Code review.

interface/lib/classes/aps_crawler.inc.php

@@ -595,7 +595,7 @@ class ApsCrawler extends ApsBase
 				foreach($incomplete_pkgs as $incomplete_pkg){
 					$pkg_url = @file_get_contents($this->interface_pkg_dir.'/'.$incomplete_pkg['path'].'/PKG_URL');
 					if($pkg_url != ''){
-						$app->db->datalogUpdate('aps_packages', "package_url = '".$pkg_url."'", 'id', $incomplete_pkg['id']);
+						$app->db->datalogUpdate('aps_packages', "package_url = '".$app->db->quote($pkg_url)."'", 'id', $incomplete_pkg['id']);
 					}
 				}
 			}

interface/lib/classes/aps_guicontroller.inc.php

@@ -266,18 +266,18 @@ class ApsGUIController extends ApsBase
 			unset($tmp);
 
 			// get information if the webserver is a db server, too
-			$web_server = $app->db->queryOneRecord("SELECT server_id,server_name,db_server FROM server WHERE server_id  = ".$websrv['server_id']);
+			$web_server = $app->db->queryOneRecord("SELECT server_id,server_name,db_server FROM server WHERE server_id  = ".$app->functions->intval($websrv['server_id']));
 			if($web_server['db_server'] == 1) {
 				// create database on "localhost" (webserver)
-				$mysql_db_server_id = $websrv['server_id'];
+				$mysql_db_server_id = $app->functions->intval($websrv['server_id']);
 				$mysql_db_host = 'localhost';
 				$mysql_db_remote_access = 'n';
 				$mysql_db_remote_ips = '';
 			} else {
 				//* get the default database server of the client
-				$client = $app->db->queryOneRecord("SELECT default_dbserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ".$websrv['sys_groupid']);
+				$client = $app->db->queryOneRecord("SELECT default_dbserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ".$app->functions->intval($websrv['sys_groupid']));
 				if(is_array($client) && $client['default_dbserver'] > 0 && $client['default_dbserver'] != $websrv['server_id']) {
-					$mysql_db_server_id =  $client['default_dbserver'];
+					$mysql_db_server_id =  $app->functions->intval($client['default_dbserver']);
 					$dbserver_config = $web_config = $app->getconf->get_server_config($app->functions->intval($mysql_db_server_id), 'server');
 					$mysql_db_host = $dbserver_config['ip_address'];
 					$mysql_db_remote_access = 'y';
@@ -301,13 +301,13 @@ class ApsGUIController extends ApsBase
 
 			//* Find a free db name for the app
 			for($n = 1; $n <= 1000; $n++) {
-				$mysql_db_name = ($dbname_prefix != '' ? $dbname_prefix.'aps'.$n : uniqid('aps'));
+				$mysql_db_name = $app->db->quote(($dbname_prefix != '' ? $dbname_prefix.'aps'.$n : uniqid('aps')));
 				$tmp = $app->db->queryOneRecord("SELECT count(database_id) as number FROM web_database WHERE database_name = '".$app->db->quote($mysql_db_name)."'");
 				if($tmp['number'] == 0) break;
 			}
 			//* Find a free db username for the app
 			for($n = 1; $n <= 1000; $n++) {
-				$mysql_db_user = ($dbuser_prefix != '' ? $dbuser_prefix.'aps'.$n : uniqid('aps'));
+				$mysql_db_user = $app->db->quote(($dbuser_prefix != '' ? $dbuser_prefix.'aps'.$n : uniqid('aps')));
 				$tmp = $app->db->queryOneRecord("SELECT count(database_user_id) as number FROM web_database_user WHERE database_user = '".$app->db->quote($mysql_db_user)."'");
 				if($tmp['number'] == 0) break;
 			}
@@ -316,12 +316,12 @@ class ApsGUIController extends ApsBase
 
 			//* Create the mysql database user
 			$insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `database_user`, `database_user_prefix`, `database_password`)
-					  VALUES( ".$websrv['sys_userid'].", ".$websrv['sys_groupid'].", 'riud', '".$websrv['sys_perm_group']."', '', 0, '$mysql_db_user', '".$app->db->quote($dbuser_prefix) . "', PASSWORD('$mysql_db_password'))";
+					  VALUES( ".$app->functions->intval($websrv['sys_userid']).", ".$app->functions->intval($websrv['sys_groupid']).", 'riud', '".$app->functions->intval($websrv['sys_perm_group'])."', '', 0, '$mysql_db_user', '".$app->db->quote($dbuser_prefix) . "', PASSWORD('$mysql_db_password'))";
 			$mysql_db_user_id = $app->db->datalogInsert('web_database_user', $insert_data, 'database_user_id');
 
 			//* Create the mysql database
 			$insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `parent_domain_id`, `type`, `database_name`, `database_name_prefix`, `database_user_id`, `database_ro_user_id`, `database_charset`, `remote_access`, `remote_ips`, `backup_copies`, `active`, `backup_interval`)
-					  VALUES( ".$websrv['sys_userid'].", ".$websrv['sys_groupid'].", 'riud', '".$websrv['sys_perm_group']."', '', $mysql_db_server_id, ".$websrv['domain_id'].", 'mysql', '$mysql_db_name', '" . $app->db->quote($dbname_prefix) . "', '$mysql_db_user_id', 0, '', '$mysql_db_remote_access', '$mysql_db_remote_ips', ".$websrv['backup_copies'].", 'y', '".$websrv['backup_interval']."')";
+					  VALUES( ".$app->functions->intval($websrv['sys_userid']).", ".$app->functions->intval($websrv['sys_groupid']).", 'riud', '".$app->functions->intval($websrv['sys_perm_group'])."', '', $mysql_db_server_id, ".$app->functions->intval($websrv['domain_id']).", 'mysql', '$mysql_db_name', '" . $app->db->quote($dbname_prefix) . "', '$mysql_db_user_id', 0, '', '$mysql_db_remote_access', '$mysql_db_remote_ips', ".$app->functions->intval($websrv['backup_copies']).", 'y', '".$app->functions->intval($websrv['backup_interval'])."')";
 			$app->db->datalogInsert('web_database', $insert_data, 'database_id');
 
 			//* Add db details to package settings
@@ -332,7 +332,7 @@ class ApsGUIController extends ApsBase
 		}
 
 		//* Insert new package instance
-		$insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `customer_id`, `package_id`, `instance_status`) VALUES (".$websrv['sys_userid'].", ".$websrv['sys_groupid'].", 'riud', '".$websrv['sys_perm_group']."', '', ".$app->db->quote($webserver_id).",".$app->db->quote($customerid).", ".$app->db->quote($packageid).", ".INSTANCE_PENDING.")";
+		$insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `customer_id`, `package_id`, `instance_status`) VALUES (".$app->functions->intval($websrv['sys_userid']).", ".$app->functions->intval($websrv['sys_groupid']).", 'riud', '".$app->functions->intval($websrv['sys_perm_group'])."', '', ".$app->db->quote($webserver_id).",".$app->db->quote($customerid).", ".$app->db->quote($packageid).", ".INSTANCE_PENDING.")";
 		$InstanceID = $app->db->datalogInsert('aps_instances', $insert_data, 'id');
 
 		//* Insert all package settings
@@ -404,7 +404,7 @@ class ApsGUIController extends ApsBase
         $app->db->datalogSave('aps', 'INSERT', 'id', $instanceid, array(), $datalog);
 		*/
 
-		$sql = "SELECT web_database.database_id as database_id FROM aps_instances_settings, web_database WHERE aps_instances_settings.value = web_database.database_name AND aps_instances_settings.value =  aps_instances_settings.name = 'main_database_name' AND aps_instances_settings.instance_id = ".$instanceid." LIMIT 0,1";
+		$sql = "SELECT web_database.database_id as database_id FROM aps_instances_settings, web_database WHERE aps_instances_settings.value = web_database.database_name AND aps_instances_settings.value =  aps_instances_settings.name = 'main_database_name' AND aps_instances_settings.instance_id = ".$app->db->quote($instanceid)." LIMIT 0,1";
 		$tmp = $app->db->queryOneRecord($sql);
 		if($tmp['database_id'] > 0) $app->db->datalogDelete('web_database', 'database_id', $tmp['database_id']);
 

interface/lib/classes/auth.inc.php

@@ -33,7 +33,7 @@ class auth {
 
 	public function get_user_id()
 	{
-		return $_SESSION['s']['user']['userid'];
+		return $app->functions->intval($_SESSION['s']['user']['userid']);
 	}
 
 	public function is_admin() {
@@ -80,7 +80,9 @@ class auth {
 	public function get_client_limit($userid, $limitname)
 	{
 		global $app;
-
+		
+		$userid = $app->functions->intval($userid);
+		
 		// simple query cache
 		if($this->client_limits===null)
 			$this->client_limits = $app->db->queryOneRecord("SELECT client.* FROM sys_user, client WHERE sys_user.userid = $userid AND sys_user.client_id = client.client_id");

interface/lib/classes/client_templates.inc.php

@@ -49,7 +49,7 @@ class client_templates {
 
 		if($old_style == true) {
 			// we have to take care of this in an other way
-			$in_db = $app->db->queryAllRecords('SELECT `assigned_template_id`, `client_template_id` FROM `client_template_assigned` WHERE `client_id` = ' . $clientId);
+			$in_db = $app->db->queryAllRecords('SELECT `assigned_template_id`, `client_template_id` FROM `client_template_assigned` WHERE `client_id` = ' . $app->functions->intval($clientId));
 			if(is_array($in_db) && count($in_db) > 0) {
 				foreach($in_db as $item) {
 					if(array_key_exists($item['client_template_id'], $needed_types) == false) $needed_types[$item['client_template_id']] = 0;
@@ -61,24 +61,24 @@ class client_templates {
 				if($count > 0) {
 					// add new template to client (includes those from old-style without assigned_template_id)
 					for($i = $count; $i > 0; $i--) {
-						$app->db->query('INSERT INTO `client_template_assigned` (`client_id`, `client_template_id`) VALUES (' . $clientId . ', ' . $tpl_id . ')');
+						$app->db->query('INSERT INTO `client_template_assigned` (`client_id`, `client_template_id`) VALUES (' . $app->functions->intval($clientId) . ', ' . $app->functions->intval($tpl_id) . ')');
 					}
 				} elseif($count < 0) {
 					// remove old ones
 					for($i = $count; $i < 0; $i++) {
-						$app->db->query('DELETE FROM `client_template_assigned` WHERE client_id = ' . $clientId . ' AND client_template_id = ' . $tpl_id . ' LIMIT 1');
+						$app->db->query('DELETE FROM `client_template_assigned` WHERE client_id = ' . $app->functions->intval($clientId) . ' AND client_template_id = ' . $app->functions->intval($tpl_id) . ' LIMIT 1');
 					}
 				}
 			}
 		} else {
 			// we have to take care of this in an other way
-			$in_db = $app->db->queryAllRecords('SELECT `assigned_template_id`, `client_template_id` FROM `client_template_assigned` WHERE `client_id` = ' . $clientId);
+			$in_db = $app->db->queryAllRecords('SELECT `assigned_template_id`, `client_template_id` FROM `client_template_assigned` WHERE `client_id` = ' . $app->functions->intval($clientId));
 			if(is_array($in_db) && count($in_db) > 0) {
 				// check which templates were removed from this client
 				foreach($in_db as $item) {
 					if(in_array($item['assigned_template_id'], $used_assigned) == false) {
 						// delete this one
-						$app->db->query('DELETE FROM `client_template_assigned` WHERE `assigned_template_id` = ' . $item['assigned_template_id']);
+						$app->db->query('DELETE FROM `client_template_assigned` WHERE `assigned_template_id` = ' . $app->functions->intval($item['assigned_template_id']));
 					}
 				}
 			}
@@ -86,7 +86,7 @@ class client_templates {
 			if(count($new_tpl) > 0) {
 				foreach($new_tpl as $item) {
 					// add new template to client (includes those from old-style without assigned_template_id)
-					$app->db->query('INSERT INTO `client_template_assigned` (`client_id`, `client_template_id`) VALUES (' . $clientId . ', ' . $item . ')');
+					$app->db->query('INSERT INTO `client_template_assigned` (`client_id`, `client_template_id`) VALUES (' . $app->functions->intval($clientId) . ', ' . $app->functions->intval($item) . ')');
 				}
 			}
 		}

interface/lib/classes/custom_datasource.inc.php

@@ -46,9 +46,9 @@ class custom_datasource {
 
 		if($_SESSION["s"]["user"]["typ"] == 'user') {
 			// Get the limits of the client
-			$client_group_id = $_SESSION["s"]["user"]["default_group"];
+			$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
 			$client = $app->db->queryOneRecord("SELECT default_dnsserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
-			$sql = "SELECT server_id,server_name FROM server WHERE server_id = ".$client['default_dnsserver'];
+			$sql = "SELECT server_id,server_name FROM server WHERE server_id = ".$app->functions->intval($client['default_dnsserver']);
 		} else {
 			$sql = "SELECT server_id,server_name FROM server WHERE dns_server = 1 ORDER BY server_name";
 		}
@@ -68,9 +68,9 @@ class custom_datasource {
 
 		if($_SESSION["s"]["user"]["typ"] == 'user') {
 			// Get the limits of the client
-			$client_group_id = $_SESSION["s"]["user"]["default_group"];
+			$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
 			$client = $app->db->queryOneRecord("SELECT default_slave_dnsserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
-			$sql = "SELECT server_id,server_name FROM server WHERE server_id = ".$client['default_slave_dnsserver'];
+			$sql = "SELECT server_id,server_name FROM server WHERE server_id = ".$app->functions->intval($client['default_slave_dnsserver']);
 		} else {
 			$sql = "SELECT server_id,server_name FROM server WHERE dns_server = 1 ORDER BY server_name";
 		}
@@ -99,7 +99,7 @@ class custom_datasource {
 		}
 		if(count($server_ids) == 0) return array();
 		$server_ids = implode(',', $server_ids);
-		$records = $app->db->queryAllRecords("SELECT web_domain.domain_id, CONCAT(web_domain.domain, ' :: ', server.server_name) AS parent_domain FROM web_domain, server WHERE web_domain.type = 'vhost' AND web_domain.server_id IN (".$server_ids.") AND web_domain.server_id = server.server_id AND ".$app->tform->getAuthSQL('r', 'web_domain')." ORDER BY web_domain.domain");
+		$records = $app->db->queryAllRecords("SELECT web_domain.domain_id, CONCAT(web_domain.domain, ' :: ', server.server_name) AS parent_domain FROM web_domain, server WHERE web_domain.type = 'vhost' AND web_domain.server_id IN (".$app->db->quote($server_ids).") AND web_domain.server_id = server.server_id AND ".$app->tform->getAuthSQL('r', 'web_domain')." ORDER BY web_domain.domain");
 
 		$records_new = array();
 		if(is_array($records)) {
@@ -146,12 +146,12 @@ class custom_datasource {
 
 		if($_SESSION["s"]["user"]["typ"] == 'user') {
 			// Get the limits of the client
-			$client_group_id = $_SESSION["s"]["user"]["default_group"];
+			$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
 			$sql = "SELECT $server_type as server_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id";
 			$client = $app->db->queryOneRecord($sql);
 			if($client['server_id'] > 0) {
 				//* Select the default server for the client
-				$sql = "SELECT server_id,server_name FROM server WHERE server_id = ".$client['server_id'];
+				$sql = "SELECT server_id,server_name FROM server WHERE server_id = ".$app->functions->intval($client['server_id']);
 			} else {
 				//* Not able to find the clients defaults, use this as fallback and add a warning message to the log
 				$app->log('Unable to find default server for client in custom_datasource.inc.php', 1);

interface/lib/classes/form.inc.php

 <?php
 
+die('Deprecated file: form.inc.php');
+
 /*
 Copyright (c) 2007, Till Brehm, projektfarm Gmbh
 All rights reserved.

interface/lib/classes/plugin_backuplist.inc.php

@@ -108,8 +108,8 @@ class plugin_backuplist extends plugin_base {
 		}
 
 		//* Get the data
-		$web = $app->db->queryOneRecord("SELECT server_id FROM web_domain WHERE domain_id = ".$this->form->id);
-		$sql = "SELECT * FROM web_backup WHERE parent_domain_id = ".$this->form->id." AND server_id = ".$web['server_id']." ORDER BY tstamp DESC, backup_type ASC";
+		$web = $app->db->queryOneRecord("SELECT server_id FROM web_domain WHERE domain_id = ".$app->functions->intval($this->form->id));
+		$sql = "SELECT * FROM web_backup WHERE parent_domain_id = ".$app->functions->intval($this->form->id)." AND server_id = ".$app->functions->intval($web['server_id'])." ORDER BY tstamp DESC, backup_type ASC";
 		$records = $app->db->queryAllRecords($sql);
 
 		$bgcolor = "#FFFFFF";

interface/web/admin/login_as.php

@@ -51,7 +51,7 @@ if(isset($_GET['id'])) {
 	$client_id = $app->functions->intval($_GET['cid']);
 	$tmp_client = $app->db->queryOneRecord("SELECT username FROM client WHERE client_id = $client_id");
 	$tmp_sys_user = $app->db->queryOneRecord("SELECT userid FROM sys_user WHERE username = '".$app->db->quote($tmp_client['username'])."'");
-	$userId = $tmp_sys_user['userid'];
+	$userId = $app->functions->intval($tmp_sys_user['userid']);
 	unset($tmp_client);
 	unset($tmp_sys_user);
 	$backlink = 'client/client_list.php';

interface/web/admin/remote_action_ispcupdate.php

@@ -81,7 +81,7 @@ if (1 == 0 && isset($_POST['server_select'])) {
 	foreach ($servers as $serverId) {
 		$sql = "INSERT INTO sys_remoteaction (server_id, tstamp, action_type, action_param, action_state, response) " .
 			"VALUES (".
-			(int)$serverId . ", " .
+			$app->functions->intval($serverId) . ", " .
 			time() . ", " .
 			"'ispc_update', " .
 			"'', " .

interface/web/admin/remote_action_osupdate.php

@@ -76,7 +76,7 @@ if (isset($_POST['server_select'])) {
 	foreach ($servers as $serverId) {
 		$sql = "INSERT INTO sys_remoteaction (server_id, tstamp, action_type, action_param, action_state, response) " .
 			"VALUES (".
-			(int)$serverId . ", " .
+			$app->functions->intval($serverId) . ", " .
 			time() . ", " .
 			"'os_update', " .
 			"'', " .

interface/web/admin/server_edit.php

@@ -54,7 +54,7 @@ class page_action extends tform_actions {
 		global $app, $conf;
 
 		// Getting Servers
-		$sql = "SELECT server_id,server_name FROM server WHERE server_id != $this->id ORDER BY server_name";
+		$sql = "SELECT server_id,server_name FROM server WHERE server_id != ".$app->functions->intval($this->id)." ORDER BY server_name";
 		$mirror_servers = $app->db->queryAllRecords($sql);
 		$mirror_server_select = '<option value="0">'.$app->tform->lng('- None -').'</option>';
 		if(is_array($mirror_servers)) {

interface/web/admin/server_ip_edit.php

@@ -56,7 +56,7 @@ class page_action extends tform_actions {
 		//* Check if the server has been changed
 		// We do this only for the admin or reseller users, as normal clients can not change the server ID anyway
 		if($_SESSION["s"]["user"]["typ"] == 'admin' || $app->auth->has_clients($_SESSION['s']['user']['userid'])) {
-			$rec = $app->db->queryOneRecord("SELECT server_id from server_ip WHERE server_ip_id = ".$this->id);
+			$rec = $app->db->queryOneRecord("SELECT server_id from server_ip WHERE server_ip_id = ".$app->functions->intval($this->id));
 			if($rec['server_id'] != $this->dataRecord["server_id"]) {
 				//* Add a error message and switch back to old server
 				$app->tform->errorMessage .= $app->lng('The Server can not be changed.');

interface/web/admin/server_php_edit.php

@@ -56,7 +56,7 @@ class page_action extends tform_actions {
 		//* Check if the server has been changed
 		// We do this only for the admin or reseller users, as normal clients can not change the server ID anyway
 		if(($_SESSION["s"]["user"]["typ"] == 'admin' || $app->auth->has_clients($_SESSION['s']['user']['userid'])) && isset($this->dataRecord["server_id"])) {
-			$rec = $app->db->queryOneRecord("SELECT server_id from server_php WHERE server_php_id = ".$this->id);
+			$rec = $app->db->queryOneRecord("SELECT server_id from server_php WHERE server_php_id = ".$app->functions->intval($this->id));
 			if($rec['server_id'] != $this->dataRecord["server_id"]) {
 				//* Add a error message and switch back to old server
 				$app->tform->errorMessage .= $app->lng('The Server can not be changed.');

interface/web/admin/software_package_install.php

@@ -50,7 +50,7 @@ $message_ok = '';
 //* verify the key
 if($package['package_installable'] == 'key' && $install_key != '') {
 
-	$repo = $app->db->queryOneRecord("SELECT * FROM software_repo WHERE software_repo_id = ".$package['software_repo_id']);
+	$repo = $app->db->queryOneRecord("SELECT * FROM software_repo WHERE software_repo_id = ".$app->db->quote($package['software_repo_id']));
 
 	$client = new SoapClient(null, array('location' => $repo['repo_url'],
 			'uri'      => $repo['repo_url']));
@@ -62,7 +62,7 @@ if($package['package_installable'] == 'key' && $install_key != '') {
 		$message_err = 'Verification of the key failed.';
 	} else {
 		// Store the verified key into the database
-		$app->db->datalogUpdate('software_package', "package_key = '$install_key'", 'package_id', $package['package_id']);
+		$app->db->datalogUpdate('software_package', "package_key = '".$app->db->quote($install_key)."'", 'package_id', $package['package_id']);
 	}
 } else {
 	$message_ok = 'Please enter the software key for the package.';
@@ -70,7 +70,7 @@ if($package['package_installable'] == 'key' && $install_key != '') {
 
 //* Install packages, if all requirements are fullfilled.
 if($install_server_id > 0 && $package_name != '' && ($package['package_installable'] == 'yes' || $install_key_verified == true)) {
-	$sql = "SELECT software_update_id, package_name, update_title FROM software_update WHERE type = 'full' AND package_name = '$package_name' ORDER BY v1 DESC, v2 DESC, v3 DESC, v4 DESC LIMIT 0,1";
+	$sql = "SELECT software_update_id, package_name, update_title FROM software_update WHERE type = 'full' AND package_name = '".$app->db->quote($package_name)."' ORDER BY v1 DESC, v2 DESC, v3 DESC, v4 DESC LIMIT 0,1";
 	$tmp = $app->db->queryOneRecord($sql);
 	$software_update_id = $tmp['software_update_id'];
 
@@ -118,7 +118,7 @@ if($install_server_id > 0 && $package_name != '' && ($package['package_installab
 			$app->db->datalogUpdate('software_package', "package_config = '".$app->db->quote($package_config_str)."'", 'package_id', $package['package_id']);
 
 			$sql = "INSERT INTO `remote_user` (`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `remote_username`, `remote_password`, `remote_functions`) VALUES
-					(1, 1, 'riud', 'riud', '', '$remote_user', '$remote_password_md5', '$remote_functions');";
+					(1, 1, 'riud', 'riud', '', '".$app->db->quote($remote_user)."', '".$app->db->quote($remote_password_md5)."', '".$app->db->quote($remote_functions)."');";
 
 			$app->db->query($sql);
 
@@ -127,7 +127,7 @@ if($install_server_id > 0 && $package_name != '' && ($package['package_installab
 	}
 
 	//* Add the record to start the install process
-	$insert_data = "(package_name, server_id, software_update_id, status) VALUES ('$package_name', '$install_server_id', '$software_update_id','installing')";
+	$insert_data = "(package_name, server_id, software_update_id, status) VALUES ('".$app->db->quote($package_name)."', '".$app->db->quote($install_server_id)."', '".$app->db->quote($software_update_id)."','installing')";
 	$app->db->datalogInsert('software_update_inst', $insert_data, 'software_update_inst_id');
 	$message_ok = 'Starting package installation '."<a href=\"#\" onclick=\"submitForm('pageForm','admin/software_package_list.php');\">".$app->lng('next')."</a>";
 

interface/web/admin/software_package_list.php

@@ -49,7 +49,7 @@ if(is_array($repos) && isset($_GET['action']) && $_GET['action'] == 'repoupdate'
 		if(is_array($packages)) {
 			foreach($packages as $p) {
 				$package_name = $app->db->quote($p['name']);
-				$tmp = $app->db->queryOneRecord("SELECT package_id FROM software_package WHERE package_name = '$package_name'");
+				$tmp = $app->db->queryOneRecord("SELECT package_id FROM software_package WHERE package_name = '".$app->db->quote($package_name)."'");
 
 				$package_title = $app->db->quote($p['title']);
 				$package_description = $app->db->quote($p['description']);
@@ -150,7 +150,7 @@ if(is_array($packages) && count($packages) > 0) {
 	foreach($packages as $key => $p) {
 		$installed_txt = '';
 		foreach($servers as $s) {
-			$inst = $app->db->queryOneRecord("SELECT * FROM software_update, software_update_inst WHERE software_update_inst.software_update_id = software_update.software_update_id AND software_update_inst.package_name = '".addslashes($p["package_name"])."' AND server_id = '".$s["server_id"]."'");
+			$inst = $app->db->queryOneRecord("SELECT * FROM software_update, software_update_inst WHERE software_update_inst.software_update_id = software_update.software_update_id AND software_update_inst.package_name = '".$app->db->quote($p["package_name"])."' AND server_id = '".$app->functions->intval($s["server_id"])."'");
 			$version = $inst['v1'].'.'.$inst['v2'].'.'.$inst['v3'].'.'.$inst['v4'];
 
 			if($inst['status'] == 'installed') {

interface/web/admin/software_update_list.php

@@ -161,11 +161,11 @@ if(is_array($installed_packages)) {
 	foreach($installed_packages as $ip) {
 
 		// Get version number of the latest installed version
-		$sql = "SELECT v1, v2, v3, v4 FROM software_update, software_update_inst WHERE software_update.software_update_id = software_update_inst.software_update_id AND server_id = ".$server_id." ORDER BY v1 DESC , v2 DESC , v3 DESC , v4 DESC LIMIT 0,1";
+		$sql = "SELECT v1, v2, v3, v4 FROM software_update, software_update_inst WHERE software_update.software_update_id = software_update_inst.software_update_id AND server_id = ".$app->functions->intval($server_id)." ORDER BY v1 DESC , v2 DESC , v3 DESC , v4 DESC LIMIT 0,1";
 		$lu = $app->db->queryOneRecord($sql);
 
 		// Get all installable updates
-		$sql = "SELECT * FROM software_update WHERE v1 >= $lu[v1] AND v2 >= $lu[v2] AND v3 >= $lu[v3] AND v4 >= $lu[v4] AND package_name = '$ip[package_name]' ORDER BY v1 DESC , v2 DESC , v3 DESC , v4 DESC";
+		$sql = "SELECT * FROM software_update WHERE v1 >= ".$app->functions->intval($lu['v1'])." AND v2 >= ".$app->functions->intval($lu['v2'])." AND v3 >= ".$app->functions->intval($lu['v3'])." AND v4 >= ".$app->functions->intval($lu['v4'])." AND package_name = '".$app->db->quote($ip['package_name'])."' ORDER BY v1 DESC , v2 DESC , v3 DESC , v4 DESC";
 		$updates = $app->db->queryAllRecords($sql);
 		//die($sql);
 

interface/web/admin/system_config_edit.php

@@ -178,7 +178,7 @@ class page_action extends tform_actions {
 		if($server_config_array['misc']['maintenance_mode'] == 'y'){
 			//print_r($_SESSION);
 			//echo $_SESSION['s']['id'];
-			$app->db->query("DELETE FROM sys_session WHERE session_id != '".$_SESSION['s']['id']."'");
+			$app->db->query("DELETE FROM sys_session WHERE session_id != '".$app->db->quote($_SESSION['s']['id'])."'");
 		}
 	}
 

interface/web/admin/users_edit.php

@@ -77,7 +77,7 @@ class page_action extends tform_actions {
 		global $app, $conf;
 
 		$client = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE userid = ".$this->id);
-		$client_id = $client['client_id'];
+		$client_id = $app->functions->intval($client['client_id']);
 		$username = $app->db->quote($this->dataRecord["username"]);
 		$old_username = $app->db->quote($this->oldDataRecord['username']);
 

interface/web/client/client_edit.php

@@ -58,7 +58,7 @@ class page_action extends tform_actions {
 		if($_SESSION["s"]["user"]["typ"] == 'user') {
 
 			// Get the limits of the client
-			$client_group_id = $_SESSION["s"]["user"]["default_group"];
+			$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
 			$client = $app->db->queryOneRecord("SELECT limit_client FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
 
 			// Check if the user may add another website.

interface/web/client/client_message.php

@@ -65,7 +65,7 @@ if(isset($_POST) && count($_POST) > 1) {
 				$tmp_client_ids = explode(',', $circle['client_ids']);
 				$where = array();
 				foreach($tmp_client_ids as $tmp_client_id){
-					$where[] = 'client_id = '.$tmp_client_id;
+					$where[] = 'client_id = '.$app->functions->intval($tmp_client_id);
 				}
 				if(!empty($where)) $where_clause = ' AND ('.implode(' OR ', $where).')';
 				$sql = "SELECT * FROM client WHERE email != ''".$where_clause;