diff options
| author | Dries Buytaert <dries@buytaert.net> | 2001-03-07 21:29:40 +0000 |
|---|---|---|
| committer | Dries Buytaert <dries@buytaert.net> | 2001-03-07 21:29:40 +0000 |
| commit | f516626a293edd613cb823db88e36dcf7e1fb8f4 (patch) | |
| tree | ba3dd7432d4d13783e34fbc50a4d4308a142309b /modules/account.module | |
| parent | 2b2e81f6cfce285f466c3c74cb25ad30c581d2cf (diff) | |
| download | brdo-f516626a293edd613cb823db88e36dcf7e1fb8f4.tar.gz brdo-f516626a293edd613cb823db88e36dcf7e1fb8f4.tar.bz2 | |
A rather large and important update:
revised most of the SQL queries and tried to make drupal as secure as possible (while trying to avoid redundant/duplicate checks). For drupal's sake, try to screw something up. See the mail about PHPNuke being hacked appr. 6 days ago. The one who finds a problem is rewarded a beer (and I'm willing to ship it to Norway if required). I beg you to be evil. Try dumping a table a la "http://localhost/index.php?date=77778;DROP TABLE users" or something. ;)
Diffstat (limited to 'modules/account.module')
| -rw-r--r-- | modules/account.module | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/modules/account.module b/modules/account.module index 9a67a897f..9d428ee4f 100644 --- a/modules/account.module +++ b/modules/account.module @@ -15,7 +15,7 @@ function account_help() { function account_find($keys) { global $user; $find = array(); - $result = db_query("SELECT * FROM users WHERE userid LIKE '%". check_input($keys) ."%' LIMIT 20"); + $result = db_query("SELECT * FROM users WHERE userid LIKE '%$keys%' LIMIT 20"); while ($account = db_fetch_object($result)) { array_push($find, array("subject" => $account->userid, "link" => (user_access($user, "account") ? "admin.php?mod=account&op=view&name=$account->userid" : "account.php?op=view&name=$account->userid"), "user" => $account->userid)); } @@ -51,7 +51,7 @@ function account_access($account) { } function account_blocks($id) { - $result = db_query("SELECT * FROM layout WHERE user = $id"); + $result = db_query("SELECT * FROM layout WHERE user = '$id'"); while ($layout = db_fetch_object($result)) { $output .= "<LI>$layout->block</LI>\n"; } @@ -67,7 +67,7 @@ function account_stories($id) { } function account_comments($id) { - $result = db_query("SELECT * FROM comments WHERE link = 'story' AND author = $id ORDER BY timestamp DESC"); + $result = db_query("SELECT * FROM comments WHERE link = 'story' AND author = '$id' ORDER BY timestamp DESC"); while ($comment = db_fetch_object($result)) { $output .= "<LI><A HREF=\"story.php?id=$comment->lid&cid=$comment->cid&pid=$comment->pid#$comment->cid\">$comment->subject</A></LI>\n"; } @@ -77,7 +77,7 @@ function account_comments($id) { function account_delete($name) { $result = db_query("SELECT * FROM users WHERE userid = '$name' AND status = 0 AND id > 1"); if ($account = db_fetch_object($result)) { - db_query("DELETE FROM users WHERE id = $account->id"); + db_query("DELETE FROM users WHERE id = '$account->id'"); } else { print "<P>Failed to delete account '". format_username($name) ."': the account must be blocked first.</P>"; @@ -170,12 +170,12 @@ function account_admin() { switch ($op) { case "Delete account": case "delete": - account_delete($name); + account_delete(check_input($name)); account_display(); break; case "Edit account": case "edit": - account_edit($name); + account_edit(check_input($name)); break; case "help": account_help(); @@ -188,8 +188,8 @@ function account_admin() { account_view($name); break; case "Save account": - account_edit_save($name, $edit); - account_view($name); + account_edit_save(check_input($name), $edit); + account_view(check_input($name)); break; default: account_display(); |