Escaped strings for session ids and name

sefrengo-cms · Jan 12, 2015 · 0b1edd4 · 0b1edd4
1 parent ed3ad86
commit 0b1edd4
Showing 1 changed file with 11 additions and 11 deletions.
diff --git a/backend/external/phplib/local.php b/backend/external/phplib/local.php
@@ -169,7 +169,7 @@ function write_cache() {
 													WHERE
 													name = '" . addslashes( $this->cache_name ) . "'
 													AND
-													sid = '" . $this->cache_id . "'";
+													sid = '" . addslashes( $this->cache_id ) . "'";
                     $this->cache_db->query( $sql );
                     break;
             } 
@@ -259,9 +259,9 @@ function read_cache( $cache_id, $check = false ) {
             $return = false;
             $sql = "SELECT val FROM
 								 " . $cms_db['db_cache'] . " WHERE
-									 name = '" . $this->cache_name . "'
+									 name = '" . addslashes( $this->cache_name ) . "'
 									 AND
-									 sid =  '" . $cache_id . "'";
+									 sid =  '" . addslashes( $cache_id ) . "'";
             if ( !$this->cache_db->query( $sql ) ) return;
             $oldmode = $this->cache_db->get_fetch_mode();
             $this->cache_db->set_fetch_mode( 'DB_FETCH_ASSOC' );
@@ -428,11 +428,11 @@ function ac_checkme($id, $name) {
         $ret = true;
         $cquery = sprintf("select count(*) from %s where sid='%s' and name='%s'",
             $cms_db['sessions'],
-            $id,
-            $name);
+            addslashes($id),
+            addslashes($name));
         $squery = sprintf("select sid from %s where sid  = '%s' and name = '%s'",
             $cms_db['sessions'],
-            $id,
+            addslashes($id),
             addslashes($name));
         $this->db->query($squery);
         if ( $this->db->affected_rows() == 0
@@ -454,8 +454,8 @@ function ac_sigleme($str, $name, $id) {
             $this->db->query(sprintf("delete from %s where name = '%s' and sid != '%s' and user_id = '%s'",
                 $cms_db[sessions],
                 addslashes($name),
-                $str,
-                $id));
+                addslashes($str),
+                addslashes($id)));
         }
     }
     function ac_sigleid($name, $id) {
@@ -467,11 +467,11 @@ function ac_sigleid($name, $id) {
             $ret = false;
             $cquery = sprintf("select count(*) from %s where user_id='%s' and name='%s'",
                 $cms_db['sessions'],
-                $id,
-                $name);
+                addslashes($id),
+                addslashes($name));
             $squery = sprintf("select sid from %s where user_id='%s' and name='%s'",
                 $cms_db['sessions'],
-                $id,
+                addslashes($id),
                 addslashes($name));
             $this->db->query($squery);
             if ( $this->db->affected_rows() == 0