/
0_17_escaping_fixes_inc.php
184 lines (147 loc) · 5.47 KB
/
0_17_escaping_fixes_inc.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
<?php
# Mantis - a php based bugtracking system
# Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org
# Copyright (C) 2002 - 2004 Mantis Team - mantisbt-dev@lists.sourceforge.net
# This program is distributed under the terms and conditions of the GPL
# See the README and LICENSE files for details
# These upgrades fix the double escaped data that was put into the database
# in every version up 0.17.x. We pull out the data, unescape it, remove
# entities and then insert the data back in.
# --------------------------------------------------------
# $Id: 0_17_escaping_fixes_inc.php,v 1.5 2005-07-14 21:38:01 thraxisp Exp $
# --------------------------------------------------------
?>
<?php
require( dirname( dirname( __FILE__ ) ) . DIRECTORY_SEPARATOR . 'db_table_names_inc.php' );
$upgrades = array();
function upgrade_decode_entities( $p_string ) {
$p_string = strtr( $p_string, array_flip( get_html_translation_table( HTML_ENTITIES ) ) );
$p_string = preg_replace( "/&#([0-9]+);/me", "chr('\\1')", $p_string );
return $p_string;
}
function upgrade_fix_strings( $p_table_name, $p_primary_key, $p_fields ) {
$c_table_name = db_prepare_string( $p_table_name );
$c_primary_key = db_prepare_string( $p_primary_key );
$t_field_string = db_prepare_string( implode( ',', $p_fields ) );
$query = "SELECT $c_primary_key, $t_field_string FROM $c_table_name";
$result = @db_query( $query );
if ( false == $result ) {
return false;
}
$count = db_num_rows( $result );
$t_failures = 0;
for ( $i=0 ; $i < $count ; $i++ ) {
$row = db_fetch_array( $result );
$query2 = "UPDATE $c_table_name SET ";
$t_updates = array();
foreach( $p_fields as $t_field ) {
$t_new_value = stripslashes( upgrade_decode_entities( $row[$t_field] ) );
$t_updates[] = db_prepare_string( $t_field ) . "='" . db_prepare_string( $t_new_value ) . "'";
}
$query2 .= implode( ',', $t_updates );
$query2 .= "WHERE $c_primary_key=" . $row[$p_primary_key];
$result2 = @db_query( $query2 );
if ( false == $result2 ) {
$t_failures++;
}
}
# If every query failed, something must be wrong so let's fail
# If fewer failed, we don't want to fail because unescaping the
# successful ones again is bad.
if ( $count > 0 && $t_failures == $count ) {
return false;
} else {
return true;
}
}
$upgrades[] = new FunctionUpgrade(
'escaping-fix-1',
'Fix double escaped data in mantis_bug_file_table',
'upgrade_escaping_fix_1' );
function upgrade_escaping_fix_1() {
global $t_bug_file_table;
return upgrade_fix_strings( $t_bug_file_table, 'id',
array( 'title', 'description', 'filename' ) );
}
$upgrades[] = new FunctionUpgrade(
'escaping-fix-2',
'Fix double escaped data in mantis_bug_table',
'upgrade_escaping_fix_2' );
function upgrade_escaping_fix_2() {
global $t_bug_table;
return upgrade_fix_strings( $t_bug_table, 'id',
array( 'os', 'os_build', 'platform', 'version', 'build', 'summary' ) );
}
$upgrades[] = new FunctionUpgrade(
'escaping-fix-3',
'Fix double escaped data in mantis_bug_text_table',
'upgrade_escaping_fix_3' );
function upgrade_escaping_fix_3() {
global $t_bug_text_table;
return upgrade_fix_strings( $t_bug_text_table, 'id',
array( 'description', 'steps_to_reproduce', 'additional_information' ) );
}
$upgrades[] = new FunctionUpgrade(
'escaping-fix-4',
'Fix double escaped data in mantis_bugnote_text_table',
'upgrade_escaping_fix_4' );
function upgrade_escaping_fix_4() {
global $t_bugnote_text_table;
return upgrade_fix_strings( $t_bugnote_text_table, 'id',
array( 'note' ) );
}
$upgrades[] = new FunctionUpgrade(
'escaping-fix-5',
'Fix double escaped data in mantis_news_table',
'upgrade_escaping_fix_5' );
function upgrade_escaping_fix_5() {
global $t_news_table;
return upgrade_fix_strings( $t_news_table, 'id',
array( 'headline', 'body' ) );
}
$upgrades[] = new FunctionUpgrade(
'escaping-fix-6',
'Fix double escaped data in mantis_project_file_table',
'upgrade_escaping_fix_6' );
function upgrade_escaping_fix_6() {
global $t_project_file_table;
return upgrade_fix_strings( $t_project_file_table, 'id',
array( 'title', 'description', 'filename' ) );
}
$upgrades[] = new FunctionUpgrade(
'escaping-fix-7',
'Fix double escaped data in mantis_project_table',
'upgrade_escaping_fix_7' );
function upgrade_escaping_fix_7() {
global $t_project_table;
return upgrade_fix_strings( $t_project_table, 'id',
array( 'name', 'file_path', 'description' ) );
}
$upgrades[] = new FunctionUpgrade(
'escaping-fix-8',
'Fix double escaped data in mantis_user_profile_table',
'upgrade_escaping_fix_8' );
function upgrade_escaping_fix_8() {
global $t_user_profile_table;
return upgrade_fix_strings( $t_user_profile_table, 'id',
array( 'platform', 'os', 'os_build', 'description' ) );
}
$upgrades[] = new FunctionUpgrade(
'escaping-fix-9',
'Fix double escaped data in mantis_bug_history_table',
'upgrade_escaping_fix_9' );
function upgrade_escaping_fix_9() {
global $t_bug_history_table;
if ( db_field_exists( 'id', $t_bug_history_table ) ) {
return upgrade_fix_strings( $t_bug_history_table, 'id',
array( 'field_name', 'old_value', 'new_value' ) );
}
return false;
}
$upgrades[] = new SQLUpgrade(
'escaping-fix-10',
'Remove history entries where type=0 and the old value = new value. These existed because of escaping errors',
"DELETE FROM $t_bug_history_table
WHERE (type = 0) AND (old_value = new_value)");
return $upgrades;
?>