Fixe mysql error where mysql_real_escape_string and email validity ch…

…ecking
Hoektronics · Feb 21, 2013 · d83f8a5 · d83f8a5
1 parent 196d445
commit d83f8a5
Show file tree

Hide file tree

Showing 18 changed files with 48 additions and 45 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1,5 +1,6 @@
 *.pyc
 *.DS_Store
+.idea/
 extensions/config.php
 bumblebee/config.json
 bumblebee/cache*

diff --git a/classes/verify.php b/classes/verify.php
@@ -37,7 +37,7 @@ public static function username($username, &$reason)
 
 		public static function email($email)
 		{
-			return eregi("^[_a-z0-9-]+((\+)?(\.)?[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,4})$", $email);
+      return filter_var($email, FILTER_VALIDATE_EMAIL);
 		}
 
 	}

diff --git a/controllers/queue.php b/controllers/queue.php
@@ -150,7 +150,9 @@ public function update_sort()
 			}
 
 			//find our our current max
-			$sql = "SELECT min(user_sort) FROM jobs WHERE id IN (" . mysql_real_escape_string(implode($jids, ",")) . ")";
+			$sql = "SELECT min(user_sort) FROM jobs WHERE id IN (" .
+        mysqli_real_escape_string(db()->getLink(), implode($jids, ",")) .
+        ")";
 			$min = (int)db()->getValue($sql);
 
 			//now actually update.

diff --git a/framework/model.php b/framework/model.php
@@ -386,7 +386,7 @@ private function saveDb()
 				//$val = str_replace("\\\"", "\"", $val);
 
 				//add it if we have it...
-				$fields[] = "`$key` = '" . mysql_real_escape_string($val) . "'";
+				$fields[] = "`$key` = '" . mysqli_real_escape_string(db()->getLink(), $val) . "'";
 			}
 		}
 

diff --git a/framework/schematracker.php b/framework/schematracker.php
@@ -158,7 +158,7 @@ private function getChange($name)
 
 			$sql = file_get_contents($path);
 
-			$sql .= "\nINSERT INTO schema_changes SET name='" . mysql_real_escape_string($name) . "';\n";
+			$sql .= "\nINSERT INTO schema_changes SET name='" . mysqli_real_escape_string(db()->getLink(), $name) . "';\n";
 
 			return $sql;
 		}

diff --git a/models/activity.php b/models/activity.php
@@ -27,7 +27,7 @@ public static function getStream() {
 			$sql = "
 				SELECT id, user_id
 				FROM activities
-				WHERE user_id = '" . mysql_real_escape_string(User::$me->id) . "'
+				WHERE user_id = '" . mysqli_real_escape_string(db()->getLink(), User::$me->id) . "'
 				ORDER BY id DESC
 			";
 

diff --git a/models/bot.php b/models/bot.php
@@ -88,12 +88,12 @@ public function getCurrentJob()
 		public function getJobs($status = null, $sortField = 'user_sort', $sortOrder = 'ASC')
 		{
 			if ($status !== null)
-				$statusSql = " AND status = '" . mysql_real_escape_string($status) . "'";
+				$statusSql = " AND status = '" . mysqli_real_escape_string(db()->getLink(), $status) . "'";
 
 			$sql = "
 				SELECT id
 				FROM jobs
-				WHERE bot_id = " . mysql_real_escape_string($this->id) ."
+				WHERE bot_id = " . mysqli_real_escape_string(db()->getLink(), $this->id) ."
 					{$statusSql}
 				ORDER BY {$sortField} {$sortOrder}
 			";
@@ -105,7 +105,7 @@ public function getErrorLog()
 		  $sql = "
 		    SELECT id
 		    FROM error_log
-		    WHERE bot_id = '". mysql_real_escape_string($this->id) ."'
+		    WHERE bot_id = '". mysqli_real_escape_string(db()->getLink(), $this->id) ."'
 		    ORDER BY error_date DESC
 		  ";
 
@@ -262,7 +262,7 @@ public function getStats()
 			$sql = "
 				SELECT status, count(status) as cnt
 				FROM jobs
-				WHERE bot_id = ". mysql_real_escape_string($this->id) ."
+				WHERE bot_id = ". mysqli_real_escape_string(db()->getLink(), $this->id) ."
 				GROUP BY status
 			";
 
@@ -287,7 +287,7 @@ public function getStats()
 				SELECT sum(verified_time - finished_time) as wait, sum(finished_time - taken_time) as runtime, sum(verified_time - taken_time) as total
 				FROM jobs
 				WHERE status = 'complete'
-					AND bot_id = ". mysql_real_escape_string($this->id);
+					AND bot_id = ". mysqli_real_escape_string(db()->getLink(), $this->id);
 
 			$stats = db()->getArray($sql);
 

diff --git a/models/comment.php b/models/comment.php
@@ -29,7 +29,7 @@ public static function byGUID($guid)
 			$sql = "
 				SELECT id
 				FROM comments
-				WHERE guid = '".mysql_real_escape_string($guid)."'";
+				WHERE guid = '".mysqli_real_escape_string(db()->getLink(), $guid)."'";
 			$id = db()->getValue($sql);
 
 			//send it!

diff --git a/models/job.php b/models/job.php
@@ -186,7 +186,7 @@ public function getErrorLog()
 		  $sql = "
 		    SELECT id
 		    FROM error_log
-		    WHERE job_id = '".mysql_real_escape_string($this->id)."'
+		    WHERE job_id = '".mysqli_real_escape_string(db()->getLink(), $this->id)."'
 		    ORDER BY error_date DESC
 		  ";
 

diff --git a/models/oauthconsumer.php b/models/oauthconsumer.php
@@ -11,7 +11,7 @@ public static function findByKey($key)
 			$sql = "
 				SELECT id
 				FROM oauth_consumer
-				WHERE consumer_key = '". mysql_real_escape_string($key) ."'
+				WHERE consumer_key = '". mysqli_real_escape_string(db()->getLink(), $key) ."'
 			";
 			$id = db()->getValue($sql);
 
@@ -94,12 +94,12 @@ public function delete()
 		{
 			//delete all our tokens
 			db()->execute("
-				DELETE FROM oauth_token WHERE consumer_id = ". mysql_real_escape_string($this->id) ."
+				DELETE FROM oauth_token WHERE consumer_id = ". mysqli_real_escape_string(db()->getLink(), $this->id) ."
 			");
 
 			//delete all our nonces
 			db()->execute("
-				DELETE FROM oauth_token_nonce WHERE consumer_id = ". mysql_real_escape_string($this->id) ."
+				DELETE FROM oauth_token_nonce WHERE consumer_id = ". mysqli_real_escape_string(db()->getLink(), $this->id) ."
 			");
 
 			parent::delete();

diff --git a/models/queue.php b/models/queue.php
@@ -60,12 +60,12 @@ public function getUrl()
 		public function getJobs($status = null, $sortField = 'user_sort', $sortOrder = 'ASC')
 		{
 			if ($status !== null)
-				$statusSql = " AND status = '".mysql_real_escape_string($status)."'";
+				$statusSql = " AND status = '".mysqli_real_escape_string(db()->getLink(), $status)."'";
 
 			$sql = "
 				SELECT id
 				FROM jobs
-				WHERE queue_id = '".mysql_real_escape_string($this->id)."'
+				WHERE queue_id = '".mysqli_real_escape_string(db()->getLink(), $this->id)."'
 					{$statusSql}
 				ORDER BY {$sortField} {$sortOrder}
 			";
@@ -95,7 +95,7 @@ public function getActiveJobs($sortField = 'user_sort', $sortOrder = 'ASC')
 			$sql = "
 				SELECT id
 				FROM jobs
-				WHERE queue_id = '".mysql_real_escape_string($this->id)."'
+				WHERE queue_id = '".mysqli_real_escape_string(db()->getLink(), $this->id)."'
 					AND status IN ('available', 'taken')
 				ORDER BY {$sortField} {$sortOrder}
 			";
@@ -107,7 +107,7 @@ public function getBots()
 		  $sql = "
 		    SELECT id
 		    FROM bots
-		    WHERE queue_id = '".mysql_real_escape_string($this->id)."'
+		    WHERE queue_id = '".mysqli_real_escape_string(db()->getLink(), $this->id)."'
 		    ORDER BY last_seen DESC
 		  ";
 
@@ -176,7 +176,7 @@ public function getStats()
 			$sql = "
 				SELECT status, count(status) as cnt
 				FROM jobs
-				WHERE queue_id = ". mysql_real_escape_string($this->id)."
+				WHERE queue_id = ". mysqli_real_escape_string(db()->getLink(), $this->id)."
 				GROUP BY status
 			";
 
@@ -201,7 +201,7 @@ public function getStats()
 				SELECT sum(taken_time - created_time) as wait, sum(finished_time - taken_time) as runtime, sum(verified_time - created_time) as total
 				FROM jobs
 				WHERE status = 'complete'
-					AND queue_id = ". mysql_real_escape_string($this->id) ."
+					AND queue_id = ". mysqli_real_escape_string(db()->getLink(), $this->id) ."
 			";
 
 			$stats = db()->getArray($sql);
@@ -230,7 +230,7 @@ public function getErrorLog()
 		  $sql = "
 		    SELECT id
 		    FROM error_log
-		    WHERE queue_id = '". mysql_real_escape_string($this->id) ."'
+		    WHERE queue_id = '". mysqli_real_escape_string(db()->getLink(), $this->id) ."'
 		    ORDER BY error_date DESC
 		  ";
 

diff --git a/models/s3file.php b/models/s3file.php
@@ -283,8 +283,8 @@ public function getJobs()
 		  $sql = "
 		    SELECT id
 		    FROM jobs
-		    WHERE source_file_id = '". mysql_real_escape_string($this->id) ."'
-		      OR file_id = '". mysql_real_escape_string($this->id) ."'
+		    WHERE source_file_id = '". mysqli_real_escape_string(db()->getLink(), $this->id) ."'
+		      OR file_id = '". mysqli_real_escape_string(db()->getLink(), $this->id) ."'
 		    ORDER BY id DESC
 		  ";
 

diff --git a/models/shortcode.php b/models/shortcode.php
@@ -28,7 +28,7 @@ public static function byUrl($url)
 			$sql = "
 				SELECT id
 				FROM shortcodes
-				WHERE url = '".mysql_real_escape_string($url)."'
+				WHERE url = '".mysqli_real_escape_string(db()->getLink(), $url)."'
 			";
 
 			$value = db()->getValue($sql);

diff --git a/models/sliceconfig.php b/models/sliceconfig.php
@@ -69,7 +69,7 @@ public function getBots()
       $sql = "
         SELECT id
         FROM bots
-        WHERE slice_config_id = '". mysql_real_escape_string($this->id) ."'
+        WHERE slice_config_id = '". mysqli_real_escape_string(db()->getLink(), $this->id) ."'
         ORDER BY name
       ";
 
@@ -81,7 +81,7 @@ public function getSliceJobs()
       $sql = "
         SELECT id
         FROM slice_jobs
-        WHERE slice_config_id = '". mysql_real_escape_string($this->id) ."'
+        WHERE slice_config_id = '". mysqli_real_escape_string(db()->getLink(), $this->id) ."'
         ORDER BY id DESC
       ";
 
@@ -94,7 +94,7 @@ public function expireSliceJobs()
         UPDATE slice_jobs
         SET status = 'expired'
         WHERE status = 'complete'
-          AND slice_config_id = '". mysql_real_escape_string($this->id) ."'
+          AND slice_config_id = '". mysqli_real_escape_string(db()->getLink(), $this->id) ."'
       ";
 
       db()->execute($sql);

diff --git a/models/sliceengine.php b/models/sliceengine.php
@@ -82,7 +82,7 @@ public function getAllConfigs()
 		  $sql = "
 		    SELECT id
 		    FROM slice_configs
-		    WHERE engine_id = '". mysql_real_escape_string($this->id) ."'
+		    WHERE engine_id = '". mysqli_real_escape_string(db()->getLink(), $this->id) ."'
 		    ORDER BY config_name
 		  ";
 
@@ -94,7 +94,7 @@ public function getMyConfigs()
 		  $sql = "
 		    SELECT id
 		    FROM slice_configs
-		    WHERE engine_id = '". mysql_real_escape_string($this->id) ."'
+		    WHERE engine_id = '". mysqli_real_escape_string(db()->getLink(), $this->id) ."'
 		      AND (user_id = '" . User::$me->id . "' OR id = '" . $this->get('default_config_id') . "')
 		    ORDER BY config_name
 		  ";

diff --git a/models/slicejob.php b/models/slicejob.php
@@ -185,8 +185,8 @@ public static function byConfigAndSource($config_id, $source_id)
 		  $sql = "
 		    SELECT id
 		    FROM slice_jobs
-		    WHERE slice_config_id = ".mysql_real_escape_string($config_id)."
-		      AND input_id = ".mysql_real_escape_string($source_id)."
+		    WHERE slice_config_id = ".mysqli_real_escape_string(db()->getLink(), $config_id)."
+		      AND input_id = ".mysqli_real_escape_string(db()->getLink(), $source_id)."
 		      AND user_id = " . User::$me->id . "
 		      AND status = 'complete'
 		  ";

diff --git a/models/token.php b/models/token.php
@@ -29,7 +29,7 @@ public static function byToken($token)
 			$sql = "
 				SELECT id
 				FROM tokens
-				WHERE hash = '".mysql_real_escape_string($token)."'
+				WHERE hash = '".mysqli_real_escape_string(db()->getLink(), $token)."'
 			";
 			$id = db()->getValue($sql);
 

diff --git a/models/user.php b/models/user.php
@@ -153,7 +153,7 @@ public static function hashPass($pass)
 
 		public static function byUsername($username)
 		{
-		  $username = mysql_real_escape_string($username);
+		  $username = mysqli_real_escape_string(db()->getLink(), $username);
 
 			//look up the token
 			$sql = "
@@ -169,7 +169,7 @@ public static function byUsername($username)
 
 		public static function byUsernameAndPassword($username, $password)
 		{
-		  $username = mysql_real_escape_string($username);
+		  $username = mysqli_real_escape_string(db()->getLink(), $username);
 			$pass_hash = sha1($password);
 
 			//look up the combo.
@@ -187,7 +187,7 @@ public static function byUsernameAndPassword($username, $password)
 
 		public static function byEmail($email)
 		{
-		  $email = mysql_real_escape_string($email);
+		  $email = mysqli_real_escape_string(db()->getLink(), $email);
 
 			//look up the token
 			$sql = "
@@ -249,7 +249,7 @@ public function getActivityStream()
 			$sql = "
 				SELECT id, user_id
 				FROM activities
-				WHERE user_id = '". mysql_real_escape_string($this->id) ."'
+				WHERE user_id = '". mysqli_real_escape_string(db()->getLink(), $this->id) ."'
 				ORDER BY id DESC
 			";
 
@@ -275,7 +275,7 @@ public function getQueues()
 			$sql = "
 				SELECT id
 				FROM queues
-				WHERE user_id = ". mysql_real_escape_string($this->id) ."
+				WHERE user_id = ". mysqli_real_escape_string(db()->getLink(), $this->id) ."
 				ORDER BY name
 			";
 
@@ -287,7 +287,7 @@ public function getDefaultQueue()
 			$sql = "
 				SELECT id FROM queues
 				WHERE name = 'Default'
-					AND user_id = ". mysql_real_escape_string($this->id) ."
+					AND user_id = ". mysqli_real_escape_string(db()->getLink(), $this->id) ."
 			";
 			$q = new Queue(db()->getValue($sql));
 
@@ -308,7 +308,7 @@ public function getBots()
 			$sql = "
 				SELECT id, queue_id, job_id
 				FROM bots
-				WHERE user_id = ". mysql_real_escape_string($this->id) ."
+				WHERE user_id = ". mysqli_real_escape_string(db()->getLink(), $this->id) ."
 				ORDER BY name
 			";
 
@@ -323,7 +323,7 @@ public function getJobs($status = null, $sortField = 'user_sort', $sortOrder = '
 			$sql = "
 				SELECT id
 				FROM jobs
-				WHERE user_id = ". mysql_real_escape_string($this->id) ."
+				WHERE user_id = ". mysqli_real_escape_string(db()->getLink(), $this->id) ."
 					{$statusSQL}
 				ORDER BY {$sortField} {$sortOrder}
 			";
@@ -336,7 +336,7 @@ public function getAuthorizedApps()
 			$sql = "
 				SELECT id, consumer_id
 				FROM oauth_token
-				WHERE user_id = ". mysql_real_escape_string($this->id) ."
+				WHERE user_id = ". mysqli_real_escape_string(db()->getLink(), $this->id) ."
 					AND type = 2
 				ORDER BY id
 			";
@@ -349,7 +349,7 @@ public function getMyApps()
 			$sql = "
 				SELECT id
 				FROM oauth_consumer
-				WHERE user_id = ". mysql_real_escape_string($this->id) ."
+				WHERE user_id = ". mysqli_real_escape_string(db()->getLink(), $this->id) ."
 				ORDER BY name
 			";
 
@@ -361,7 +361,7 @@ public function getErrorLog()
 		  $sql = "
 		    SELECT id
 		    FROM error_log
-		    WHERE user_id = '". mysql_real_escape_string($this->id) ."'
+		    WHERE user_id = '". mysqli_real_escape_string(db()->getLink(), $this->id) ."'
 		    ORDER BY error_date DESC
 		  ";
 
@@ -373,7 +373,7 @@ public function getMySliceConfigs()
 		  $sql = "
 		    SELECT id, engine_id
 		    FROM slice_configs
-		    WHERE user_id = '". mysql_real_escape_string($this->id) ."'
+		    WHERE user_id = '". mysqli_real_escape_string(db()->getLink(), $this->id) ."'
 		    ORDER BY engine_id DESC
 		  ";