " . $id;
 			$delitem2 = mysql_query($delitem);
 
 			return new xmlrpcresp(new xmlrpcval(0, "int"));
@@ -40,7 +40,7 @@ function resendItem($username, $verification, $verificationID, $id)
 {
 	if (instaDisc_checkVerification($username, $verification, $verificationID, 'users', 'username', 'password'))
 	{
-		$getitem = "SELECT * FROM inbox WHERE username = \"" . mysql_escape_string($username) . "\" AND itemID = " . $id;
+		$getitem = "SELECT * FROM inbox WHERE username = \"" . mysql_real_escape_string($username) . "\" AND itemID = " . $id;
 		$getitem2 = mysql_query($getitem);
 		$getitem3 = mysql_fetch_array($getitem2);
 		if ($getitem3['id'] == $id)
@@ -58,7 +58,7 @@ function requestRetained($username, $verification, $veriicationID)
 {
 	if (instaDisc_checkVerification($username, $verification, $verificationID, 'users', 'username', 'password'))
 	{
-		$getitems = "SELECT * FROM inbox WHERE username = \"" . mysql_escape_string($username) . "\"";
+		$getitems = "SELECT * FROM inbox WHERE username = \"" . mysql_real_escape_string($username) . "\"";
 		$getitems2 = mysql_query($getitems);
 		$i=0;
 		while ($getitems3[$i] = mysql_fetch_array($getitems2))
@@ -77,13 +77,13 @@ function sendFromUpdate($username, $verification, $verificationID, $subscription
 {
 	if (instaDisc_checkVerification($username, $verification, $verificationID, 'users', 'username', 'password'))
 	{
-		$getusubs = "SELECT * FROM subscriptions WHERE username = \"" . mysql_escape_string($username) . "\" AND uri = \"" . mysql_escape_string($subscription) . "\" AND owner = \"true\"";
+		$getusubs = "SELECT * FROM subscriptions WHERE username = \"" . mysql_real_escape_string($username) . "\" AND uri = \"" . mysql_real_escape_string($subscription) . "\" AND owner = \"true\"";
 		$getusubs2 = mysql_query($getusubs);
 		$getusubs3 = mysql_fetch_array($getusubs2);
 		if ($getusubs['username'] == $username)
 		{
 			$cserver = $_SERVER['HTTP_HOST'];
-			$getuk = "SELECT * FROM centralServers WHERE url = \"" . mysql_escape_string($cserver) . "\"";
+			$getuk = "SELECT * FROM centralServers WHERE url = \"" . mysql_real_escape_string($cserver) . "\"";
 			$getuk2 = mysql_query($getuk);
 			$getuk3 = mysql_fetch_array($getuk2);
 
@@ -126,7 +126,7 @@ function sendFromCentral($cserver, $verification, $verificationID, $subscription
 		} else if ($softwareVersion < instaDisc_getConfig('softwareVersion'))
 		{
 			$cserver2 = $_SERVER['HTTP_HOST'];
-			$getuk = "SELECT * FROM centralServers WHERE url = \"" . mysql_escape_string($cserver2) . "\"";
+			$getuk = "SELECT * FROM centralServers WHERE url = \"" . mysql_real_escape_string($cserver2) . "\"";
 			$getuk2 = mysql_query($getuk);
 			$getuk3 = mysql_fetch_array($getuk2);
 
@@ -143,7 +143,7 @@ function sendFromCentral($cserver, $verification, $verificationID, $subscription
 		if ($databaseVersion > instaDisc_getConfig('databaseVersion'))
 		{
 			$cserver2 = $_SERVER['HTTP_HOST'];
-			$getuk = "SELECT * FROM centralServers WHERE url = \"" . mysql_escape_string($cserver2) . "\"";
+			$getuk = "SELECT * FROM centralServers WHERE url = \"" . mysql_real_escape_string($cserver2) . "\"";
 			$getuk2 = mysql_query($getuk);
 			$getuk3 = mysql_fetch_array($getuk2);
 
@@ -160,7 +160,7 @@ function sendFromCentral($cserver, $verification, $verificationID, $subscription
 			instaDisc_sendDatabase($cserver);
 		}
 
-		$getsed = "SELECT * FROM subscriptions WHERE uri = \"" . mysql_escape_string($subscription) . "\"";
+		$getsed = "SELECT * FROM subscriptions WHERE uri = \"" . mysql_real_escape_string($subscription) . "\"";
 		$getsed2 = mysql_query($getsed);
 		$i=0;
 		while ($getsed3[$i] = mysql_fetch_array($getsed2))
@@ -209,12 +209,12 @@ function deleteSubscription($username, $verification, $verificationID, $subscrip
 {
 	if (instaDisc_checkVerification($username, $verification, $verificationID, 'users', 'username', 'password'))
 	{
-		$getsub = "SELECT * FROM subscriptions WHERE url = \"" . mysql_escape_string($subscription) . "\" AND username = \"" . mysql_escape_string($username) . "\" AND owner = \"false\"";
+		$getsub = "SELECT * FROM subscriptions WHERE url = \"" . mysql_real_escape_string($subscription) . "\" AND username = \"" . mysql_real_escape_string($username) . "\" AND owner = \"false\"";
 		$getsub2 = mysql_query($getsub);
 		$getsub3 = mysql_fetch_array($getsub2);
 		if ($getsub3['url'] == $subscription)	
 		{
-			$delsub = "DELETE FROM subscriptions WHERE url = \"" . mysql_escape_string($subscription) . "\" AND username = \"" . mysql_escape_string($username) . "\" AND owner = \"false\"";
+			$delsub = "DELETE FROM subscriptions WHERE url = \"" . mysql_real_escape_string($subscription) . "\" AND username = \"" . mysql_real_escape_string($username) . "\" AND owner = \"false\"";
 			$delsub2 = mysql_query($delsub);
 
 			return new xmlrpcresp(new xmlrpcval(0, "int"));
@@ -228,7 +228,7 @@ function addSubscription($username, $verification, $verificationID, $subscriptio
 {
 	if (instaDisc_checkVerification($username, $verification, $verificationID, 'users', 'username', 'password'))
 	{
-		$inssub = "INSERT INTO subscriptions (url, username, owner) VALUES (\"" . mysql_escape_string($subscription) . "\", \"" . mysql_escape_string($username) . "\", \"false\")";
+		$inssub = "INSERT INTO subscriptions (url, username, owner) VALUES (\"" . mysql_real_escape_string($subscription) . "\", \"" . mysql_real_escape_string($username) . "\", \"false\")";
 		$inssub2 = mysql_query($inssub);
 
 		return new xmlrpcresp(new xmlrpcval(0, "int"));
@@ -254,7 +254,7 @@ function sendDatabase($cserver, $verification, $verificationID, $db)
 
 				foreach($db as $name => $value)
 				{
-					$insdb = "INSERT INTO centralServers (url, key, xmlrpc) VALUES (\"" . mysql_escape_string($name) . "\", \"" . mysql_escape_string($value['key']) . "\", \"" . mysql_escape_string($value['xmlrpc']) . "\")";
+					$insdb = "INSERT INTO centralServers (url, key, xmlrpc) VALUES (\"" . mysql_real_escape_string($name) . "\", \"" . mysql_real_escape_string($value['key']) . "\", \"" . mysql_real_escape_string($value['xmlrpc']) . "\")";
 					$insdb2 = mysql_query($insdb);
 				}
 
-- 
cgit 1.4.1