Skip to content

Commit

Permalink
improved escaping, thanks to stefan schurtz
Browse files Browse the repository at this point in the history
  • Loading branch information
@garvinhicking
garvinhicking committed Apr 22, 2012
1 parent 95f62ab commit 8c6d050
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 3 deletions.
3 changes: 3 additions & 0 deletions docs/NEWS
View file
Expand Up @@ -5,6 +5,9 @@
Version 1.6.1 ()
------------------------------------------------------------------------

* Improved escaping of backend plugin management for DB query
(Stefan Schurtz)

* Updated spamblock plugin to 1.78 & 1.79
changed wordfilter to function to check with 'verify_once'
to reject wordfilter signed spam comments before -
Expand Down
6 changes: 3 additions & 3 deletions include/plugin_api.inc.php
View file
Expand Up @@ -526,7 +526,7 @@ function probePlugin($instance_id, &$class_name, &$pluginPath)
$filename = serendipity_plugin_api::includePlugin($class_name, $pluginPath, $instance_id);
if (empty($filename) && !empty($instance_id)) {
// $serendipity['debug']['pluginload'][] = "No valid path/filename found.";
$sql = "SELECT path from {$serendipity['dbPrefix']}plugins WHERE name = '" . $instance_id . "'";
$sql = "SELECT path from {$serendipity['dbPrefix']}plugins WHERE name = '" . serendipity_db_escape_string($instance_id) . "'";
$plugdata = serendipity_db_query($sql, true, 'both', false, false, false, true);
if (is_array($plugdata) && isset($plugdata[0])) {
$pluginPath = $plugdata[0];
Expand Down Expand Up @@ -590,7 +590,7 @@ function &load_plugin($instance_id, $authorid = null, $pluginPath = '', $pluginF
if (!is_null($authorid)) {
$p->serendipity_owner = $authorid;
} else {
$sql = "SELECT authorid from {$serendipity['dbPrefix']}plugins WHERE name = '" . $instance_id . "'";
$sql = "SELECT authorid from {$serendipity['dbPrefix']}plugins WHERE name = '" . serendipity_db_escape_string($instance_id) . "'";
$owner = serendipity_db_query($sql, true);
if (is_array($owner) && isset($owner[0])) {
$p->serendipity_owner = $owner[0];
Expand Down Expand Up @@ -1099,7 +1099,7 @@ function exists($instance_id)
$instance_id .= ':';
}

$existing = serendipity_db_query("SELECT name FROM {$serendipity['dbPrefix']}plugins WHERE name LIKE '%$instance_id%'");
$existing = serendipity_db_query("SELECT name FROM {$serendipity['dbPrefix']}plugins WHERE name LIKE '%" . serendipity_db_escape_string($instance_id) . "%'");

if (is_array($existing) && !empty($existing[0][0])) {
return $existing[0][0];
Expand Down

0 comments on commit 8c6d050

Please sign in to comment.