From f516626a293edd613cb823db88e36dcf7e1fb8f4 Mon Sep 17 00:00:00 2001
From: Dries Buytaert <dries@buytaert.net>
Date: Wed, 7 Mar 2001 21:29:40 +0000
Subject: A rather large and important update:

revised most of the SQL queries and tried to make drupal as secure as possible (while trying to avoid redundant/duplicate checks).  For drupal's sake, try to screw something up.  See the mail about PHPNuke being hacked appr. 6 days ago.  The one who finds a problem is rewarded a beer (and I'm willing to ship it to Norway if required).  I beg you to be evil.  Try dumping a table a la "http://localhost/index.php?date=77778;DROP TABLE users" or something. ;)
---
 modules/submission.module | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'modules/submission.module')

diff --git a/modules/submission.module b/modules/submission.module
index 32d09afb7..999ed5979 100644
--- a/modules/submission.module
+++ b/modules/submission.module
@@ -15,7 +15,7 @@ function submission_count() {
 }
 
 function submission_score($id) {
-  $result = db_query("SELECT score FROM stories WHERE id = $id");
+  $result = db_query("SELECT score FROM stories WHERE id = '$id'");
   return ($result) ? db_result($result, 0) : 0;
 }
 
@@ -28,7 +28,7 @@ function submission_vote($id, $vote, $comment) {
 
     // Update the comments (if required):
     if ($comment) {
-      db_query("INSERT INTO comments (lid, link, author, subject, comment, hostname, timestamp, score) VALUES($id, 'story', $user->id, '". check_input(substr($comment, 0, 29)) ." ...', '". check_input($comment) ."', '". getenv("REMOTE_ADDR") ."', '". time() ."', '1')");
+      db_query("INSERT INTO comments (lid, link, author, subject, comment, hostname, timestamp, score) VALUES($id, 'story', $user->id, '". substr($comment, 0, 29) ." ...', '$comment', '". getenv("REMOTE_ADDR") ."', '". time() ."', '1')");
       watchdog("comment", "moderation: added comment with subject '$subject'");
     }
 
@@ -115,10 +115,10 @@ function submission_page() {
 
     switch($op) {
       case "view":
-        submission_display_item($id);
+        submission_display_item(check_input($id));
         break;
       case "Vote";
-        submission_vote($id, $vote, $comment);
+        submission_vote(check_input($id), check_input($vote), check_input($comment));
         // fall through
       default:
         submission_page_main();
-- 
cgit v1.2.3