diff options
author | Remi Collet <fedora@famillecollet.com> | 2015-12-03 17:33:05 +0100 |
---|---|---|
committer | Remi Collet <fedora@famillecollet.com> | 2015-12-03 17:33:05 +0100 |
commit | db2d2d1f41ba372b825fd51ed65ed8c6f6fa4305 (patch) | |
tree | 13321c9395369e3baa5657c26376fcb5de580521 | |
parent | 46bc8623ddd543d750922df97c7c6428d5ce15a9 (diff) |
add missing escape, thanks P.Allaert
-rw-r--r-- | class/CommonTable.php | 18 | ||||
-rw-r--r-- | zoom.php | 9 |
2 files changed, 21 insertions, 6 deletions
diff --git a/class/CommonTable.php b/class/CommonTable.php index ab06cfd..d8852c7 100644 --- a/class/CommonTable.php +++ b/class/CommonTable.php @@ -57,6 +57,18 @@ abstract class CommonTable } /** + * Escape a string + * + * @param string $val Value to be escaped + * + * @return string + */ + function escape($val) + { + return $this->db->quote($val); + } + + /** * Check if the table already exists * * @param string $table with table name @@ -109,7 +121,7 @@ abstract class CommonTable } else if (is_numeric($value)) { $val[] = $value; } else { - $val[] = "'".addslashes($value)."'"; + $val[] = "'".$this->escape($value)."'"; } } $sql = "INSERT INTO `".$this->table."` (".implode(',', $col).") @@ -173,7 +185,7 @@ abstract class CommonTable } else if (is_numeric($value)) { $sql .= '='.$value; } else { - $sql .= "='".addslashes($value)."'"; + $sql .= "='".$this->escape($value)."'"; } $link = "AND"; @@ -208,7 +220,7 @@ abstract class CommonTable } else if (is_numeric($value)) { $sql .= $value; } else { - $sql .= "'".addslashes($value)."'"; + $sql .= "'".$this->escape($value)."'"; } $link = ','; } @@ -100,7 +100,7 @@ if ( !isset($name) || !$name ) { FROM rpm LEFT JOIN packagist ON (packagist.rpmname=rpm.name) INNER JOIN repo ON (repo.main=rpm.repo_main AND repo.sub=rpm.repo_sub) - WHERE rpm.name='$name' + WHERE rpm.name=" . $uptable->escape($name) . " ORDER BY repo.id DESC, CAST(SUBSTRING_INDEX(rpm.ver,'.',1) AS SIGNED) DESC, CAST(SUBSTRING_INDEX(SUBSTRING_INDEX(rpm.ver,'.',2),'.',-1) AS SIGNED) DESC, @@ -112,9 +112,9 @@ if ( !isset($name) || !$name ) { $resrpm = $db->query($sql); $rpm = ($resrpm ? $resrpm->fetchObject() : false); - $up = $uptable->find(array('name'=>$name)); + $up = $uptable->find(array('name' => $name)); - $sql = "SELECT * FROM acls WHERE name = '$name'"; + $sql = "SELECT * FROM acls WHERE name = " . $uptable->escape($name); $resown=$db->query($sql); $owner = ($resown ? $resown->fetchObject() : false); @@ -125,6 +125,9 @@ if ( !isset($name) || !$name ) { $smarty->assign('page_title', 'Package: ' . $name); } + $summary = array(); + $packages = array(); + $fedpkg = false; if (!$rpm) { echo "<h1>$name not found</h1>\n"; } else { |