From db2d2d1f41ba372b825fd51ed65ed8c6f6fa4305 Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Thu, 3 Dec 2015 17:33:05 +0100 Subject: add missing escape, thanks P.Allaert --- class/CommonTable.php | 18 +++++++++++++++--- zoom.php | 9 ++++++--- 2 files changed, 21 insertions(+), 6 deletions(-) diff --git a/class/CommonTable.php b/class/CommonTable.php index ab06cfd..d8852c7 100644 --- a/class/CommonTable.php +++ b/class/CommonTable.php @@ -56,6 +56,18 @@ abstract class CommonTable } } + /** + * Escape a string + * + * @param string $val Value to be escaped + * + * @return string + */ + function escape($val) + { + return $this->db->quote($val); + } + /** * Check if the table already exists * @@ -109,7 +121,7 @@ abstract class CommonTable } else if (is_numeric($value)) { $val[] = $value; } else { - $val[] = "'".addslashes($value)."'"; + $val[] = "'".$this->escape($value)."'"; } } $sql = "INSERT INTO `".$this->table."` (".implode(',', $col).") @@ -173,7 +185,7 @@ abstract class CommonTable } else if (is_numeric($value)) { $sql .= '='.$value; } else { - $sql .= "='".addslashes($value)."'"; + $sql .= "='".$this->escape($value)."'"; } $link = "AND"; @@ -208,7 +220,7 @@ abstract class CommonTable } else if (is_numeric($value)) { $sql .= $value; } else { - $sql .= "'".addslashes($value)."'"; + $sql .= "'".$this->escape($value)."'"; } $link = ','; } diff --git a/zoom.php b/zoom.php index 8e5dee6..699f22f 100644 --- a/zoom.php +++ b/zoom.php @@ -100,7 +100,7 @@ if ( !isset($name) || !$name ) { FROM rpm LEFT JOIN packagist ON (packagist.rpmname=rpm.name) INNER JOIN repo ON (repo.main=rpm.repo_main AND repo.sub=rpm.repo_sub) - WHERE rpm.name='$name' + WHERE rpm.name=" . $uptable->escape($name) . " ORDER BY repo.id DESC, CAST(SUBSTRING_INDEX(rpm.ver,'.',1) AS SIGNED) DESC, CAST(SUBSTRING_INDEX(SUBSTRING_INDEX(rpm.ver,'.',2),'.',-1) AS SIGNED) DESC, @@ -112,9 +112,9 @@ if ( !isset($name) || !$name ) { $resrpm = $db->query($sql); $rpm = ($resrpm ? $resrpm->fetchObject() : false); - $up = $uptable->find(array('name'=>$name)); + $up = $uptable->find(array('name' => $name)); - $sql = "SELECT * FROM acls WHERE name = '$name'"; + $sql = "SELECT * FROM acls WHERE name = " . $uptable->escape($name); $resown=$db->query($sql); $owner = ($resown ? $resown->fetchObject() : false); @@ -125,6 +125,9 @@ if ( !isset($name) || !$name ) { $smarty->assign('page_title', 'Package: ' . $name); } + $summary = array(); + $packages = array(); + $fedpkg = false; if (!$rpm) { echo "

$name not found

\n"; } else { -- cgit