diff options
| author | Dries Buytaert <dries@buytaert.net> | 2001-03-07 21:29:40 +0000 |
|---|---|---|
| committer | Dries Buytaert <dries@buytaert.net> | 2001-03-07 21:29:40 +0000 |
| commit | f516626a293edd613cb823db88e36dcf7e1fb8f4 (patch) | |
| tree | ba3dd7432d4d13783e34fbc50a4d4308a142309b /modules | |
| parent | 2b2e81f6cfce285f466c3c74cb25ad30c581d2cf (diff) | |
| download | brdo-f516626a293edd613cb823db88e36dcf7e1fb8f4.tar.gz brdo-f516626a293edd613cb823db88e36dcf7e1fb8f4.tar.bz2 | |
A rather large and important update:
revised most of the SQL queries and tried to make drupal as secure as possible (while trying to avoid redundant/duplicate checks). For drupal's sake, try to screw something up. See the mail about PHPNuke being hacked appr. 6 days ago. The one who finds a problem is rewarded a beer (and I'm willing to ship it to Norway if required). I beg you to be evil. Try dumping a table a la "http://localhost/index.php?date=77778;DROP TABLE users" or something. ;)
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/account.module | 16 | ||||
| -rw-r--r-- | modules/backend.class | 23 | ||||
| -rw-r--r-- | modules/ban.module | 10 | ||||
| -rw-r--r-- | modules/block.module | 2 | ||||
| -rw-r--r-- | modules/block/block.module | 2 | ||||
| -rw-r--r-- | modules/box.module | 12 | ||||
| -rw-r--r-- | modules/comment.module | 10 | ||||
| -rw-r--r-- | modules/comment/comment.module | 10 | ||||
| -rw-r--r-- | modules/diary.module | 34 | ||||
| -rw-r--r-- | modules/faq.module | 6 | ||||
| -rw-r--r-- | modules/locale.module | 6 | ||||
| -rw-r--r-- | modules/locale/locale.module | 6 | ||||
| -rw-r--r-- | modules/rating.module | 6 | ||||
| -rw-r--r-- | modules/section.module | 4 | ||||
| -rw-r--r-- | modules/story.module | 10 | ||||
| -rw-r--r-- | modules/story/story.module | 10 | ||||
| -rw-r--r-- | modules/submission.module | 8 | ||||
| -rw-r--r-- | modules/watchdog.module | 6 | ||||
| -rw-r--r-- | modules/watchdog/watchdog.module | 6 |
19 files changed, 89 insertions, 98 deletions
diff --git a/modules/account.module b/modules/account.module index 9a67a897f..9d428ee4f 100644 --- a/modules/account.module +++ b/modules/account.module @@ -15,7 +15,7 @@ function account_help() { function account_find($keys) { global $user; $find = array(); - $result = db_query("SELECT * FROM users WHERE userid LIKE '%". check_input($keys) ."%' LIMIT 20"); + $result = db_query("SELECT * FROM users WHERE userid LIKE '%$keys%' LIMIT 20"); while ($account = db_fetch_object($result)) { array_push($find, array("subject" => $account->userid, "link" => (user_access($user, "account") ? "admin.php?mod=account&op=view&name=$account->userid" : "account.php?op=view&name=$account->userid"), "user" => $account->userid)); } @@ -51,7 +51,7 @@ function account_access($account) { } function account_blocks($id) { - $result = db_query("SELECT * FROM layout WHERE user = $id"); + $result = db_query("SELECT * FROM layout WHERE user = '$id'"); while ($layout = db_fetch_object($result)) { $output .= "<LI>$layout->block</LI>\n"; } @@ -67,7 +67,7 @@ function account_stories($id) { } function account_comments($id) { - $result = db_query("SELECT * FROM comments WHERE link = 'story' AND author = $id ORDER BY timestamp DESC"); + $result = db_query("SELECT * FROM comments WHERE link = 'story' AND author = '$id' ORDER BY timestamp DESC"); while ($comment = db_fetch_object($result)) { $output .= "<LI><A HREF=\"story.php?id=$comment->lid&cid=$comment->cid&pid=$comment->pid#$comment->cid\">$comment->subject</A></LI>\n"; } @@ -77,7 +77,7 @@ function account_comments($id) { function account_delete($name) { $result = db_query("SELECT * FROM users WHERE userid = '$name' AND status = 0 AND id > 1"); if ($account = db_fetch_object($result)) { - db_query("DELETE FROM users WHERE id = $account->id"); + db_query("DELETE FROM users WHERE id = '$account->id'"); } else { print "<P>Failed to delete account '". format_username($name) ."': the account must be blocked first.</P>"; @@ -170,12 +170,12 @@ function account_admin() { switch ($op) { case "Delete account": case "delete": - account_delete($name); + account_delete(check_input($name)); account_display(); break; case "Edit account": case "edit": - account_edit($name); + account_edit(check_input($name)); break; case "help": account_help(); @@ -188,8 +188,8 @@ function account_admin() { account_view($name); break; case "Save account": - account_edit_save($name, $edit); - account_view($name); + account_edit_save(check_input($name), $edit); + account_view(check_input($name)); break; default: account_display(); diff --git a/modules/backend.class b/modules/backend.class index 593b6904f..679c149a6 100644 --- a/modules/backend.class +++ b/modules/backend.class @@ -32,7 +32,7 @@ class backend { if (time() - $this->timestamp > $timout) $this->url2sql(); // Read headlines: - $result = db_query("SELECT * FROM headlines WHERE id = $this->id ORDER BY number"); + $result = db_query("SELECT * FROM headlines WHERE id = '$this->id' ORDER BY number"); while ($headline = db_fetch_object($result)) { array_push($this->headlines, "<A HREF=\"$headline->link\">$headline->title</A>"); } @@ -91,7 +91,7 @@ class backend { } // Mark channels as being updated: - $result = db_query("UPDATE channel SET timestamp = '". time() ."' WHERE id = $this->id"); + $result = db_query("UPDATE channel SET timestamp = '". time() ."' WHERE id = '$this->id'"); $this->timestamp = time(); } else { @@ -113,7 +113,7 @@ class backend { if (time() - $this->timestamp > $timout) $this->url2sql(); // Grab headlines from database: - $result = db_query("SELECT * FROM headlines WHERE id = $this->id ORDER BY number"); + $result = db_query("SELECT * FROM headlines WHERE id = '$this->id' ORDER BY number"); while ($headline = db_fetch_object($result)) { $content .= "<LI><A HREF=\"$headline->link\">$headline->title</A></LI>"; } @@ -133,27 +133,18 @@ class backend { function delete() { // Delete channel: - $result = db_query("DELETE FROM channel WHERE id = $this->id"); + $result = db_query("DELETE FROM channel WHERE id = '$this->id'"); // Delete headlines: - $result = db_query("DELETE FROM headlines WHERE id = $this->id"); + $result = db_query("DELETE FROM headlines WHERE id = '$this->id'"); } function refresh() { // Delete headlines: - $result = db_query("DELETE FROM headlines WHERE id = $this->id"); + $result = db_query("DELETE FROM headlines WHERE id = '$this->id'"); // Mark channel as invalid to enforce an update: - $result = db_query("UPDATE channel SET timestamp = 1 WHERE id = $this->id"); - } - - function dump() { - print "<B>Dump backend:</B><BR>"; - print "Id: $this->id<BR>"; - print "Site: $this->site<BR>"; - print "URL: $this->url<BR>"; - print "File: $this->file<BR>"; - print "Contact: $this->contact<BR>"; + $result = db_query("UPDATE channel SET timestamp = 1 WHERE id = '$this->id'"); } } diff --git a/modules/ban.module b/modules/ban.module index a6586ab4d..9e734b722 100644 --- a/modules/ban.module +++ b/modules/ban.module @@ -118,11 +118,11 @@ function ban_admin() { switch ($op) { case "Add ban": - ban_admin_new($mask, $category, $reason); - ban_display($category); + ban_admin_new(check_input($mask), check_input($category), check_input($reason)); + ban_display(check_input($category)); break; case "Check ban": - ban_check($mask, $category); + ban_check(check_input($mask), check_input($category)); break; case "add": ban_admin_add(); @@ -134,9 +134,9 @@ function ban_admin() { ban_admin_check(); break; case "delete": - ban_delete($id); + ban_delete(check_input($id)); default: - ban_display($category); + ban_display(check_input($category)); } } diff --git a/modules/block.module b/modules/block.module index 2d112c0be..3629ebb65 100644 --- a/modules/block.module +++ b/modules/block.module @@ -35,7 +35,7 @@ function block_page() { function block_admin_save($edit) { foreach ($edit as $key=>$value) { - db_query("UPDATE blocks SET region = '$value[region]', status = '$value[status]', weight = '$value[weight]' WHERE name = '$key'"); + db_query("UPDATE blocks SET region = '". check_input($value[region]) ."', status = '". check_input($value[status]) ."', weight = '". check_input($value[weight]) ."' WHERE name = '". check_input($key) ."'"); } } diff --git a/modules/block/block.module b/modules/block/block.module index 2d112c0be..3629ebb65 100644 --- a/modules/block/block.module +++ b/modules/block/block.module @@ -35,7 +35,7 @@ function block_page() { function block_admin_save($edit) { foreach ($edit as $key=>$value) { - db_query("UPDATE blocks SET region = '$value[region]', status = '$value[status]', weight = '$value[weight]' WHERE name = '$key'"); + db_query("UPDATE blocks SET region = '". check_input($value[region]) ."', status = '". check_input($value[status]) ."', weight = '". check_input($value[weight]) ."' WHERE name = '". check_input($key) ."'"); } } diff --git a/modules/box.module b/modules/box.module index 54d2e0b1c..af00a5766 100644 --- a/modules/box.module +++ b/modules/box.module @@ -89,7 +89,7 @@ function box_admin_new() { } function box_admin_add($subject, $content, $info, $link, $type) { - db_query("INSERT INTO boxes (subject, content, info, link, type) VALUES ('". check_input($subject) ."', '". check_code($content) ."', '". check_input($info) ."', '". check_input($link) ."', '". check_input($type) ."')"); + db_query("INSERT INTO boxes (subject, content, info, link, type) VALUES ('$subject', '$content', '$info', '$link', '$type')"); } function box_admin_delete($id) { @@ -144,7 +144,7 @@ function box_admin_edit($id) { } function box_admin_save($id, $subject, $content, $info, $link, $type) { - db_query("UPDATE boxes SET subject = '". check_input($subject) ."', content = '". check_code($content) ."', info = '". check_input($info) ."', link = '". check_input($link) ."', type = '". check_input($type) ."' WHERE id = '$id'"); + db_query("UPDATE boxes SET subject = '$subject', content = '$content', info = '$info', link = '$link', type = '$type' WHERE id = '$id'"); watchdog("message", "modified box `$subject'"); } @@ -155,12 +155,12 @@ function box_admin() { switch ($op) { case "Add box": - box_admin_add($subject, $content, $info, $link, $type); + box_admin_add(check_input($subject), check_code($content), check_input($info), check_input($link), check_input($type)); box_admin_display(); box_admin_rehash(); break; case "Save box": - box_admin_save($id, $subject, $content, $info, $link, $type); + box_admin_save(check_input($id), check_input($subject), check_code($content), check_input($info), check_input($link), check_input($type)); box_admin_display(); box_admin_rehash(); break; @@ -171,10 +171,10 @@ function box_admin() { box_admin_new(); break; case "edit": - box_admin_edit($id); + box_admin_edit(check_input($id)); break; case "delete": - box_admin_delete($id); + box_admin_delete(check_input($id)); box_admin_rehash(); // fall through default: diff --git a/modules/comment.module b/modules/comment.module index 6038d5ed2..83a62df9e 100644 --- a/modules/comment.module +++ b/modules/comment.module @@ -6,7 +6,7 @@ $module = array("find" => "comment_find", function comment_find($keys) { global $user; $find = array(); - $result = db_query("SELECT c.*, u.userid FROM comments c LEFT JOIN users u ON c.author = u.id WHERE c.subject LIKE '%". check_input($keys) ."%' OR c.comment LIKE '%". check_input($keys) ."%' ORDER BY c.timestamp DESC LIMIT 20"); + $result = db_query("SELECT c.*, u.userid FROM comments c LEFT JOIN users u ON c.author = u.id WHERE c.subject LIKE '%$keys%' OR c.comment LIKE '%$keys%' ORDER BY c.timestamp DESC LIMIT 20"); while ($comment = db_fetch_object($result)) { array_push($find, array("subject" => check_output($comment->subject), "link" => (user_access($user, "comment") ? "admin.php?mod=comment&op=edit&id=$comment->cid" : "story.php?id=$comment->lid&cid=$comment->cid"), "user" => $story->userid, "date" => $comment->timestamp)); } @@ -20,7 +20,7 @@ function comment_search() { } function comment_edit($id) { - $result = db_query("SELECT c.*, u.userid FROM comments c LEFT JOIN users u ON c.author = u.id WHERE c.cid = $id"); + $result = db_query("SELECT c.*, u.userid FROM comments c LEFT JOIN users u ON c.author = u.id WHERE c.cid = '$id'"); $comment = db_fetch_object($result); @@ -42,7 +42,7 @@ function comment_edit($id) { } function comment_save($id, $subject, $comment) { - db_query("UPDATE comments SET subject = '". check_input($subject) ."', comment = '". check_input($comment) ."' WHERE cid = $id"); + db_query("UPDATE comments SET subject = '$subject', comment = '$comment' WHERE cid = '$id'"); watchdog("message", "comment: modified '$subject'"); } @@ -96,11 +96,11 @@ function comment_admin() { comment_search(); break; case "Save comment": - comment_save($id, $subject, $comment); + comment_save(check_input($id), check_input($subject), check_input($comment)); comment_display(); break; case "Update": - comment_display($order); + comment_display(check_input($order)); break; default: comment_display(); diff --git a/modules/comment/comment.module b/modules/comment/comment.module index 6038d5ed2..83a62df9e 100644 --- a/modules/comment/comment.module +++ b/modules/comment/comment.module @@ -6,7 +6,7 @@ $module = array("find" => "comment_find", function comment_find($keys) { global $user; $find = array(); - $result = db_query("SELECT c.*, u.userid FROM comments c LEFT JOIN users u ON c.author = u.id WHERE c.subject LIKE '%". check_input($keys) ."%' OR c.comment LIKE '%". check_input($keys) ."%' ORDER BY c.timestamp DESC LIMIT 20"); + $result = db_query("SELECT c.*, u.userid FROM comments c LEFT JOIN users u ON c.author = u.id WHERE c.subject LIKE '%$keys%' OR c.comment LIKE '%$keys%' ORDER BY c.timestamp DESC LIMIT 20"); while ($comment = db_fetch_object($result)) { array_push($find, array("subject" => check_output($comment->subject), "link" => (user_access($user, "comment") ? "admin.php?mod=comment&op=edit&id=$comment->cid" : "story.php?id=$comment->lid&cid=$comment->cid"), "user" => $story->userid, "date" => $comment->timestamp)); } @@ -20,7 +20,7 @@ function comment_search() { } function comment_edit($id) { - $result = db_query("SELECT c.*, u.userid FROM comments c LEFT JOIN users u ON c.author = u.id WHERE c.cid = $id"); + $result = db_query("SELECT c.*, u.userid FROM comments c LEFT JOIN users u ON c.author = u.id WHERE c.cid = '$id'"); $comment = db_fetch_object($result); @@ -42,7 +42,7 @@ function comment_edit($id) { } function comment_save($id, $subject, $comment) { - db_query("UPDATE comments SET subject = '". check_input($subject) ."', comment = '". check_input($comment) ."' WHERE cid = $id"); + db_query("UPDATE comments SET subject = '$subject', comment = '$comment' WHERE cid = '$id'"); watchdog("message", "comment: modified '$subject'"); } @@ -96,11 +96,11 @@ function comment_admin() { comment_search(); break; case "Save comment": - comment_save($id, $subject, $comment); + comment_save(check_input($id), check_input($subject), check_input($comment)); comment_display(); break; case "Update": - comment_display($order); + comment_display(check_input($order)); break; default: comment_display(); diff --git a/modules/diary.module b/modules/diary.module index bc8db22f0..605a3dd09 100644 --- a/modules/diary.module +++ b/modules/diary.module @@ -14,7 +14,7 @@ include_once "includes/common.inc"; function diary_find($keys) { global $user; $find = array(); - $result = db_query("SELECT d.*, u.userid FROM diaries d LEFT JOIN users u ON d.author = u.id WHERE d.text LIKE '%". check_input($keys) ."%' ORDER BY d.timestamp DESC LIMIT 20"); + $result = db_query("SELECT d.*, u.userid FROM diaries d LEFT JOIN users u ON d.author = u.id WHERE d.text LIKE '%$keys%' ORDER BY d.timestamp DESC LIMIT 20"); while ($diary = db_fetch_object($result)) { array_push($find, array("subject" => "$diary->userid's diary", "link" => (user_access($user, "diary") ? "admin.php?mod=diary&op=edit&id=$diary->id" : "module.php?mod=diary&op=view&name=$diary->userid"), "user" => $diary->userid, "date" => $diary->timestamp)); } @@ -168,11 +168,11 @@ function diary_page_submit($text, $id = 0) { if ($id) { watchdog("message", "diary: old diary entry updated"); - db_query("UPDATE diaries SET text = '". check_input($text) ."' WHERE id = $id"); + db_query("UPDATE diaries SET text = '$text' WHERE id = '$id'"); } else { watchdog("diary", "diary: new diary entry added"); - db_query("INSERT INTO diaries (author, text, timestamp) VALUES ('$user->id', '". check_input($text) ."', '". time() ."')"); + db_query("INSERT INTO diaries (author, text, timestamp) VALUES ('$user->id', '$text', '". time() ."')"); } header("Location: module.php?mod=diary&op=view&name=$user->userid"); @@ -192,22 +192,22 @@ function diary_page() { diary_page_add(); break; case "delete": - diary_page_delete($id); - diary_page_display($name); + diary_page_delete(check_input($id)); + diary_page_display(check_input($name)); break; case "edit": - diary_page_edit($id); + diary_page_edit(check_input($id)); break; case "view": - diary_page_display($name); + diary_page_display(check_input($name)); break; case "Preview diary entry": - if ($id) diary_page_preview($text, $timestamp, $id); - else diary_page_preview($text, time()); + if ($id) diary_page_preview(check_input($text), check_input($timestamp), check_input($id)); + else diary_page_preview(check_input($text), time()); break; case "Submit diary entry": - if ($id) diary_page_submit($text, $id); - else diary_page_submit($text); + if ($id) diary_page_submit(check_input($text), check_input($id)); + else diary_page_submit(check_input($text)); break; default: diary_page_overview(); @@ -259,7 +259,7 @@ function diary_block() { } function diary_admin_edit($id) { - $result = db_query("SELECT d.*, u.userid FROM diaries d LEFT JOIN users u ON d.author = u.id WHERE d.id = $id"); + $result = db_query("SELECT d.*, u.userid FROM diaries d LEFT JOIN users u ON d.author = u.id WHERE d.id = '$id'"); $diary = db_fetch_object($result); @@ -284,7 +284,7 @@ function diary_admin_edit($id) { } function diary_admin_save($id, $text) { - db_query("UPDATE diaries SET text = '". check_input($text) ."' WHERE id = $id"); + db_query("UPDATE diaries SET text = '$text' WHERE id = $id"); watchdog("message", "diary: modified entry #$id."); } @@ -338,11 +338,11 @@ function diary_admin() { switch ($op) { case "delete": - diary_admin_delete($id); + diary_admin_delete(check_input($id)); diary_admin_display(); break; case "edit": - diary_admin_edit($id); + diary_admin_edit(check_input($id)); break; case "help": diary_help(); @@ -351,11 +351,11 @@ function diary_admin() { diary_search(); break; case "Save diary entry": - diary_admin_save($id, $text); + diary_admin_save(check_input($id), check_input($text)); diary_admin_display(); break; case "Update": - diary_admin_display($order); + diary_admin_display(check_input($order)); break; default: diary_admin_display(); diff --git a/modules/faq.module b/modules/faq.module index 63a40addc..283b8e563 100644 --- a/modules/faq.module +++ b/modules/faq.module @@ -106,18 +106,18 @@ function faq_admin() { faq_add(); break; case "delete": - faq_delete($id); + faq_delete(check_input($id)); faq_display(); break; case "edit": - faq_edit($id); + faq_edit(check_input($id)); break; case "Add FAQ": faq_add_save($edit); faq_display(); break; case "Save FAQ": - faq_edit_save($id, $edit); + faq_edit_save(check_input($id), $edit); // fall through: default: faq_display(); diff --git a/modules/locale.module b/modules/locale.module index 464b3bc41..c96d9a0dc 100644 --- a/modules/locale.module +++ b/modules/locale.module @@ -84,17 +84,17 @@ function locale_admin() { switch ($op) { case "delete": - locale_delete($id); + locale_delete(check_input($id)); locale_display(); break; case "help": locale_help(); break; case "edit": - locale_edit($id); + locale_edit(check_input($id)); break; case "Save translations": - locale_save($id, $edit); + locale_save(check_input($id), $edit); // fall through default: locale_display(); diff --git a/modules/locale/locale.module b/modules/locale/locale.module index 464b3bc41..c96d9a0dc 100644 --- a/modules/locale/locale.module +++ b/modules/locale/locale.module @@ -84,17 +84,17 @@ function locale_admin() { switch ($op) { case "delete": - locale_delete($id); + locale_delete(check_input($id)); locale_display(); break; case "help": locale_help(); break; case "edit": - locale_edit($id); + locale_edit(check_input($id)); break; case "Save translations": - locale_save($id, $edit); + locale_save(check_input($id), $edit); // fall through default: locale_display(); diff --git a/modules/rating.module b/modules/rating.module index 90d84a93f..4ea588c3b 100644 --- a/modules/rating.module +++ b/modules/rating.module @@ -14,12 +14,12 @@ function rating_cron() { while ($rating = db_fetch_object($r1)) { unset($bonus); unset($votes); unset($score); unset($value); unset($weight); - $r2 = db_query("SELECT COUNT(id) AS number FROM stories WHERE author = $rating->id AND (". time() ." - timestamp < $period) AND status = 2"); + $r2 = db_query("SELECT COUNT(id) AS number FROM stories WHERE author = '$rating->id' AND (". time() ." - timestamp < $period) AND status = 2"); if ($story = db_fetch_object($r2)) { $bonus = $story->number; } - $r3 = db_query("SELECT score, votes FROM comments WHERE author = $rating->id AND (". time() ." - timestamp < $period) ORDER BY timestamp LIMIT $number"); + $r3 = db_query("SELECT score, votes FROM comments WHERE author = '$rating->id' AND (". time() ." - timestamp < $period) ORDER BY timestamp LIMIT $number"); while ($comment = db_fetch_object($r3)) { $weight++; $score += $weight * $comment->score; @@ -28,7 +28,7 @@ function rating_cron() { if ($weight >= $offset && $votes > 0) { $value = ($score + $weight) / $votes + $bonus; - db_query("UPDATE users SET rating = '$value' WHERE id = $rating->id"); + db_query("UPDATE users SET rating = '$value' WHERE id = '$rating->id'"); } } diff --git a/modules/section.module b/modules/section.module index af07100f5..42ad6e4d5 100644 --- a/modules/section.module +++ b/modules/section.module @@ -102,7 +102,7 @@ function section_display() { function section_display_save($edit) { foreach ($edit as $key=>$value) { - db_query("UPDATE sections SET status = '". $value[status] ."', post = '". $value[post] ."', dump = '". $value[dump] ."', timout = '". $value[timout] ."' WHERE name = '$key'"); + db_query("UPDATE sections SET status = '". check_input($value[status]) ."', post = '". check_input($value[post]) ."', dump = '". check_input($value[dump]) ."', timout = '". check_input($value[timout]) ."' WHERE name = '". check_input($key) ."'"); } } @@ -119,7 +119,7 @@ function section_admin() { section_help(); break; case "delete": - section_delete($name); + section_delete(check_input($name)); section_display(); break; case "Add section": diff --git a/modules/story.module b/modules/story.module index 641c1ed3b..4cac81503 100644 --- a/modules/story.module +++ b/modules/story.module @@ -18,7 +18,7 @@ function story_cron() { function story_find($keys) { global $user; $find = array(); - $result = db_query("SELECT s.*, u.userid FROM stories s LEFT JOIN users u ON s.author = u.id WHERE s.status = 2 AND (s.subject LIKE '%". check_input($keys) ."%' OR s.abstract LIKE '%". check_input($keys) ."%' OR s.article LIKE '%". check_input($keys) ."%') ORDER BY s.timestamp DESC LIMIT 20"); + $result = db_query("SELECT s.*, u.userid FROM stories s LEFT JOIN users u ON s.author = u.id WHERE s.status = 2 AND (s.subject LIKE '%". check_input($keys) ."%' OR s.abstract LIKE '%". check_input($keys) ."%' OR s.article LIKE '%$keys%') ORDER BY s.timestamp DESC LIMIT 20"); while ($story = db_fetch_object($result)) { array_push($find, array("subject" => check_output($story->subject), "link" => (user_access($user, "story") ? "admin.php?mod=story&op=edit&id=$story->id" : "story.php?id=$story->id"), "user" => $story->userid, "date" => $story->timestamp)); } @@ -107,7 +107,7 @@ function story_add_save($edit) { function story_edit($id) { global $allowed_html; - $result = db_query("SELECT s.*, u.userid FROM stories s LEFT JOIN users u ON s.author = u.id WHERE s.id = $id"); + $result = db_query("SELECT s.*, u.userid FROM stories s LEFT JOIN users u ON s.author = u.id WHERE s.id = '$id'"); $story = db_fetch_object($result); $output .= "<FORM ACTION=\"admin.php?mod=story&id=$id\" METHOD=\"post\">\n"; @@ -150,7 +150,7 @@ function story_edit($id) { function story_edit_save($id, $edit) { if ($edit[status] == 3 && strtotime($edit[date]) > time()) db_query("UPDATE stories SET subject = '". check_input($edit[subject]) ."', abstract = '". check_input($edit[abstract]) ."', updates = '". check_input($edit[updates]) ."', article = '". check_input($edit[article]) ."', section = '". check_input($edit[section]) ."', status = '$edit[status]', timestamp = '". strtotime($edit[date]) ."' WHERE id = '$id'"); else db_query("UPDATE stories SET subject = '". check_input($edit[subject]) ."', abstract = '". check_input($edit[abstract]) ."', updates = '". check_input($edit[updates]) ."', article = '". check_input($edit[article]) ."', section = '". check_input($edit[section]) ."', status = '$edit[status]' WHERE id = '$id'"); - watchdog("message", "story: modified `$edit[subject]'"); + watchdog("message", "story: modified '$edit[subject]'"); } function story_display() { @@ -199,7 +199,7 @@ function story_admin() { story_add(); break; case "edit": - story_edit($id); + story_edit(check_input($id)); break; case "help": story_help(); @@ -212,7 +212,7 @@ function story_admin() { story_display(); break; case "Save story": - story_edit_save($id, $edit); + story_edit_save(check_input($id), $edit); story_display(); break; default: diff --git a/modules/story/story.module b/modules/story/story.module index 641c1ed3b..4cac81503 100644 --- a/modules/story/story.module +++ b/modules/story/story.module @@ -18,7 +18,7 @@ function story_cron() { function story_find($keys) { global $user; $find = array(); - $result = db_query("SELECT s.*, u.userid FROM stories s LEFT JOIN users u ON s.author = u.id WHERE s.status = 2 AND (s.subject LIKE '%". check_input($keys) ."%' OR s.abstract LIKE '%". check_input($keys) ."%' OR s.article LIKE '%". check_input($keys) ."%') ORDER BY s.timestamp DESC LIMIT 20"); + $result = db_query("SELECT s.*, u.userid FROM stories s LEFT JOIN users u ON s.author = u.id WHERE s.status = 2 AND (s.subject LIKE '%". check_input($keys) ."%' OR s.abstract LIKE '%". check_input($keys) ."%' OR s.article LIKE '%$keys%') ORDER BY s.timestamp DESC LIMIT 20"); while ($story = db_fetch_object($result)) { array_push($find, array("subject" => check_output($story->subject), "link" => (user_access($user, "story") ? "admin.php?mod=story&op=edit&id=$story->id" : "story.php?id=$story->id"), "user" => $story->userid, "date" => $story->timestamp)); } @@ -107,7 +107,7 @@ function story_add_save($edit) { function story_edit($id) { global $allowed_html; - $result = db_query("SELECT s.*, u.userid FROM stories s LEFT JOIN users u ON s.author = u.id WHERE s.id = $id"); + $result = db_query("SELECT s.*, u.userid FROM stories s LEFT JOIN users u ON s.author = u.id WHERE s.id = '$id'"); $story = db_fetch_object($result); $output .= "<FORM ACTION=\"admin.php?mod=story&id=$id\" METHOD=\"post\">\n"; @@ -150,7 +150,7 @@ function story_edit($id) { function story_edit_save($id, $edit) { if ($edit[status] == 3 && strtotime($edit[date]) > time()) db_query("UPDATE stories SET subject = '". check_input($edit[subject]) ."', abstract = '". check_input($edit[abstract]) ."', updates = '". check_input($edit[updates]) ."', article = '". check_input($edit[article]) ."', section = '". check_input($edit[section]) ."', status = '$edit[status]', timestamp = '". strtotime($edit[date]) ."' WHERE id = '$id'"); else db_query("UPDATE stories SET subject = '". check_input($edit[subject]) ."', abstract = '". check_input($edit[abstract]) ."', updates = '". check_input($edit[updates]) ."', article = '". check_input($edit[article]) ."', section = '". check_input($edit[section]) ."', status = '$edit[status]' WHERE id = '$id'"); - watchdog("message", "story: modified `$edit[subject]'"); + watchdog("message", "story: modified '$edit[subject]'"); } function story_display() { @@ -199,7 +199,7 @@ function story_admin() { story_add(); break; case "edit": - story_edit($id); + story_edit(check_input($id)); break; case "help": story_help(); @@ -212,7 +212,7 @@ function story_admin() { story_display(); break; case "Save story": - story_edit_save($id, $edit); + story_edit_save(check_input($id), $edit); story_display(); break; default: diff --git a/modules/submission.module b/modules/submission.module index 32d09afb7..999ed5979 100644 --- a/modules/submission.module +++ b/modules/submission.module @@ -15,7 +15,7 @@ function submission_count() { } function submission_score($id) { - $result = db_query("SELECT score FROM stories WHERE id = $id"); + $result = db_query("SELECT score FROM stories WHERE id = '$id'"); return ($result) ? db_result($result, 0) : 0; } @@ -28,7 +28,7 @@ function submission_vote($id, $vote, $comment) { // Update the comments (if required): if ($comment) { - db_query("INSERT INTO comments (lid, link, author, subject, comment, hostname, timestamp, score) VALUES($id, 'story', $user->id, '". check_input(substr($comment, 0, 29)) ." ...', '". check_input($comment) ."', '". getenv("REMOTE_ADDR") ."', '". time() ."', '1')"); + db_query("INSERT INTO comments (lid, link, author, subject, comment, hostname, timestamp, score) VALUES($id, 'story', $user->id, '". substr($comment, 0, 29) ." ...', '$comment', '". getenv("REMOTE_ADDR") ."', '". time() ."', '1')"); watchdog("comment", "moderation: added comment with subject '$subject'"); } @@ -115,10 +115,10 @@ function submission_page() { switch($op) { case "view": - submission_display_item($id); + submission_display_item(check_input($id)); break; case "Vote"; - submission_vote($id, $vote, $comment); + submission_vote(check_input($id), check_input($vote), check_input($comment)); // fall through default: submission_page_main(); diff --git a/modules/watchdog.module b/modules/watchdog.module index f30ac4864..13908e39d 100644 --- a/modules/watchdog.module +++ b/modules/watchdog.module @@ -53,7 +53,7 @@ function watchdog_display($order = "date") { } function watchdog_view($id) { - $result = db_query("SELECT l.*, u.userid FROM watchdog l LEFT JOIN users u ON l.user = u.id WHERE l.id = $id"); + $result = db_query("SELECT l.*, u.userid FROM watchdog l LEFT JOIN users u ON l.user = u.id WHERE l.id = '$id'"); if ($watchdog = db_fetch_object($result)) { $output .= "<TABLE BORDER=\"1\" CELLPADDING=\"3\" CELLSPACING=\"0\">\n"; @@ -78,10 +78,10 @@ function watchdog_admin() { watchdog_help(); break; case "view": - watchdog_view($id); + watchdog_view(check_input($id)); break; case "Update": - watchdog_display($order); + watchdog_display(check_input($order)); break; default: watchdog_display(); diff --git a/modules/watchdog/watchdog.module b/modules/watchdog/watchdog.module index f30ac4864..13908e39d 100644 --- a/modules/watchdog/watchdog.module +++ b/modules/watchdog/watchdog.module @@ -53,7 +53,7 @@ function watchdog_display($order = "date") { } function watchdog_view($id) { - $result = db_query("SELECT l.*, u.userid FROM watchdog l LEFT JOIN users u ON l.user = u.id WHERE l.id = $id"); + $result = db_query("SELECT l.*, u.userid FROM watchdog l LEFT JOIN users u ON l.user = u.id WHERE l.id = '$id'"); if ($watchdog = db_fetch_object($result)) { $output .= "<TABLE BORDER=\"1\" CELLPADDING=\"3\" CELLSPACING=\"0\">\n"; @@ -78,10 +78,10 @@ function watchdog_admin() { watchdog_help(); break; case "view": - watchdog_view($id); + watchdog_view(check_input($id)); break; case "Update": - watchdog_display($order); + watchdog_display(check_input($order)); break; default: watchdog_display(); |