Permalink
Browse files

Fixe mysql error where mysql_real_escape_string and email validity ch…

…ecking
  • Loading branch information...
1 parent 196d445 commit d83f8a5d7af185ed08bd22a65e0ee3eca6bc72b7 @Jnesselr Jnesselr committed Feb 21, 2013
View
1 .gitignore
@@ -1,5 +1,6 @@
*.pyc
*.DS_Store
+.idea/
extensions/config.php
bumblebee/config.json
bumblebee/cache*
View
2 classes/verify.php
@@ -37,7 +37,7 @@ public static function username($username, &$reason)
public static function email($email)
{
- return eregi("^[_a-z0-9-]+((\+)?(\.)?[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,4})$", $email);
+ return filter_var($email, FILTER_VALIDATE_EMAIL);
}
}
View
4 controllers/queue.php
@@ -150,7 +150,9 @@ public function update_sort()
}
//find our our current max
- $sql = "SELECT min(user_sort) FROM jobs WHERE id IN (" . mysql_real_escape_string(implode($jids, ",")) . ")";
+ $sql = "SELECT min(user_sort) FROM jobs WHERE id IN (" .
+ mysqli_real_escape_string(db()->getLink(), implode($jids, ",")) .
+ ")";
$min = (int)db()->getValue($sql);
//now actually update.
View
2 framework/model.php
@@ -386,7 +386,7 @@ private function saveDb()
//$val = str_replace("\\\"", "\"", $val);
//add it if we have it...
- $fields[] = "`$key` = '" . mysql_real_escape_string($val) . "'";
+ $fields[] = "`$key` = '" . mysqli_real_escape_string(db()->getLink(), $val) . "'";
}
}
View
2 framework/schematracker.php
@@ -158,7 +158,7 @@ private function getChange($name)
$sql = file_get_contents($path);
- $sql .= "\nINSERT INTO schema_changes SET name='" . mysql_real_escape_string($name) . "';\n";
+ $sql .= "\nINSERT INTO schema_changes SET name='" . mysqli_real_escape_string(db()->getLink(), $name) . "';\n";
return $sql;
}
View
2 models/activity.php
@@ -27,7 +27,7 @@ public static function getStream() {
$sql = "
SELECT id, user_id
FROM activities
- WHERE user_id = '" . mysql_real_escape_string(User::$me->id) . "'
+ WHERE user_id = '" . mysqli_real_escape_string(db()->getLink(), User::$me->id) . "'
ORDER BY id DESC
";
View
10 models/bot.php
@@ -88,12 +88,12 @@ public function getCurrentJob()
public function getJobs($status = null, $sortField = 'user_sort', $sortOrder = 'ASC')
{
if ($status !== null)
- $statusSql = " AND status = '" . mysql_real_escape_string($status) . "'";
+ $statusSql = " AND status = '" . mysqli_real_escape_string(db()->getLink(), $status) . "'";
$sql = "
SELECT id
FROM jobs
- WHERE bot_id = " . mysql_real_escape_string($this->id) ."
+ WHERE bot_id = " . mysqli_real_escape_string(db()->getLink(), $this->id) ."
{$statusSql}
ORDER BY {$sortField} {$sortOrder}
";
@@ -105,7 +105,7 @@ public function getErrorLog()
$sql = "
SELECT id
FROM error_log
- WHERE bot_id = '". mysql_real_escape_string($this->id) ."'
+ WHERE bot_id = '". mysqli_real_escape_string(db()->getLink(), $this->id) ."'
ORDER BY error_date DESC
";
@@ -262,7 +262,7 @@ public function getStats()
$sql = "
SELECT status, count(status) as cnt
FROM jobs
- WHERE bot_id = ". mysql_real_escape_string($this->id) ."
+ WHERE bot_id = ". mysqli_real_escape_string(db()->getLink(), $this->id) ."
GROUP BY status
";
@@ -287,7 +287,7 @@ public function getStats()
SELECT sum(verified_time - finished_time) as wait, sum(finished_time - taken_time) as runtime, sum(verified_time - taken_time) as total
FROM jobs
WHERE status = 'complete'
- AND bot_id = ". mysql_real_escape_string($this->id);
+ AND bot_id = ". mysqli_real_escape_string(db()->getLink(), $this->id);
$stats = db()->getArray($sql);
View
2 models/comment.php
@@ -29,7 +29,7 @@ public static function byGUID($guid)
$sql = "
SELECT id
FROM comments
- WHERE guid = '".mysql_real_escape_string($guid)."'";
+ WHERE guid = '".mysqli_real_escape_string(db()->getLink(), $guid)."'";
$id = db()->getValue($sql);
//send it!
View
2 models/job.php
@@ -186,7 +186,7 @@ public function getErrorLog()
$sql = "
SELECT id
FROM error_log
- WHERE job_id = '".mysql_real_escape_string($this->id)."'
+ WHERE job_id = '".mysqli_real_escape_string(db()->getLink(), $this->id)."'
ORDER BY error_date DESC
";
View
6 models/oauthconsumer.php
@@ -11,7 +11,7 @@ public static function findByKey($key)
$sql = "
SELECT id
FROM oauth_consumer
- WHERE consumer_key = '". mysql_real_escape_string($key) ."'
+ WHERE consumer_key = '". mysqli_real_escape_string(db()->getLink(), $key) ."'
";
$id = db()->getValue($sql);
@@ -94,12 +94,12 @@ public function delete()
{
//delete all our tokens
db()->execute("
- DELETE FROM oauth_token WHERE consumer_id = ". mysql_real_escape_string($this->id) ."
+ DELETE FROM oauth_token WHERE consumer_id = ". mysqli_real_escape_string(db()->getLink(), $this->id) ."
");
//delete all our nonces
db()->execute("
- DELETE FROM oauth_token_nonce WHERE consumer_id = ". mysql_real_escape_string($this->id) ."
+ DELETE FROM oauth_token_nonce WHERE consumer_id = ". mysqli_real_escape_string(db()->getLink(), $this->id) ."
");
parent::delete();
View
14 models/queue.php
@@ -60,12 +60,12 @@ public function getUrl()
public function getJobs($status = null, $sortField = 'user_sort', $sortOrder = 'ASC')
{
if ($status !== null)
- $statusSql = " AND status = '".mysql_real_escape_string($status)."'";
+ $statusSql = " AND status = '".mysqli_real_escape_string(db()->getLink(), $status)."'";
$sql = "
SELECT id
FROM jobs
- WHERE queue_id = '".mysql_real_escape_string($this->id)."'
+ WHERE queue_id = '".mysqli_real_escape_string(db()->getLink(), $this->id)."'
{$statusSql}
ORDER BY {$sortField} {$sortOrder}
";
@@ -95,7 +95,7 @@ public function getActiveJobs($sortField = 'user_sort', $sortOrder = 'ASC')
$sql = "
SELECT id
FROM jobs
- WHERE queue_id = '".mysql_real_escape_string($this->id)."'
+ WHERE queue_id = '".mysqli_real_escape_string(db()->getLink(), $this->id)."'
AND status IN ('available', 'taken')
ORDER BY {$sortField} {$sortOrder}
";
@@ -107,7 +107,7 @@ public function getBots()
$sql = "
SELECT id
FROM bots
- WHERE queue_id = '".mysql_real_escape_string($this->id)."'
+ WHERE queue_id = '".mysqli_real_escape_string(db()->getLink(), $this->id)."'
ORDER BY last_seen DESC
";
@@ -176,7 +176,7 @@ public function getStats()
$sql = "
SELECT status, count(status) as cnt
FROM jobs
- WHERE queue_id = ". mysql_real_escape_string($this->id)."
+ WHERE queue_id = ". mysqli_real_escape_string(db()->getLink(), $this->id)."
GROUP BY status
";
@@ -201,7 +201,7 @@ public function getStats()
SELECT sum(taken_time - created_time) as wait, sum(finished_time - taken_time) as runtime, sum(verified_time - created_time) as total
FROM jobs
WHERE status = 'complete'
- AND queue_id = ". mysql_real_escape_string($this->id) ."
+ AND queue_id = ". mysqli_real_escape_string(db()->getLink(), $this->id) ."
";
$stats = db()->getArray($sql);
@@ -230,7 +230,7 @@ public function getErrorLog()
$sql = "
SELECT id
FROM error_log
- WHERE queue_id = '". mysql_real_escape_string($this->id) ."'
+ WHERE queue_id = '". mysqli_real_escape_string(db()->getLink(), $this->id) ."'
ORDER BY error_date DESC
";
View
4 models/s3file.php
@@ -283,8 +283,8 @@ public function getJobs()
$sql = "
SELECT id
FROM jobs
- WHERE source_file_id = '". mysql_real_escape_string($this->id) ."'
- OR file_id = '". mysql_real_escape_string($this->id) ."'
+ WHERE source_file_id = '". mysqli_real_escape_string(db()->getLink(), $this->id) ."'
+ OR file_id = '". mysqli_real_escape_string(db()->getLink(), $this->id) ."'
ORDER BY id DESC
";
View
2 models/shortcode.php
@@ -28,7 +28,7 @@ public static function byUrl($url)
$sql = "
SELECT id
FROM shortcodes
- WHERE url = '".mysql_real_escape_string($url)."'
+ WHERE url = '".mysqli_real_escape_string(db()->getLink(), $url)."'
";
$value = db()->getValue($sql);
View
6 models/sliceconfig.php
@@ -69,7 +69,7 @@ public function getBots()
$sql = "
SELECT id
FROM bots
- WHERE slice_config_id = '". mysql_real_escape_string($this->id) ."'
+ WHERE slice_config_id = '". mysqli_real_escape_string(db()->getLink(), $this->id) ."'
ORDER BY name
";
@@ -81,7 +81,7 @@ public function getSliceJobs()
$sql = "
SELECT id
FROM slice_jobs
- WHERE slice_config_id = '". mysql_real_escape_string($this->id) ."'
+ WHERE slice_config_id = '". mysqli_real_escape_string(db()->getLink(), $this->id) ."'
ORDER BY id DESC
";
@@ -94,7 +94,7 @@ public function expireSliceJobs()
UPDATE slice_jobs
SET status = 'expired'
WHERE status = 'complete'
- AND slice_config_id = '". mysql_real_escape_string($this->id) ."'
+ AND slice_config_id = '". mysqli_real_escape_string(db()->getLink(), $this->id) ."'
";
db()->execute($sql);
View
4 models/sliceengine.php
@@ -82,7 +82,7 @@ public function getAllConfigs()
$sql = "
SELECT id
FROM slice_configs
- WHERE engine_id = '". mysql_real_escape_string($this->id) ."'
+ WHERE engine_id = '". mysqli_real_escape_string(db()->getLink(), $this->id) ."'
ORDER BY config_name
";
@@ -94,7 +94,7 @@ public function getMyConfigs()
$sql = "
SELECT id
FROM slice_configs
- WHERE engine_id = '". mysql_real_escape_string($this->id) ."'
+ WHERE engine_id = '". mysqli_real_escape_string(db()->getLink(), $this->id) ."'
AND (user_id = '" . User::$me->id . "' OR id = '" . $this->get('default_config_id') . "')
ORDER BY config_name
";
View
4 models/slicejob.php
@@ -185,8 +185,8 @@ public static function byConfigAndSource($config_id, $source_id)
$sql = "
SELECT id
FROM slice_jobs
- WHERE slice_config_id = ".mysql_real_escape_string($config_id)."
- AND input_id = ".mysql_real_escape_string($source_id)."
+ WHERE slice_config_id = ".mysqli_real_escape_string(db()->getLink(), $config_id)."
+ AND input_id = ".mysqli_real_escape_string(db()->getLink(), $source_id)."
AND user_id = " . User::$me->id . "
AND status = 'complete'
";
View
2 models/token.php
@@ -29,7 +29,7 @@ public static function byToken($token)
$sql = "
SELECT id
FROM tokens
- WHERE hash = '".mysql_real_escape_string($token)."'
+ WHERE hash = '".mysqli_real_escape_string(db()->getLink(), $token)."'
";
$id = db()->getValue($sql);
View
24 models/user.php
@@ -153,7 +153,7 @@ public static function hashPass($pass)
public static function byUsername($username)
{
- $username = mysql_real_escape_string($username);
+ $username = mysqli_real_escape_string(db()->getLink(), $username);
//look up the token
$sql = "
@@ -169,7 +169,7 @@ public static function byUsername($username)
public static function byUsernameAndPassword($username, $password)
{
- $username = mysql_real_escape_string($username);
+ $username = mysqli_real_escape_string(db()->getLink(), $username);
$pass_hash = sha1($password);
//look up the combo.
@@ -187,7 +187,7 @@ public static function byUsernameAndPassword($username, $password)
public static function byEmail($email)
{
- $email = mysql_real_escape_string($email);
+ $email = mysqli_real_escape_string(db()->getLink(), $email);
//look up the token
$sql = "
@@ -249,7 +249,7 @@ public function getActivityStream()
$sql = "
SELECT id, user_id
FROM activities
- WHERE user_id = '". mysql_real_escape_string($this->id) ."'
+ WHERE user_id = '". mysqli_real_escape_string(db()->getLink(), $this->id) ."'
ORDER BY id DESC
";
@@ -275,7 +275,7 @@ public function getQueues()
$sql = "
SELECT id
FROM queues
- WHERE user_id = ". mysql_real_escape_string($this->id) ."
+ WHERE user_id = ". mysqli_real_escape_string(db()->getLink(), $this->id) ."
ORDER BY name
";
@@ -287,7 +287,7 @@ public function getDefaultQueue()
$sql = "
SELECT id FROM queues
WHERE name = 'Default'
- AND user_id = ". mysql_real_escape_string($this->id) ."
+ AND user_id = ". mysqli_real_escape_string(db()->getLink(), $this->id) ."
";
$q = new Queue(db()->getValue($sql));
@@ -308,7 +308,7 @@ public function getBots()
$sql = "
SELECT id, queue_id, job_id
FROM bots
- WHERE user_id = ". mysql_real_escape_string($this->id) ."
+ WHERE user_id = ". mysqli_real_escape_string(db()->getLink(), $this->id) ."
ORDER BY name
";
@@ -323,7 +323,7 @@ public function getJobs($status = null, $sortField = 'user_sort', $sortOrder = '
$sql = "
SELECT id
FROM jobs
- WHERE user_id = ". mysql_real_escape_string($this->id) ."
+ WHERE user_id = ". mysqli_real_escape_string(db()->getLink(), $this->id) ."
{$statusSQL}
ORDER BY {$sortField} {$sortOrder}
";
@@ -336,7 +336,7 @@ public function getAuthorizedApps()
$sql = "
SELECT id, consumer_id
FROM oauth_token
- WHERE user_id = ". mysql_real_escape_string($this->id) ."
+ WHERE user_id = ". mysqli_real_escape_string(db()->getLink(), $this->id) ."
AND type = 2
ORDER BY id
";
@@ -349,7 +349,7 @@ public function getMyApps()
$sql = "
SELECT id
FROM oauth_consumer
- WHERE user_id = ". mysql_real_escape_string($this->id) ."
+ WHERE user_id = ". mysqli_real_escape_string(db()->getLink(), $this->id) ."
ORDER BY name
";
@@ -361,7 +361,7 @@ public function getErrorLog()
$sql = "
SELECT id
FROM error_log
- WHERE user_id = '". mysql_real_escape_string($this->id) ."'
+ WHERE user_id = '". mysqli_real_escape_string(db()->getLink(), $this->id) ."'
ORDER BY error_date DESC
";
@@ -373,7 +373,7 @@ public function getMySliceConfigs()
$sql = "
SELECT id, engine_id
FROM slice_configs
- WHERE user_id = '". mysql_real_escape_string($this->id) ."'
+ WHERE user_id = '". mysqli_real_escape_string(db()->getLink(), $this->id) ."'
ORDER BY engine_id DESC
";

0 comments on commit d83f8a5

Please sign in to comment.