diff options
| author | Dries Buytaert <dries@buytaert.net> | 2001-03-07 21:29:40 +0000 |
|---|---|---|
| committer | Dries Buytaert <dries@buytaert.net> | 2001-03-07 21:29:40 +0000 |
| commit | f516626a293edd613cb823db88e36dcf7e1fb8f4 (patch) | |
| tree | ba3dd7432d4d13783e34fbc50a4d4308a142309b | |
| parent | 2b2e81f6cfce285f466c3c74cb25ad30c581d2cf (diff) | |
| download | brdo-f516626a293edd613cb823db88e36dcf7e1fb8f4.tar.gz brdo-f516626a293edd613cb823db88e36dcf7e1fb8f4.tar.bz2 | |
A rather large and important update:
revised most of the SQL queries and tried to make drupal as secure as possible (while trying to avoid redundant/duplicate checks). For drupal's sake, try to screw something up. See the mail about PHPNuke being hacked appr. 6 days ago. The one who finds a problem is rewarded a beer (and I'm willing to ship it to Norway if required). I beg you to be evil. Try dumping a table a la "http://localhost/index.php?date=77778;DROP TABLE users" or something. ;)
| -rw-r--r-- | account.php | 30 | ||||
| -rw-r--r-- | includes/ban.inc | 15 | ||||
| -rw-r--r-- | includes/comment.inc | 26 | ||||
| -rw-r--r-- | includes/module.inc | 10 | ||||
| -rw-r--r-- | index.php | 2 | ||||
| -rw-r--r-- | modules/account.module | 16 | ||||
| -rw-r--r-- | modules/backend.class | 23 | ||||
| -rw-r--r-- | modules/ban.module | 10 | ||||
| -rw-r--r-- | modules/block.module | 2 | ||||
| -rw-r--r-- | modules/block/block.module | 2 | ||||
| -rw-r--r-- | modules/box.module | 12 | ||||
| -rw-r--r-- | modules/comment.module | 10 | ||||
| -rw-r--r-- | modules/comment/comment.module | 10 | ||||
| -rw-r--r-- | modules/diary.module | 34 | ||||
| -rw-r--r-- | modules/faq.module | 6 | ||||
| -rw-r--r-- | modules/locale.module | 6 | ||||
| -rw-r--r-- | modules/locale/locale.module | 6 | ||||
| -rw-r--r-- | modules/rating.module | 6 | ||||
| -rw-r--r-- | modules/section.module | 4 | ||||
| -rw-r--r-- | modules/story.module | 10 | ||||
| -rw-r--r-- | modules/story/story.module | 10 | ||||
| -rw-r--r-- | modules/submission.module | 8 | ||||
| -rw-r--r-- | modules/watchdog.module | 6 | ||||
| -rw-r--r-- | modules/watchdog/watchdog.module | 6 | ||||
| -rw-r--r-- | search.php | 2 | ||||
| -rw-r--r-- | story.php | 20 | ||||
| -rw-r--r-- | submit.php | 6 |
27 files changed, 144 insertions, 154 deletions
diff --git a/account.php b/account.php index 42e452dc5..dd9e5f1a0 100644 --- a/account.php +++ b/account.php @@ -214,9 +214,9 @@ function account_content_edit() { function account_content_save($edit) { global $user; if ($user->id) { - db_query("DELETE FROM layout WHERE user = $user->id"); + db_query("DELETE FROM layout WHERE user = '$user->id'"); foreach (($edit ? $edit : array()) as $block=>$weight) { - db_query("INSERT INTO layout (user, block) VALUES ('". check_input($user->id) ."', '". check_input($block) ."')"); + db_query("INSERT INTO layout (user, block) VALUES ('$user->id', '". check_input($block) ."')"); } } } @@ -294,7 +294,7 @@ function account_validate($user) { // Verify whether username and e-mail address are unique: if (db_num_rows(db_query("SELECT userid FROM users WHERE LOWER(userid) = LOWER('$user[userid]')")) > 0) $error = t("the specified username is already taken"); - if (db_num_rows(db_query("SELECT real_email FROM users WHERE LOWER(real_email)=LOWER('$user[real_email]')")) > 0) $error = t("the specified e-mail address is already in use by another account"); + if (db_num_rows(db_query("SELECT real_email FROM users WHERE LOWER(real_email) = LOWER('$user[real_email]')")) > 0) $error = t("the specified e-mail address is already in use by another account"); return $error; } @@ -302,7 +302,7 @@ function account_validate($user) { function account_email_submit($userid, $email) { global $theme, $site_name, $site_url; - $result = db_query("SELECT id FROM users WHERE userid = '". check_input($userid) ."' AND real_email = '". check_input($email) ."'"); + $result = db_query("SELECT id FROM users WHERE userid = '$userid' AND real_email = '$email'"); if ($account = db_fetch_object($result)) { $passwd = account_password(); @@ -370,7 +370,7 @@ function account_create_confirm($name, $hash) { if ($account = db_fetch_object($result)) { if ($account->status == 1) { if ($account->hash == $hash) { - db_query("UPDATE users SET status = 2, hash = '' WHERE userid = '$name'"); + db_query("UPDATE users SET status = '2', hash = '' WHERE userid = '$name'"); $output = t("Your account has been successfully confirmed."); watchdog("message", "$name: account confirmation successful"); } @@ -404,13 +404,13 @@ function account_password($min_length=6) { function account_track_comments() { global $theme, $user; - $sresult = db_query("SELECT s.id, s.subject, COUNT(s.id) as count FROM comments c LEFT JOIN stories s ON c.lid = s.id WHERE c.author = $user->id GROUP BY s.id DESC LIMIT 5"); + $sresult = db_query("SELECT s.id, s.subject, COUNT(s.id) AS count FROM comments c LEFT JOIN stories s ON c.lid = s.id WHERE c.author = '$user->id' GROUP BY s.id DESC LIMIT 5"); while ($story = db_fetch_object($sresult)) { $output .= "<LI>". format_plural($story->count, "comment", "comments") ." ". t("attached to story") ." `<A HREF=\"story.php?id=$story->id\">". check_output($story->subject) ."</A>`:</LI>\n"; $output .= " <UL>\n"; - $cresult = db_query("SELECT * FROM comments WHERE author = $user->id AND lid = $story->id"); + $cresult = db_query("SELECT * FROM comments WHERE author = '$user->id' AND lid = '$story->id'"); while ($comment = db_fetch_object($cresult)) { $output .= " <LI><A HREF=\"story.php?id=$story->id&cid=$comment->cid&pid=$comment->pid#$comment->cid\">". check_output($comment->subject) ."</A> - ". t("replies") .": ". comment_num_replies($comment->cid) ." - ". t("score") .": ". comment_score($comment) ."</LI>\n"; } @@ -425,7 +425,7 @@ function account_track_comments() { function account_track_stories() { global $theme, $user; - $result = db_query("SELECT s.id, s.subject, s.timestamp, s.section, COUNT(c.cid) as count FROM stories s LEFT JOIN comments c ON c.lid = s.id WHERE s.status = 2 AND s.author = $user->id GROUP BY s.id DESC"); + $result = db_query("SELECT s.id, s.subject, s.timestamp, s.section, COUNT(c.cid) AS count FROM stories s LEFT JOIN comments c ON c.lid = s.id WHERE s.status = '2' AND s.author = '$user->id' GROUP BY s.id DESC"); while ($story = db_fetch_object($result)) { $output .= "<TABLE BORDER=\"0\" CELLPADDING=\"1\" CELLSPACING=\"1\">\n"; @@ -446,11 +446,11 @@ function account_track_site() { $period = 259200; // 3 days - $sresult = db_query("SELECT s.subject, s.id, COUNT(c.lid) AS count FROM comments c LEFT JOIN stories s ON c.lid = s.id WHERE s.status = 2 AND c.link = 'story' AND ". time() ." - c.timestamp < $period GROUP BY c.lid ORDER BY s.timestamp DESC LIMIT 10"); + $sresult = db_query("SELECT s.subject, s.id, COUNT(c.lid) AS count FROM comments c LEFT JOIN stories s ON c.lid = s.id WHERE s.status = '2' AND c.link = 'story' AND ". time() ." - c.timestamp < $period GROUP BY c.lid ORDER BY s.timestamp DESC LIMIT 10"); while ($story = db_fetch_object($sresult)) { $output .= "<LI>". format_plural($story->count, "comment", "comments") ." ". t("attached to story") ." '<A HREF=\"story.php?id=$story->id\">". check_output($story->subject) ."</A>':</LI>"; - $cresult = db_query("SELECT c.subject, c.cid, c.pid, u.userid FROM comments c LEFT JOIN users u ON u.id = c.author WHERE c.lid = $story->id AND c.link = 'story' ORDER BY timestamp DESC LIMIT $story->count"); + $cresult = db_query("SELECT c.subject, c.cid, c.pid, u.userid FROM comments c LEFT JOIN users u ON u.id = c.author WHERE c.lid = '$story->id' AND c.link = 'story' ORDER BY timestamp DESC LIMIT $story->count"); $output .= "<UL>\n"; while ($comment = db_fetch_object($cresult)) { $output .= " <LI>'<A HREF=\"story.php?id=$story->id&cid=$comment->cid&pid=$comment->pid#$comment->cid\">". check_output($comment->subject) ."</A>' ". t("by") ." ". format_username($comment->userid) ."</LI>\n"; @@ -471,10 +471,10 @@ if (strstr($name, " ") || strstr($hash, " ")) { switch ($op) { case t("E-mail new password"): - account_email_submit($userid, $email); + account_email_submit(check_input($userid), check_input($email)); break; case t("Create account"): - account_create_submit($userid, $email); + account_create_submit(check_input($userid), check_input($email)); break; case t("Save user information"): account_user_save($edit); @@ -489,10 +489,10 @@ switch ($op) { account_user($user->userid); break; case "confirm": - account_create_confirm($name, $hash); + account_create_confirm(check_input($name), check_input($hash)); break; case "login": - account_session_start($userid, $passwd); + account_session_start(check_input($userid), check_input($passwd)); header("Location: account.php?op=info"); break; case "logout": @@ -505,7 +505,7 @@ switch ($op) { account_user($user->userid); break; default: - account_user($name); + account_user(check_input($name)); } break; case "track": diff --git a/includes/ban.inc b/includes/ban.inc index 618b275ec..e1b05fc1d 100644 --- a/includes/ban.inc +++ b/includes/ban.inc @@ -10,10 +10,9 @@ $index2type = array(0x01 => "addresses", 0x03 => "hostnames", 0x04 => "usernames"); - function ban_match($mask, $category) { // Perform query: - $result = db_query("SELECT * FROM bans WHERE type = $category AND LOWER('$mask') LIKE LOWER(mask)"); + $result = db_query("SELECT * FROM bans WHERE type = '$category' AND LOWER('$mask') LIKE LOWER(mask)"); // Return result: return db_fetch_object($result); @@ -25,29 +24,29 @@ function ban_add($mask, $category, $reason, $message = "") { if (empty($mask)) { $message = "failed: empty banmasks are not allowed.<P>\n"; } - else if ($ban = db_fetch_object(db_query("SELECT * FROM bans WHERE type = $category AND '$mask' LIKE mask"))) { + else if ($ban = db_fetch_object(db_query("SELECT * FROM bans WHERE type = '$category' AND '$mask' LIKE mask"))) { $message = "failed: ban is already matched by '$ban->mask'.<P>\n"; } else { $result = db_query("INSERT INTO bans (mask, type, reason, timestamp) VALUES ('$mask', '$category', '$reason', '". time() ."')"); - $message = "added new ban with mask `$mask'.<P>\n"; + $message = "added new ban with mask '$mask'.<P>\n"; // Add log entry: - watchdog("message", "added new ban `$mask' to category `". $index2type[$category] ."' with reason `$reason'."); + watchdog("message", "added new ban '$mask' to category '". $index2type[$category] ."' with reason '$reason'."); } } function ban_delete($id) { global $index2type; - $result = db_query("SELECT * FROM bans WHERE id = $id"); + $result = db_query("SELECT * FROM bans WHERE id = '$id'"); if ($ban = db_fetch_object($result)) { // Perform query: - $result = db_query("DELETE FROM bans WHERE id = $id"); + $result = db_query("DELETE FROM bans WHERE id = '$id'"); // Deleted log entry: - watchdog("message", "removed ban `$ban->mask' from category `". $index2type[$ban->type] ."'."); + watchdog("message", "removed ban '$ban->mask' from category '". $index2type[$ban->type] ."'."); } } diff --git a/includes/comment.inc b/includes/comment.inc index 7ec1d3734..2c8aaf3b9 100644 --- a/includes/comment.inc +++ b/includes/comment.inc @@ -34,7 +34,7 @@ function comment_moderate($moderate) { foreach ($moderate as $id=>$vote) { if ($vote != $comment_votes[$none] && !user_get($user, "history", "c$id")) { // Update the comment's score: - $result = db_query("UPDATE comments SET score = score $vote, votes = votes + 1 WHERE cid = $id"); + $result = db_query("UPDATE comments SET score = score ". check_input($vote) .", votes = votes + 1 WHERE cid = '". check_input($id) ."'"); // Update the user's history: $user = user_set($user, "history", "c$id", $vote); @@ -52,13 +52,13 @@ function comment_reply($pid, $id) { global $allowed_html, $link, $REQUEST_URI, $theme, $user; if ($pid) { - $item = db_fetch_object(db_query("SELECT comments.*, users.userid FROM comments LEFT JOIN users ON comments.author = users.id WHERE comments.cid = $pid")); + $item = db_fetch_object(db_query("SELECT comments.*, users.userid FROM comments LEFT JOIN users ON comments.author = users.id WHERE comments.cid = '$pid'")); comment_view(new Comment($item->userid, $item->subject, $item->comment, $item->timestamp, $item->url, $item->fake_email, comment_score($comment), $comment->votes, $item->cid, $item->lid), t("reply to this comment")); } else { $pid = 0; if ($link == "story") { - $item = db_fetch_object(db_query("SELECT stories.*, users.userid FROM stories LEFT JOIN users ON stories.author = users.id WHERE stories.status != 0 AND stories.id = $id")); + $item = db_fetch_object(db_query("SELECT stories.*, users.userid FROM stories LEFT JOIN users ON stories.author = users.id WHERE stories.status != 0 AND stories.id = '$id'")); $theme->article($item, ""); } } @@ -132,7 +132,7 @@ function comment_post($pid, $id, $subject, $comment) { global $theme, $link, $user; // Check for duplicate comments: - $duplicate = db_result(db_query("SELECT COUNT(cid) FROM comments WHERE link = '$link' AND pid = '$pid' AND lid = '$id' AND subject = '". check_input($subject) ."' AND comment = '". check_input($comment) ."'"), 0); + $duplicate = db_result(db_query("SELECT COUNT(cid) FROM comments WHERE link = '$link' AND pid = '$pid' AND lid = '$id' AND subject = '$subject' AND comment = '$comment'"), 0); if ($duplicate != 0) { watchdog("error", "comment: attempt to insert duplicate comment"); @@ -145,7 +145,7 @@ function comment_post($pid, $id, $subject, $comment) { watchdog("comment", "comment: added comment with subject '$subject'"); // Add comment to database: - db_query("INSERT INTO comments (link, lid, pid, author, subject, comment, hostname, timestamp, score) VALUES ('". check_input($link) ."', $id, $pid, '$user->id', '". check_input($subject) ."', '". check_input($comment) ."', '". getenv("REMOTE_ADDR") ."', '". time() ."', '". ($user->userid ? 1 : 0) ."')"); + db_query("INSERT INTO comments (link, lid, pid, author, subject, comment, hostname, timestamp, score) VALUES ('$link', '$id', '$pid', '$user->id', '$subject', '$comment', '". getenv("REMOTE_ADDR") ."', '". time() ."', '". ($user->userid ? 1 : 0) ."')"); } } @@ -155,7 +155,7 @@ function comment_score($comment) { } function comment_num_replies($id, $count = 0) { - $result = db_query("SELECT COUNT(cid) FROM comments WHERE pid = $id"); + $result = db_query("SELECT COUNT(cid) FROM comments WHERE pid = '$id'"); return ($result) ? db_result($result, 0) : 0; } @@ -165,7 +165,7 @@ function comment_num_filtered($lid, $pid) { $threshold = ($user->id) ? $user->threshold : "0"; $pid = ($pid) ? $pid : 0; - $result = db_query("SELECT COUNT(cid) FROM comments WHERE lid = $lid AND pid = $pid AND ((votes = 0 AND score < $threshold) OR (score / votes < $threshold))"); + $result = db_query("SELECT COUNT(cid) FROM comments WHERE lid = '$lid' AND pid = '$pid' AND ((votes = 0 AND score < $threshold) OR (score / votes < $threshold))"); return ($result) ? db_result($result, 0) : 0; } @@ -183,7 +183,7 @@ function comment_moderation($comment) { } else { // comment has already been moderated: - $output .= "<TABLE BORDER=\"0\" CELLSPACING=\"1\" CELLPADDING=\"1\"><TR><TD>". t("score") .":</TD><TD>". check_output($comment->score) ."</TD></TR><TR><TD>". t("votes") .":</TD><TD>". check_output($comment->votes) ."</TR></TABLE>\n"; + $output .= "<TABLE BORDER=\"0\" CELLSPACING=\"1\" CELLPADDING=\"1\"><TR><TD ALIGN=\"right\">". t("score") .":</TD><TD>". check_output($comment->score) ."</TD></TR><TR><TD ALIGN=\"right\">". t("votes") .":</TD><TD>". check_output($comment->votes) ."</TR></TABLE>\n"; } return $output; @@ -221,8 +221,8 @@ function comment_order($order) { } function comment_query($link, $lid, $order, $pid = -1) { - $query .= "SELECT c.*, u.* FROM comments c LEFT JOIN users u ON c.author = u.id WHERE link = '$link' AND c.lid = $lid"; - if ($pid >= 0) $query .= " AND pid = $pid"; + $query .= "SELECT c.*, u.* FROM comments c LEFT JOIN users u ON c.author = u.id WHERE link = '$link' AND c.lid = '$lid'"; + if ($pid >= 0) $query .= " AND pid = '$pid'"; if ($order == 1) $query .= " ORDER BY c.timestamp DESC"; else if ($order == 2) $query .= " ORDER BY c.timestamp"; else if ($order == 3) $query .= " ORDER BY c.score DESC"; @@ -262,7 +262,7 @@ function comment_view($comment, $folded = 0) { function comment_thread_min($cid, $threshold) { global $user; - $result = db_query("SELECT c.*, u.* FROM comments c LEFT JOIN users u ON c.author = u.id WHERE c.pid = $cid ORDER BY c.timestamp, c.cid"); + $result = db_query("SELECT c.*, u.* FROM comments c LEFT JOIN users u ON c.author = u.id WHERE c.pid = '$cid' ORDER BY c.timestamp, c.cid"); print "<UL>"; while ($comment = db_fetch_object($result)) { @@ -275,7 +275,7 @@ function comment_thread_min($cid, $threshold) { function comment_thread_max($cid, $mode, $threshold, $level = 0, $dummy = 0) { global $link, $user; - $result = db_query("SELECT c.*, u.* FROM comments c LEFT JOIN users u ON c.author = u.id WHERE link = '$link' AND c.pid = $cid ORDER BY c.timestamp, c.cid"); + $result = db_query("SELECT c.*, u.* FROM comments c LEFT JOIN users u ON c.author = u.id WHERE link = '$link' AND c.pid = '$cid' ORDER BY c.timestamp, c.cid"); print "<UL>"; while ($comment = db_fetch_object($result)) { @@ -304,7 +304,7 @@ function comment_render($lid, $cid) { } if ($cid > 0) { - $result = db_query("SELECT c.*, u.* FROM comments c LEFT JOIN users u ON c.author = u.id WHERE cid = $cid"); + $result = db_query("SELECT c.*, u.* FROM comments c LEFT JOIN users u ON c.author = u.id WHERE cid = '$cid'"); if ($comment = db_fetch_object($result)) { comment_view($comment, comment_link($comment)); } diff --git a/includes/module.inc b/includes/module.inc index c339ee8f7..a4f6c005d 100644 --- a/includes/module.inc +++ b/includes/module.inc @@ -15,7 +15,7 @@ function module_execute($module, $hook, $argument = "") { function module_rehash_crons($name, $module) { if ($module["cron"]) { if (!db_fetch_object(db_query("SELECT * FROM crons WHERE module = '$name'"))) { - db_query("INSERT INTO crons (module, scheduled, timestamp) VALUES ('". check_input($name) ."', '172800', '0')"); + db_query("INSERT INTO crons (module, scheduled, timestamp) VALUES ('$name', '172800', '0')"); } } else { @@ -27,11 +27,11 @@ function module_rehash_blocks($name, $module) { db_query("UPDATE blocks SET remove = '1' WHERE module = '$name'"); if ($module["block"] && $blocks = $module["block"]()) { foreach ($blocks as $offset=>$block) { - if (!db_fetch_object(db_query("SELECT * FROM blocks WHERE module = '$name' AND name = '". check_input($block["info"]) ."'"))) { - db_query("INSERT INTO blocks (name, module, offset) VALUES ('". check_input($block["info"]) ."', '". check_input($name) ."', '". check_input($offset) ."')"); + if (!db_fetch_object(db_query("SELECT * FROM blocks WHERE module = '$name' AND name = '$block[info]'"))) { + db_query("INSERT INTO blocks (name, module, offset) VALUES ('$block[info]', '$name', '$offset')"); } else { - db_query("UPDATE blocks SET offset = '". check_input($offset) ."', remove = '0' WHERE module = '$name' AND name = '". check_input($block["info"]) ."'"); + db_query("UPDATE blocks SET offset = '$offset', remove = '0' WHERE module = '$name' AND name = '$block[info]'"); } } } @@ -45,7 +45,7 @@ function module_rehash($name) { $result = db_query("SELECT * FROM modules WHERE name = '$name'"); if (!$object = db_fetch_object($result)) { - db_query("INSERT INTO modules (name) VALUES ('". check_input($name) ."')"); + db_query("INSERT INTO modules (name) VALUES ('$name')"); } // rehash crons (if necessary): @@ -4,7 +4,7 @@ include_once "includes/common.inc"; // Initialize/pre-process variables: $number = ($user->stories) ? $user->stories : 10; -$date = ($date) ? $date : time(); +$date = ($date > 0) ? $date : time(); // Perform query: $result = db_query("SELECT stories.*, users.userid, COUNT(comments.lid) AS comments FROM stories LEFT JOIN comments ON stories.id = comments.lid LEFT JOIN users ON stories.author = users.id WHERE stories.status = 2 ". ($section ? "AND section = '$section' " : "") ."AND stories.timestamp <= $date GROUP BY stories.id ORDER BY stories.timestamp DESC LIMIT $number"); diff --git a/modules/account.module b/modules/account.module index 9a67a897f..9d428ee4f 100644 --- a/modules/account.module +++ b/modules/account.module @@ -15,7 +15,7 @@ function account_help() { function account_find($keys) { global $user; $find = array(); - $result = db_query("SELECT * FROM users WHERE userid LIKE '%". check_input($keys) ."%' LIMIT 20"); + $result = db_query("SELECT * FROM users WHERE userid LIKE '%$keys%' LIMIT 20"); while ($account = db_fetch_object($result)) { array_push($find, array("subject" => $account->userid, "link" => (user_access($user, "account") ? "admin.php?mod=account&op=view&name=$account->userid" : "account.php?op=view&name=$account->userid"), "user" => $account->userid)); } @@ -51,7 +51,7 @@ function account_access($account) { } function account_blocks($id) { - $result = db_query("SELECT * FROM layout WHERE user = $id"); + $result = db_query("SELECT * FROM layout WHERE user = '$id'"); while ($layout = db_fetch_object($result)) { $output .= "<LI>$layout->block</LI>\n"; } @@ -67,7 +67,7 @@ function account_stories($id) { } function account_comments($id) { - $result = db_query("SELECT * FROM comments WHERE link = 'story' AND author = $id ORDER BY timestamp DESC"); + $result = db_query("SELECT * FROM comments WHERE link = 'story' AND author = '$id' ORDER BY timestamp DESC"); while ($comment = db_fetch_object($result)) { $output .= "<LI><A HREF=\"story.php?id=$comment->lid&cid=$comment->cid&pid=$comment->pid#$comment->cid\">$comment->subject</A></LI>\n"; } @@ -77,7 +77,7 @@ function account_comments($id) { function account_delete($name) { $result = db_query("SELECT * FROM users WHERE userid = '$name' AND status = 0 AND id > 1"); if ($account = db_fetch_object($result)) { - db_query("DELETE FROM users WHERE id = $account->id"); + db_query("DELETE FROM users WHERE id = '$account->id'"); } else { print "<P>Failed to delete account '". format_username($name) ."': the account must be blocked first.</P>"; @@ -170,12 +170,12 @@ function account_admin() { switch ($op) { case "Delete account": case "delete": - account_delete($name); + account_delete(check_input($name)); account_display(); break; case "Edit account": case "edit": - account_edit($name); + account_edit(check_input($name)); break; case "help": account_help(); @@ -188,8 +188,8 @@ function account_admin() { account_view($name); break; case "Save account": - account_edit_save($name, $edit); - account_view($name); + account_edit_save(check_input($name), $edit); + account_view(check_input($name)); break; default: account_display(); diff --git a/modules/backend.class b/modules/backend.class index 593b6904f..679c149a6 100644 --- a/modules/backend.class +++ b/modules/backend.class @@ -32,7 +32,7 @@ class backend { if (time() - $this->timestamp > $timout) $this->url2sql(); // Read headlines: - $result = db_query("SELECT * FROM headlines WHERE id = $this->id ORDER BY number"); + $result = db_query("SELECT * FROM headlines WHERE id = '$this->id' ORDER BY number"); while ($headline = db_fetch_object($result)) { array_push($this->headlines, "<A HREF=\"$headline->link\">$headline->title</A>"); } @@ -91,7 +91,7 @@ class backend { } // Mark channels as being updated: - $result = db_query("UPDATE channel SET timestamp = '". time() ."' WHERE id = $this->id"); + $result = db_query("UPDATE channel SET timestamp = '". time() ."' WHERE id = '$this->id'"); $this->timestamp = time(); } else { @@ -113,7 +113,7 @@ class backend { if (time() - $this->timestamp > $timout) $this->url2sql(); // Grab headlines from database: - $result = db_query("SELECT * FROM headlines WHERE id = $this->id ORDER BY number"); + $result = db_query("SELECT * FROM headlines WHERE id = '$this->id' ORDER BY number"); while ($headline = db_fetch_object($result)) { $content .= "<LI><A HREF=\"$headline->link\">$headline->title</A></LI>"; } @@ -133,27 +133,18 @@ class backend { function delete() { // Delete channel: - $result = db_query("DELETE FROM channel WHERE id = $this->id"); + $result = db_query("DELETE FROM channel WHERE id = '$this->id'"); // Delete headlines: - $result = db_query("DELETE FROM headlines WHERE id = $this->id"); + $result = db_query("DELETE FROM headlines WHERE id = '$this->id'"); } function refresh() { // Delete headlines: - $result = db_query("DELETE FROM headlines WHERE id = $this->id"); + $result = db_query("DELETE FROM headlines WHERE id = '$this->id'"); // Mark channel as invalid to enforce an update: - $result = db_query("UPDATE channel SET timestamp = 1 WHERE id = $this->id"); - } - - function dump() { - print "<B>Dump backend:</B><BR>"; - print "Id: $this->id<BR>"; - print "Site: $this->site<BR>"; - print "URL: $this->url<BR>"; - print "File: $this->file<BR>"; - print "Contact: $this->contact<BR>"; + $result = db_query("UPDATE channel SET timestamp = 1 WHERE id = '$this->id'"); } } diff --git a/modules/ban.module b/modules/ban.module index a6586ab4d..9e734b722 100644 --- a/modules/ban.module +++ b/modules/ban.module @@ -118,11 +118,11 @@ function ban_admin() { switch ($op) { case "Add ban": - ban_admin_new($mask, $category, $reason); - ban_display($category); + ban_admin_new(check_input($mask), check_input($category), check_input($reason)); + ban_display(check_input($category)); break; case "Check ban": - ban_check($mask, $category); + ban_check(check_input($mask), check_input($category)); break; case "add": ban_admin_add(); @@ -134,9 +134,9 @@ function ban_admin() { ban_admin_check(); break; case "delete": - ban_delete($id); + ban_delete(check_input($id)); default: - ban_display($category); + ban_display(check_input($category)); } } diff --git a/modules/block.module b/modules/block.module index 2d112c0be..3629ebb65 100644 --- a/modules/block.module +++ b/modules/block.module @@ -35,7 +35,7 @@ function block_page() { function block_admin_save($edit) { foreach ($edit as $key=>$value) { - db_query("UPDATE blocks SET region = '$value[region]', status = '$value[status]', weight = '$value[weight]' WHERE name = '$key'"); + db_query("UPDATE blocks SET region = '". check_input($value[region]) ."', status = '". check_input($value[status]) ."', weight = '". check_input($value[weight]) ."' WHERE name = '". check_input($key) ."'"); } } diff --git a/modules/block/block.module b/modules/block/block.module index 2d112c0be..3629ebb65 100644 --- a/modules/block/block.module +++ b/modules/block/block.module @@ -35,7 +35,7 @@ function block_page() { function block_admin_save($edit) { foreach ($edit as $key=>$value) { - db_query("UPDATE blocks SET region = '$value[region]', status = '$value[status]', weight = '$value[weight]' WHERE name = '$key'"); + db_query("UPDATE blocks SET region = '". check_input($value[region]) ."', status = '". check_input($value[status]) ."', weight = '". check_input($value[weight]) ."' WHERE name = '". check_input($key) ."'"); } } diff --git a/modules/box.module b/modules/box.module index 54d2e0b1c..af00a5766 100644 --- a/modules/box.module +++ b/modules/box.module @@ -89,7 +89,7 @@ function box_admin_new() { } function box_admin_add($subject, $content, $info, $link, $type) { - db_query("INSERT INTO boxes (subject, content, info, link, type) VALUES ('". check_input($subject) ."', '". check_code($content) ."', '". check_input($info) ."', '". check_input($link) ."', '". check_input($type) ."')"); + db_query("INSERT INTO boxes (subject, content, info, link, type) VALUES ('$subject', '$content', '$info', '$link', '$type')"); } function box_admin_delete($id) { @@ -144,7 +144,7 @@ function box_admin_edit($id) { } function box_admin_save($id, $subject, $content, $info, $link, $type) { - db_query("UPDATE boxes SET subject = '". check_input($subject) ."', content = '". check_code($content) ."', info = '". check_input($info) ."', link = '". check_input($link) ."', type = '". check_input($type) ."' WHERE id = '$id'"); + db_query("UPDATE boxes SET subject = '$subject', content = '$content', info = '$info', link = '$link', type = '$type' WHERE id = '$id'"); watchdog("message", "modified box `$subject'"); } @@ -155,12 +155,12 @@ function box_admin() { switch ($op) { case "Add box": - box_admin_add($subject, $content, $info, $link, $type); + box_admin_add(check_input($subject), check_code($content), check_input($info), check_input($link), check_input($type)); box_admin_display(); box_admin_rehash(); break; case "Save box": - box_admin_save($id, $subject, $content, $info, $link, $type); + box_admin_save(check_input($id), check_input($subject), check_code($content), check_input($info), check_input($link), check_input($type)); box_admin_display(); box_admin_rehash(); break; @@ -171,10 +171,10 @@ function box_admin() { box_admin_new(); break; case "edit": - box_admin_edit($id); + box_admin_edit(check_input($id)); break; case "delete": - box_admin_delete($id); + box_admin_delete(check_input($id)); box_admin_rehash(); // fall through default: diff --git a/modules/comment.module b/modules/comment.module index 6038d5ed2..83a62df9e 100644 --- a/modules/comment.module +++ b/modules/comment.module @@ -6,7 +6,7 @@ $module = array("find" => "comment_find", function comment_find($keys) { global $user; $find = array(); - $result = db_query("SELECT c.*, u.userid FROM comments c LEFT JOIN users u ON c.author = u.id WHERE c.subject LIKE '%". check_input($keys) ."%' OR c.comment LIKE '%". check_input($keys) ."%' ORDER BY c.timestamp DESC LIMIT 20"); + $result = db_query("SELECT c.*, u.userid FROM comments c LEFT JOIN users u ON c.author = u.id WHERE c.subject LIKE '%$keys%' OR c.comment LIKE '%$keys%' ORDER BY c.timestamp DESC LIMIT 20"); while ($comment = db_fetch_object($result)) { array_push($find, array("subject" => check_output($comment->subject), "link" => (user_access($user, "comment") ? "admin.php?mod=comment&op=edit&id=$comment->cid" : "story.php?id=$comment->lid&cid=$comment->cid"), "user" => $story->userid, "date" => $comment->timestamp)); } @@ -20,7 +20,7 @@ function comment_search() { } function comment_edit($id) { - $result = db_query("SELECT c.*, u.userid FROM comments c LEFT JOIN users u ON c.author = u.id WHERE c.cid = $id"); + $result = db_query("SELECT c.*, u.userid FROM comments c LEFT JOIN users u ON c.author = u.id WHERE c.cid = '$id'"); $comment = db_fetch_object($result); @@ -42,7 +42,7 @@ function comment_edit($id) { } function comment_save($id, $subject, $comment) { - db_query("UPDATE comments SET subject = '". check_input($subject) ."', comment = '". check_input($comment) ."' WHERE cid = $id"); + db_query("UPDATE comments SET subject = '$subject', comment = '$comment' WHERE cid = '$id'"); watchdog("message", "comment: modified '$subject'"); } @@ -96,11 +96,11 @@ function comment_admin() { comment_search(); break; case "Save comment": - comment_save($id, $subject, $comment); + comment_save(check_input($id), check_input($subject), check_input($comment)); comment_display(); break; case "Update": - comment_display($order); + comment_display(check_input($order)); break; default: comment_display(); diff --git a/modules/comment/comment.module b/modules/comment/comment.module index 6038d5ed2..83a62df9e 100644 --- a/modules/comment/comment.module +++ b/modules/comment/comment.module @@ -6,7 +6,7 @@ $module = array("find" => "comment_find", function comment_find($keys) { global $user; $find = array(); - $result = db_query("SELECT c.*, u.userid FROM comments c LEFT JOIN users u ON c.author = u.id WHERE c.subject LIKE '%". check_input($keys) ."%' OR c.comment LIKE '%". check_input($keys) ."%' ORDER BY c.timestamp DESC LIMIT 20"); + $result = db_query("SELECT c.*, u.userid FROM comments c LEFT JOIN users u ON c.author = u.id WHERE c.subject LIKE '%$keys%' OR c.comment LIKE '%$keys%' ORDER BY c.timestamp DESC LIMIT 20"); while ($comment = db_fetch_object($result)) { array_push($find, array("subject" => check_output($comment->subject), "link" => (user_access($user, "comment") ? "admin.php?mod=comment&op=edit&id=$comment->cid" : "story.php?id=$comment->lid&cid=$comment->cid"), "user" => $story->userid, "date" => $comment->timestamp)); } @@ -20,7 +20,7 @@ function comment_search() { } function comment_edit($id) { - $result = db_query("SELECT c.*, u.userid FROM comments c LEFT JOIN users u ON c.author = u.id WHERE c.cid = $id"); + $result = db_query("SELECT c.*, u.userid FROM comments c LEFT JOIN users u ON c.author = u.id WHERE c.cid = '$id'"); $comment = db_fetch_object($result); @@ -42,7 +42,7 @@ function comment_edit($id) { } function comment_save($id, $subject, $comment) { - db_query("UPDATE comments SET subject = '". check_input($subject) ."', comment = '". check_input($comment) ."' WHERE cid = $id"); + db_query("UPDATE comments SET subject = '$subject', comment = '$comment' WHERE cid = '$id'"); watchdog("message", "comment: modified '$subject'"); } @@ -96,11 +96,11 @@ function comment_admin() { comment_search(); break; case "Save comment": - comment_save($id, $subject, $comment); + comment_save(check_input($id), check_input($subject), check_input($comment)); comment_display(); break; case "Update": - comment_display($order); + comment_display(check_input($order)); break; default: comment_display(); diff --git a/modules/diary.module b/modules/diary.module index bc8db22f0..605a3dd09 100644 --- a/modules/diary.module +++ b/modules/diary.module @@ -14,7 +14,7 @@ include_once "includes/common.inc"; function diary_find($keys) { global $user; $find = array(); - $result = db_query("SELECT d.*, u.userid FROM diaries d LEFT JOIN users u ON d.author = u.id WHERE d.text LIKE '%". check_input($keys) ."%' ORDER BY d.timestamp DESC LIMIT 20"); + $result = db_query("SELECT d.*, u.userid FROM diaries d LEFT JOIN users u ON d.author = u.id WHERE d.text LIKE '%$keys%' ORDER BY d.timestamp DESC LIMIT 20"); while ($diary = db_fetch_object($result)) { array_push($find, array("subject" => "$diary->userid's diary", "link" => (user_access($user, "diary") ? "admin.php?mod=diary&op=edit&id=$diary->id" : "module.php?mod=diary&op=view&name=$diary->userid"), "user" => $diary->userid, "date" => $diary->timestamp)); } @@ -168,11 +168,11 @@ function diary_page_submit($text, $id = 0) { if ($id) { watchdog("message", "diary: old diary entry updated"); - db_query("UPDATE diaries SET text = '". check_input($text) ."' WHERE id = $id"); + db_query("UPDATE diaries SET text = '$text' WHERE id = '$id'"); } else { watchdog("diary", "diary: new diary entry added"); - db_query("INSERT INTO diaries (author, text, timestamp) VALUES ('$user->id', '". check_input($text) ."', '". time() ."')"); + db_query("INSERT INTO diaries (author, text, timestamp) VALUES ('$user->id', '$text', '". time() ."')"); } header("Location: module.php?mod=diary&op=view&name=$user->userid"); @@ -192,22 +192,22 @@ function diary_page() { diary_page_add(); break; case "delete": - diary_page_delete($id); - diary_page_display($name); + diary_page_delete(check_input($id)); + diary_page_display(check_input($name)); break; case "edit": - diary_page_edit($id); + diary_page_edit(check_input($id)); break; case "view": - diary_page_display($name); + diary_page_display(check_input($name)); break; case "Preview diary entry": - if ($id) diary_page_preview($text, $timestamp, $id); - else diary_page_preview($text, time()); + if ($id) diary_page_preview(check_input($text), check_input($timestamp), check_input($id)); + else diary_page_preview(check_input($text), time()); break; case "Submit diary entry": - if ($id) diary_page_submit($text, $id); - else diary_page_submit($text); + if ($id) diary_page_submit(check_input($text), check_input($id)); + else diary_page_submit(check_input($text)); break; default: diary_page_overview(); @@ -259,7 +259,7 @@ function diary_block() { } function diary_admin_edit($id) { - $result = db_query("SELECT d.*, u.userid FROM diaries d LEFT JOIN users u ON d.author = u.id WHERE d.id = $id"); + $result = db_query("SELECT d.*, u.userid FROM diaries d LEFT JOIN users u ON d.author = u.id WHERE d.id = '$id'"); $diary = db_fetch_object($result); @@ -284,7 +284,7 @@ function diary_admin_edit($id) { } function diary_admin_save($id, $text) { - db_query("UPDATE diaries SET text = '". check_input($text) ."' WHERE id = $id"); + db_query("UPDATE diaries SET text = '$text' WHERE id = $id"); watchdog("message", "diary: modified entry #$id."); } @@ -338,11 +338,11 @@ function diary_admin() { switch ($op) { case "delete": - diary_admin_delete($id); + diary_admin_delete(check_input($id)); diary_admin_display(); break; case "edit": - diary_admin_edit($id); + diary_admin_edit(check_input($id)); break; case "help": diary_help(); @@ -351,11 +351,11 @@ function diary_admin() { diary_search(); break; case "Save diary entry": - diary_admin_save($id, $text); + diary_admin_save(check_input($id), check_input($text)); diary_admin_display(); break; case "Update": - diary_admin_display($order); + diary_admin_display(check_input($order)); break; default: diary_admin_display(); diff --git a/modules/faq.module b/modules/faq.module index 63a40addc..283b8e563 100644 --- a/modules/faq.module +++ b/modules/faq.module @@ -106,18 +106,18 @@ function faq_admin() { faq_add(); break; case "delete": - faq_delete($id); + faq_delete(check_input($id)); faq_display(); break; case "edit": - faq_edit($id); + faq_edit(check_input($id)); break; case "Add FAQ": faq_add_save($edit); faq_display(); break; case "Save FAQ": - faq_edit_save($id, $edit); + faq_edit_save(check_input($id), $edit); // fall through: default: faq_display(); diff --git a/modules/locale.module b/modules/locale.module index 464b3bc41..c96d9a0dc 100644 --- a/modules/locale.module +++ b/modules/locale.module @@ -84,17 +84,17 @@ function locale_admin() { switch ($op) { case "delete": - locale_delete($id); + locale_delete(check_input($id)); locale_display(); break; case "help": locale_help(); break; case "edit": - locale_edit($id); + locale_edit(check_input($id)); break; case "Save translations": - locale_save($id, $edit); + locale_save(check_input($id), $edit); // fall through default: locale_display(); diff --git a/modules/locale/locale.module b/modules/locale/locale.module index 464b3bc41..c96d9a0dc 100644 --- a/modules/locale/locale.module +++ b/modules/locale/locale.module @@ -84,17 +84,17 @@ function locale_admin() { switch ($op) { case "delete": - locale_delete($id); + locale_delete(check_input($id)); locale_display(); break; case "help": locale_help(); break; case "edit": - locale_edit($id); + locale_edit(check_input($id)); break; case "Save translations": - locale_save($id, $edit); + locale_save(check_input($id), $edit); // fall through default: locale_display(); diff --git a/modules/rating.module b/modules/rating.module index 90d84a93f..4ea588c3b 100644 --- a/modules/rating.module +++ b/modules/rating.module @@ -14,12 +14,12 @@ function rating_cron() { while ($rating = db_fetch_object($r1)) { unset($bonus); unset($votes); unset($score); unset($value); unset($weight); - $r2 = db_query("SELECT COUNT(id) AS number FROM stories WHERE author = $rating->id AND (". time() ." - timestamp < $period) AND status = 2"); + $r2 = db_query("SELECT COUNT(id) AS number FROM stories WHERE author = '$rating->id' AND (". time() ." - timestamp < $period) AND status = 2"); if ($story = db_fetch_object($r2)) { $bonus = $story->number; } - $r3 = db_query("SELECT score, votes FROM comments WHERE author = $rating->id AND (". time() ." - timestamp < $period) ORDER BY timestamp LIMIT $number"); + $r3 = db_query("SELECT score, votes FROM comments WHERE author = '$rating->id' AND (". time() ." - timestamp < $period) ORDER BY timestamp LIMIT $number"); while ($comment = db_fetch_object($r3)) { $weight++; $score += $weight * $comment->score; @@ -28,7 +28,7 @@ function rating_cron() { if ($weight >= $offset && $votes > 0) { $value = ($score + $weight) / $votes + $bonus; - db_query("UPDATE users SET rating = '$value' WHERE id = $rating->id"); + db_query("UPDATE users SET rating = '$value' WHERE id = '$rating->id'"); } } diff --git a/modules/section.module b/modules/section.module index af07100f5..42ad6e4d5 100644 --- a/modules/section.module +++ b/modules/section.module @@ -102,7 +102,7 @@ function section_display() { function section_display_save($edit) { foreach ($edit as $key=>$value) { - db_query("UPDATE sections SET status = '". $value[status] ."', post = '". $value[post] ."', dump = '". $value[dump] ."', timout = '". $value[timout] ."' WHERE name = '$key'"); + db_query("UPDATE sections SET status = '". check_input($value[status]) ."', post = '". check_input($value[post]) ."', dump = '". check_input($value[dump]) ."', timout = '". check_input($value[timout]) ."' WHERE name = '". check_input($key) ."'"); } } @@ -119,7 +119,7 @@ function section_admin() { section_help(); break; case "delete": - section_delete($name); + section_delete(check_input($name)); section_display(); break; case "Add section": diff --git a/modules/story.module b/modules/story.module index 641c1ed3b..4cac81503 100644 --- a/modules/story.module +++ b/modules/story.module @@ -18,7 +18,7 @@ function story_cron() { function story_find($keys) { global $user; $find = array(); - $result = db_query("SELECT s.*, u.userid FROM stories s LEFT JOIN users u ON s.author = u.id WHERE s.status = 2 AND (s.subject LIKE '%". check_input($keys) ."%' OR s.abstract LIKE '%". check_input($keys) ."%' OR s.article LIKE '%". check_input($keys) ."%') ORDER BY s.timestamp DESC LIMIT 20"); + $result = db_query("SELECT s.*, u.userid FROM stories s LEFT JOIN users u ON s.author = u.id WHERE s.status = 2 AND (s.subject LIKE '%". check_input($keys) ."%' OR s.abstract LIKE '%". check_input($keys) ."%' OR s.article LIKE '%$keys%') ORDER BY s.timestamp DESC LIMIT 20"); while ($story = db_fetch_object($result)) { array_push($find, array("subject" => check_output($story->subject), "link" => (user_access($user, "story") ? "admin.php?mod=story&op=edit&id=$story->id" : "story.php?id=$story->id"), "user" => $story->userid, "date" => $story->timestamp)); } @@ -107,7 +107,7 @@ function story_add_save($edit) { function story_edit($id) { global $allowed_html; - $result = db_query("SELECT s.*, u.userid FROM stories s LEFT JOIN users u ON s.author = u.id WHERE s.id = $id"); + $result = db_query("SELECT s.*, u.userid FROM stories s LEFT JOIN users u ON s.author = u.id WHERE s.id = '$id'"); $story = db_fetch_object($result); $output .= "<FORM ACTION=\"admin.php?mod=story&id=$id\" METHOD=\"post\">\n"; @@ -150,7 +150,7 @@ function story_edit($id) { function story_edit_save($id, $edit) { if ($edit[status] == 3 && strtotime($edit[date]) > time()) db_query("UPDATE stories SET subject = '". check_input($edit[subject]) ."', abstract = '". check_input($edit[abstract]) ."', updates = '". check_input($edit[updates]) ."', article = '". check_input($edit[article]) ."', section = '". check_input($edit[section]) ."', status = '$edit[status]', timestamp = '". strtotime($edit[date]) ."' WHERE id = '$id'"); else db_query("UPDATE stories SET subject = '". check_input($edit[subject]) ."', abstract = '". check_input($edit[abstract]) ."', updates = '". check_input($edit[updates]) ."', article = '". check_input($edit[article]) ."', section = '". check_input($edit[section]) ."', status = '$edit[status]' WHERE id = '$id'"); - watchdog("message", "story: modified `$edit[subject]'"); + watchdog("message", "story: modified '$edit[subject]'"); } function story_display() { @@ -199,7 +199,7 @@ function story_admin() { story_add(); break; case "edit": - story_edit($id); + story_edit(check_input($id)); break; case "help": story_help(); @@ -212,7 +212,7 @@ function story_admin() { story_display(); break; case "Save story": - story_edit_save($id, $edit); + story_edit_save(check_input($id), $edit); story_display(); break; default: diff --git a/modules/story/story.module b/modules/story/story.module index 641c1ed3b..4cac81503 100644 --- a/modules/story/story.module +++ b/modules/story/story.module @@ -18,7 +18,7 @@ function story_cron() { function story_find($keys) { global $user; $find = array(); - $result = db_query("SELECT s.*, u.userid FROM stories s LEFT JOIN users u ON s.author = u.id WHERE s.status = 2 AND (s.subject LIKE '%". check_input($keys) ."%' OR s.abstract LIKE '%". check_input($keys) ."%' OR s.article LIKE '%". check_input($keys) ."%') ORDER BY s.timestamp DESC LIMIT 20"); + $result = db_query("SELECT s.*, u.userid FROM stories s LEFT JOIN users u ON s.author = u.id WHERE s.status = 2 AND (s.subject LIKE '%". check_input($keys) ."%' OR s.abstract LIKE '%". check_input($keys) ."%' OR s.article LIKE '%$keys%') ORDER BY s.timestamp DESC LIMIT 20"); while ($story = db_fetch_object($result)) { array_push($find, array("subject" => check_output($story->subject), "link" => (user_access($user, "story") ? "admin.php?mod=story&op=edit&id=$story->id" : "story.php?id=$story->id"), "user" => $story->userid, "date" => $story->timestamp)); } @@ -107,7 +107,7 @@ function story_add_save($edit) { function story_edit($id) { global $allowed_html; - $result = db_query("SELECT s.*, u.userid FROM stories s LEFT JOIN users u ON s.author = u.id WHERE s.id = $id"); + $result = db_query("SELECT s.*, u.userid FROM stories s LEFT JOIN users u ON s.author = u.id WHERE s.id = '$id'"); $story = db_fetch_object($result); $output .= "<FORM ACTION=\"admin.php?mod=story&id=$id\" METHOD=\"post\">\n"; @@ -150,7 +150,7 @@ function story_edit($id) { function story_edit_save($id, $edit) { if ($edit[status] == 3 && strtotime($edit[date]) > time()) db_query("UPDATE stories SET subject = '". check_input($edit[subject]) ."', abstract = '". check_input($edit[abstract]) ."', updates = '". check_input($edit[updates]) ."', article = '". check_input($edit[article]) ."', section = '". check_input($edit[section]) ."', status = '$edit[status]', timestamp = '". strtotime($edit[date]) ."' WHERE id = '$id'"); else db_query("UPDATE stories SET subject = '". check_input($edit[subject]) ."', abstract = '". check_input($edit[abstract]) ."', updates = '". check_input($edit[updates]) ."', article = '". check_input($edit[article]) ."', section = '". check_input($edit[section]) ."', status = '$edit[status]' WHERE id = '$id'"); - watchdog("message", "story: modified `$edit[subject]'"); + watchdog("message", "story: modified '$edit[subject]'"); } function story_display() { @@ -199,7 +199,7 @@ function story_admin() { story_add(); break; case "edit": - story_edit($id); + story_edit(check_input($id)); break; case "help": story_help(); @@ -212,7 +212,7 @@ function story_admin() { story_display(); break; case "Save story": - story_edit_save($id, $edit); + story_edit_save(check_input($id), $edit); story_display(); break; default: diff --git a/modules/submission.module b/modules/submission.module index 32d09afb7..999ed5979 100644 --- a/modules/submission.module +++ b/modules/submission.module @@ -15,7 +15,7 @@ function submission_count() { } function submission_score($id) { - $result = db_query("SELECT score FROM stories WHERE id = $id"); + $result = db_query("SELECT score FROM stories WHERE id = '$id'"); return ($result) ? db_result($result, 0) : 0; } @@ -28,7 +28,7 @@ function submission_vote($id, $vote, $comment) { // Update the comments (if required): if ($comment) { - db_query("INSERT INTO comments (lid, link, author, subject, comment, hostname, timestamp, score) VALUES($id, 'story', $user->id, '". check_input(substr($comment, 0, 29)) ." ...', '". check_input($comment) ."', '". getenv("REMOTE_ADDR") ."', '". time() ."', '1')"); + db_query("INSERT INTO comments (lid, link, author, subject, comment, hostname, timestamp, score) VALUES($id, 'story', $user->id, '". substr($comment, 0, 29) ." ...', '$comment', '". getenv("REMOTE_ADDR") ."', '". time() ."', '1')"); watchdog("comment", "moderation: added comment with subject '$subject'"); } @@ -115,10 +115,10 @@ function submission_page() { switch($op) { case "view": - submission_display_item($id); + submission_display_item(check_input($id)); break; case "Vote"; - submission_vote($id, $vote, $comment); + submission_vote(check_input($id), check_input($vote), check_input($comment)); // fall through default: submission_page_main(); diff --git a/modules/watchdog.module b/modules/watchdog.module index f30ac4864..13908e39d 100644 --- a/modules/watchdog.module +++ b/modules/watchdog.module @@ -53,7 +53,7 @@ function watchdog_display($order = "date") { } function watchdog_view($id) { - $result = db_query("SELECT l.*, u.userid FROM watchdog l LEFT JOIN users u ON l.user = u.id WHERE l.id = $id"); + $result = db_query("SELECT l.*, u.userid FROM watchdog l LEFT JOIN users u ON l.user = u.id WHERE l.id = '$id'"); if ($watchdog = db_fetch_object($result)) { $output .= "<TABLE BORDER=\"1\" CELLPADDING=\"3\" CELLSPACING=\"0\">\n"; @@ -78,10 +78,10 @@ function watchdog_admin() { watchdog_help(); break; case "view": - watchdog_view($id); + watchdog_view(check_input($id)); break; case "Update": - watchdog_display($order); + watchdog_display(check_input($order)); break; default: watchdog_display(); diff --git a/modules/watchdog/watchdog.module b/modules/watchdog/watchdog.module index f30ac4864..13908e39d 100644 --- a/modules/watchdog/watchdog.module +++ b/modules/watchdog/watchdog.module @@ -53,7 +53,7 @@ function watchdog_display($order = "date") { } function watchdog_view($id) { - $result = db_query("SELECT l.*, u.userid FROM watchdog l LEFT JOIN users u ON l.user = u.id WHERE l.id = $id"); + $result = db_query("SELECT l.*, u.userid FROM watchdog l LEFT JOIN users u ON l.user = u.id WHERE l.id = '$id'"); if ($watchdog = db_fetch_object($result)) { $output .= "<TABLE BORDER=\"1\" CELLPADDING=\"3\" CELLSPACING=\"0\">\n"; @@ -78,10 +78,10 @@ function watchdog_admin() { watchdog_help(); break; case "view": - watchdog_view($id); + watchdog_view(check_input($id)); break; case "Update": - watchdog_display($order); + watchdog_display(check_input($order)); break; default: watchdog_display(); diff --git a/search.php b/search.php index 23daad6dc..56118f9d9 100644 --- a/search.php +++ b/search.php @@ -15,7 +15,7 @@ $search .= " <SELECT NAME=\"type\">$options</SELECT>\n"; $search .= " <INPUT TYPE=\"submit\" VALUE=\"". t("Search") ."\">\n"; $search .= "</FORM>\n"; -$output = search_data($keys, $type); +$output = search_data(check_input($keys), check_input($type)); $theme->header(); $theme->box(t("Search"), $search); @@ -6,7 +6,7 @@ include_once "includes/story.inc"; function story_render($id, $cid) { global $theme, $user; - $story = db_fetch_object(db_query("SELECT s.*, u.userid FROM stories s LEFT JOIN users u ON s.author = u.id WHERE s.id = $id")); + $story = db_fetch_object(db_query("SELECT s.*, u.userid FROM stories s LEFT JOIN users u ON s.author = u.id WHERE s.id = '$id'")); if (story_visible($story)) { $theme->article($story, "[ <A HREF=\"story.php?op=reply&id=$id&pid=0\">". t("reply to this story") ."</A> ]"); @@ -20,40 +20,40 @@ function story_render($id, $cid) { switch($op) { case t("Preview comment"): $theme->header(); - comment_preview($pid, $id, $subject, $comment); + comment_preview(check_input($pid), check_input($id), check_input($subject), check_input($comment)); $theme->footer(); break; case t("Post comment"): - comment_post($pid, $id, $subject, $comment); + comment_post(check_input($pid), check_input($id), check_input($subject), check_input($comment)); $theme->header(); - story_render($id, $cid); + story_render(check_input($id), check_input($cid)); $theme->footer(); break; case t("Add comment"): $theme->header(); - comment_reply($cid, $id); + comment_reply(check_input($cid), check_input($id)); $theme->footer(); break; case "reply": $theme->header(); - comment_reply($pid, $id); + comment_reply(check_input($pid), check_input($id)); $theme->footer(); break; case t("Update settings"): - comment_settings($mode, $order, $threshold); + comment_settings(check_input($mode), check_input($order), check_input($threshold)); $theme->header(); - story_render($id, $cid); + story_render(check_input($id), check_input($cid)); $theme->footer(); break; case t("Moderate comments"): comment_moderate($moderate); $theme->header(); - story_render($id, $cid); + story_render(check_input($id), check_input($cid)); $theme->footer(); break; default: $theme->header(); - story_render($id, $cid); + story_render(check_input($id), check_input($cid)); $theme->footer(); } diff --git a/submit.php b/submit.php index b4fee5668..7e2663f2b 100644 --- a/submit.php +++ b/submit.php @@ -99,7 +99,7 @@ function submit_submit($subject, $abstract, $article, $section) { watchdog("story", "story: added '$subject'"); // Add submission to SQL table: - db_query("INSERT INTO stories (author, subject, abstract, article, section, timestamp) VALUES ('$user->id', '". check_input($subject) ."', '". check_input($abstract) ."', '". check_input($article) ."', '". check_input($section) ."', '". time() ."')"); + db_query("INSERT INTO stories (author, subject, abstract, article, section, timestamp) VALUES ('$user->id', '$subject', '$abstract', '$article', '$section', '". time() ."')"); // Display confirmation message: $theme->header(); @@ -109,10 +109,10 @@ function submit_submit($subject, $abstract, $article, $section) { switch($op) { case t("Preview submission"): - submit_preview($subject, $abstract, $article, $section); + submit_preview(check_input($subject), check_input($abstract), check_input($article), check_input($section)); break; case t("Submit submission"): - submit_submit($subject, $abstract, $article, $section); + submit_submit(check_input($subject), check_input($abstract), check_input($article), check_input($section)); break; default: submit_enter(); |