Skip to content
Permalink
Browse files Browse the repository at this point in the history
FIX: SQL Injection
  • Loading branch information
Anthony Ananich committed Dec 14, 2014
1 parent f0a6626 commit ea8da92
Showing 1 changed file with 3 additions and 3 deletions.
6 changes: 3 additions & 3 deletions announce.php
Expand Up @@ -108,12 +108,12 @@
$state = 'state';
$attempt = 'attempt';
if (isset($_GET['event'])){
$state = "'" . $_GET['event'] . "'";
$state = "'" . mysql_real_escape_string($_GET['event']) . "'";
$attempt = 'LAST_INSERT_ID(peer_torrent.id)';
}

mysql_query('INSERT INTO peer_torrent (peer_id, torrent_id, uploaded, downloaded, `left`, state, attempt, `last_updated`) '
. 'SELECT ' . $pk_peer . ', `torrent`.`id`, ' . intval($_GET['uploaded']) . ', ' . intval($_GET['downloaded']) . ', ' . intval($_GET['left']) . ', ' . $state . ', ' . 0 . ', UTC_TIMESTAMP() '
mysql_query('INSERT INTO peer_torrent (peer_id, torrent_id, uploaded, downloaded, `left`, attempt, `last_updated`) '
. 'SELECT ' . $pk_peer . ', `torrent`.`id`, ' . intval($_GET['uploaded']) . ', ' . intval($_GET['downloaded']) . ', ' . intval($_GET['left']) . ', ' . 0 . ', UTC_TIMESTAMP() '
. 'FROM `torrent` '
. "WHERE `torrent`.`hash` = '" . mysql_real_escape_string(bin2hex($_GET['info_hash'])) . "' "
. 'ON DUPLICATE KEY UPDATE `uploaded` = VALUES(`uploaded`), `downloaded` = VALUES(`downloaded`), `left` = VALUES(`left`), '
Expand Down

0 comments on commit ea8da92

Please sign in to comment.