From aa38097c07def6d31481dfeeb2bcba520d323b2d Mon Sep 17 00:00:00 2001
From: Dries Buytaert <dries@buytaert.net>
Date: Fri, 6 Jun 2003 21:37:11 +0000
Subject: - Dropped check_input(); use check_query() instead.

- Made the statistics module use referer_uri() for security's sake.
---
 modules/statistics.module            | 10 +++++-----
 modules/statistics/statistics.module | 10 +++++-----
 modules/user.module                  |  2 +-
 modules/user/user.module             |  2 +-
 modules/watchdog.module              |  2 +-
 modules/watchdog/watchdog.module     |  2 +-
 6 files changed, 14 insertions(+), 14 deletions(-)

(limited to 'modules')

diff --git a/modules/statistics.module b/modules/statistics.module
index 3b8d7d8ca..294b67135 100644
--- a/modules/statistics.module
+++ b/modules/statistics.module
@@ -53,7 +53,7 @@ function statistics_exit() {
 
   if ((variable_get("statistics_enable_access_log", 0)) && (throttle_status() < 5)) {
     // statistical logs are enabled
-    $referrer = getenv("HTTP_REFERER");
+    $referrer = referer_uri();
     $hostname = getenv("REMOTE_ADDR");
     // log this page access
     if ((arg(0) == "node") && (arg(1) == "view") && arg(2)) {
@@ -333,11 +333,11 @@ function statistics_recent_refer() {
     $query = "SELECT url,timestamp FROM accesslog WHERE url <> '' ORDER BY timestamp DESC";
   }
   elseif ($view == "internal") {
-    $query = "SELECT url,timestamp FROM accesslog WHERE url LIKE '%". check_input($_SERVER["HTTP_HOST"]) ."%' ORDER BY timestamp DESC";
+    $query = "SELECT url,timestamp FROM accesslog WHERE url LIKE '%". check_query($_SERVER["HTTP_HOST"]) ."%' ORDER BY timestamp DESC";
     $describe = "internal ";
   }
   else {
-    $query = "SELECT url,timestamp FROM accesslog WHERE url NOT LIKE '%". check_input($_SERVER["HTTP_HOST"]) ."%' AND url <> '' ORDER BY timestamp DESC";
+    $query = "SELECT url,timestamp FROM accesslog WHERE url NOT LIKE '%". check_query($_SERVER["HTTP_HOST"]) ."%' AND url <> '' ORDER BY timestamp DESC";
     $describe = "external ";
   }
 
@@ -363,12 +363,12 @@ function statistics_top_refer() {
     $query = "SELECT url, COUNT(url) AS count FROM accesslog WHERE url <> '' GROUP BY url ORDER BY count DESC";
   }
   elseif ($view == "internal") {
-    $query = "SELECT url, COUNT(url) AS count FROM accesslog WHERE url LIKE '%". check_input($_SERVER["HTTP_HOST"]) ."%' GROUP BY url ORDER BY count DESC";
+    $query = "SELECT url, COUNT(url) AS count FROM accesslog WHERE url LIKE '%". check_query($_SERVER["HTTP_HOST"]) ."%' GROUP BY url ORDER BY count DESC";
     $describe = "internal ";
   }
   else {
     /* default to external */
-    $query = "SELECT url, COUNT(url) AS count FROM accesslog WHERE url NOT LIKE '%". check_input($_SERVER["HTTP_HOST"]) ."%' AND url <> '' GROUP BY url ORDER BY count DESC";
+    $query = "SELECT url, COUNT(url) AS count FROM accesslog WHERE url NOT LIKE '%". check_query($_SERVER["HTTP_HOST"]) ."%' AND url <> '' GROUP BY url ORDER BY count DESC";
     $describe = "external ";
   }
 
diff --git a/modules/statistics/statistics.module b/modules/statistics/statistics.module
index 3b8d7d8ca..294b67135 100644
--- a/modules/statistics/statistics.module
+++ b/modules/statistics/statistics.module
@@ -53,7 +53,7 @@ function statistics_exit() {
 
   if ((variable_get("statistics_enable_access_log", 0)) && (throttle_status() < 5)) {
     // statistical logs are enabled
-    $referrer = getenv("HTTP_REFERER");
+    $referrer = referer_uri();
     $hostname = getenv("REMOTE_ADDR");
     // log this page access
     if ((arg(0) == "node") && (arg(1) == "view") && arg(2)) {
@@ -333,11 +333,11 @@ function statistics_recent_refer() {
     $query = "SELECT url,timestamp FROM accesslog WHERE url <> '' ORDER BY timestamp DESC";
   }
   elseif ($view == "internal") {
-    $query = "SELECT url,timestamp FROM accesslog WHERE url LIKE '%". check_input($_SERVER["HTTP_HOST"]) ."%' ORDER BY timestamp DESC";
+    $query = "SELECT url,timestamp FROM accesslog WHERE url LIKE '%". check_query($_SERVER["HTTP_HOST"]) ."%' ORDER BY timestamp DESC";
     $describe = "internal ";
   }
   else {
-    $query = "SELECT url,timestamp FROM accesslog WHERE url NOT LIKE '%". check_input($_SERVER["HTTP_HOST"]) ."%' AND url <> '' ORDER BY timestamp DESC";
+    $query = "SELECT url,timestamp FROM accesslog WHERE url NOT LIKE '%". check_query($_SERVER["HTTP_HOST"]) ."%' AND url <> '' ORDER BY timestamp DESC";
     $describe = "external ";
   }
 
@@ -363,12 +363,12 @@ function statistics_top_refer() {
     $query = "SELECT url, COUNT(url) AS count FROM accesslog WHERE url <> '' GROUP BY url ORDER BY count DESC";
   }
   elseif ($view == "internal") {
-    $query = "SELECT url, COUNT(url) AS count FROM accesslog WHERE url LIKE '%". check_input($_SERVER["HTTP_HOST"]) ."%' GROUP BY url ORDER BY count DESC";
+    $query = "SELECT url, COUNT(url) AS count FROM accesslog WHERE url LIKE '%". check_query($_SERVER["HTTP_HOST"]) ."%' GROUP BY url ORDER BY count DESC";
     $describe = "internal ";
   }
   else {
     /* default to external */
-    $query = "SELECT url, COUNT(url) AS count FROM accesslog WHERE url NOT LIKE '%". check_input($_SERVER["HTTP_HOST"]) ."%' AND url <> '' GROUP BY url ORDER BY count DESC";
+    $query = "SELECT url, COUNT(url) AS count FROM accesslog WHERE url NOT LIKE '%". check_query($_SERVER["HTTP_HOST"]) ."%' AND url <> '' GROUP BY url ORDER BY count DESC";
     $describe = "external ";
   }
 
diff --git a/modules/user.module b/modules/user.module
index 94fc94ff2..c9e645199 100644
--- a/modules/user.module
+++ b/modules/user.module
@@ -547,7 +547,7 @@ function user_login($edit = array(), $msg = "") {
       $server = substr($server, 1);
       $pass = $edit["pass"];
     }
-    
+
     /*
     ** When possible, determine corrosponding external auth source. Invoke source, and login user if successful:
     */
diff --git a/modules/user/user.module b/modules/user/user.module
index 94fc94ff2..c9e645199 100644
--- a/modules/user/user.module
+++ b/modules/user/user.module
@@ -547,7 +547,7 @@ function user_login($edit = array(), $msg = "") {
       $server = substr($server, 1);
       $pass = $edit["pass"];
     }
-    
+
     /*
     ** When possible, determine corrosponding external auth source. Invoke source, and login user if successful:
     */
diff --git a/modules/watchdog.module b/modules/watchdog.module
index 601363e0e..fec7bd867 100644
--- a/modules/watchdog.module
+++ b/modules/watchdog.module
@@ -96,7 +96,7 @@ function watchdog_admin() {
         watchdog_help();
         break;
       case "view":
-        print watchdog_view(check_input(arg(3)));
+        print watchdog_view(arg(3));
         break;
       default:
         print watchdog_overview(arg(2));
diff --git a/modules/watchdog/watchdog.module b/modules/watchdog/watchdog.module
index 601363e0e..fec7bd867 100644
--- a/modules/watchdog/watchdog.module
+++ b/modules/watchdog/watchdog.module
@@ -96,7 +96,7 @@ function watchdog_admin() {
         watchdog_help();
         break;
       case "view":
-        print watchdog_view(check_input(arg(3)));
+        print watchdog_view(arg(3));
         break;
       default:
         print watchdog_overview(arg(2));
-- 
cgit v1.2.3