#20 Serious security issues in TCW

[Zeke Gilbert]

(New to creating these, I hope I got priority the right way around).

While testing and implementing TCW, I found several serious security issues.

First is that 0 SQL queries are being escaped. I resolved this by creating an "escape_string" function along the logic of other SQL functions, that uses the mysql_real_escape_string and the PG equivalent (I think, not familiar with pg).

Also, found that in some circumstances a not-logged-in-user could view pages inside the application. I investigated and found it had a UID of -1, so it wasn't being picked up by the logic to kick out not-logged-in-users. I changed it to check UID exists and is greater than 0, otherwise kicks back to login.

Patch attached, tcw/ contains original source, public_html/ contains my changes.

[Zeke Gilbert]

Patch probably introduces a bug, trying to determine best method to check a user exists before adding them, given the maze of logic in the adminactions.php file.