From db2d2d1f41ba372b825fd51ed65ed8c6f6fa4305 Mon Sep 17 00:00:00 2001
From: Remi Collet <fedora@famillecollet.com>
Date: Thu, 3 Dec 2015 17:33:05 +0100
Subject: add missing escape, thanks P.Allaert

---
 class/CommonTable.php | 18 +++++++++++++++---
 zoom.php              |  9 ++++++---
 2 files changed, 21 insertions(+), 6 deletions(-)

diff --git a/class/CommonTable.php b/class/CommonTable.php
index ab06cfd..d8852c7 100644
--- a/class/CommonTable.php
+++ b/class/CommonTable.php
@@ -56,6 +56,18 @@ abstract class CommonTable
         }
     }
 
+    /**
+     * Escape a string
+     *
+     * @param string $val    Value to be escaped
+     *
+     * @return string
+     */
+    function escape($val)
+    {
+        return $this->db->quote($val);
+    }
+
     /**
      * Check if the table already exists
      *
@@ -109,7 +121,7 @@ abstract class CommonTable
             } else if (is_numeric($value)) {
                 $val[] = $value;
             } else {
-                $val[] = "'".addslashes($value)."'";
+                $val[] = "'".$this->escape($value)."'";
             }
         }
         $sql = "INSERT INTO `".$this->table."` (".implode(',', $col).")
@@ -173,7 +185,7 @@ abstract class CommonTable
             } else if (is_numeric($value)) {
                 $sql .= '='.$value;
             } else {
-                $sql .= "='".addslashes($value)."'";
+                $sql .= "='".$this->escape($value)."'";
             }
 
             $link = "AND";
@@ -208,7 +220,7 @@ abstract class CommonTable
             } else if (is_numeric($value)) {
                 $sql .= $value;
             } else {
-                $sql .= "'".addslashes($value)."'";
+                $sql .= "'".$this->escape($value)."'";
             }
             $link = ',';
         }
diff --git a/zoom.php b/zoom.php
index 8e5dee6..699f22f 100644
--- a/zoom.php
+++ b/zoom.php
@@ -100,7 +100,7 @@ if ( !isset($name) || !$name ) {
             FROM rpm
             LEFT JOIN packagist ON (packagist.rpmname=rpm.name)
             INNER JOIN repo ON (repo.main=rpm.repo_main AND repo.sub=rpm.repo_sub)
-            WHERE rpm.name='$name'
+            WHERE rpm.name=" . $uptable->escape($name) . "
             ORDER BY repo.id DESC,
                   CAST(SUBSTRING_INDEX(rpm.ver,'.',1) AS SIGNED) DESC,
                   CAST(SUBSTRING_INDEX(SUBSTRING_INDEX(rpm.ver,'.',2),'.',-1) AS SIGNED) DESC,
@@ -112,9 +112,9 @@ if ( !isset($name) || !$name ) {
         $resrpm = $db->query($sql);
         $rpm = ($resrpm ? $resrpm->fetchObject() : false);
 
-        $up = $uptable->find(array('name'=>$name));
+        $up = $uptable->find(array('name' => $name));
 
-        $sql = "SELECT * FROM acls WHERE name = '$name'";
+        $sql = "SELECT * FROM acls WHERE name = " . $uptable->escape($name);
         $resown=$db->query($sql);
         $owner = ($resown ? $resown->fetchObject() : false);
 
@@ -125,6 +125,9 @@ if ( !isset($name) || !$name ) {
             $smarty->assign('page_title', 'Package: ' . $name);
         }
 
+        $summary = array();
+        $packages = array();
+        $fedpkg = false;
         if (!$rpm) {
             echo "<h1>$name not found</h1>\n";
         } else {
-- 
cgit