Menu
▾
▴
[phpBT-dev] CVS: phpbt/admin group.php,1.6,1.7 os.php,1.23,1.24 project.php,1.35,1.36 resolution.php,1.24,1.25 severity.php,1.20,1.21 status.php,1.24,1.25 user.php,1.42,1.43
|
From: Benjamin C. <bc...@us...> - 2002-03-30 19:28:17
|
Update of /cvsroot/phpbt/phpbt/admin
In directory usw-pr-cvs1:/tmp/cvs-serv2273/admin
Modified Files:
group.php os.php project.php resolution.php severity.php
status.php user.php
Log Message:
Strip slashes from magic_quotes_gpc and then use $db->quote(). Needs some testing
Index: group.php
===================================================================
RCS file: /cvsroot/phpbt/phpbt/admin/group.php,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- group.php 29 Mar 2002 18:25:37 -0000 1.6
+++ group.php 30 Mar 2002 19:12:28 -0000 1.7
@@ -51,11 +51,12 @@
if (!$groupid) {
$db->query("insert into ".TBL_AUTH_GROUP.
" (group_id, group_name, created_by, created_date, last_modified_by, last_modified_date)"
- ." values (".$db->nextId(TBL_AUTH_GROUP).", '$fname', $u, $now, $u, $now)");
+ ." values (".$db->nextId(TBL_AUTH_GROUP).", ".
+ $db->quote(stripslashes($fname)).", $u, $now, $u, $now)");
} else {
$db->query("update ".TBL_AUTH_GROUP.
- " set group_name = '$fname', last_modified_by = $u,
- last_modified_date = $now where group_id = '$groupid'");
+ " set group_name = ".$db->quote(stripslashes($fname)).
+ ", last_modified_by = $u, last_modified_date = $now where group_id = '$groupid'");
}
header("Location: $me?");
}
Index: os.php
===================================================================
RCS file: /cvsroot/phpbt/phpbt/admin/os.php,v
retrieving revision 1.23
retrieving revision 1.24
diff -u -r1.23 -r1.24
--- os.php 29 Mar 2002 18:25:38 -0000 1.23
+++ os.php 30 Mar 2002 19:12:28 -0000 1.24
@@ -53,9 +53,12 @@
if ($error) { list_items($osid, $error); return; }
if (!$osid) {
- $db->query("insert into ".TBL_OS." (os_id, os_name, regex, sort_order) values (".$db->nextId(TBL_OS).", '$fname', '$fregex', '$fsortorder')");
+ $db->query("insert into ".TBL_OS." (os_id, os_name, regex, sort_order) ".
+ "values (".$db->nextId(TBL_OS).", ".$db->quote(stripslashes($fname)).
+ ", '$fregex', '$fsortorder')");
} else {
- $db->query("update ".TBL_OS." set os_name = '$fname', regex = '$fregex', sort_order = '$fsortorder' where os_id = '$osid'");
+ $db->query("update ".TBL_OS." set os_name = ".$db->quote(stripslashes($fname)).
+ ", regex = '$fregex', sort_order = '$fsortorder' where os_id = '$osid'");
}
header("Location: $me?");
}
Index: project.php
===================================================================
RCS file: /cvsroot/phpbt/phpbt/admin/project.php,v
retrieving revision 1.35
retrieving revision 1.36
diff -u -r1.35 -r1.36
--- project.php 29 Mar 2002 18:25:38 -0000 1.35
+++ project.php 30 Mar 2002 19:12:29 -0000 1.36
@@ -39,11 +39,13 @@
if (!$versionid) {
$db->query('insert into '.TBL_VERSION
." (version_id, project_id, version_name, active, created_by, created_date)
- values (".$db->nextId(TBL_VERSION).", $projectid, '$vf_version', $vf_active, $u, $now)");
+ values (".$db->nextId(TBL_VERSION).", $projectid, ".
+ $db->quote(stripslashes($vf_version)).", $vf_active, $u, $now)");
} else {
$db->query('update '.TBL_VERSION
- ." set project_id = $projectid, version_name = '$vf_version',
- active = $vf_active where version_id = '$versionid'");
+ ." set project_id = $projectid, version_name = ".
+ $db->quote(stripslashes($vf_version)).
+ ", active = $vf_active where version_id = '$versionid'");
}
header("Location: project.php?op=edit&id=$projectid");
}
@@ -112,13 +114,16 @@
$db->query('insert into '.TBL_COMPONENT
." (component_id, project_id, component_name, component_desc, owner,
active, created_by, created_date, last_modified_by, last_modified_date)
- values (".$db->nextId(TBL_COMPONENT).", $projectid, '$cf_name',
- '$cf_description', $cf_owner, $cf_active, $u, $now, $u, $now)");
+ values (".$db->nextId(TBL_COMPONENT).", $projectid, ".
+ $db->quote(stripslashes($cf_name)).", ".
+ $db->quote(stripslashes($cf_description)).
+ ", $cf_owner, $cf_active, $u, $now, $u, $now)");
} else {
$db->query('update '.TBL_COMPONENT
- ." set component_name = '$cf_name', component_desc = '$cf_description',
- owner = $cf_owner, active = $cf_active, last_modified_by = $u,
- last_modified_date = $now where component_id = '$componentid'");
+ ." set component_name = ".$db->quote(stripslashes($cf_name)).
+ ', component_desc = '.$db->quote(stripslashes($cf_description)).
+ ", owner = $cf_owner, active = $cf_active, last_modified_by = $u, ".
+ "last_modified_date = $now where component_id = $componentid");
}
header("Location: project.php?op=edit&id=$projectid");
}
@@ -209,19 +214,24 @@
$projectid = $db->nextId(TBL_PROJECT);
$db->query('insert into '.TBL_PROJECT
." (project_id, project_name, project_desc, active, created_by, created_date)
- values ($projectid , '$name', '$description', $active, $u, $now)");
+ values ($projectid , ".$db->quote(stripslashes($name)).", ".
+ $db->quote(stripslashes($description)).", $active, $u, $now)");
$db->query('insert into '.TBL_VERSION
." (version_id, project_id, version_name, active, created_by, created_date)
- values (".$db->nextId(TBL_VERSION).", $projectid, '$vf_version', 1, $u, $now)");
+ values (".$db->nextId(TBL_VERSION).", $projectid, ".
+ $db->quote(stripslashes($vf_version)).", 1, $u, $now)");
$db->query('insert into '.TBL_COMPONENT
." (component_id, project_id, component_name, component_desc, owner,
active, created_by, created_date, last_modified_by, last_modified_date)
- values (".$db->nextId(TBL_COMPONENT).", $projectid, '$cf_name',
- '$cf_description', $cf_owner, 1, $u, $now, $u, $now)");
+ values (".$db->nextId(TBL_COMPONENT).", $projectid, ".
+ $db->quote(stripslashes($cf_name)).", ".
+ $db->quote(stripslashes($cf_description)).
+ ", $cf_owner, 1, $u, $now, $u, $now)");
} else {
$db->query('update '.TBL_PROJECT
- ." set project_name = '$name', project_desc = '$description',
- active = $active where project_id = $projectid");
+ ." set project_name = ".$db->quote(stripslashes($name)).
+ ", project_desc = ".$db->quote(stripslashes($description)).
+ ", active = $active where project_id = $projectid");
}
// Handle project -> group relationship
Index: resolution.php
===================================================================
RCS file: /cvsroot/phpbt/phpbt/admin/resolution.php,v
retrieving revision 1.24
retrieving revision 1.25
diff -u -r1.24 -r1.25
--- resolution.php 29 Mar 2002 18:25:38 -0000 1.24
+++ resolution.php 30 Mar 2002 19:12:30 -0000 1.25
@@ -57,11 +57,14 @@
if (!$resolutionid) {
$db->query("insert into ".TBL_RESOLUTION.
" (resolution_id, resolution_name, resolution_desc, sort_order)"
- ." values (".$db->nextId(TBL_RESOLUTION).", '$fname', '$fdescription', '$fsortorder')");
+ ." values (".$db->nextId(TBL_RESOLUTION).", ".
+ $db->quote(stripslashes($fname)).', '.
+ $db->quote(stripslashes($fdescription)).', '.$fsortorder.')');
} else {
$db->query("update ".TBL_RESOLUTION.
- " set resolution_name = '$fname', resolution_desc = '$fdescription',
- sort_order = '$fsortorder' where resolution_id = '$resolutionid'");
+ ' set resolution_name = '.$db->quote(stripslashes($fname)).
+ ', resolution_desc = '.$db->quote(stripslashes($fdescription)).
+ ", sort_order = $fsortorder where resolution_id = $resolutionid");
}
header("Location: $me?");
}
Index: severity.php
===================================================================
RCS file: /cvsroot/phpbt/phpbt/admin/severity.php,v
retrieving revision 1.20
retrieving revision 1.21
diff -u -r1.20 -r1.21
--- severity.php 29 Mar 2002 18:25:38 -0000 1.20
+++ severity.php 30 Mar 2002 19:12:30 -0000 1.21
@@ -57,11 +57,16 @@
if (!$severityid) {
$db->query("insert into ".TBL_SEVERITY.
" (severity_id, severity_name, severity_desc, sort_order, severity_color)
- values (".$db->nextId(TBL_SEVERITY).", '$fname', '$fdescription', '$fsortorder', '$fcolor')");
+ values (".$db->nextId(TBL_SEVERITY).', '.
+ $db->quote(stripslashes($fname)).', '.
+ $db->quote(stripslashes($fdescription)).", $fsortorder, ".
+ $db->quote(stripslashes($fcolor)).')');
} else {
- $db->query("update ".TBL_SEVERITY." set severity_name = '$fname',
- severity_desc = '$fdescription', sort_order = '$fsortorder',
- severity_color = '$fcolor' where severity_id = '$severityid'");
+ $db->query("update ".TBL_SEVERITY.
+ " set severity_name = ".$db->quote(stripslashes($fname)).
+ ', severity_desc = '.$db->quote(stripslashes($fdescription)).
+ ", sort_order = $fsortorder, severity_color = ".
+ $db->quote(stripslashes($fcolor))." where severity_id = $severityid");
}
header("Location: $me?");
}
Index: status.php
===================================================================
RCS file: /cvsroot/phpbt/phpbt/admin/status.php,v
retrieving revision 1.24
retrieving revision 1.25
diff -u -r1.24 -r1.25
--- status.php 29 Mar 2002 18:25:38 -0000 1.24
+++ status.php 30 Mar 2002 19:12:30 -0000 1.25
@@ -57,11 +57,14 @@
if (!$statusid) {
$db->query("insert into ".TBL_STATUS.
" (status_id, status_name, status_desc, sort_order) values (".
- $db->nextId(TBL_STATUS).", '$fname', '$fdescription', '$fsortorder')");
+ $db->nextId(TBL_STATUS).', '.
+ $db->quote(stripslashes($fname)).', '.
+ $db->quote(stripslashes($fdescription)).", '$fsortorder')");
} else {
$db->query("update ".TBL_STATUS.
- " set status_name = '$fname', status_desc = '$fdescription',
- sort_order = '$fsortorder' where status_id = '$statusid'");
+ " set status_name = ".$db->quote(stripslashes($fname)).
+ ', status_desc = '.$db->quote(stripslashes($fdescription)).
+ ", sort_order = $fsortorder where status_id = $statusid");
}
header("Location: $me?");
}
Index: user.php
===================================================================
RCS file: /cvsroot/phpbt/phpbt/admin/user.php,v
retrieving revision 1.42
retrieving revision 1.43
diff -u -r1.42 -r1.43
--- user.php 29 Mar 2002 18:25:38 -0000 1.42
+++ user.php 30 Mar 2002 19:12:30 -0000 1.43
@@ -50,15 +50,17 @@
}
if (!$userid) {
- if (ENCRYPT_PASS) $mpassword = md5($_pv['fpassword']);
- else $mpassword = $_pv['fpassword'];
+ if (ENCRYPT_PASS) $mpassword = $db->quote(md5($_pv['fpassword']));
+ else $mpassword = $db->quote(stripslashes($_pv['fpassword']));
$new_user_id = $db->nextId(TBL_AUTH_USER);
$db->query('insert into '.TBL_AUTH_USER
." (user_id, first_name, last_name, login, email, password, active,
created_by, created_date, last_modified_by, last_modified_date)
- values ($new_user_id, '{$_pv['ffirstname']}', '{$_pv['flastname']}',
- '$login', '{$_pv['femail']}', '$mpassword', {$_pv['factive']}, $u, $now,
- $u, $now)");
+ values (".join(', ', array($new_user_id,
+ $db->quote(stripslashes($_pv['ffirstname'])),
+ $db->quote(stripslashes($_pv['flastname'])),
+ $db->quote(stripslashes($login)), $_pv['femail'], $mpassword,
+ $_pv['factive'], $u, $now, $u, $now)).')');
// Add to the selected groups
if (isset($_pv['fusergroup']) and is_array($_pv['fusergroup']) and
$_pv['fusergroup'][0]) {
@@ -83,12 +85,14 @@
$pquery = '';
}
} else {
- $pquery = "password = '{$_pv['fpassword']}',";
+ $pquery = "password = ".$db->quote(stripslashes($_pv['fpassword'])).",";
}
- $db->query("update ".TBL_AUTH_USER." set first_name = '{$_pv['ffirstname']}',
- last_name = '{$_pv['flastname']}', login = '$login',
- email = '{$_pv['femail']}', $pquery active = {$_pv['factive']}
- where user_id = '$userid'");
+ $db->query("update ".TBL_AUTH_USER.
+ " set first_name = ".$db->quote(stripslashes($_pv['ffirstname'])).
+ ", last_name = ".$db->quote(stripslashes($_pv['flastname'])).
+ ", login = ".$db->quote(stripslashes($login)).
+ ", email = '{$_pv['femail']}', $pquery active = {$_pv['factive']} ".
+ "where user_id = '$userid'");
// Update group memberships
// Get user's groups (without dropping the user group)
|
