From edc9d436c4e4f9fa3cb00256652190359a4ddc20 Mon Sep 17 00:00:00 2001 From: Kelly Rauchenberger Date: Fri, 1 Aug 2008 18:34:35 +0000 Subject: Central: MySQL-escaped query strings Wrapped strings in MySQL queries with mysql_escape_string() to prevent errors and XSS-attacks. --- central/trunk/instadisc.php | 8 ++++---- central/trunk/xmlrpc.php | 22 +++++++++++----------- 2 files changed, 15 insertions(+), 15 deletions(-) (limited to 'central/trunk') diff --git a/central/trunk/instadisc.php b/central/trunk/instadisc.php index f4fcd1e..d32d2d7 100644 --- a/central/trunk/instadisc.php +++ b/central/trunk/instadisc.php @@ -6,7 +6,7 @@ include_once('db.php'); function instaDisc_checkVerification($username, $verification, $verificationID, $table, $nameField, $passField) { - $getitem = "SELECT * FROM " . $table . " WHERE " . $nameField . " = \"" . $username . "\""; + $getitem = "SELECT * FROM " . $table . " WHERE " . $nameField . " = \"" . mysql_escape_string($username) . "\""; $getitem2 = mysql_query($getitem); $getitem3 = mysql_fetch_array($getitem2); if ($getitem3[$nameField] == $username) @@ -41,16 +41,16 @@ function instaDisc_sendDatabase($cserver) function instaDisc_addItem($username, $subscription, $title, $author, $url, $semantics) { - $getuser = "SELECT * FROM users WHERE username = \"" . $username . "\""; + $getuser = "SELECT * FROM users WHERE username = \"" . mysql_escape_string($username) . "\""; $getuser2 = mysql_query($getuser); $getuser3 = mysql_fetch_array($getuser2); if ($getuser3['username'] == $username) { $itemID = $getuser3['nextItemID']; - $setuser = "UPDATE users SET nextItemID = nextItemID+1 WHERE username = \"" . $username . "\""; + $setuser = "UPDATE users SET nextItemID = nextItemID+1 WHERE username = \"" . mysql_escape_string($username) . "\""; $setuser2 = mysql_query($setuser); - $insitem = "INSERT INTO inbox (username, itemID, subscription, title, author, url, semantics) VALUES (\"" . $username . "\", " . $itemID . ", \"" . $subscription . "\", \"" . $title . "\", \"" . $author . "\", \"" . $url . "\", \"" . serialize($semantics) . "\")"; + $insitem = "INSERT INTO inbox (username, itemID, subscription, title, author, url, semantics) VALUES (\"" . mysql_escape_string($username) . "\", " . $itemID . ", \"" . mysql_escape_string($subscription) . "\", \"" . mysql_escape_string($title) . "\", \"" . mysql_escape_string($author) . "\", \"" . mysql_escape_string($url) . "\", \"" . mysql_escape_string(serialize($semantics)) . "\")"; $insitem2 = mysql_query($insitem); instaDisc_sendItem($username, $itemID); diff --git a/central/trunk/xmlrpc.php b/central/trunk/xmlrpc.php index 16a2c29..68ff92d 100644 --- a/central/trunk/xmlrpc.php +++ b/central/trunk/xmlrpc.php @@ -21,12 +21,12 @@ function deleteItem($username, $verification, $verificationID, $id) { if (instaDisc_checkVerification($username, $verification, $verificationID, 'users', 'username', 'password')) { - $getitem = "SELECT * FROM inbox WHERE username = \"" . $username . "\" AND itemID = " . $id; + $getitem = "SELECT * FROM inbox WHERE username = \"" . mysql_escape_string($username) . "\" AND itemID = " . $id; $getitem2 = mysql_query($getitem); $getitem3 = mysql_fetch_array($getitem2); if ($getitem3['id'] == $id) { - $delitem = "DELETE inbox WHERE username = \"" . $username . "\" AND itemID = " . $id; + $delitem = "DELETE inbox WHERE username = \"" . mysql_escape_string($username) . "\" AND itemID = " . $id; $delitem2 = mysql_query($delitem); return new xmlrpcresp(new xmlrpcval(0, "int")); @@ -40,7 +40,7 @@ function resendItem($username, $verification, $verificationID, $id) { if (instaDisc_checkVerification($username, $verification, $verificationID, 'users', 'username', 'password')) { - $getitem = "SELECT * FROM inbox WHERE username = \"" . $username . "\" AND itemID = " . $id; + $getitem = "SELECT * FROM inbox WHERE username = \"" . mysql_escape_string($username) . "\" AND itemID = " . $id; $getitem2 = mysql_query($getitem); $getitem3 = mysql_fetch_array($getitem2); if ($getitem3['id'] == $id) @@ -58,13 +58,13 @@ function sendFromUpdate($username, $verification, $verificationID, $subscription { if (instaDisc_checkVerification($username, $verification, $verificationID, 'users', 'username', 'password')) { - $getusubs = "SELECT * FROM subscriptions WHERE username = \"" . $username . "\" AND uri = \"" . $subscription . "\" AND owner = \"true\""; + $getusubs = "SELECT * FROM subscriptions WHERE username = \"" . mysql_escape_string($username) . "\" AND uri = \"" . mysql_escape_string($subscription) . "\" AND owner = \"true\""; $getusubs2 = mysql_query($getusubs); $getusubs3 = mysql_fetch_array($getusubs2); if ($getusubs['username'] == $username) { $cserver = $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']; - $getuk = "SELECT * FROM centralServers WHERE url = \"" . $cserver . "\""; + $getuk = "SELECT * FROM centralServers WHERE url = \"" . mysql_escape_string($cserver) . "\""; $getuk2 = mysql_query($getuk); $getuk3 = mysql_fetch_array($getuk2); @@ -107,7 +107,7 @@ function sendFromCentral($cserver, $verification, $verificationID, $subscription } else if ($softwareVersion < getConfig('softwareVersion')) { $cserver2 = $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']; - $getuk = "SELECT * FROM centralServers WHERE url = \"" . $cserver2 . "\""; + $getuk = "SELECT * FROM centralServers WHERE url = \"" . mysql_escape_string($cserver2) . "\""; $getuk2 = mysql_query($getuk); $getuk3 = mysql_fetch_array($getuk2); @@ -124,7 +124,7 @@ function sendFromCentral($cserver, $verification, $verificationID, $subscription if ($databaseVersion > getConfig('databaseVersion')) { $cserver2 = $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']; - $getuk = "SELECT * FROM centralServers WHERE url = \"" . $cserver2 . "\""; + $getuk = "SELECT * FROM centralServers WHERE url = \"" . mysql_escape_string($cserver2) . "\""; $getuk2 = mysql_query($getuk); $getuk3 = mysql_fetch_array($getuk2); @@ -141,7 +141,7 @@ function sendFromCentral($cserver, $verification, $verificationID, $subscription instaDisc_sendDatabase($cserver); } - $getsed = "SELECT * FROM subscriptions WHERE uri = \"" . $subscription . "\""; + $getsed = "SELECT * FROM subscriptions WHERE uri = \"" . mysql_escape_string($subscription) . "\""; $getsed2 = mysql_query($getsed); $i=0; while ($getsed3[$i] = mysql_fetch_array($getsed2)) @@ -190,12 +190,12 @@ function deleteSubscription($username, $verification, $verificationID, $subscrip { if (instaDisc_checkVerification($username, $verification, $verificationID, 'users', 'username', 'password')) { - $getsub = "SELECT * FROM subscriptions WHERE url = \"" . $subscription . "\" AND username = \"" . $username . "\" AND owner = \"false\""; + $getsub = "SELECT * FROM subscriptions WHERE url = \"" . mysql_escape_string($subscription) . "\" AND username = \"" . mysql_escape_string($username) . "\" AND owner = \"false\""; $getsub2 = mysql_query($getsub); $getsub3 = mysql_fetch_array($getsub2); if ($getsub3['url'] == $subscription) { - $delsub = "DELETE subscriptions WHERE url = \"" . $subscription . "\" AND username = \"" . $username . "\" AND owner = \"false\""; + $delsub = "DELETE subscriptions WHERE url = \"" . mysql_escape_string($subscription) . "\" AND username = \"" . mysql_escape_string($username . "\" AND owner = \"false\""; $delsub2 = mysql_query($delsub); return new xmlrpcresp(new xmlrpcval(0, "int")); @@ -209,7 +209,7 @@ function addSubscription($username, $verification, $verificationID, $subscriptio { if (instaDisc_checkVerification($username, $verification, $verificationID, 'users', 'username', 'password')) { - $inssub = "INSERT INTO subscriptions (url, username, owner) VALUES (\"" . $subscription . "\", \"" . $username . "\", \"false\")"; + $inssub = "INSERT INTO subscriptions (url, username, owner) VALUES (\"" . mysql_escape_string($subscription) . "\", \"" . mysql_escape_string($username) . "\", \"false\")"; $inssub2 = mysql_query($inssub); return new xmlrpcresp(new xmlrpcval(0, "int")); -- cgit 1.4.1