Sync my db api changes with trunk. still working my way through code …

…base ;/ git-svn-id: http://mantisbt.svn.sourceforge.net/svnroot/mantisbt/trunk@4848 f5dc347c-c33d-0410-90a0-b07cc1902cb9
mantisbt · Dec 26, 2007 · 58a5e55 · 58a5e55
1 parent 1de2b98
commit 58a5e55
Show file tree

Hide file tree

Showing 39 changed files with 678 additions and 565 deletions.
diff --git a/admin/copy_field.php b/admin/copy_field.php
@@ -62,9 +62,9 @@
 
 	$t_string_table = db_get_table( 'mantis_custom_field_string_table' );
 	$t_bug_table = db_get_table( 'mantis_bug_table' );
-	$query = 'SELECT * FROM ' . $t_string_table . ' WHERE field_id = ' . $f_source_field_id . ' and value <> \'\'';
+	$query = 'SELECT * FROM ' . $t_string_table . ' WHERE field_id = ' . db_param(0) . ' and value <> ' . db_param(1);
 
-	$result = @db_query( $query );
+	$result = @db_query_bound( $query, Array( $f_source_field_id, '' ) );
 	if ( FALSE == $result ) {
 		echo '<p>No fields need to be updated.</p>';
 	} else {

diff --git a/admin/install_functions.php b/admin/install_functions.php
@@ -31,10 +31,10 @@ function install_category_migrate() {
 		$t_project_category_table = db_get_table( 'mantis_project_category_table' );
 
 		$query = "SELECT project_id, category FROM $t_project_category_table ORDER BY project_id, category";
-		$t_category_result = db_query( $query );
+		$t_category_result = db_query_bound( $query );
 
 		$query = "SELECT project_id, category FROM $t_bug_table ORDER BY project_id, category";
-		$t_bug_result = db_query( $query );
+		$t_bug_result = db_query_bound( $query );
 
 		$t_data = Array();
 

diff --git a/admin/schema.php b/admin/schema.php
@@ -323,7 +323,7 @@
 $upgrade[] = Array('CreateIndexSQL',Array('idx_access',db_get_table('mantis_user_table'),'access_level'));
 $upgrade[] = Array('InsertData', Array( db_get_table('mantis_user_table'),
     "(username, realname, email, password, date_created, last_visit, enabled, protected, access_level, login_count, lost_password_request_count, failed_login_count, cookie_string) VALUES
-        ('administrator', '', 'root@localhost', '63a9f0ea7bb98050796b649e85481845', " . db_now() . ", " . db_now() . ", '1', '0', 90, 3, 0, 0, '" .
+        ('administrator', '', 'root@localhost', '63a9f0ea7bb98050796b649e85481845', '" . db_now() . "', '" . db_now() . "', '1', '0', 90, 3, 0, 0, '" .
              md5( mt_rand( 0, mt_getrandmax() ) + mt_rand( 0, mt_getrandmax() ) ) . md5( time() ) . "')" ) );
 $upgrade[] = Array('AlterColumnSQL', Array( db_get_table( 'mantis_bug_history_table' ), "old_value C(255) NOTNULL" ) );
 $upgrade[] = Array('AlterColumnSQL', Array( db_get_table( 'mantis_bug_history_table' ), "new_value C(255) NOTNULL" ) );

diff --git a/admin/upgrade_unattended.php b/admin/upgrade_unattended.php
@@ -78,7 +78,7 @@ function print_test_result( $p_result, $p_hard_fail=true, $p_message='' ) {
 				description char(255) NOT NULL,
 				PRIMARY KEY (upgrade_id))";
 
-			$result = db_query( $query );
+			$result = db_query_bound( $query );
 		}
 
 		# link the data structures and upgrade list

diff --git a/api/soap/mc_file_api.php b/api/soap/mc_file_api.php
@@ -124,7 +124,7 @@ function mci_file_add( $p_id, $p_name, $p_content, $p_file_type, $p_table, $p_ti
 		$query = "INSERT INTO $t_file_table
 						(" . $p_table . "_id, title, description, diskfile, filename, folder, filesize, file_type, date_added, content)
 					  VALUES
-						($c_id, '$c_title', '$c_desc', '$c_disk_file_name', '$c_new_file_name', '$c_file_path', $c_file_size, '$c_file_type', " . db_now() .", '$c_content')";
+						($c_id, '$c_title', '$c_desc', '$c_disk_file_name', '$c_new_file_name', '$c_file_path', $c_file_size, '$c_file_type', '" . db_now() ."', '$c_content')";
 		db_query( $query );
 
 		# get attachment id

diff --git a/bugnote_view_inc.php b/bugnote_view_inc.php
@@ -96,8 +96,8 @@
 		# grab the bugnote text and id and prefix with v3_
 		$query = "SELECT note
 				FROM $t_bugnote_text_table
-				WHERE id='$v3_bugnote_text_id'";
-		$result2 = db_query( $query );
+				WHERE id=" . db_param(0);
+		$result2 = db_query_bound( $query, Array( $v3_bugnote_text_id ) );
 		$row = db_fetch_array( $result2 );
 
 		$v3_note = $row['note'];

diff --git a/changelog_page.php b/changelog_page.php
@@ -95,7 +95,6 @@ function print_project_header ( $p_project_name ) {
 			$t_version_header_printed = false;
 
 			$t_version = $t_version_row['version'];
-			$c_version = db_prepare_string( $t_version );
 
 			$t_version_id = version_get_id( $t_version, $t_project_id );
 
@@ -109,7 +108,7 @@ function print_project_header ( $p_project_name ) {
 			$t_issue_ids = array();
 			$t_issue_parents = array();
 
-			$t_result = db_query_bound( $query, Array( $c_project_id, $c_version ) );
+			$t_result = db_query_bound( $query, Array( $c_project_id, $t_version ) );
 
 			while ( $t_row = db_fetch_array( $t_result ) ) {
 				# hide private bugs if user doesn't have access to view them.

diff --git a/core/authentication_api.php b/core/authentication_api.php
@@ -510,7 +510,7 @@ function auth_reauthenticate_page( $p_user_id, $p_username ) {
 		}
 ?>
 </p>
-<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
+<form method="post" action="<?php echo string_sanitize_url( $_SERVER['PHP_SELF'] ); ?>">
 
 <?php
 		print_hidden_inputs( gpc_strip_slashes( $_POST ) );