diff options
| author | INOPIAE <inopiae@cacert.org> | 2013-04-23 22:52:26 +0200 |
|---|---|---|
| committer | INOPIAE <inopiae@cacert.org> | 2013-04-23 22:52:26 +0200 |
| commit | f0318d79dbc69e444fee4c085cdb3ee152318e1c (patch) | |
| tree | 6265d89b3594c71028df61f5870d0ba05f6c4a2e | |
| parent | ef6fa684e0c1ac2155036cc2981c65482de92bfc (diff) | |
| download | cacert-devel-f0318d79dbc69e444fee4c085cdb3ee152318e1c.tar.gz cacert-devel-f0318d79dbc69e444fee4c085cdb3ee152318e1c.tar.xz cacert-devel-f0318d79dbc69e444fee4c085cdb3ee152318e1c.zip | |
bug 1162: exchanged mysql_escape_string to mysql_real_escape_stringbug-1162
| -rw-r--r-- | includes/lib/general.php | 4 | ||||
| -rw-r--r-- | pages/account/41.php | 2 | ||||
| -rw-r--r-- | pages/account/43.php | 8 | ||||
| -rw-r--r-- | pages/account/49.php | 2 | ||||
| -rw-r--r-- | pages/account/53.php | 2 | ||||
| -rw-r--r-- | pages/account/54.php | 2 | ||||
| -rw-r--r-- | pages/wot/12.php | 6 | ||||
| -rw-r--r-- | pages/wot/13.php | 6 | ||||
| -rw-r--r-- | tverify/index.php | 10 | ||||
| -rw-r--r-- | www/alert_hash_collision.php | 8 | ||||
| -rw-r--r-- | www/api/cemails.php | 4 | ||||
| -rw-r--r-- | www/api/edu.php | 2 | ||||
| -rw-r--r-- | www/disputes.php | 20 | ||||
| -rw-r--r-- | www/index.php | 54 | ||||
| -rw-r--r-- | www/verify.php | 4 | ||||
| -rw-r--r-- | www/wot.php | 22 |
16 files changed, 78 insertions, 78 deletions
diff --git a/includes/lib/general.php b/includes/lib/general.php index 85b132d..32a24bc 100644 --- a/includes/lib/general.php +++ b/includes/lib/general.php @@ -32,9 +32,9 @@ function get_user_id_from_cert($serial, $issuer_cn) { $query = "select `memid` from `emailcerts` where - `serial`='".mysql_escape_string($serial)."' and + `serial`='".mysql_real_escape_string($serial)."' and `rootcert`= (select `id` from `root_certs` where - `Cert_Text`='".mysql_escape_string($issuer_cn)."') and + `Cert_Text`='".mysql_real_escape_string($issuer_cn)."') and `revoked`=0 and disablelogin=0 and UNIX_TIMESTAMP(`expire`) - UNIX_TIMESTAMP() > 0"; $res = mysql_query($query); diff --git a/pages/account/41.php b/pages/account/41.php index 4ea9b10..0457d61 100644 --- a/pages/account/41.php +++ b/pages/account/41.php @@ -57,7 +57,7 @@ require_once($_SESSION['_config']['filepath'].'/includes/lib/l10n.php'); $res = mysql_query($query); while($row = mysql_fetch_assoc($res)) { - $lang = mysql_fetch_assoc(mysql_query("select * from `languages` where `locale`='".mysql_escape_string($row['lang'])."'")); + $lang = mysql_fetch_assoc(mysql_query("select * from `languages` where `locale`='".mysql_real_escape_string($row['lang'])."'")); ?> <tr> <td class="DataTD"><?=_("Additional Language")?>:</td> diff --git a/pages/account/43.php b/pages/account/43.php index 7bf6d04..a0b0f1b 100644 --- a/pages/account/43.php +++ b/pages/account/43.php @@ -21,7 +21,7 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); if(array_key_exists('assurance',$_REQUEST) && $_REQUEST['assurance'] > 0) { - $assurance = mysql_escape_string(intval($_REQUEST['assurance'])); + $assurance = mysql_real_escape_string(intval($_REQUEST['assurance'])); $row = 0; $res = mysql_query("select `to` from `notary` where `id`='$assurance'"); if ($res) { @@ -35,7 +35,7 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); if(intval(array_key_exists('userid',$_REQUEST)?$_REQUEST['userid']:0) <= 0) { - $emailsearch = $email = mysql_escape_string(stripslashes($_REQUEST['email'])); + $emailsearch = $email = mysql_real_escape_string(stripslashes($_REQUEST['email'])); //Disabled to speed up the queries //if(!strstr($email, "%")) @@ -296,7 +296,7 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); </table> <br><? $query = "select * from `email` where `memid`='".intval($row['id'])."' and `deleted`=0 and `hash`='' - and `email`!='".mysql_escape_string($row['email'])."'"; + and `email`!='".mysql_real_escape_string($row['email'])."'"; $dres = mysql_query($query); if(mysql_num_rows($dres) > 0) { ?> <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> @@ -373,7 +373,7 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); 4. users.email = primary-email --- Assurer, assure someone find user query - select * from `users` where `email`='".mysql_escape_string(stripslashes($_POST['email']))."' + select * from `users` where `email`='".mysql_real_escape_string(stripslashes($_POST['email']))."' and `deleted`=0 => requirements 1. users.deleted = 0 diff --git a/pages/account/49.php b/pages/account/49.php index 0218fa0..fed1cb9 100644 --- a/pages/account/49.php +++ b/pages/account/49.php @@ -19,7 +19,7 @@ $userid=0; if(array_key_exists('userid',$_GET)) $userid=intval($_GET['userid']); if($userid <= 0) { - $domainsearch = $domain = mysql_escape_string(stripslashes($_POST['domain'])); + $domainsearch = $domain = mysql_real_escape_string(stripslashes($_POST['domain'])); if(!strstr($domain, "%")) $domainsearch = "%$domain%"; if(preg_match("/^\d+$/",$domain)) diff --git a/pages/account/53.php b/pages/account/53.php index cc9e2d6..1ec04b2 100644 --- a/pages/account/53.php +++ b/pages/account/53.php @@ -16,7 +16,7 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ ?> <? - $town = array_key_exists('town',$_REQUEST)?mysql_escape_string(stripslashes($_REQUEST['town'])):""; + $town = array_key_exists('town',$_REQUEST)?mysql_real_escape_string(stripslashes($_REQUEST['town'])):""; $regid = array_key_exists('regid',$_REQUEST)?intval($_REQUEST['regid']):0; $ccid = array_key_exists('ccid',$_REQUEST)?intval($_REQUEST['ccid']):0; $start = array_key_exists('start',$_REQUEST)?intval($_REQUEST['start']):0; diff --git a/pages/account/54.php b/pages/account/54.php index 753b4af..35dce33 100644 --- a/pages/account/54.php +++ b/pages/account/54.php @@ -19,7 +19,7 @@ $ccid = array_key_exists('ccid',$_REQUEST)?intval($_REQUEST['ccid']):0; $regid = array_key_exists('regid',$_REQUEST)?intval($_REQUEST['regid']):0; $locid = array_key_exists('locid',$_REQUEST)?intval($_REQUEST['locid']):0; - $name = array_key_exists('name',$_REQUEST)?mysql_escape_string($_REQUEST['name']):""; + $name = array_key_exists('name',$_REQUEST)?mysql_real_escape_string($_REQUEST['name']):""; if($ccid > 0 && $_REQUEST['action'] == "add") { ?> <form method="post" action="account.php"> diff --git a/pages/wot/12.php b/pages/wot/12.php index a0bbf50..e6b20ca 100644 --- a/pages/wot/12.php +++ b/pages/wot/12.php @@ -65,9 +65,9 @@ document.f.location.focus(); { $bits = explode(",", $_REQUEST['location']); - $loc = trim(mysql_escape_string($bits['0'])); - $reg = ""; if(array_key_exists('1',$bits)) $reg=trim(mysql_escape_string($bits['1'])); - $ccname = ""; if(array_key_exists('2',$bits)) $ccname=trim(mysql_escape_string($bits['2'])); + $loc = trim(mysql_real_escape_string($bits['0'])); + $reg = ""; if(array_key_exists('1',$bits)) $reg=trim(mysql_real_escape_string($bits['1'])); + $ccname = ""; if(array_key_exists('2',$bits)) $ccname=trim(mysql_real_escape_string($bits['2'])); $query = "select `locations`.`id` as `locid` from `locations`, `regions`, `countries` where `locations`.`name` like '$loc%' and `regions`.`name` like '$reg%' and `countries`.`name` like '$ccname%' and diff --git a/pages/wot/13.php b/pages/wot/13.php index eac7e18..1143769 100644 --- a/pages/wot/13.php +++ b/pages/wot/13.php @@ -21,9 +21,9 @@ if(array_key_exists('location',$_REQUEST) && $_REQUEST['location'] != "") { { $bits = explode(",", $_REQUEST['location']); - $loc = trim(mysql_escape_string($bits['0'])); - $reg = ''; if(array_key_exists('1',$bits)) $reg=trim(mysql_escape_string($bits['1'])); - $ccname = ''; if(array_key_exists('2',$bits)) $ccname=trim(mysql_escape_string($bits['2'])); + $loc = trim(mysql_real_escape_string($bits['0'])); + $reg = ''; if(array_key_exists('1',$bits)) $reg=trim(mysql_real_escape_string($bits['1'])); + $ccname = ''; if(array_key_exists('2',$bits)) $ccname=trim(mysql_real_escape_string($bits['2'])); $query = "select `locations`.`id` as `locid` from `locations`, `regions`, `countries` where `locations`.`name` like '$loc%' and `regions`.`name` like '$reg%' and `countries`.`name` like '$ccname%' and `locations`.`regid`=`regions`.`id` and `locations`.`ccid`=`countries`.`id` diff --git a/tverify/index.php b/tverify/index.php index 8976341..d3a0fd5 100644 --- a/tverify/index.php +++ b/tverify/index.php @@ -49,10 +49,10 @@ if($id == 1) { - $email = mysql_escape_string(trim($_REQUEST["email"])); - $password = mysql_escape_string(stripslashes(trim($_REQUEST["pword"]))); - $URL = mysql_escape_string(trim($_REQUEST["notaryURL"])); - $CN = mysql_escape_string($_SESSION['_config']['CN']); + $email = mysql_real_escape_string(trim($_REQUEST["email"])); + $password = mysql_real_escape_string(stripslashes(trim($_REQUEST["pword"]))); + $URL = mysql_real_escape_string(trim($_REQUEST["notaryURL"])); + $CN = mysql_real_escape_string($_SESSION['_config']['CN']); $memid = intval($_SESSION['_config']['uid']); $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$memid'")); $tmp = mysql_fetch_assoc(mysql_query("select sum(`points`) as `points` from `notary` where `to`='$memid'")); @@ -99,7 +99,7 @@ if($nofile == 0) { $filename = $photoid['tmp_name']; - $newfile = mysql_escape_string('/www/photoid/'.$tverify.".".$ext); + $newfile = mysql_real_escape_string('/www/photoid/'.$tverify.".".$ext); move_uploaded_file($filename, $newfile); $query = "update `tverify` set `photoid`='$newfile' where `id`='$tverify'"; mysql_query($query); diff --git a/www/alert_hash_collision.php b/www/alert_hash_collision.php index bad60e8..f5eaa9c 100644 --- a/www/alert_hash_collision.php +++ b/www/alert_hash_collision.php @@ -14,13 +14,13 @@ if (!preg_match('/^(mem|org)-[0-9]+$/', @$_POST['usernym'])) if (preg_match('/^mem-[0-9]+$/', @$_POST['usernym'])) { - mysql_query("update emailcerts set coll_found=1 where memid='".mysql_escape_string(substr(@$_POST['usernym'],4))."' and pkhash!='' and pkhash='".$_POST['pkhash']."';"); - mysql_query("update domaincerts set coll_found=1 where memid='".mysql_escape_string(substr(@$_POST['usernym'],4))."' and pkhash!='' and pkhash='".$_POST['pkhash']."';"); + mysql_query("update emailcerts set coll_found=1 where memid='".mysql_real_escape_string(substr(@$_POST['usernym'],4))."' and pkhash!='' and pkhash='".$_POST['pkhash']."';"); + mysql_query("update domaincerts set coll_found=1 where memid='".mysql_real_escape_string(substr(@$_POST['usernym'],4))."' and pkhash!='' and pkhash='".$_POST['pkhash']."';"); } else { - mysql_query("update orgemailcerts set coll_found=1 where memid='".mysql_escape_string(substr(@$_POST['usernym'],4))."' and pkhash!='' and pkhash='".$_POST['pkhash']."';"); - mysql_query("update orgdomaincerts set coll_found=1 where memid='".mysql_escape_string(substr(@$_POST['usernym'],4))."' and pkhash!='' and pkhash='".$_POST['pkhash']."';"); + mysql_query("update orgemailcerts set coll_found=1 where memid='".mysql_real_escape_string(substr(@$_POST['usernym'],4))."' and pkhash!='' and pkhash='".$_POST['pkhash']."';"); + mysql_query("update orgdomaincerts set coll_found=1 where memid='".mysql_real_escape_string(substr(@$_POST['usernym'],4))."' and pkhash!='' and pkhash='".$_POST['pkhash']."';"); } //exec(REPORT_WEAK . ' ' . $_POST['usernym'] . ' ' . lower($_POST['pkhash'])); diff --git a/www/api/cemails.php b/www/api/cemails.php index 0d067ea..bdb3363 100644 --- a/www/api/cemails.php +++ b/www/api/cemails.php @@ -15,8 +15,8 @@ along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ - $username = mysql_escape_string($_REQUEST['username']); - $password = mysql_escape_string($_REQUEST['password']); + $username = mysql_real_escape_string($_REQUEST['username']); + $password = mysql_real_escape_string($_REQUEST['password']); $query = "select * from `users` where `email`='$username' and (`password`=old_password('$password') or `password`=sha1('$password'))"; $res = mysql_query($query); diff --git a/www/api/edu.php b/www/api/edu.php index 27b7b1b..80a4e79 100644 --- a/www/api/edu.php +++ b/www/api/edu.php @@ -20,7 +20,7 @@ if ($ipadress=='72.36.220.19' && $_SERVER['HTTPS']=="on") { - $serial=mysql_escape_string($_REQUEST["serial"]); + $serial=mysql_real_escape_string($_REQUEST["serial"]); $root=intval($_REQUEST["root"]); $sql="select memid from emailcerts where serial='$serial' and rootcert='$root'"; diff --git a/www/disputes.php b/www/disputes.php index 5b78c1e..859d593 100644 --- a/www/disputes.php +++ b/www/disputes.php @@ -26,7 +26,7 @@ if($type == "reallyemail") { $emailid = intval($_SESSION['_config']['emailid']); - $hash = mysql_escape_string(trim($_SESSION['_config']['hash'])); + $hash = mysql_real_escape_string(trim($_SESSION['_config']['hash'])); $res = mysql_query("select * from `disputeemail` where `id`='$emailid' and `hash`='$hash'"); if(mysql_num_rows($res) <= 0) @@ -90,7 +90,7 @@ if($type == "email") { $emailid = intval($_REQUEST['emailid']); - $hash = trim(mysql_escape_string(stripslashes($_REQUEST['hash']))); + $hash = trim(mysql_real_escape_string(stripslashes($_REQUEST['hash']))); if($emailid <= 0 || $hash == "") { showheader(_("Email Dispute")); @@ -136,7 +136,7 @@ if($type == "reallydomain") { $domainid = intval($_SESSION['_config']['domainid']); - $hash = mysql_escape_string(trim($_SESSION['_config']['hash'])); + $hash = mysql_real_escape_string(trim($_SESSION['_config']['hash'])); $res = mysql_query("select * from `disputedomain` where `id`='$domainid' and `hash`='$hash'"); if(mysql_num_rows($res) <= 0) @@ -181,7 +181,7 @@ if($type == "domain") { $domainid = intval($_REQUEST['domainid']); - $hash = trim(mysql_escape_string(stripslashes($_REQUEST['hash']))); + $hash = trim(mysql_real_escape_string(stripslashes($_REQUEST['hash']))); if($domainid <= 0 || $hash == "") { showheader(_("Domain Dispute")); @@ -227,7 +227,7 @@ if($oldid == "1") { csrf_check('emaildispute'); - $email = trim(mysql_escape_string(stripslashes($_REQUEST['dispute']))); + $email = trim(mysql_real_escape_string(stripslashes($_REQUEST['dispute']))); if($email == "") { showheader(_("Email Dispute")); @@ -299,7 +299,7 @@ if($oldid == "2") { csrf_check('domaindispute'); - $domain = trim(mysql_escape_string(stripslashes($_REQUEST['dispute']))); + $domain = trim(mysql_real_escape_string(stripslashes($_REQUEST['dispute']))); if($domain == "") { showheader(_("Domain Dispute")); @@ -356,7 +356,7 @@ $bits = explode(":", $line, 2); $line = trim($bits[1]); if(!in_array($line, $addy) && $line != "") - $addy[] = trim(mysql_escape_string(stripslashes($line))); + $addy[] = trim(mysql_real_escape_string(stripslashes($line))); } } else { if(is_array($adds)) @@ -373,7 +373,7 @@ $line = $bit; } if(!in_array($line, $addy) && $line != "") - $addy[] = trim(mysql_escape_string(stripslashes($line))); + $addy[] = trim(mysql_real_escape_string(stripslashes($line))); } } @@ -390,7 +390,7 @@ if($oldid == "5") { - $authaddy = trim(mysql_escape_string(stripslashes($_REQUEST['authaddy']))); + $authaddy = trim(mysql_real_escape_string(stripslashes($_REQUEST['authaddy']))); if(!in_array($authaddy, $_SESSION['_config']['addy']) || $authaddy == "") { @@ -413,7 +413,7 @@ $domainid = intval($_SESSION['_config']['domainid']); $memid = intval($_SESSION['_config']['memid']); $oldmemid = intval($_SESSION['_config']['oldmemid']); - $domain = mysql_escape_string($_SESSION['_config']['domain']); + $domain = mysql_real_escape_string($_SESSION['_config']['domain']); $hash = make_hash(); $query = "insert into `disputedomain` set `domain`='$domain',`memid`='".$_SESSION['profile']['id']."', diff --git a/www/index.php b/www/index.php index 35d22d7..aa41345 100644 --- a/www/index.php +++ b/www/index.php @@ -52,7 +52,7 @@ require_once('../includes/lib/l10n.php'); $oldid = 0; if(array_key_exists('Q1',$_REQUEST) && $_REQUEST['Q1']) { - $_SESSION['lostpw']['A1'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['A1'])))); + $_SESSION['lostpw']['A1'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A1'])))); if(stripslashes(strtolower($_SESSION['lostpw']['A1'])) == strtolower($_SESSION['lostpw']['user']['A1'])) $answers++; @@ -60,7 +60,7 @@ require_once('../includes/lib/l10n.php'); } if(array_key_exists('Q2',$_REQUEST) && $_REQUEST['Q2']) { - $_SESSION['lostpw']['A2'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['A2'])))); + $_SESSION['lostpw']['A2'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A2'])))); if(stripslashes(strtolower($_SESSION['lostpw']['A2'])) == strtolower($_SESSION['lostpw']['user']['A2'])) $answers++; @@ -68,7 +68,7 @@ require_once('../includes/lib/l10n.php'); } if(array_key_exists('Q3',$_REQUEST) && $_REQUEST['Q3']) { - $_SESSION['lostpw']['A3'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['A3'])))); + $_SESSION['lostpw']['A3'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A3'])))); if(stripslashes(strtolower($_SESSION['lostpw']['A3'])) == strtolower($_SESSION['lostpw']['user']['A3'])) $answers++; @@ -76,7 +76,7 @@ require_once('../includes/lib/l10n.php'); } if(array_key_exists('Q4',$_REQUEST) && $_REQUEST['Q4']) { - $_SESSION['lostpw']['A4'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['A4'])))); + $_SESSION['lostpw']['A4'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A4'])))); if(stripslashes(strtolower($_SESSION['lostpw']['A4'])) == strtolower($_SESSION['lostpw']['user']['A4'])) $answers++; @@ -84,15 +84,15 @@ require_once('../includes/lib/l10n.php'); } if(array_key_exists('Q5',$_REQUEST) && $_REQUEST['Q5']) { - $_SESSION['lostpw']['A5'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['A5'])))); + $_SESSION['lostpw']['A5'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A5'])))); if(stripslashes(strtolower($_SESSION['lostpw']['A5'])) == strtolower($_SESSION['lostpw']['user']['A5'])) $answers++; $body .= "System: ".$_SESSION['lostpw']['user']['A5']."\nEntered: ".stripslashes(strip_tags($_SESSION['lostpw']['A5']))."\n"; } - $_SESSION['lostpw']['pw1'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['newpass1'])))); - $_SESSION['lostpw']['pw2'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['newpass2'])))); + $_SESSION['lostpw']['pw1'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['newpass1'])))); + $_SESSION['lostpw']['pw2'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['newpass2'])))); if($answers < $_SESSION['lostpw']['total'] || $answers < 3) { @@ -129,7 +129,7 @@ require_once('../includes/lib/l10n.php'); if($oldid == 5 && $process != "") { - $email = $_SESSION['lostpw']['email'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['email'])))); + $email = $_SESSION['lostpw']['email'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['email'])))); $_SESSION['lostpw']['day'] = intval($_REQUEST['day']); $_SESSION['lostpw']['month'] = intval($_REQUEST['month']); $_SESSION['lostpw']['year'] = intval($_REQUEST['year']); @@ -250,8 +250,8 @@ require_once('../includes/lib/l10n.php'); $_SESSION['_config']['errmsg'] = ""; - $email = mysql_escape_string(stripslashes(strip_tags(trim($_REQUEST['email'])))); - $pword = mysql_escape_string(stripslashes(trim($_REQUEST['pword']))); + $email = mysql_real_escape_string(stripslashes(strip_tags(trim($_REQUEST['email'])))); + $pword = mysql_real_escape_string(stripslashes(trim($_REQUEST['pword']))); $query = "select * from `users` where `email`='$email' and (`password`=old_password('$pword') or `password`=sha1('$pword') or `password`=password('$pword')) and `verified`=1 and `deleted`=0 and `locked`=0"; $res = mysql_query($query); @@ -357,26 +357,26 @@ require_once('../includes/lib/l10n.php'); $_SESSION['_config']['errmsg'] = ""; - $_SESSION['signup']['email'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['email'])))); - $_SESSION['signup']['fname'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['fname'])))); - $_SESSION['signup']['mname'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['mname'])))); - $_SESSION['signup']['lname'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['lname'])))); - $_SESSION['signup']['suffix'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['suffix'])))); + $_SESSION['signup']['email'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['email'])))); + $_SESSION['signup']['fname'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['fname'])))); + $_SESSION['signup']['mname'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['mname'])))); + $_SESSION['signup']['lname'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['lname'])))); + $_SESSION['signup']['suffix'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['suffix'])))); $_SESSION['signup']['day'] = intval($_REQUEST['day']); $_SESSION['signup']['month'] = intval($_REQUEST['month']); $_SESSION['signup']['year'] = intval($_REQUEST['year']); - $_SESSION['signup']['pword1'] = trim(mysql_escape_string(stripslashes($_REQUEST['pword1']))); - $_SESSION['signup']['pword2'] = trim(mysql_escape_string(stripslashes($_REQUEST['pword2']))); - $_SESSION['signup']['Q1'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['Q1'])))); - $_SESSION['signup']['Q2'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['Q2'])))); - $_SESSION['signup']['Q3'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['Q3'])))); - $_SESSION['signup']['Q4'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['Q4'])))); - $_SESSION['signup']['Q5'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['Q5'])))); - $_SESSION['signup']['A1'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['A1'])))); - $_SESSION['signup']['A2'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['A2'])))); - $_SESSION['signup']['A3'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['A3'])))); - $_SESSION['signup']['A4'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['A4'])))); - $_SESSION['signup']['A5'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['A5'])))); + $_SESSION['signup']['pword1'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['pword1']))); + $_SESSION['signup']['pword2'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['pword2']))); + $_SESSION['signup']['Q1'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['Q1'])))); + $_SESSION['signup']['Q2'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['Q2'])))); + $_SESSION['signup']['Q3'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['Q3'])))); + $_SESSION['signup']['Q4'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['Q4'])))); + $_SESSION['signup']['Q5'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['Q5'])))); + $_SESSION['signup']['A1'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A1'])))); + $_SESSION['signup']['A2'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A2'])))); + $_SESSION['signup']['A3'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A3'])))); + $_SESSION['signup']['A4'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A4'])))); + $_SESSION['signup']['A5'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['A5'])))); $_SESSION['signup']['general'] = intval(array_key_exists('general',$_REQUEST)?$_REQUEST['general']:0); $_SESSION['signup']['country'] = intval(array_key_exists('country',$_REQUEST)?$_REQUEST['country']:0); $_SESSION['signup']['regional'] = intval(array_key_exists('regional',$_REQUEST)?$_REQUEST['regional']:0); diff --git a/www/verify.php b/www/verify.php index 6f603e4..2e409b6 100644 --- a/www/verify.php +++ b/www/verify.php @@ -43,7 +43,7 @@ { $id = 1; $emailid = intval($_REQUEST['emailid']); - $hash = mysql_escape_string(stripslashes($_REQUEST['hash'])); + $hash = mysql_real_escape_string(stripslashes($_REQUEST['hash'])); $query = "select * from `email` where `id`='$emailid' and hash!='' and deleted=0"; $res = mysql_query($query); @@ -101,7 +101,7 @@ { $id = 7; $domainid = intval($_REQUEST['domainid']); - $hash = mysql_escape_string(stripslashes($_REQUEST['hash'])); + $hash = mysql_real_escape_string(stripslashes($_REQUEST['hash'])); $query = "select * from `domains` where `id`='$domainid' and hash!='' and deleted=0"; $res = mysql_query($query); diff --git a/www/wot.php b/www/wot.php index 9e41891..ba25807 100644 --- a/www/wot.php +++ b/www/wot.php @@ -148,7 +148,7 @@ function send_reminder() if($oldid == 5) { - $query = "select * from `users` where `email`='".mysql_escape_string(stripslashes($_POST['email']))."' and `deleted`=0"; + $query = "select * from `users` where `email`='".mysql_real_escape_string(stripslashes($_POST['email']))."' and `deleted`=0"; $res = mysql_query($query); if(mysql_num_rows($res) != 1) { @@ -165,7 +165,7 @@ function send_reminder() exit; } } - $query = "select * from `users` where `email`='".mysql_escape_string(stripslashes($_POST['email']))."' and `locked`=1"; + $query = "select * from `users` where `email`='".mysql_real_escape_string(stripslashes($_POST['email']))."' and `locked`=1"; $res = mysql_query($query); if(mysql_num_rows($res) >= 1) { @@ -269,14 +269,14 @@ $iecho= "c"; if($newpoints < 0) $newpoints = 0; - if(mysql_escape_string(stripslashes($_POST['date'])) == "") + if(mysql_real_escape_string(stripslashes($_POST['date'])) == "") $_POST['date'] = date("Y-m-d H:i:s"); $query = "select * from `notary` where `from`='".$_SESSION['profile']['id']."' AND `to`='".$_SESSION['_config']['notarise']['id']."' AND `awarded`='$awarded' AND - `location`='".mysql_escape_string(stripslashes($_POST['location']))."' AND - `date`='".mysql_escape_string(stripslashes($_POST['date']))."'"; + `location`='".mysql_real_escape_string(stripslashes($_POST['location']))."' AND + `date`='".mysql_real_escape_string(stripslashes($_POST['date']))."'"; $res = mysql_query($query); if(mysql_num_rows($res) > 0) { @@ -290,8 +290,8 @@ $iecho= "c"; $query = "insert into `notary` set `from`='".$_SESSION['profile']['id']."', `to`='".$_SESSION['_config']['notarise']['id']."', `points`='$newpoints', `awarded`='$awarded', - `location`='".mysql_escape_string(stripslashes($_POST['location']))."', - `date`='".mysql_escape_string(stripslashes($_POST['date']))."', + `location`='".mysql_real_escape_string(stripslashes($_POST['location']))."', + `date`='".mysql_real_escape_string(stripslashes($_POST['date']))."', `when`=NOW()"; if($_SESSION['profile']['board'] == 1 && intval($_POST['expire']) > 0) { @@ -299,7 +299,7 @@ $iecho= "c"; $query .= ",\n`expire`=DATE_ADD(NOW(), INTERVAL '".intval($_POST['expire'])."' DAY)"; $query .= ",\n`sponsor`='".intval($_POST['sponsor'])."'"; } else if($_SESSION['profile']['board'] == 1) { - $query .= ",\n`method`='".mysql_escape_string(stripslashes($_POST['method']))."'"; + $query .= ",\n`method`='".mysql_real_escape_string(stripslashes($_POST['method']))."'"; } else if($_SESSION['profile']['ttpadmin'] == 1 && ($_POST['method'] == 'Trusted 3rd Parties' || $_POST['method'] == 'Trusted Third Parties')) { $query .= ",\n`method`='TTP-Assisted'"; } @@ -316,8 +316,8 @@ $iecho= "c"; $query = "insert into `notary` set `from`='".$_SESSION['profile']['id']."', `to`='".$_SESSION['profile']['id']."', `points`='$addpoints', `awarded`='$addpoints', - `location`='".mysql_escape_string(stripslashes($_POST['location']))."', - `date`='".mysql_escape_string(stripslashes($_POST['date']))."', + `location`='".mysql_real_escape_string(stripslashes($_POST['location']))."', + `date`='".mysql_real_escape_string(stripslashes($_POST['date']))."', `method`='Administrative Increase', `when`=NOW()"; mysql_query($query); @@ -420,7 +420,7 @@ $iecho= "c"; { csrf_check("chgcontact"); - $info = mysql_escape_string(strip_tags(stripslashes($_POST['contactinfo']))); + $info = mysql_real_escape_string(strip_tags(stripslashes($_POST['contactinfo']))); $listme = intval($_POST['listme']); if($listme < 0 || $listme > 1) $listme = 0; |