diff options
| author | Dries Buytaert <dries@buytaert.net> | 2001-03-07 21:29:40 +0000 |
|---|---|---|
| committer | Dries Buytaert <dries@buytaert.net> | 2001-03-07 21:29:40 +0000 |
| commit | f516626a293edd613cb823db88e36dcf7e1fb8f4 (patch) | |
| tree | ba3dd7432d4d13783e34fbc50a4d4308a142309b /modules/comment/comment.module | |
| parent | 2b2e81f6cfce285f466c3c74cb25ad30c581d2cf (diff) | |
| download | brdo-f516626a293edd613cb823db88e36dcf7e1fb8f4.tar.gz brdo-f516626a293edd613cb823db88e36dcf7e1fb8f4.tar.bz2 | |
A rather large and important update:
revised most of the SQL queries and tried to make drupal as secure as possible (while trying to avoid redundant/duplicate checks). For drupal's sake, try to screw something up. See the mail about PHPNuke being hacked appr. 6 days ago. The one who finds a problem is rewarded a beer (and I'm willing to ship it to Norway if required). I beg you to be evil. Try dumping a table a la "http://localhost/index.php?date=77778;DROP TABLE users" or something. ;)
Diffstat (limited to 'modules/comment/comment.module')
| -rw-r--r-- | modules/comment/comment.module | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/modules/comment/comment.module b/modules/comment/comment.module index 6038d5ed2..83a62df9e 100644 --- a/modules/comment/comment.module +++ b/modules/comment/comment.module @@ -6,7 +6,7 @@ $module = array("find" => "comment_find", function comment_find($keys) { global $user; $find = array(); - $result = db_query("SELECT c.*, u.userid FROM comments c LEFT JOIN users u ON c.author = u.id WHERE c.subject LIKE '%". check_input($keys) ."%' OR c.comment LIKE '%". check_input($keys) ."%' ORDER BY c.timestamp DESC LIMIT 20"); + $result = db_query("SELECT c.*, u.userid FROM comments c LEFT JOIN users u ON c.author = u.id WHERE c.subject LIKE '%$keys%' OR c.comment LIKE '%$keys%' ORDER BY c.timestamp DESC LIMIT 20"); while ($comment = db_fetch_object($result)) { array_push($find, array("subject" => check_output($comment->subject), "link" => (user_access($user, "comment") ? "admin.php?mod=comment&op=edit&id=$comment->cid" : "story.php?id=$comment->lid&cid=$comment->cid"), "user" => $story->userid, "date" => $comment->timestamp)); } @@ -20,7 +20,7 @@ function comment_search() { } function comment_edit($id) { - $result = db_query("SELECT c.*, u.userid FROM comments c LEFT JOIN users u ON c.author = u.id WHERE c.cid = $id"); + $result = db_query("SELECT c.*, u.userid FROM comments c LEFT JOIN users u ON c.author = u.id WHERE c.cid = '$id'"); $comment = db_fetch_object($result); @@ -42,7 +42,7 @@ function comment_edit($id) { } function comment_save($id, $subject, $comment) { - db_query("UPDATE comments SET subject = '". check_input($subject) ."', comment = '". check_input($comment) ."' WHERE cid = $id"); + db_query("UPDATE comments SET subject = '$subject', comment = '$comment' WHERE cid = '$id'"); watchdog("message", "comment: modified '$subject'"); } @@ -96,11 +96,11 @@ function comment_admin() { comment_search(); break; case "Save comment": - comment_save($id, $subject, $comment); + comment_save(check_input($id), check_input($subject), check_input($comment)); comment_display(); break; case "Update": - comment_display($order); + comment_display(check_input($order)); break; default: comment_display(); |