summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRemi Collet <fedora@famillecollet.com>2015-12-03 17:33:05 +0100
committerRemi Collet <fedora@famillecollet.com>2015-12-03 17:33:05 +0100
commitdb2d2d1f41ba372b825fd51ed65ed8c6f6fa4305 (patch)
tree13321c9395369e3baa5657c26376fcb5de580521
parent46bc8623ddd543d750922df97c7c6428d5ce15a9 (diff)
add missing escape, thanks P.Allaert
-rw-r--r--class/CommonTable.php18
-rw-r--r--zoom.php9
2 files changed, 21 insertions, 6 deletions
diff --git a/class/CommonTable.php b/class/CommonTable.php
index ab06cfd..d8852c7 100644
--- a/class/CommonTable.php
+++ b/class/CommonTable.php
@@ -57,6 +57,18 @@ abstract class CommonTable
}
/**
+ * Escape a string
+ *
+ * @param string $val Value to be escaped
+ *
+ * @return string
+ */
+ function escape($val)
+ {
+ return $this->db->quote($val);
+ }
+
+ /**
* Check if the table already exists
*
* @param string $table with table name
@@ -109,7 +121,7 @@ abstract class CommonTable
} else if (is_numeric($value)) {
$val[] = $value;
} else {
- $val[] = "'".addslashes($value)."'";
+ $val[] = "'".$this->escape($value)."'";
}
}
$sql = "INSERT INTO `".$this->table."` (".implode(',', $col).")
@@ -173,7 +185,7 @@ abstract class CommonTable
} else if (is_numeric($value)) {
$sql .= '='.$value;
} else {
- $sql .= "='".addslashes($value)."'";
+ $sql .= "='".$this->escape($value)."'";
}
$link = "AND";
@@ -208,7 +220,7 @@ abstract class CommonTable
} else if (is_numeric($value)) {
$sql .= $value;
} else {
- $sql .= "'".addslashes($value)."'";
+ $sql .= "'".$this->escape($value)."'";
}
$link = ',';
}
diff --git a/zoom.php b/zoom.php
index 8e5dee6..699f22f 100644
--- a/zoom.php
+++ b/zoom.php
@@ -100,7 +100,7 @@ if ( !isset($name) || !$name ) {
FROM rpm
LEFT JOIN packagist ON (packagist.rpmname=rpm.name)
INNER JOIN repo ON (repo.main=rpm.repo_main AND repo.sub=rpm.repo_sub)
- WHERE rpm.name='$name'
+ WHERE rpm.name=" . $uptable->escape($name) . "
ORDER BY repo.id DESC,
CAST(SUBSTRING_INDEX(rpm.ver,'.',1) AS SIGNED) DESC,
CAST(SUBSTRING_INDEX(SUBSTRING_INDEX(rpm.ver,'.',2),'.',-1) AS SIGNED) DESC,
@@ -112,9 +112,9 @@ if ( !isset($name) || !$name ) {
$resrpm = $db->query($sql);
$rpm = ($resrpm ? $resrpm->fetchObject() : false);
- $up = $uptable->find(array('name'=>$name));
+ $up = $uptable->find(array('name' => $name));
- $sql = "SELECT * FROM acls WHERE name = '$name'";
+ $sql = "SELECT * FROM acls WHERE name = " . $uptable->escape($name);
$resown=$db->query($sql);
$owner = ($resown ? $resown->fetchObject() : false);
@@ -125,6 +125,9 @@ if ( !isset($name) || !$name ) {
$smarty->assign('page_title', 'Package: ' . $name);
}
+ $summary = array();
+ $packages = array();
+ $fedpkg = false;
if (!$rpm) {
echo "<h1>$name not found</h1>\n";
} else {