Skip to content

Commit 0b1edd4

Browse files
committed
Escaped strings for session ids and name
1 parent ed3ad86 commit 0b1edd4

File tree

1 file changed

+11
-11
lines changed

1 file changed

+11
-11
lines changed

Diff for: backend/external/phplib/local.php

+11-11
Original file line numberDiff line numberDiff line change
@@ -169,7 +169,7 @@ function write_cache() {
169169
WHERE
170170
name = '" . addslashes( $this->cache_name ) . "'
171171
AND
172-
sid = '" . $this->cache_id . "'";
172+
sid = '" . addslashes( $this->cache_id ) . "'";
173173
$this->cache_db->query( $sql );
174174
break;
175175
}
@@ -259,9 +259,9 @@ function read_cache( $cache_id, $check = false ) {
259259
$return = false;
260260
$sql = "SELECT val FROM
261261
" . $cms_db['db_cache'] . " WHERE
262-
name = '" . $this->cache_name . "'
262+
name = '" . addslashes( $this->cache_name ) . "'
263263
AND
264-
sid = '" . $cache_id . "'";
264+
sid = '" . addslashes( $cache_id ) . "'";
265265
if ( !$this->cache_db->query( $sql ) ) return;
266266
$oldmode = $this->cache_db->get_fetch_mode();
267267
$this->cache_db->set_fetch_mode( 'DB_FETCH_ASSOC' );
@@ -428,11 +428,11 @@ function ac_checkme($id, $name) {
428428
$ret = true;
429429
$cquery = sprintf("select count(*) from %s where sid='%s' and name='%s'",
430430
$cms_db['sessions'],
431-
$id,
432-
$name);
431+
addslashes($id),
432+
addslashes($name));
433433
$squery = sprintf("select sid from %s where sid = '%s' and name = '%s'",
434434
$cms_db['sessions'],
435-
$id,
435+
addslashes($id),
436436
addslashes($name));
437437
$this->db->query($squery);
438438
if ( $this->db->affected_rows() == 0
@@ -454,8 +454,8 @@ function ac_sigleme($str, $name, $id) {
454454
$this->db->query(sprintf("delete from %s where name = '%s' and sid != '%s' and user_id = '%s'",
455455
$cms_db[sessions],
456456
addslashes($name),
457-
$str,
458-
$id));
457+
addslashes($str),
458+
addslashes($id)));
459459
}
460460
}
461461
function ac_sigleid($name, $id) {
@@ -467,11 +467,11 @@ function ac_sigleid($name, $id) {
467467
$ret = false;
468468
$cquery = sprintf("select count(*) from %s where user_id='%s' and name='%s'",
469469
$cms_db['sessions'],
470-
$id,
471-
$name);
470+
addslashes($id),
471+
addslashes($name));
472472
$squery = sprintf("select sid from %s where user_id='%s' and name='%s'",
473473
$cms_db['sessions'],
474-
$id,
474+
addslashes($id),
475475
addslashes($name));
476476
$this->db->query($squery);
477477
if ( $this->db->affected_rows() == 0

0 commit comments

Comments
 (0)