Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

revamp database escaping fixes #5178 #5180

Open
wants to merge 18 commits into
base: release-2.1
from
Open
Diff settings

Always

Just for now

removed addslashes

Signed-off-by: albertlast albertlast@hotmail.de
  • Loading branch information...
albertlast committed Feb 20, 2019
commit 49de53fe90286ec04c36f6e96d6e42336f1d3ad4
@@ -539,7 +539,7 @@ if ($do_moderators)
$moderators = array_unique(explode(',', $row['moderators']));
foreach ($moderators as $k => $dummy)
{
$moderators[$k] = addslashes(trim($moderators[$k]));
$moderators[$k] = $smcFunc['db_escape_string'](trim($moderators[$k]));
if ($moderators[$k] == '')
unset($moderators[$k]);
}
@@ -824,7 +824,7 @@ while ($do_it)
$request2 = upgrade_query("
SELECT ID_MEMBER
FROM {$db_prefix}members
WHERE FIND_IN_SET(memberName, '" . addslashes($row['im_ignore_list']) . "')");
WHERE FIND_IN_SET(memberName, '" . $smcFunc['db_escape_string']($row['im_ignore_list']) . "')");
$im_ignore_list = '';
while ($row2 = smf_mysql_fetch_assoc($request2))
$im_ignore_list .= ',' . $row2['ID_MEMBER'];
@@ -905,10 +905,15 @@ $member_groups = getMemberGroups();

foreach ($member_groups as $name => $id)
{
upgrade_query("
UPDATE IGNORE {$db_prefix}members
SET ID_GROUP = $id
WHERE memberGroup = '" . addslashes($name) . "'");
$smcFunc['db_query']('','
UPDATE IGNORE {db_prefix}members
SET ID_GROUP = {int:id}
WHERE memberGroup = {string:name} ',
array(
'id' => $id
'name' => $name,
)
);

nextSubstep($substep);
}
@@ -1417,15 +1422,19 @@ if (!isset($modSettings['censor_vulgar']) || !isset($modSettings['censor_proper'
}
smf_mysql_free_result($request);

$modSettings['censor_vulgar'] = addslashes(implode("\n", $censor_vulgar));
$modSettings['censor_proper'] = addslashes(implode("\n", $censor_proper));
$modSettings['censor_vulgar'] = implode("\n", $censor_vulgar);
$modSettings['censor_proper'] = implode("\n", $censor_proper);

upgrade_query("
INSERT IGNORE INTO {$db_prefix}settings
(variable, value)
VALUES
('censor_vulgar', '$modSettings[censor_vulgar]'),
('censor_proper', '$modSettings[censor_proper]')");
$insertVal = array();
$insertVal[] = array('censor_vulgar', $modSettings['censor_vulgar']);
$insertVal[] = array('censor_proper', $modSettings['censor_proper']);

$smcFunc['db_insert']('IGNORE',
'{db_prefix}settings',
array('variable' => 'string', 'value' => 'string'),
array(insertVal),
array('variable')
);

upgrade_query("
DROP TABLE IF EXISTS {$db_prefix}censor");
@@ -1460,20 +1460,27 @@ while ($_GET['m'] < $totalActions)
preg_match('~<br />(%1\$s: )?([\w\. \\\\/\-_:]+)<br />(%2\$s: )?([\d]+)~', $row['message'], $matches);
if (!empty($matches[2]) && !empty($matches[4]) && empty($row['file']) && empty($row['line']))
{
$row['file'] = addslashes(str_replace('\\', '/', $matches[2]));
$row['file'] = str_replace('\\', '/', $matches[2]);
$row['line'] = (int) $matches[4];
$row['message'] = addslashes(preg_replace('~<br />(%1\$s: )?([\w\. \\\\/\-_:]+)<br />(%2\$s: )?([\d]+)~', '', $row['message']));
$row['message'] = preg_replace('~<br />(%1\$s: )?([\w\. \\\\/\-_:]+)<br />(%2\$s: )?([\d]+)~', '', $row['message']);
}
else
continue;

upgrade_query("
UPDATE {$db_prefix}log_errors
SET file = SUBSTRING('$row[file]', 1, 255),
line = $row[line],
message = SUBSTRING('$row[message]', 1, 65535)
WHERE id_error = $row[id_error]
LIMIT 1");
$smcFunc['db_query']('',
'UPDATE {db_prefix}log_errors
SET file = SUBSTRING({string:file}, 1, 255),
line = {int:line},
message = SUBSTRING({string:message}, 1, 65535)
WHERE id_error = {int:id_error}
LIMIT 1',
array(
'file' => $row[file],
'line' => $row[line],
'message' => $row[message],
'id_error' => $row[id_error],
This conversation was marked as resolved by albertlast

This comment has been minimized.

Copy link
@Sesquipedalian

Sesquipedalian Feb 28, 2019

Member

These all need single quotes around the array key (i.e. $row['file'], etc.).

)
);
}

$_GET['m'] += 500;
@@ -1708,18 +1715,18 @@ if ($profileCount == 0)
$board_updates = array();
while ($row = smf_mysql_fetch_assoc($request))
{
$row['name'] = addslashes($row['name']);

// Is it a truely local permission board? If so this is a new profile!
if ($row['permission_mode'] == 1)
{
// I know we could cache this, but I think we need to be practical - this is slow but guaranteed to work.
upgrade_query("
INSERT INTO {$db_prefix}permission_profiles
(profile_name)
VALUES
('$row[name]')");
$board_updates[smf_mysql_insert_id()][] = $row['id_board'];
$insert_id = $smcFunc['db_insert']('',
'{db_prefix}permission_profiles',
array('profile_name' => 'string'),
array($row['name']),
array('id_profile'),
1
);
$board_updates[$insert_id][] = $row['id_board'];
}
// Otherwise, dear god, this is an old school "simple" permission...
elseif ($row['permission_mode'] > 1 && $row['permission_mode'] < 5)
@@ -2030,8 +2037,22 @@ while ($_GET['m'] < $totalActions)
}
else
$msg_id = '0';
$row['extra'] = addslashes(serialize($row['extra']));
upgrade_query("UPDATE {$db_prefix}log_actions SET id_board=$board_id, id_topic=$topic_id, id_msg=$msg_id, extra='$row[extra]' WHERE id_action=$row[id_action]");
$row['extra'] = serialize($row['extra']);
$smcFunc['db_query']('','
UPDATE {db_prefix}log_actions
SET id_board = {int:board_id},
id_topic = {int:topic_id},
id_msg = {int:msg_id},
extra = {string:extra}
WHERE id_action = {int:id_action}',
array(
'board_id' => $board_id,
'topic_id' => $topic_id,
'msg_id' => $msg_id,
'extra' => $row[extra],
'id_action' => $row[id_action],
This conversation was marked as resolved by albertlast

This comment has been minimized.

Copy link
@Sesquipedalian

Sesquipedalian Feb 28, 2019

Member

These need single quotes around the array key (i.e. $row['extra'], etc.).

)
);
}
$_GET['m'] += 500;
$step_progress['current'] = $_GET['m'];
ProTip! Use n and p to navigate between commits in a pull request.
You can’t perform that action at this time.