Merge branch 'bug-1162' into testserver-stable

Conflicts: www/wot.php
author: Benny Baumann <BenBE@geshi.org> 2013-06-11 22:33:34 +0200
committer: Benny Baumann <BenBE@geshi.org> 2013-06-11 22:33:34 +0200
commit: 216271b2501cba5ac2724c56588fa62c725d1d69 (patch)
tree: 92ac053ba899c2195f411eff5bd8d01cb869c337 /pages/account
parent: 0913b852c9e7a335cc2700f6f7d573565218c9dc (diff)
parent: f0318d79dbc69e444fee4c085cdb3ee152318e1c (diff)
download: cacert-devel-216271b2501cba5ac2724c56588fa62c725d1d69.tar.gz
cacert-devel-216271b2501cba5ac2724c56588fa62c725d1d69.tar.xz
cacert-devel-216271b2501cba5ac2724c56588fa62c725d1d69.zip
5 files changed, 8 insertions, 8 deletions
diff --git a/pages/account/41.php b/pages/account/41.php
index d61d8db..f644025 100644
--- a/pages/account/41.php
+++ b/pages/account/41.php
@@ -57,7 +57,7 @@ require_once($_SESSION['_config']['filepath'].'/includes/lib/l10n.php');
 	$res = mysql_query($query);
 	while($row = mysql_fetch_assoc($res))
 	{
-		$lang = mysql_fetch_assoc(mysql_query("select * from `languages` where `locale`='".mysql_escape_string($row['lang'])."'"));
+		$lang = mysql_fetch_assoc(mysql_query("select * from `languages` where `locale`='".mysql_real_escape_string($row['lang'])."'"));
 ?>
   <tr>
     <td class="DataTD"><?=_("Additional Language")?>:</td>
diff --git a/pages/account/43.php b/pages/account/43.php
index eb18926..94dfde6 100644
--- a/pages/account/43.php
+++ b/pages/account/43.php
@@ -21,7 +21,7 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
 
   if(array_key_exists('assurance',$_REQUEST) && $_REQUEST['assurance'] > 0)
   {
-    $assurance = mysql_escape_string(intval($_REQUEST['assurance']));
+    $assurance = mysql_real_escape_string(intval($_REQUEST['assurance']));
     $row = 0;
     $res = mysql_query("select `to` from `notary` where `id`='$assurance'");
     if ($res) {
@@ -35,7 +35,7 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
 
   if(intval(array_key_exists('userid',$_REQUEST)?$_REQUEST['userid']:0) <= 0)
   {
-    $emailsearch = $email = mysql_escape_string(stripslashes($_REQUEST['email']));
+    $emailsearch = $email = mysql_real_escape_string(stripslashes($_REQUEST['email']));
 
     //Disabled to speed up the queries
     //if(!strstr($email, "%"))
@@ -300,7 +300,7 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
 </table>
 <br><?
   $query = "select * from `email` where `memid`='".intval($row['id'])."' and `deleted`=0 and `hash`=''
-      and `email`!='".mysql_escape_string($row['email'])."'";
+      and `email`!='".mysql_real_escape_string($row['email'])."'";
   $dres = mysql_query($query);
   if(mysql_num_rows($dres) > 0) { ?>
 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
@@ -377,7 +377,7 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
        4. users.email = primary-email
 
     --- Assurer, assure someone find user query
-    select * from `users` where `email`='".mysql_escape_string(stripslashes($_POST['email']))."'
+    select * from `users` where `email`='".mysql_real_escape_string(stripslashes($_POST['email']))."'
            and `deleted`=0
 		=> requirements
        1. users.deleted = 0
diff --git a/pages/account/49.php b/pages/account/49.php
index 0218fa0..fed1cb9 100644
--- a/pages/account/49.php
+++ b/pages/account/49.php
@@ -19,7 +19,7 @@
 	$userid=0; if(array_key_exists('userid',$_GET)) $userid=intval($_GET['userid']);
 	if($userid <= 0)
 	{
-		$domainsearch = $domain = mysql_escape_string(stripslashes($_POST['domain']));
+		$domainsearch = $domain = mysql_real_escape_string(stripslashes($_POST['domain']));
 		if(!strstr($domain, "%"))
 			$domainsearch = "%$domain%";
 		if(preg_match("/^\d+$/",$domain))
diff --git a/pages/account/53.php b/pages/account/53.php
index cc9e2d6..1ec04b2 100644
--- a/pages/account/53.php
+++ b/pages/account/53.php
@@ -16,7 +16,7 @@
     Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
 */ ?>
 <?
-	$town = array_key_exists('town',$_REQUEST)?mysql_escape_string(stripslashes($_REQUEST['town'])):"";
+	$town = array_key_exists('town',$_REQUEST)?mysql_real_escape_string(stripslashes($_REQUEST['town'])):"";
 	$regid = array_key_exists('regid',$_REQUEST)?intval($_REQUEST['regid']):0;
 	$ccid = array_key_exists('ccid',$_REQUEST)?intval($_REQUEST['ccid']):0;
 	$start = array_key_exists('start',$_REQUEST)?intval($_REQUEST['start']):0;
diff --git a/pages/account/54.php b/pages/account/54.php
index 753b4af..35dce33 100644
--- a/pages/account/54.php
+++ b/pages/account/54.php
@@ -19,7 +19,7 @@
 	$ccid = array_key_exists('ccid',$_REQUEST)?intval($_REQUEST['ccid']):0;
 	$regid = array_key_exists('regid',$_REQUEST)?intval($_REQUEST['regid']):0;
 	$locid = array_key_exists('locid',$_REQUEST)?intval($_REQUEST['locid']):0;
-	$name = array_key_exists('name',$_REQUEST)?mysql_escape_string($_REQUEST['name']):"";
+	$name = array_key_exists('name',$_REQUEST)?mysql_real_escape_string($_REQUEST['name']):"";
 
 	if($ccid > 0 && $_REQUEST['action'] == "add") { ?>
 <form method="post" action="account.php">
author	Benny Baumann <BenBE@geshi.org>	2013-06-11 22:33:34 +0200
committer	Benny Baumann <BenBE@geshi.org>	2013-06-11 22:33:34 +0200
commit	216271b2501cba5ac2724c56588fa62c725d1d69 (patch)
tree	92ac053ba899c2195f411eff5bd8d01cb869c337 /pages/account
parent	0913b852c9e7a335cc2700f6f7d573565218c9dc (diff)
parent	f0318d79dbc69e444fee4c085cdb3ee152318e1c (diff)
download	cacert-devel-216271b2501cba5ac2724c56588fa62c725d1d69.tar.gz cacert-devel-216271b2501cba5ac2724c56588fa62c725d1d69.tar.xz cacert-devel-216271b2501cba5ac2724c56588fa62c725d1d69.zip