[phpBT-dev] CVS: phpbt attachment.php,1.13,1.14 bug.php,1.90,1.91 newaccount.php,1.25,1.26 query.php,1.65,1.66

[Benjamin C. <bc...@us...>]

Update of /cvsroot/phpbt/phpbt
In directory usw-pr-cvs1:/tmp/cvs-serv2273

Modified Files:
	attachment.php bug.php newaccount.php query.php 
Log Message:
Strip slashes from magic_quotes_gpc and then use $db->quote().  Needs some testing

Index: attachment.php
===================================================================
RCS file: /cvsroot/phpbt/phpbt/attachment.php,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -r1.13 -r1.14
--- attachment.php	17 Mar 2002 01:44:24 -0000	1.13
+++ attachment.php	30 Mar 2002 19:12:26 -0000	1.14
@@ -117,10 +117,11 @@
 	@chmod("$filepath/$projectid/$filename", 0766);
 	$db->query("insert into ".TBL_ATTACHMENT." (attachment_id, bug_id, file_name, ".
 		"description, file_size, mime_type, created_by, created_date) values (".
-		$db->nextId(TBL_ATTACHMENT).", $bugid, ".
-		"'{$HTTP_POST_FILES['attachment']['name']}', '$description', ".
-		"{$HTTP_POST_FILES['attachment']['size']}, ".
-		"'{$HTTP_POST_FILES['attachment']['type']}', $u, $now)");
+		join(', ', array($db->nextId(TBL_ATTACHMENT), $bugid,
+			$HTTP_POST_FILES['attachment']['name'], 
+			$db->quote(stripslashes($description)), 
+			$HTTP_POST_FILES['attachment']['size'], 
+			$HTTP_POST_FILES['attachment']['type'], $u, $now)).")");
 	$t->set_file('content', 'bugattachmentsuccess.html');
 	$t->set_var('bugid', $bugid);
 }

Index: bug.php
===================================================================
RCS file: /cvsroot/phpbt/phpbt/bug.php,v
retrieving revision 1.90
retrieving revision 1.91
diff -u -r1.90 -r1.91
--- bug.php	29 Mar 2002 18:25:37 -0000	1.90
+++ bug.php	30 Mar 2002 19:12:27 -0000	1.91
@@ -164,10 +164,10 @@
   foreach(array('title','url') as $field) {
     if (isset($cf[$field])) {
       $db->query('insert into '.TBL_BUG_HISTORY
-         .' (bug_id, changed_field, old_value, new_value, created_by, created_date)'
-         ." values ({$buginfo['bug_id']}, '$field', '"
-         .addslashes($buginfo[$field])."', '".addslashes($cf[$field])
-         ."', $u, $now)");
+      	.' (bug_id, changed_field, old_value, new_value, created_by, created_date)'
+        ." values (". join(', ', array($buginfo['bug_id'], $db->quote($field), 
+					$db->quote(stripslashes($buginfo[$field])), 
+					$db->quote(stripslashes($cf[$field])), $u, $now)).")");
       $t->set_var(array(
         $field => stripslashes($cf[$field]),
         $field.'_stat' => '!'
@@ -199,8 +199,9 @@
         ." where ${field}_id = {$cf[$field.'_id']}");
       $db->query('insert into '.TBL_BUG_HISTORY
         .' (bug_id, changed_field, old_value, new_value, created_by, created_date)'
-        ." values ({$buginfo['bug_id']}, '$field', '".addslashes($oldvalue).
-				"', '".addslashes($newvalue)."', $u, $now)");
+        ." values (". join(', ', array($buginfo['bug_id'], $db->quote($field), 
+					$db->quote(stripslashes($oldvalue)), 
+					$db->quote(stripslashes($newvalue)), $u, $now)).")");
       $t->set_var(array(
         $field.'_id' => stripslashes($newvalue),
         $field.'_id_stat' => '!'
@@ -463,7 +464,8 @@
   if ($comments) {
     //$comments = strip_tags($comments); -- Uncomment this if you want no <> content in the comments
     $db->query("insert into ".TBL_COMMENT." (comment_id, bug_id, comment_text, created_by, created_date)"
-    	." values (".$db->nextId(TBL_COMMENT).", $bugid, '$comments', $u, $now)");
+    	." values (".$db->nextId(TBL_COMMENT).", $bugid, ".
+			$db->quote(stripslashes($comments)).", $u, $now)");
   }
 
 	// Allow for removing of some items from the bug page
@@ -471,7 +473,15 @@
 	$os_id = $os_id ? $os_id : 0;
 	$severity_id = $severity_id ? $severity_id : 0;
 	
-  $db->query("update ".TBL_BUG." set title = '$title', url = '$url', severity_id = $severity_id, priority = $priority, ".(isset($status_id) ? "status_id = $status_id, " : ''). ($changeresolution ? "resolution_id = $resolution_id, " : ''). (isset($assignedto) ? "assigned_to = $assignedto, " : '')." project_id = $project_id, version_id = $version_id, component_id = $component_id, os_id = $os_id, last_modified_by = $u, last_modified_date = $now where bug_id = $bugid");
+  $db->query("update ".TBL_BUG." set title = ".$db->quote(stripslashes($title)).
+		', url = '.$db->quote(stripslashes($url)).", severity_id = $severity_id, ".
+		"priority = $priority, ".
+		(isset($status_id) ? "status_id = $status_id, " : '').
+		($changeresolution ? "resolution_id = $resolution_id, " : '').
+		(isset($assignedto) ? "assigned_to = $assignedto, " : ' ').
+		"project_id = $project_id, version_id = $version_id, ".
+		"component_id = $component_id, os_id = $os_id, last_modified_by = $u, ".
+		"last_modified_date = $now where bug_id = $bugid");
 
   if (count($changedfields) or !empty($comments)) {
     do_changedfields($u, $buginfo, $changedfields, $comments);
@@ -519,14 +529,26 @@
     $db->query("insert into ".TBL_BUG." (bug_id, title, description, url, 
 			severity_id, priority, status_id, assigned_to, created_by, created_date, 
 			last_modified_by, last_modified_date, project_id, version_id, 
-			component_id, os_id, browser_string) values ($bugid, '$title', 
-			'$description', '$url', $severity, $priority, $status, $owner, $u, 
-			$now, $u, $now, $project, $version, $component, '$os', 
-			'{$HTTP_SERVER_VARS['HTTP_USER_AGENT']}')");
+			component_id, os_id, browser_string) values ($bugid, ".
+			join(', ', array($db->quote(stripslashes($title)), 
+				$db->quote(stripslashes($description)), 
+				$db->quote(stripslashes($url)))).
+			", $severity, $priority, $status, $owner, $u, $now, $u, $now, $project, ".
+			"$version, $component, $os, '{$HTTP_SERVER_VARS['HTTP_USER_AGENT']}')");
 		$buginfo = $db->getRow('select * from '.TBL_BUG." where bug_id = $bugid");
 		do_changedfields($u, $buginfo);
   } else {
-    $db->query("update ".TBL_BUG." set title = '$title', description = '$description', url = '$url', severity_id = '$severity', priority = '$priority', status_id = $status, assigned_to = '$assignedto', project_id = $project, version_id = $version, component_id = $component, os_id = '$os', browser_string = '{$GLOBALS['HTTP_USER_AGENT']}' last_modified_by = $u, last_modified_date = $time where bug_id = '$bugid'");
+    $db->query("update ".TBL_BUG.
+			" set title = ".$db->quote(stripslashes($title)).
+			", description = ".$db->quote(stripslashes($description)).
+			", url = ".$db->quote(stripslashes($url)).
+			", severity_id = '$severity', priority = '$priority', ".
+			"status_id = $status, assigned_to = '$assignedto', ".
+			"project_id = $project, version_id = $version, ".
+			"component_id = $component, os_id = '$os', ".
+			"browser_string = '{$GLOBALS['HTTP_USER_AGENT']}' ".
+			"last_modified_by = $u, last_modified_date = $time ".
+			"where bug_id = '$bugid'");
   }
   if (isset($another)) header("Location: $me?op=add&project=$project");
   else header("Location: query.php");

Index: newaccount.php
===================================================================
RCS file: /cvsroot/phpbt/phpbt/newaccount.php,v
retrieving revision 1.25
retrieving revision 1.26
diff -u -r1.25 -r1.26
--- newaccount.php	28 Mar 2002 22:14:44 -0000	1.25
+++ newaccount.php	30 Mar 2002 19:12:27 -0000	1.26
@@ -49,9 +49,9 @@
 	$lastname = htmlspecialchars($_pv['lastname']);
 	$password = genpassword(10);
 	if (ENCRYPT_PASS) {
-		$mpassword = md5($password);
+		$mpassword = $db->quote(md5($password));
 	} else {
-		$mpassword = $password;
+		$mpassword = $db->quote(stripslashes($password));
 	}
 	if (EMAIL_IS_LOGIN) {
 		$login = $_pv['email'];
@@ -60,7 +60,10 @@
 	}
 	$user_id = $db->nextId(TBL_AUTH_USER);
 	$db->query("insert into ".TBL_AUTH_USER." (user_id, login, first_name, last_name, email, password, active, created_date, last_modified_date)"
-	         ." values ($user_id, '$login', '$firstname', '$lastname', '{$_pv['email']}', '$mpassword', 1, $now, $now)");
+		." values (".join(', ', array($user_id, $db->quote(stripslashes($login)), 
+			$db->quote(stripslashes($firstname)), 
+			$db->quote(stripslashes($lastname)), $_pv['email'], $mpassword, 1, 
+			$now, $now)).")");
 	$db->query("insert into ".TBL_USER_GROUP.
 		" (user_id, group_id, created_by, created_date)
 	  select $user_id, group_id, 0, $now from ".TBL_AUTH_GROUP.

Index: query.php
===================================================================
RCS file: /cvsroot/phpbt/phpbt/query.php,v
retrieving revision 1.65
retrieving revision 1.66
diff -u -r1.65 -r1.66
--- query.php	29 Mar 2002 18:25:37 -0000	1.65
+++ query.php	30 Mar 2002 19:12:27 -0000	1.66
@@ -174,7 +174,9 @@
 		$nextid = $nextid ? $nextid : 1;
 		$db->query("insert into ".TBL_SAVED_QUERY.
 			" (saved_query_id, user_id, saved_query_name, saved_query_string) 
-			values ($nextid, $u, '$savedqueryname', '$savedquerystring')");
+			values (".join(', ', array($nextid, $u, 
+				$db->quote(stripslashes($savedqueryname)), 
+				$db->quote(stripslashes($savedquerystring)))).")");
 	}
 	if (!isset($order)) { 
 		if (isset($HTTP_SESSION_VARS['queryinfo']['order'])) {