GNUsocial/gnu-social
4
0
Fork 1
Code Issues Releases Wiki Activity

Ticket #2797: replace addslashes() with explicit escape calls on the DB objects

Browse Source
This commit is contained in:
Brion Vibber 2010-11-19 15:06:26 -08:00
parent e0e7cb7c53
commit 826a695077
2 changed files with 10 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
classes/Queue_item.php
View File

@ -32,7 +32,7 @@ class Queue_item extends Memcached_DataObject
if ($transports) { if ($transports) {
if (is_array($transports)) { if (is_array($transports)) {
// @fixme use safer escaping // @fixme use safer escaping
$list = implode("','", array_map('addslashes', $transports)); $list = implode("','", array_map(array($qi, 'escape'), $transports));
$qi->whereAdd("transport in ('$list')"); $qi->whereAdd("transport in ('$list')");
} else { } else {
$qi->transport = $transports; $qi->transport = $transports;

18
lib/search_engines.php
View File

@ -52,10 +52,10 @@ class MySQLSearch extends SearchEngine
{ {
if ('profile' === $this->table) { if ('profile' === $this->table) {
$this->target->whereAdd('MATCH(nickname, fullname, location, bio, homepage) ' . $this->target->whereAdd('MATCH(nickname, fullname, location, bio, homepage) ' .
'AGAINST (\''.addslashes($q).'\' IN BOOLEAN MODE)'); 'AGAINST (\''.$this->target->escape($q).'\' IN BOOLEAN MODE)');
if (strtolower($q) != $q) { if (strtolower($q) != $q) {
$this->target->whereAdd('MATCH(nickname, fullname, location, bio, homepage) ' . $this->target->whereAdd('MATCH(nickname, fullname, location, bio, homepage) ' .
'AGAINST (\''.addslashes(strtolower($q)).'\' IN BOOLEAN MODE)', 'OR'); 'AGAINST (\''.$this->target->escape(strtolower($q)).'\' IN BOOLEAN MODE)', 'OR');
} }
return true; return true;
} else if ('notice' === $this->table) { } else if ('notice' === $this->table) {
@ -64,13 +64,13 @@ class MySQLSearch extends SearchEngine
$this->target->whereAdd('notice.is_local != ' . Notice::GATEWAY); $this->target->whereAdd('notice.is_local != ' . Notice::GATEWAY);
if (strtolower($q) != $q) { if (strtolower($q) != $q) {
$this->target->whereAdd("( MATCH(content) AGAINST ('" . addslashes($q) . $this->target->whereAdd("( MATCH(content) AGAINST ('" . $this->target->escape($q) .
"' IN BOOLEAN MODE)) OR ( MATCH(content) " . "' IN BOOLEAN MODE)) OR ( MATCH(content) " .
"AGAINST ('" . addslashes(strtolower($q)) . "AGAINST ('" . $this->target->escape(strtolower($q)) .
"' IN BOOLEAN MODE))"); "' IN BOOLEAN MODE))");
} else { } else {
$this->target->whereAdd('MATCH(content) ' . $this->target->whereAdd('MATCH(content) ' .
'AGAINST (\''.addslashes($q).'\' IN BOOLEAN MODE)'); 'AGAINST (\''.$this->target->escape($q).'\' IN BOOLEAN MODE)');
} }
return true; return true;
@ -89,9 +89,9 @@ class MySQLLikeSearch extends SearchEngine
' fullname LIKE "%%%1$s%%" OR '. ' fullname LIKE "%%%1$s%%" OR '.
' location LIKE "%%%1$s%%" OR '. ' location LIKE "%%%1$s%%" OR '.
' bio LIKE "%%%1$s%%" OR '. ' bio LIKE "%%%1$s%%" OR '.
' homepage LIKE "%%%1$s%%")', addslashes($q)); ' homepage LIKE "%%%1$s%%")', $this->target->escape($q, true));
} else if ('notice' === $this->table) { } else if ('notice' === $this->table) {
$qry = sprintf('content LIKE "%%%1$s%%"', addslashes($q)); $qry = sprintf('content LIKE "%%%1$s%%"', $this->target->escape($q, true));
} else { } else {
throw new ServerException('Unknown table: ' . $this->table); throw new ServerException('Unknown table: ' . $this->table);
} }
@ -107,12 +107,12 @@ class PGSearch extends SearchEngine
function query($q) function query($q)
{ {
if ('profile' === $this->table) { if ('profile' === $this->table) {
return $this->target->whereAdd('textsearch @@ plainto_tsquery(\''.addslashes($q).'\')'); return $this->target->whereAdd('textsearch @@ plainto_tsquery(\''.$this->target->escape($q).'\')');
} else if ('notice' === $this->table) { } else if ('notice' === $this->table) {
// XXX: We need to filter out gateway notices (notice.is_local = -2) --Zach // XXX: We need to filter out gateway notices (notice.is_local = -2) --Zach
return $this->target->whereAdd('to_tsvector(\'english\', content) @@ plainto_tsquery(\''.addslashes($q).'\')'); return $this->target->whereAdd('to_tsvector(\'english\', content) @@ plainto_tsquery(\''.$this->target->escape($q).'\')');
} else { } else {
throw new ServerException('Unknown table: ' . $this->table); throw new ServerException('Unknown table: ' . $this->table);
} }