A rather large and important update:

revised most of the SQL queries and tried to make drupal as secure as possible (while trying to avoid redundant/duplicate checks). For drupal's sake, try to screw something up. See the mail about PHPNuke being hacked appr. 6 days ago. The one who finds a problem is rewarded a beer (and I'm willing to ship it to Norway if required). I beg you to be evil. Try dumping a table a la "http://localhost/index.php?date=77778;DROP TABLE users" or something. ;)
author: Dries Buytaert <dries@buytaert.net> 2001-03-07 21:29:40 +0000
committer: Dries Buytaert <dries@buytaert.net> 2001-03-07 21:29:40 +0000
commit: f516626a293edd613cb823db88e36dcf7e1fb8f4 (patch)
tree: ba3dd7432d4d13783e34fbc50a4d4308a142309b /modules/diary.module
parent: 2b2e81f6cfce285f466c3c74cb25ad30c581d2cf (diff)
download: brdo-f516626a293edd613cb823db88e36dcf7e1fb8f4.tar.gz
brdo-f516626a293edd613cb823db88e36dcf7e1fb8f4.tar.bz2
1 files changed, 17 insertions, 17 deletions
diff --git a/modules/diary.module b/modules/diary.module
index bc8db22f0..605a3dd09 100644
--- a/modules/diary.module
+++ b/modules/diary.module
@@ -14,7 +14,7 @@ include_once "includes/common.inc";
 function diary_find($keys) {
   global $user;
   $find = array();
-  $result = db_query("SELECT d.*, u.userid FROM diaries d LEFT JOIN users u ON d.author = u.id WHERE d.text LIKE '%". check_input($keys) ."%' ORDER BY d.timestamp DESC LIMIT 20");
+  $result = db_query("SELECT d.*, u.userid FROM diaries d LEFT JOIN users u ON d.author = u.id WHERE d.text LIKE '%$keys%' ORDER BY d.timestamp DESC LIMIT 20");
   while ($diary = db_fetch_object($result)) {
     array_push($find, array("subject" => "$diary->userid's diary", "link" => (user_access($user, "diary") ? "admin.php?mod=diary&op=edit&id=$diary->id" : "module.php?mod=diary&op=view&name=$diary->userid"), "user" => $diary->userid, "date" => $diary->timestamp));
   }
@@ -168,11 +168,11 @@ function diary_page_submit($text, $id = 0) {
 
   if ($id) {
     watchdog("message", "diary: old diary entry updated");
-    db_query("UPDATE diaries SET text =  '". check_input($text) ."' WHERE id = $id");
+    db_query("UPDATE diaries SET text = '$text' WHERE id = '$id'");
   }
   else {
     watchdog("diary", "diary: new diary entry added");
-    db_query("INSERT INTO diaries (author, text, timestamp) VALUES ('$user->id', '". check_input($text) ."', '". time() ."')");
+    db_query("INSERT INTO diaries (author, text, timestamp) VALUES ('$user->id', '$text', '". time() ."')");
   }
 
   header("Location: module.php?mod=diary&op=view&name=$user->userid");
@@ -192,22 +192,22 @@ function diary_page() {
       diary_page_add();
       break;
     case "delete":
-      diary_page_delete($id);
-      diary_page_display($name);
+      diary_page_delete(check_input($id));
+      diary_page_display(check_input($name));
       break;
    case "edit":
-      diary_page_edit($id);
+      diary_page_edit(check_input($id));
       break;
     case "view":
-      diary_page_display($name);
+      diary_page_display(check_input($name));
       break;
     case "Preview diary entry":
-      if ($id) diary_page_preview($text, $timestamp, $id);
-      else diary_page_preview($text, time());
+      if ($id) diary_page_preview(check_input($text), check_input($timestamp), check_input($id));
+      else diary_page_preview(check_input($text), time());
       break;
     case "Submit diary entry":
-      if ($id) diary_page_submit($text, $id);
-      else diary_page_submit($text);
+      if ($id) diary_page_submit(check_input($text), check_input($id));
+      else diary_page_submit(check_input($text));
       break;
     default:
       diary_page_overview();
@@ -259,7 +259,7 @@ function diary_block() {
 }
 
 function diary_admin_edit($id) {
-  $result = db_query("SELECT d.*, u.userid FROM diaries d LEFT JOIN users u ON d.author = u.id WHERE d.id = $id");
+  $result = db_query("SELECT d.*, u.userid FROM diaries d LEFT JOIN users u ON d.author = u.id WHERE d.id = '$id'");
 
   $diary = db_fetch_object($result);
 
@@ -284,7 +284,7 @@ function diary_admin_edit($id) {
 }
 
 function diary_admin_save($id, $text) {
-  db_query("UPDATE diaries SET text = '". check_input($text) ."' WHERE id = $id");
+  db_query("UPDATE diaries SET text = '$text' WHERE id = $id");
   watchdog("message", "diary: modified entry #$id.");
 }
 
@@ -338,11 +338,11 @@ function diary_admin() {
 
   switch ($op) {
     case "delete":
-      diary_admin_delete($id);
+      diary_admin_delete(check_input($id));
       diary_admin_display();
       break;
     case "edit":
-      diary_admin_edit($id);
+      diary_admin_edit(check_input($id));
       break;
     case "help":
       diary_help();
@@ -351,11 +351,11 @@ function diary_admin() {
       diary_search();
       break;
     case "Save diary entry":
-      diary_admin_save($id, $text);
+      diary_admin_save(check_input($id), check_input($text));
       diary_admin_display();
       break;
     case "Update":
-      diary_admin_display($order);
+      diary_admin_display(check_input($order));
       break;
     default:
       diary_admin_display();
author	Dries Buytaert <dries@buytaert.net>	2001-03-07 21:29:40 +0000
committer	Dries Buytaert <dries@buytaert.net>	2001-03-07 21:29:40 +0000
commit	f516626a293edd613cb823db88e36dcf7e1fb8f4 (patch)
tree	ba3dd7432d4d13783e34fbc50a4d4308a142309b /modules/diary.module
parent	2b2e81f6cfce285f466c3c74cb25ad30c581d2cf (diff)
download	brdo-f516626a293edd613cb823db88e36dcf7e1fb8f4.tar.gz brdo-f516626a293edd613cb823db88e36dcf7e1fb8f4.tar.bz2