diff options
author | Benny Baumann <BenBE@geshi.org> | 2013-06-11 22:33:34 +0200 |
---|---|---|
committer | Benny Baumann <BenBE@geshi.org> | 2013-06-11 22:33:34 +0200 |
commit | 216271b2501cba5ac2724c56588fa62c725d1d69 (patch) | |
tree | 92ac053ba899c2195f411eff5bd8d01cb869c337 /pages/account | |
parent | 0913b852c9e7a335cc2700f6f7d573565218c9dc (diff) | |
parent | f0318d79dbc69e444fee4c085cdb3ee152318e1c (diff) | |
download | cacert-devel-216271b2501cba5ac2724c56588fa62c725d1d69.tar.gz cacert-devel-216271b2501cba5ac2724c56588fa62c725d1d69.tar.xz cacert-devel-216271b2501cba5ac2724c56588fa62c725d1d69.zip |
Merge branch 'bug-1162' into testserver-stable
Conflicts:
www/wot.php
Diffstat (limited to 'pages/account')
-rw-r--r-- | pages/account/41.php | 2 | ||||
-rw-r--r-- | pages/account/43.php | 8 | ||||
-rw-r--r-- | pages/account/49.php | 2 | ||||
-rw-r--r-- | pages/account/53.php | 2 | ||||
-rw-r--r-- | pages/account/54.php | 2 |
5 files changed, 8 insertions, 8 deletions
diff --git a/pages/account/41.php b/pages/account/41.php index d61d8db..f644025 100644 --- a/pages/account/41.php +++ b/pages/account/41.php @@ -57,7 +57,7 @@ require_once($_SESSION['_config']['filepath'].'/includes/lib/l10n.php'); $res = mysql_query($query); while($row = mysql_fetch_assoc($res)) { - $lang = mysql_fetch_assoc(mysql_query("select * from `languages` where `locale`='".mysql_escape_string($row['lang'])."'")); + $lang = mysql_fetch_assoc(mysql_query("select * from `languages` where `locale`='".mysql_real_escape_string($row['lang'])."'")); ?> <tr> <td class="DataTD"><?=_("Additional Language")?>:</td> diff --git a/pages/account/43.php b/pages/account/43.php index eb18926..94dfde6 100644 --- a/pages/account/43.php +++ b/pages/account/43.php @@ -21,7 +21,7 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); if(array_key_exists('assurance',$_REQUEST) && $_REQUEST['assurance'] > 0) { - $assurance = mysql_escape_string(intval($_REQUEST['assurance'])); + $assurance = mysql_real_escape_string(intval($_REQUEST['assurance'])); $row = 0; $res = mysql_query("select `to` from `notary` where `id`='$assurance'"); if ($res) { @@ -35,7 +35,7 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); if(intval(array_key_exists('userid',$_REQUEST)?$_REQUEST['userid']:0) <= 0) { - $emailsearch = $email = mysql_escape_string(stripslashes($_REQUEST['email'])); + $emailsearch = $email = mysql_real_escape_string(stripslashes($_REQUEST['email'])); //Disabled to speed up the queries //if(!strstr($email, "%")) @@ -300,7 +300,7 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); </table> <br><? $query = "select * from `email` where `memid`='".intval($row['id'])."' and `deleted`=0 and `hash`='' - and `email`!='".mysql_escape_string($row['email'])."'"; + and `email`!='".mysql_real_escape_string($row['email'])."'"; $dres = mysql_query($query); if(mysql_num_rows($dres) > 0) { ?> <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> @@ -377,7 +377,7 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); 4. users.email = primary-email --- Assurer, assure someone find user query - select * from `users` where `email`='".mysql_escape_string(stripslashes($_POST['email']))."' + select * from `users` where `email`='".mysql_real_escape_string(stripslashes($_POST['email']))."' and `deleted`=0 => requirements 1. users.deleted = 0 diff --git a/pages/account/49.php b/pages/account/49.php index 0218fa0..fed1cb9 100644 --- a/pages/account/49.php +++ b/pages/account/49.php @@ -19,7 +19,7 @@ $userid=0; if(array_key_exists('userid',$_GET)) $userid=intval($_GET['userid']); if($userid <= 0) { - $domainsearch = $domain = mysql_escape_string(stripslashes($_POST['domain'])); + $domainsearch = $domain = mysql_real_escape_string(stripslashes($_POST['domain'])); if(!strstr($domain, "%")) $domainsearch = "%$domain%"; if(preg_match("/^\d+$/",$domain)) diff --git a/pages/account/53.php b/pages/account/53.php index cc9e2d6..1ec04b2 100644 --- a/pages/account/53.php +++ b/pages/account/53.php @@ -16,7 +16,7 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ ?> <? - $town = array_key_exists('town',$_REQUEST)?mysql_escape_string(stripslashes($_REQUEST['town'])):""; + $town = array_key_exists('town',$_REQUEST)?mysql_real_escape_string(stripslashes($_REQUEST['town'])):""; $regid = array_key_exists('regid',$_REQUEST)?intval($_REQUEST['regid']):0; $ccid = array_key_exists('ccid',$_REQUEST)?intval($_REQUEST['ccid']):0; $start = array_key_exists('start',$_REQUEST)?intval($_REQUEST['start']):0; diff --git a/pages/account/54.php b/pages/account/54.php index 753b4af..35dce33 100644 --- a/pages/account/54.php +++ b/pages/account/54.php @@ -19,7 +19,7 @@ $ccid = array_key_exists('ccid',$_REQUEST)?intval($_REQUEST['ccid']):0; $regid = array_key_exists('regid',$_REQUEST)?intval($_REQUEST['regid']):0; $locid = array_key_exists('locid',$_REQUEST)?intval($_REQUEST['locid']):0; - $name = array_key_exists('name',$_REQUEST)?mysql_escape_string($_REQUEST['name']):""; + $name = array_key_exists('name',$_REQUEST)?mysql_real_escape_string($_REQUEST['name']):""; if($ccid > 0 && $_REQUEST['action'] == "add") { ?> <form method="post" action="account.php"> |