From 8500be3f1ba7bcab6b8523507e74a132df58d925 Mon Sep 17 00:00:00 2001 From: tbrehm Date: Thu, 18 Sep 2008 10:25:41 +0000 Subject: [PATCH] - Changed addslashes to mysql_real_escape_string in several files. - Updated Debian installation instructions. --- INSTALL_DEBIAN.txt | 2 +- install/lib/installer_base.lib.php | 2 +- install/lib/mysql.lib.php | 2 +- install/sql/ispconfig3.sql | 44 ++ install/update.php | 2 +- interface/lib/classes/db_mysql.inc.php | 10 +- interface/lib/classes/form.inc.php | 4 +- interface/lib/classes/listform.inc.php | 4 +- interface/lib/classes/remoting_lib.inc.php | 6 +- interface/lib/classes/searchform.inc.php | 700 +++++++++--------- interface/lib/classes/tform.inc.php | 22 +- interface/web/client/client_edit.php | 16 +- interface/web/mail/mail_domain_edit.php | 20 +- interface/web/mail/mail_get_edit.php | 2 +- interface/web/mail/mail_user_edit.php | 8 +- interface/web/mail/mail_user_filter_del.php | 2 +- interface/web/mail/mail_user_filter_edit.php | 2 +- server/lib/classes/db_mysql.inc.php | 7 +- .../mysql_clientdb_plugin.inc.php | 22 +- 19 files changed, 471 insertions(+), 406 deletions(-) diff --git a/INSTALL_DEBIAN.txt b/INSTALL_DEBIAN.txt index ae2e1b04eb..ed53cff9d6 100644 --- a/INSTALL_DEBIAN.txt +++ b/INSTALL_DEBIAN.txt @@ -5,7 +5,7 @@ It is recommended to use a clean (fresh) Debian etch install where you just sele 1) Install Postfix, Courier, Saslauthd, MySQL, phpMyAdmin with the following command line (on one line!): -apt-get install postfix postfix-mysql postfix-doc mysql-client mysql-server courier-authdaemon courier-authlib-mysql courier-pop courier-pop-ssl courier-imap courier-imap-ssl postfix-tls libsasl2 libsasl2-modules libsasl2-modules-sql sasl2-bin libpam-mysql openssl courier-maildrop getmail4 +apt-get install postfix postfix-mysql postfix-doc mysql-client mysql-server courier-authdaemon courier-authlib-mysql courier-pop courier-pop-ssl courier-imap courier-imap-ssl libsasl2 libsasl2-modules libsasl2-modules-sql sasl2-bin libpam-mysql openssl courier-maildrop getmail4 Answer the questions from the package manager as follows. diff --git a/install/lib/installer_base.lib.php b/install/lib/installer_base.lib.php index 3ca35b4508..c1780d91be 100644 --- a/install/lib/installer_base.lib.php +++ b/install/lib/installer_base.lib.php @@ -177,7 +177,7 @@ class installer_base { $this->db->dbName = $cf['database']; $server_ini_content = rf("tpl/server.ini.master"); - $server_ini_content = addslashes($server_ini_content); + $server_ini_content = mysql_real_escape_string($server_ini_content); $sql = "INSERT INTO `server` (`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_name`, `mail_server`, `web_server`, `dns_server`, `file_server`, `db_server`, `vserver_server`, `config`, `updated`, `active`) VALUES (1, 1, 'riud', 'riud', 'r', '".$conf['hostname']."', 1, 1, 1, 1, 1, 1, '$server_ini_content', 0, 1);"; $this->db->query($sql); diff --git a/install/lib/mysql.lib.php b/install/lib/mysql.lib.php index eac33e5924..e24fcc65d9 100644 --- a/install/lib/mysql.lib.php +++ b/install/lib/mysql.lib.php @@ -171,7 +171,7 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. // Check der variablen function quote($formfield) { - return addslashes($formfield); + return mysql_real_escape_string($formfield); } // Check der variablen diff --git a/install/sql/ispconfig3.sql b/install/sql/ispconfig3.sql index 40c2c75fd0..67cad8402f 100644 --- a/install/sql/ispconfig3.sql +++ b/install/sql/ispconfig3.sql @@ -608,6 +608,50 @@ CREATE TABLE `shell_user` ( -- -------------------------------------------------------- +-- +-- Tabellenstruktur für Tabelle `software_repo` +-- + +CREATE TABLE `software_repo` ( + `software_repo_id` bigint(20) NOT NULL auto_increment, + `sys_userid` int(11) NOT NULL default '0', + `sys_groupid` int(11) NOT NULL default '0', + `sys_perm_user` varchar(5) default NULL, + `sys_perm_group` varchar(5) default NULL, + `sys_perm_other` varchar(5) default NULL, + `repo_name` varchar(40) default NULL, + `repo_url` varchar(40) default NULL, + `repo_username` varchar(30) default NULL, + `repo_password` varchar(30) default NULL, + `active` varchar(255) NOT NULL default 'y', + PRIMARY KEY (`software_repo_id`) +) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ; + +-- -------------------------------------------------------- + +-- +-- Tabellenstruktur für Tabelle `software_update` +-- + +CREATE TABLE `software_update` ( + `software_update_id` int(11) NOT NULL auto_increment, + `software_repo_id` int(11) NOT NULL, + `update_url` varchar(255) NOT NULL, + `update_md5` varchar(255) NOT NULL, + `install` char(1) NOT NULL, + `depenencies` varchar(255) NOT NULL, + `update_title` varchar(255) NOT NULL, + PRIMARY KEY (`software_update_id`) +) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ; + +-- +-- Daten für Tabelle `software_update` +-- + + +-- -------------------------------------------------------- + + -- -- Tabellenstruktur für Tabelle `spamfilter_policy` -- diff --git a/install/update.php b/install/update.php index 2a0054e5ab..3200a6d3a4 100644 --- a/install/update.php +++ b/install/update.php @@ -157,7 +157,7 @@ foreach($old_ini_array as $tmp_section_name => $tmp_section_content) { } $new_ini = array_to_ini($tpl_ini_array); -$inst->db->query("UPDATE server SET config = '".addslashes($new_ini)."' WHERE server_id = ".$conf['server_id']); +$inst->db->query("UPDATE server SET config = '".mysql_real_escape_string($new_ini)."' WHERE server_id = ".$conf['server_id']); unset($old_ini_array); unset($tpl_ini_array); unset($new_ini); diff --git a/interface/lib/classes/db_mysql.inc.php b/interface/lib/classes/db_mysql.inc.php index eaa57b0cab..ca3b38cf38 100644 --- a/interface/lib/classes/db_mysql.inc.php +++ b/interface/lib/classes/db_mysql.inc.php @@ -160,10 +160,14 @@ class db return $this->quote($formfield); } - /** Escapes quotes in variable. addslashes() */ + /** Escapes quotes in variable. mysql_real_escape_string() */ public function quote($formfield) - { - return addslashes($formfield); + { + if(!$this->connect()){ + $this->updateError('WARNING: mysql_connect: Used addslashes instead of mysql_real_escape_string'); + return addslashes($formfield); + } + return mysql_real_escape_string($formfield, $this->linkId); } /** Unquotes a variable, strip_slashes() */ diff --git a/interface/lib/classes/form.inc.php b/interface/lib/classes/form.inc.php index c45936a63f..6c3d0ccbc0 100644 --- a/interface/lib/classes/form.inc.php +++ b/interface/lib/classes/form.inc.php @@ -293,7 +293,7 @@ class form { switch ($this->tableDef[$key]['datatype']) { case 'VARCHAR': if(!is_array($val)) { - $new_record[$key] = addslashes($val); + $new_record[$key] = mysql_real_escape_string($val); } else { $new_record[$key] = implode($this->tableDef[$key]['separator'],$val); } @@ -308,7 +308,7 @@ class form { $new_record[$key] = intval($val); break; case 'DOUBLE': - $new_record[$key] = addslashes($val); + $new_record[$key] = mysql_real_escape_string($val); break; case 'CURRENCY': $new_record[$key] = str_replace(",",".",$val); diff --git a/interface/lib/classes/listform.inc.php b/interface/lib/classes/listform.inc.php index dae026980f..ca3b97db91 100644 --- a/interface/lib/classes/listform.inc.php +++ b/interface/lib/classes/listform.inc.php @@ -312,7 +312,7 @@ class listform { case 'VARCHAR': case 'TEXT': if(!is_array($record[$key])) { - $record[$key] = addslashes($record[$key]); + $record[$key] = mysql_real_escape_string($record[$key]); } else { $record[$key] = implode($this->tableDef[$key]['separator'],$record[$key]); } @@ -330,7 +330,7 @@ class listform { break; case 'DOUBLE': - $record[$key] = addslashes($record[$key]); + $record[$key] = mysql_real_escape_string($record[$key]); break; case 'CURRENCY': diff --git a/interface/lib/classes/remoting_lib.inc.php b/interface/lib/classes/remoting_lib.inc.php index 0ba041469a..eca27ad0f0 100644 --- a/interface/lib/classes/remoting_lib.inc.php +++ b/interface/lib/classes/remoting_lib.inc.php @@ -291,14 +291,14 @@ class remoting_lib { switch ($field['datatype']) { case 'VARCHAR': if(!@is_array($record[$key])) { - $new_record[$key] = (isset($record[$key]))?addslashes($record[$key]):''; + $new_record[$key] = (isset($record[$key]))?mysql_real_escape_string($record[$key]):''; } else { $new_record[$key] = implode($field['separator'],$record[$key]); } break; case 'TEXT': if(!is_array($record[$key])) { - $new_record[$key] = addslashes($record[$key]); + $new_record[$key] = mysql_real_escape_string($record[$key]); } else { $new_record[$key] = implode($field['separator'],$record[$key]); } @@ -317,7 +317,7 @@ class remoting_lib { //if($key == 'refresh') die($record[$key]); break; case 'DOUBLE': - $new_record[$key] = addslashes($record[$key]); + $new_record[$key] = mysql_real_escape_string($record[$key]); break; case 'CURRENCY': $new_record[$key] = str_replace(",",".",$record[$key]); diff --git a/interface/lib/classes/searchform.inc.php b/interface/lib/classes/searchform.inc.php index 7711cca2d8..25a941293d 100644 --- a/interface/lib/classes/searchform.inc.php +++ b/interface/lib/classes/searchform.inc.php @@ -1,351 +1,351 @@ -listDef = $liste; - $this->module = $module; - - //* Fill datasources - foreach($this->listDef['item'] as $key => $field) { - if(is_array($field['datasource'])) { - $this->listDef['item'][$key]['value'] = $this->getDatasourceData($field); - } - } - return true; - } - - /** - * Get the key => value array of a form filed from a datasource definitiom - * - * @param field = array with field definition - * @param record = Dataset as array - * @return key => value array for the value field of a form - */ - - public function getDatasourceData($field) - { - global $app; - $values = array(); - - if($field['datasource']['type'] == 'SQL') { - //* Preparing SQL string. We will replace some common placeholders - $querystring = $field['datasource']['querystring']; - $querystring = str_replace('{USERID}', $_SESSION['s']['user']['userid'], $querystring); - $querystring = str_replace('{GROUPID}', $_SESSION['s']['user']['default_group'], $querystring); - $querystring = str_replace('{GROUPS}', $_SESSION['s']['user']['groups'], $querystring); - $table_idx = $this->formDef['db_table_idx']; - //$querystring = str_replace('{RECORDID}',$record[$table_idx],$querystring); - $app->uses('tform'); - $querystring = str_replace('{AUTHSQL}', $app->tform->getAuthSQL('r'), $querystring); - - //* Getting the records - $tmp_records = $app->db->queryAllRecords($querystring); - if($app->db->errorMessage != ''){ - die($app->db->errorMessage); - } - if(is_array($tmp_records)) { - $key_field = $field['datasource']['keyfield']; - $value_field = $field['datasource']['valuefield']; - foreach($tmp_records as $tmp_rec) { - $values[$tmp_rec[$key_field]] = $tmp_rec[$value_field]; - } - } - } - if($field['datasource']['type'] == 'CUSTOM') { - //* Calls a custom class to validate this record - if($field['datasource']['class'] != '' and $field['datasource']['function'] != '') { - $datasource_class = $field['datasource']['class']; - $datasource_function = $field['datasource']['function']; - $app->uses($datasource_class); - $record = array(); - $values = $app->$datasource_class->$datasource_function($field, $record); - }else{ - $this->errorMessage .= "Custom datasource class or function is empty
\r\n"; - } - } - return $values; - } - - public function getSearchSQL($sql_where = '') - { - global $db; - - //* Config vars - $list_name = $this->listDef['name']; - $search_prefix = $this->listDef['search_prefix']; - - //* store retrieval query - foreach($this->listDef['item'] as $i) { - $field = $i['field']; - - //* TODO ? hat sich die suche ge�ndert - has itself search ? - $ki = $search_prefix.$field; - if(isset($_REQUEST) and $_REQUEST[$ki] != $_SESSION['search'][$list_name][$ki]){ - $this->searchChanged = 1; - } - - //* suchfield in session store. - if(isset($_REQUEST[$ki])){ - $_SESSION['search'][$list_name][$ki] = $_REQUEST[$ki]; - } - - if($i['formtype'] == 'SELECT'){ - if(is_array($i['value'])) { - $out = ''; - foreach($i['value'] as $k => $v) { - $selected = ($k == $_SESSION['search'][$list_name][$ki] && $_SESSION['search'][$list_name][$ki] != '') ? ' SELECTED' : ''; - $out .= "\r\n"; - } - } - $this->searchValues[$ki] = $out; - }else{ - $this->searchValues[$ki] = $_SESSION['search'][$list_name][$ki]; - } - } - - //* store variables in object. $this->searchValues = $_SESSION["search"][$list_name]; - foreach($this->listDef['item'] as $i) { - $field = $i['field']; - //if($_REQUEST[$search_prefix.$field] != '') $sql_where .= " $field ".$i["op"]." '".$i["prefix"].$_REQUEST[$search_prefix.$field].$i["suffix"]."' and"; - if($_SESSION['search'][$list_name][$ki] != ''){ - $sql_where .= " $field ".$i['op']." '".$i['prefix'].$_SESSION['search'][$list_name][$ki].$i['suffix']."' and"; - } - } - return ($sql_where != '') ? substr($sql_where, 0, -3) : '1'; - } - - public function getPagingSQL($sql_where = '1') { - global $app, $conf; - - $list_name = $this->listDef['name']; - $search_prefix = $this->listDef['search_prefix']; - $records_per_page = $this->listDef['records_per_page']; - $table = $this->listDef['table']; - - //* set page to seror id session not set - if($_SESSION['search'][$list_name]['page'] == '') $_SESSION['search'][$list_name]['page'] = 0; - - //* Set page size to request if set - if(isset($_REQUEST['page'])) $_SESSION['search'][$list_name]['page'] = $_REQUEST['page']; - - //* TODO PAGE to 0 set, if look for themselves ge?ndert. = page auf 0 setzen, wenn suche sich ge�ndert hat. - if($this->searchChanged == 1) $_SESSION['search'][$list_name]['page'] = 0; - - $sql_von = $_SESSION['search'][$list_name]['page'] * $records_per_page; - $record_count = $app->db->queryOneRecord("SELECT count(*) AS anzahl FROM $table WHERE $sql_where"); - $pages = intval(($record_count['anzahl'] - 1) / $records_per_page); - - $vars['list_file'] = $this->listDef['file']; - $vars['page'] = $_SESSION['search'][$list_name]['page']; - $vars['last_page'] = $_SESSION['search'][$list_name]['page'] - 1; - $vars['next_page'] = $_SESSION['search'][$list_name]['page'] + 1; - $vars['pages'] = $pages; - $vars['max_pages'] = $pages + 1; - $vars['records_gesamt'] = $record_count['anzahl']; - $vars['page_params'] = $this->listDef['page_params']; - - if($_SESSION['search'][$list_name]['page'] > 0) $vars['show_page_back'] = 1; - if($_SESSION['search'][$list_name]['page'] <= $vars['pages'] - 1) $vars['show_page_next'] = 1; - - $this->pagingValues = $vars; - $this->pagingHTML = $this->getPagingHTML($vars); - - return "LIMIT $sql_von, $records_per_page"; - } - - public function getPagingHTML($vars) { - global $app; - $page_params = $vars['page_params']; - $list_file = $vars['list_file']; - $content = '   '; - if($vars['show_page_back'] == 1){ - $content .= ' '; - } - $content .= ' '.$app->lng('Page').' '.$vars['next_page'].' '.$app->lng('of').' '.$vars['max_pages'].' '; - if($vars['show_page_next'] == 1){ - $content .= '   '; - } - $content .= ' '; - return $content; - } - - public function getPagingHTMLasTXT($vars) - { - global $app; - $page_params = $vars['page_params']; - $list_file = $vars['list_file']; - $content = '[|<< ]'; - if($vars['show_page_back'] == 1){ - $content .= '[<< '.$app->lng('Back').'] '; - } - $content .= ' '.$app->lng('Page').' '.$vars['next_page'].' '.$app->lng('of').' '.$vars['max_pages'].' '; - if($vars['show_page_next'] == 1){ - $content .= '['.$app->lng('Next').' >>] '; - } - $content .= '[ >>|]'; - return $content; - } - - public function getSortSQL() - { - $sort_field = $this->listDef['sort_field']; - $sort_direction = $this->listDef['sort_direction']; - return ($sort_field != '' && $sort_direction != '') ? "ORDER BY $sort_field $sort_direction" : ''; - } - - public function saveSearchSettings($searchresult_name) - { - global $app, $conf; - - $list_name = $this->listDef['name']; - $settings = $_SESSION['search'][$list_name]; - unset($settings['page']); - $data = addslashes(serialize($settings)); - - $userid = $_SESSION['s']['user']['userid']; - $groupid = $_SESSION['s']['user']['default_group']; - $sys_perm_user = 'riud'; - $sys_perm_group = 'r'; - $sys_perm_other = ''; - $module = $_SESSION['s']['module']['name']; - $searchform = $this->listDef['name']; - $title = $searchresult_name; - - $sql = 'INSERT INTO `searchform` ( ' - .'`sys_userid` , `sys_groupid` , `sys_perm_user` , `sys_perm_group` , `sys_perm_other` , `module` , `searchform` , `title` , `data` ' - .')VALUES (' - ."'$userid', '$groupid', '$sys_perm_user', '$sys_perm_group', '$sys_perm_other', '$module', '$searchform', '$title', '$data')"; - $app->db->query($sql); - } - - public function decode($record) - { - if(is_array($record)) { - foreach($this->listDef['item'] as $field) { - $key = $field['field']; - switch ($field['datatype']) - { - case 'DATE': - if($val > 0) { - $record[$key] = date($this->dateformat, $record[$key]); - } - break; - - case 'INTEGER': - $record[$key] = intval($record[$key]); - break; - - case 'DOUBLE': - $record[$key] = $record[$key]; - break; - - case 'CURRENCY': - $record[$key] = number_format($record[$key], 2, ',', ''); - break; - - - case 'VARCHAR': - case 'TEXT': - default: - $record[$key] = stripslashes($record[$key]); - break; - } - } - } - return $record; - } - - public function encode($record) - { - if(is_array($record)) { - foreach($this->listDef['item'] as $field) { - $key = $field['field']; - switch ($field['datatype']) - { - case 'VARCHAR': - case 'TEXT': - if(!is_array($record[$key])) { - $record[$key] = addslashes($record[$key]); - } else { - $record[$key] = implode($this->tableDef[$key]['separator'],$record[$key]); - } - break; - - case 'DATE': - if($record[$key] > 0) { - list($tag, $monat, $jahr) = explode('.', $record[$key]); - $record[$key] = mktime(0, 0, 0, $monat, $tag, $jahr); - } - break; - - case 'INTEGER': - $record[$key] = intval($record[$key]); - break; - - case 'DOUBLE': - $record[$key] = addslashes($record[$key]); - break; - - case 'CURRENCY': - $record[$key] = str_replace(',', '.', $record[$key]); - break; - } - } - } - return $record; - } -} - +listDef = $liste; + $this->module = $module; + + //* Fill datasources + foreach($this->listDef['item'] as $key => $field) { + if(is_array($field['datasource'])) { + $this->listDef['item'][$key]['value'] = $this->getDatasourceData($field); + } + } + return true; + } + + /** + * Get the key => value array of a form filed from a datasource definitiom + * + * @param field = array with field definition + * @param record = Dataset as array + * @return key => value array for the value field of a form + */ + + public function getDatasourceData($field) + { + global $app; + $values = array(); + + if($field['datasource']['type'] == 'SQL') { + //* Preparing SQL string. We will replace some common placeholders + $querystring = $field['datasource']['querystring']; + $querystring = str_replace('{USERID}', $_SESSION['s']['user']['userid'], $querystring); + $querystring = str_replace('{GROUPID}', $_SESSION['s']['user']['default_group'], $querystring); + $querystring = str_replace('{GROUPS}', $_SESSION['s']['user']['groups'], $querystring); + $table_idx = $this->formDef['db_table_idx']; + //$querystring = str_replace('{RECORDID}',$record[$table_idx],$querystring); + $app->uses('tform'); + $querystring = str_replace('{AUTHSQL}', $app->tform->getAuthSQL('r'), $querystring); + + //* Getting the records + $tmp_records = $app->db->queryAllRecords($querystring); + if($app->db->errorMessage != ''){ + die($app->db->errorMessage); + } + if(is_array($tmp_records)) { + $key_field = $field['datasource']['keyfield']; + $value_field = $field['datasource']['valuefield']; + foreach($tmp_records as $tmp_rec) { + $values[$tmp_rec[$key_field]] = $tmp_rec[$value_field]; + } + } + } + if($field['datasource']['type'] == 'CUSTOM') { + //* Calls a custom class to validate this record + if($field['datasource']['class'] != '' and $field['datasource']['function'] != '') { + $datasource_class = $field['datasource']['class']; + $datasource_function = $field['datasource']['function']; + $app->uses($datasource_class); + $record = array(); + $values = $app->$datasource_class->$datasource_function($field, $record); + }else{ + $this->errorMessage .= "Custom datasource class or function is empty
\r\n"; + } + } + return $values; + } + + public function getSearchSQL($sql_where = '') + { + global $db; + + //* Config vars + $list_name = $this->listDef['name']; + $search_prefix = $this->listDef['search_prefix']; + + //* store retrieval query + foreach($this->listDef['item'] as $i) { + $field = $i['field']; + + //* TODO ? hat sich die suche ge�ndert - has itself search ? + $ki = $search_prefix.$field; + if(isset($_REQUEST) and $_REQUEST[$ki] != $_SESSION['search'][$list_name][$ki]){ + $this->searchChanged = 1; + } + + //* suchfield in session store. + if(isset($_REQUEST[$ki])){ + $_SESSION['search'][$list_name][$ki] = $_REQUEST[$ki]; + } + + if($i['formtype'] == 'SELECT'){ + if(is_array($i['value'])) { + $out = ''; + foreach($i['value'] as $k => $v) { + $selected = ($k == $_SESSION['search'][$list_name][$ki] && $_SESSION['search'][$list_name][$ki] != '') ? ' SELECTED' : ''; + $out .= "\r\n"; + } + } + $this->searchValues[$ki] = $out; + }else{ + $this->searchValues[$ki] = $_SESSION['search'][$list_name][$ki]; + } + } + + //* store variables in object. $this->searchValues = $_SESSION["search"][$list_name]; + foreach($this->listDef['item'] as $i) { + $field = $i['field']; + //if($_REQUEST[$search_prefix.$field] != '') $sql_where .= " $field ".$i["op"]." '".$i["prefix"].$_REQUEST[$search_prefix.$field].$i["suffix"]."' and"; + if($_SESSION['search'][$list_name][$ki] != ''){ + $sql_where .= " $field ".$i['op']." '".$i['prefix'].$_SESSION['search'][$list_name][$ki].$i['suffix']."' and"; + } + } + return ($sql_where != '') ? substr($sql_where, 0, -3) : '1'; + } + + public function getPagingSQL($sql_where = '1') { + global $app, $conf; + + $list_name = $this->listDef['name']; + $search_prefix = $this->listDef['search_prefix']; + $records_per_page = $this->listDef['records_per_page']; + $table = $this->listDef['table']; + + //* set page to seror id session not set + if($_SESSION['search'][$list_name]['page'] == '') $_SESSION['search'][$list_name]['page'] = 0; + + //* Set page size to request if set + if(isset($_REQUEST['page'])) $_SESSION['search'][$list_name]['page'] = $_REQUEST['page']; + + //* TODO PAGE to 0 set, if look for themselves ge?ndert. = page auf 0 setzen, wenn suche sich ge�ndert hat. + if($this->searchChanged == 1) $_SESSION['search'][$list_name]['page'] = 0; + + $sql_von = $_SESSION['search'][$list_name]['page'] * $records_per_page; + $record_count = $app->db->queryOneRecord("SELECT count(*) AS anzahl FROM $table WHERE $sql_where"); + $pages = intval(($record_count['anzahl'] - 1) / $records_per_page); + + $vars['list_file'] = $this->listDef['file']; + $vars['page'] = $_SESSION['search'][$list_name]['page']; + $vars['last_page'] = $_SESSION['search'][$list_name]['page'] - 1; + $vars['next_page'] = $_SESSION['search'][$list_name]['page'] + 1; + $vars['pages'] = $pages; + $vars['max_pages'] = $pages + 1; + $vars['records_gesamt'] = $record_count['anzahl']; + $vars['page_params'] = $this->listDef['page_params']; + + if($_SESSION['search'][$list_name]['page'] > 0) $vars['show_page_back'] = 1; + if($_SESSION['search'][$list_name]['page'] <= $vars['pages'] - 1) $vars['show_page_next'] = 1; + + $this->pagingValues = $vars; + $this->pagingHTML = $this->getPagingHTML($vars); + + return "LIMIT $sql_von, $records_per_page"; + } + + public function getPagingHTML($vars) { + global $app; + $page_params = $vars['page_params']; + $list_file = $vars['list_file']; + $content = '   '; + if($vars['show_page_back'] == 1){ + $content .= ' '; + } + $content .= ' '.$app->lng('Page').' '.$vars['next_page'].' '.$app->lng('of').' '.$vars['max_pages'].' '; + if($vars['show_page_next'] == 1){ + $content .= '   '; + } + $content .= ' '; + return $content; + } + + public function getPagingHTMLasTXT($vars) + { + global $app; + $page_params = $vars['page_params']; + $list_file = $vars['list_file']; + $content = '[|<< ]'; + if($vars['show_page_back'] == 1){ + $content .= '[<< '.$app->lng('Back').'] '; + } + $content .= ' '.$app->lng('Page').' '.$vars['next_page'].' '.$app->lng('of').' '.$vars['max_pages'].' '; + if($vars['show_page_next'] == 1){ + $content .= '['.$app->lng('Next').' >>] '; + } + $content .= '[ >>|]'; + return $content; + } + + public function getSortSQL() + { + $sort_field = $this->listDef['sort_field']; + $sort_direction = $this->listDef['sort_direction']; + return ($sort_field != '' && $sort_direction != '') ? "ORDER BY $sort_field $sort_direction" : ''; + } + + public function saveSearchSettings($searchresult_name) + { + global $app, $conf; + + $list_name = $this->listDef['name']; + $settings = $_SESSION['search'][$list_name]; + unset($settings['page']); + $data = mysql_real_escape_string(serialize($settings)); + + $userid = $_SESSION['s']['user']['userid']; + $groupid = $_SESSION['s']['user']['default_group']; + $sys_perm_user = 'riud'; + $sys_perm_group = 'r'; + $sys_perm_other = ''; + $module = $_SESSION['s']['module']['name']; + $searchform = $this->listDef['name']; + $title = $searchresult_name; + + $sql = 'INSERT INTO `searchform` ( ' + .'`sys_userid` , `sys_groupid` , `sys_perm_user` , `sys_perm_group` , `sys_perm_other` , `module` , `searchform` , `title` , `data` ' + .')VALUES (' + ."'$userid', '$groupid', '$sys_perm_user', '$sys_perm_group', '$sys_perm_other', '$module', '$searchform', '$title', '$data')"; + $app->db->query($sql); + } + + public function decode($record) + { + if(is_array($record)) { + foreach($this->listDef['item'] as $field) { + $key = $field['field']; + switch ($field['datatype']) + { + case 'DATE': + if($val > 0) { + $record[$key] = date($this->dateformat, $record[$key]); + } + break; + + case 'INTEGER': + $record[$key] = intval($record[$key]); + break; + + case 'DOUBLE': + $record[$key] = $record[$key]; + break; + + case 'CURRENCY': + $record[$key] = number_format($record[$key], 2, ',', ''); + break; + + + case 'VARCHAR': + case 'TEXT': + default: + $record[$key] = stripslashes($record[$key]); + break; + } + } + } + return $record; + } + + public function encode($record) + { + if(is_array($record)) { + foreach($this->listDef['item'] as $field) { + $key = $field['field']; + switch ($field['datatype']) + { + case 'VARCHAR': + case 'TEXT': + if(!is_array($record[$key])) { + $record[$key] = mysql_real_escape_string($record[$key]); + } else { + $record[$key] = implode($this->tableDef[$key]['separator'],$record[$key]); + } + break; + + case 'DATE': + if($record[$key] > 0) { + list($tag, $monat, $jahr) = explode('.', $record[$key]); + $record[$key] = mktime(0, 0, 0, $monat, $tag, $jahr); + } + break; + + case 'INTEGER': + $record[$key] = intval($record[$key]); + break; + + case 'DOUBLE': + $record[$key] = mysql_real_escape_string($record[$key]); + break; + + case 'CURRENCY': + $record[$key] = str_replace(',', '.', $record[$key]); + break; + } + } + } + return $record; + } +} + ?> \ No newline at end of file diff --git a/interface/lib/classes/tform.inc.php b/interface/lib/classes/tform.inc.php index 3d017aaf87..51e5ffe9d1 100644 --- a/interface/lib/classes/tform.inc.php +++ b/interface/lib/classes/tform.inc.php @@ -482,14 +482,14 @@ class tform { switch ($field['datatype']) { case 'VARCHAR': if(!@is_array($record[$key])) { - $new_record[$key] = (isset($record[$key]))?addslashes($record[$key]):''; + $new_record[$key] = (isset($record[$key]))?mysql_real_escape_string($record[$key]):''; } else { $new_record[$key] = implode($field['separator'],$record[$key]); } break; case 'TEXT': if(!is_array($record[$key])) { - $new_record[$key] = addslashes($record[$key]); + $new_record[$key] = mysql_real_escape_string($record[$key]); } else { $new_record[$key] = implode($field['separator'],$record[$key]); } @@ -508,7 +508,7 @@ class tform { //if($key == 'refresh') die($record[$key]); break; case 'DOUBLE': - $new_record[$key] = addslashes($record[$key]); + $new_record[$key] = mysql_real_escape_string($record[$key]); break; case 'CURRENCY': $new_record[$key] = str_replace(",",".",$record[$key]); @@ -699,10 +699,16 @@ class tform { $salt.="$"; // $salt = substr(md5(time()),0,2); $record[$key] = crypt($record[$key],$salt); + $sql_insert_val .= "'".mysql_real_escape_string($record[$key])."', "; + } elseif ($field['encryption'] == 'MYSQL') { + $sql_insert_val .= "PASSWORD('".mysql_real_escape_string($record[$key])."'), "; + } elseif ($field['encryption'] == 'CLEARTEXT') { + $sql_insert_val .= "'".mysql_real_escape_string($record[$key])."', "; } else { $record[$key] = md5($record[$key]); + $sql_insert_val .= "'".mysql_real_escape_string($record[$key])."', "; } - $sql_insert_val .= "'".addslashes($record[$key])."', "; + } elseif ($field['formtype'] == 'CHECKBOX') { $sql_insert_key .= "`$key`, "; if($record[$key] == '') { @@ -726,10 +732,16 @@ class tform { $salt.="$"; // $salt = substr(md5(time()),0,2); $record[$key] = crypt($record[$key],$salt); + $sql_update .= "`$key` = '".mysql_real_escape_string($record[$key])."', "; + } elseif (isset($field['encryption']) && $field['encryption'] == 'MYSQL') { + $sql_update .= "`$key` = PASSWORD('".mysql_real_escape_string($record[$key])."'), "; + } elseif (isset($field['encryption']) && $field['encryption'] == 'CLEARTEXT') { + $sql_update .= "`$key` = '".mysql_real_escape_string($record[$key])."', "; } else { $record[$key] = md5($record[$key]); + $sql_update .= "`$key` = '".mysql_real_escape_string($record[$key])."', "; } - $sql_update .= "`$key` = '".addslashes($record[$key])."', "; + } elseif ($field['formtype'] == 'CHECKBOX') { if($record[$key] == '') { // if a checkbox is not set, we set it to the unchecked value diff --git a/interface/web/client/client_edit.php b/interface/web/client/client_edit.php index 11b20a7298..23e445fa4b 100644 --- a/interface/web/client/client_edit.php +++ b/interface/web/client/client_edit.php @@ -57,20 +57,20 @@ class page_action extends tform_actions { function onAfterInsert() { global $app; // Create the group for the client - $sql = "INSERT INTO sys_group (name,description,client_id) VALUES ('".addslashes($this->dataRecord["username"])."','',".$this->id.")"; + $sql = "INSERT INTO sys_group (name,description,client_id) VALUES ('".mysql_real_escape_string($this->dataRecord["username"])."','',".$this->id.")"; $app->db->query($sql); $groupid = $app->db->insertID(); $groups = $groupid; - $username = addslashes($this->dataRecord["username"]); - $password = addslashes($this->dataRecord["password"]); + $username = mysql_real_escape_string($this->dataRecord["username"]); + $password = mysql_real_escape_string($this->dataRecord["password"]); $modules = ISPC_INTERFACE_MODULES_ENABLED; if($this->dataRecord["limit_client"] > 0) $modules .= ',client'; $startmodule = 'mail'; - $usertheme = addslashes($this->dataRecord["usertheme"]); + $usertheme = mysql_real_escape_string($this->dataRecord["usertheme"]); $type = 'user'; $active = 1; - $language = addslashes($this->dataRecord["language"]); + $language = mysql_real_escape_string($this->dataRecord["language"]); // Create the controlpaneluser for the client $sql = "INSERT INTO sys_user (username,passwort,modules,startmodule,app_theme,typ,active,language,groups,default_group,client_id) @@ -97,7 +97,7 @@ class page_action extends tform_actions { // username changed if(isset($app->tform->diffrec['username'])) { - $username = addslashes($this->dataRecord["username"]); + $username = mysql_real_escape_string($this->dataRecord["username"]); $client_id = $this->id; $sql = "UPDATE sys_user SET username = '$username' WHERE client_id = $client_id"; $app->db->query($sql); @@ -107,7 +107,7 @@ class page_action extends tform_actions { // password changed if(isset($this->dataRecord["password"]) && $this->dataRecord["password"] != '') { - $password = addslashes($this->dataRecord["password"]); + $password = mysql_real_escape_string($this->dataRecord["password"]); $client_id = $this->id; $sql = "UPDATE sys_user SET passwort = md5('$password') WHERE client_id = $client_id"; $app->db->query($sql); @@ -117,7 +117,7 @@ class page_action extends tform_actions { if(isset($this->dataRecord["limit_client"])) { $modules = ISPC_INTERFACE_MODULES_ENABLED; if($this->dataRecord["limit_client"] > 0) $modules .= ',client'; - $modules = addslashes($modules); + $modules = mysql_real_escape_string($modules); $client_id = $this->id; $sql = "UPDATE sys_user SET modules = '$modules' WHERE client_id = $client_id"; $app->db->query($sql); diff --git a/interface/web/mail/mail_domain_edit.php b/interface/web/mail/mail_domain_edit.php index a9377c6d90..e32dc9c315 100644 --- a/interface/web/mail/mail_domain_edit.php +++ b/interface/web/mail/mail_domain_edit.php @@ -160,7 +160,7 @@ class page_action extends tform_actions { // Spamfilter policy $policy_id = intval($this->dataRecord["policy"]); if($policy_id > 0) { - $tmp_user = $app->db->queryOneRecord("SELECT id FROM spamfilter_users WHERE email = '@".addslashes($this->dataRecord["domain"])."'"); + $tmp_user = $app->db->queryOneRecord("SELECT id FROM spamfilter_users WHERE email = '@".mysql_real_escape_string($this->dataRecord["domain"])."'"); if($tmp_user["id"] > 0) { // There is already a record that we will update $sql = "UPDATE spamfilter_users SET policy_id = $ploicy_id WHERE id = ".$tmp_user["id"]; @@ -169,7 +169,7 @@ class page_action extends tform_actions { $tmp_domain = $app->db->queryOneRecord("SELECT sys_groupid FROM mail_domain WHERE domain_id = ".$this->id); // We create a new record $sql = "INSERT INTO `spamfilter_users` (`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `priority`, `policy_id`, `email`, `fullname`, `local`) - VALUES (".$_SESSION["s"]["user"]["userid"].", ".$tmp_domain["sys_groupid"].", 'riud', 'riud', '', ".$this->dataRecord["server_id"].", 5, ".$policy_id.", '@".addslashes($this->dataRecord["domain"])."', '@".addslashes($this->dataRecord["domain"])."', 'Y')"; + VALUES (".$_SESSION["s"]["user"]["userid"].", ".$tmp_domain["sys_groupid"].", 'riud', 'riud', '', ".$this->dataRecord["server_id"].", 5, ".$policy_id.", '@".mysql_real_escape_string($this->dataRecord["domain"])."', '@".mysql_real_escape_string($this->dataRecord["domain"])."', 'Y')"; $app->db->query($sql); unset($tmp_domain); } @@ -192,7 +192,7 @@ class page_action extends tform_actions { // Spamfilter policy $policy_id = intval($this->dataRecord["policy"]); - $tmp_user = $app->db->queryOneRecord("SELECT id FROM spamfilter_users WHERE email = '@".addslashes($this->dataRecord["domain"])."'"); + $tmp_user = $app->db->queryOneRecord("SELECT id FROM spamfilter_users WHERE email = '@".mysql_real_escape_string($this->dataRecord["domain"])."'"); if($policy_id > 0) { if($tmp_user["id"] > 0) { // There is already a record that we will update @@ -202,7 +202,7 @@ class page_action extends tform_actions { $tmp_domain = $app->db->queryOneRecord("SELECT sys_groupid FROM mail_domain WHERE domain_id = ".$this->id); // We create a new record $sql = "INSERT INTO `spamfilter_users` (`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `priority`, `policy_id`, `email`, `fullname`, `local`) - VALUES (".$_SESSION["s"]["user"]["userid"].", ".$tmp_domain["sys_groupid"].", 'riud', 'riud', '', ".$this->dataRecord["server_id"].", 5, ".$policy_id.", '@".addslashes($this->dataRecord["domain"])."', '@".addslashes($this->dataRecord["domain"])."', 'Y')"; + VALUES (".$_SESSION["s"]["user"]["userid"].", ".$tmp_domain["sys_groupid"].", 'riud', 'riud', '', ".$this->dataRecord["server_id"].", 5, ".$policy_id.", '@".mysql_real_escape_string($this->dataRecord["domain"])."', '@".mysql_real_escape_string($this->dataRecord["domain"])."', 'Y')"; $app->db->query($sql); unset($tmp_domain); } @@ -220,25 +220,25 @@ class page_action extends tform_actions { $mail_config = $app->getconf->get_server_config($this->dataRecord["server_id"],'mail'); //* Update the mailboxes - $mailusers = $app->db->queryAllRecords("SELECT * FROM mail_user WHERE email like '%@".addslashes($this->oldDataRecord['domain'])."'"); + $mailusers = $app->db->queryAllRecords("SELECT * FROM mail_user WHERE email like '%@".mysql_real_escape_string($this->oldDataRecord['domain'])."'"); if(is_array($mailusers)) { foreach($mailusers as $rec) { // setting Maildir, Homedir, UID and GID $mail_parts = explode("@",$rec['email']); $maildir = str_replace("[domain]",$this->dataRecord['domain'],$mail_config["maildir_path"]); $maildir = str_replace("[localpart]",$mail_parts[0],$maildir); - $maildir = addslashes($maildir); - $email = addslashes($mail_parts[0].'@'.$this->dataRecord['domain']); + $maildir = mysql_real_escape_string($maildir); + $email = mysql_real_escape_string($mail_parts[0].'@'.$this->dataRecord['domain']); $app->db->datalogUpdate('mail_user', "maildir = '$maildir', email = '$email'", 'mailuser_id', $rec['mailuser_id']); } } //* Update the aliases - $forwardings = $app->db->queryAllRecords("SELECT * FROM mail_forwarding WHERE source like '%@".addslashes($this->oldDataRecord['domain'])."' OR destination like '%@".addslashes($this->oldDataRecord['domain'])."'"); + $forwardings = $app->db->queryAllRecords("SELECT * FROM mail_forwarding WHERE source like '%@".mysql_real_escape_string($this->oldDataRecord['domain'])."' OR destination like '%@".mysql_real_escape_string($this->oldDataRecord['domain'])."'"); if(is_array($forwardings)) { foreach($forwardings as $rec) { - $destination = addslashes(str_replace($this->oldDataRecord['domain'],$this->dataRecord['domain'],$rec['destination'])); - $source = addslashes(str_replace($this->oldDataRecord['domain'],$this->dataRecord['domain'],$rec['source'])); + $destination = mysql_real_escape_string(str_replace($this->oldDataRecord['domain'],$this->dataRecord['domain'],$rec['destination'])); + $source = mysql_real_escape_string(str_replace($this->oldDataRecord['domain'],$this->dataRecord['domain'],$rec['source'])); $app->db->datalogUpdate('mail_forwarding', "source = '$source', destination = '$destination'", 'forwarding_id', $rec['forwarding_id']); } } diff --git a/interface/web/mail/mail_get_edit.php b/interface/web/mail/mail_get_edit.php index c17ae06b57..573fe78a37 100644 --- a/interface/web/mail/mail_get_edit.php +++ b/interface/web/mail/mail_get_edit.php @@ -92,7 +92,7 @@ class page_action extends tform_actions { } // end if user is not admin // Set the server ID according to the selected destination - $tmp = $app->db->queryOneRecord("SELECT server_id FROM mail_user WHERE email = '".addslashes($this->dataRecord["destination"])."'"); + $tmp = $app->db->queryOneRecord("SELECT server_id FROM mail_user WHERE email = '".mysql_real_escape_string($this->dataRecord["destination"])."'"); $this->dataRecord["server_id"] = $tmp["server_id"]; unset($tmp); diff --git a/interface/web/mail/mail_user_edit.php b/interface/web/mail/mail_user_edit.php index 2c666b0044..9bc4225e4d 100644 --- a/interface/web/mail/mail_user_edit.php +++ b/interface/web/mail/mail_user_edit.php @@ -205,7 +205,7 @@ class page_action extends tform_actions { // Spamfilter policy $policy_id = intval($this->dataRecord["policy"]); if($policy_id > 0) { - $tmp_user = $app->db->queryOneRecord("SELECT id FROM spamfilter_users WHERE email = '".addslashes($this->dataRecord["email"])."'"); + $tmp_user = $app->db->queryOneRecord("SELECT id FROM spamfilter_users WHERE email = '".mysql_real_escape_string($this->dataRecord["email"])."'"); if($tmp_user["id"] > 0) { // There is already a record that we will update $sql = "UPDATE spamfilter_users SET policy_id = $ploicy_id WHERE id = ".$tmp_user["id"]; @@ -213,7 +213,7 @@ class page_action extends tform_actions { } else { // We create a new record $sql = "INSERT INTO `spamfilter_users` (`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `priority`, `policy_id`, `email`, `fullname`, `local`) - VALUES (".$_SESSION["s"]["user"]["userid"].", ".$domain["sys_groupid"].", 'riud', 'riud', '', ".$domain["server_id"].", 1, ".$policy_id.", '".addslashes($this->dataRecord["email"])."', '".addslashes($this->dataRecord["email"])."', 'Y')"; + VALUES (".$_SESSION["s"]["user"]["userid"].", ".$domain["sys_groupid"].", 'riud', 'riud', '', ".$domain["server_id"].", 1, ".$policy_id.", '".mysql_real_escape_string($this->dataRecord["email"])."', '".mysql_real_escape_string($this->dataRecord["email"])."', 'Y')"; $app->db->query($sql); } } // endif spamfilter policy @@ -230,7 +230,7 @@ class page_action extends tform_actions { // Spamfilter policy $policy_id = intval($this->dataRecord["policy"]); - $tmp_user = $app->db->queryOneRecord("SELECT id FROM spamfilter_users WHERE email = '".addslashes($this->dataRecord["email"])."'"); + $tmp_user = $app->db->queryOneRecord("SELECT id FROM spamfilter_users WHERE email = '".mysql_real_escape_string($this->dataRecord["email"])."'"); if($policy_id > 0) { if($tmp_user["id"] > 0) { // There is already a record that we will update @@ -239,7 +239,7 @@ class page_action extends tform_actions { } else { // We create a new record $sql = "INSERT INTO `spamfilter_users` (`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `priority`, `policy_id`, `email`, `fullname`, `local`) - VALUES (".$_SESSION["s"]["user"]["userid"].", ".$domain["sys_groupid"].", 'riud', 'riud', '', ".$domain["server_id"].", 1, ".$policy_id.", '".addslashes($this->dataRecord["email"])."', '".addslashes($this->dataRecord["email"])."', 'Y')"; + VALUES (".$_SESSION["s"]["user"]["userid"].", ".$domain["sys_groupid"].", 'riud', 'riud', '', ".$domain["server_id"].", 1, ".$policy_id.", '".mysql_real_escape_string($this->dataRecord["email"])."', '".mysql_real_escape_string($this->dataRecord["email"])."', 'Y')"; $app->db->query($sql); } }else { diff --git a/interface/web/mail/mail_user_filter_del.php b/interface/web/mail/mail_user_filter_del.php index dac44aec7d..52164d957a 100644 --- a/interface/web/mail/mail_user_filter_del.php +++ b/interface/web/mail/mail_user_filter_del.php @@ -70,7 +70,7 @@ class page_action extends tform_actions { } } - $out = addslashes($out); + $out = mysql_real_escape_string($out); $app->db->datalogUpdate('mail_user', "custom_mailfilter = '$out'", 'mailuser_id', $this->dataRecord["mailuser_id"]); } diff --git a/interface/web/mail/mail_user_filter_edit.php b/interface/web/mail/mail_user_filter_edit.php index e2fdc81ef7..c62dcd4787 100644 --- a/interface/web/mail/mail_user_filter_edit.php +++ b/interface/web/mail/mail_user_filter_edit.php @@ -101,7 +101,7 @@ class page_action extends tform_actions { $out .= $this->getRule(); } - $out = addslashes($out); + $out = mysql_real_escape_string($out); $app->db->datalogUpdate('mail_user', "custom_mailfilter = '$out'", 'mailuser_id', $this->dataRecord["mailuser_id"]); } diff --git a/server/lib/classes/db_mysql.inc.php b/server/lib/classes/db_mysql.inc.php index bc26ac5670..f25153260b 100644 --- a/server/lib/classes/db_mysql.inc.php +++ b/server/lib/classes/db_mysql.inc.php @@ -163,7 +163,12 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. // Check der variablen function quote($formfield) { - return addslashes($formfield); + if(!$this->connect()){ + $this->updateError('WARNING: mysql_connect: Used addslashes instead of mysql_real_escape_string'); + return addslashes($formfield); + } + + return mysql_real_escape_string($formfield); } // Check der variablen diff --git a/server/plugins-available/mysql_clientdb_plugin.inc.php b/server/plugins-available/mysql_clientdb_plugin.inc.php index 81ada6ed83..e9c3400868 100644 --- a/server/plugins-available/mysql_clientdb_plugin.inc.php +++ b/server/plugins-available/mysql_clientdb_plugin.inc.php @@ -71,7 +71,7 @@ class mysql_clientdb_plugin { } //* Create the new database - if (mysql_query('CREATE DATABASE '.addslashes($data["new"]["database_name"]),$link)) { + if (mysql_query('CREATE DATABASE '.mysql_real_escape_string($data["new"]["database_name"]),$link)) { $app->log('Created MySQL database: '.$data["new"]["database_name"],LOGLEVEL_DEBUG); } else { $app->log('Unable to connect to the database'.mysql_error($link),LOGLEVEL_ERROR); @@ -84,8 +84,8 @@ class mysql_clientdb_plugin { $db_host = 'localhost'; } - mysql_query("GRANT ALL ON ".addslashes($data["new"]["database_name"]).".* TO '".addslashes($data["new"]["database_user"])."'@'$db_host' IDENTIFIED BY '".addslashes($data["new"]["database_password"])."';",$link); - //echo "GRANT ALL ON ".addslashes($data["new"]["database_name"]).".* TO '".addslashes($data["new"]["database_user"])."'@'$db_host' IDENTIFIED BY '".addslashes($data["new"]["database_password"])."';"; + mysql_query("GRANT ALL ON ".mysql_real_escape_string($data["new"]["database_name"]).".* TO '".mysql_real_escape_string($data["new"]["database_user"])."'@'$db_host' IDENTIFIED BY '".mysql_real_escape_string($data["new"]["database_password"])."';",$link); + //echo "GRANT ALL ON ".mysql_real_escape_string($data["new"]["database_name"]).".* TO '".mysql_real_escape_string($data["new"]["database_user"])."'@'$db_host' IDENTIFIED BY '".mysql_real_escape_string($data["new"]["database_password"])."';"; mysql_query("FLUSH PRIVILEGES;",$link); mysql_close($link); @@ -110,18 +110,18 @@ class mysql_clientdb_plugin { //* Rename User if($data["new"]["database_user"] != $data["old"]["database_user"]) { - mysql_query("RENAME USER '".addslashes($data["old"]["database_user"])."' TO '".addslashes($data["new"]["database_user"])."'",$link); + mysql_query("RENAME USER '".mysql_real_escape_string($data["old"]["database_user"])."' TO '".mysql_real_escape_string($data["new"]["database_user"])."'",$link); $app->log('Renaming mysql user: '.$data["old"]["database_user"].' to '.$data["new"]["database_user"],LOGLEVEL_DEBUG); } //* Remote access option has changed. if($data["new"]["remote_access"] != $data["old"]["remote_access"]) { if($data["new"]["remote_access"] == 'y') { - mysql_query("UPDATE mysql.user SET Host = '%' WHERE User = '".addslashes($data["new"]["database_user"])."' and Host = 'localhost';",$link); - mysql_query("UPDATE mysql.db SET Host = '%' WHERE User = '".addslashes($data["new"]["database_user"])."' and Host = 'localhost';",$link); + mysql_query("UPDATE mysql.user SET Host = '%' WHERE User = '".mysql_real_escape_string($data["new"]["database_user"])."' and Host = 'localhost';",$link); + mysql_query("UPDATE mysql.db SET Host = '%' WHERE User = '".mysql_real_escape_string($data["new"]["database_user"])."' and Host = 'localhost';",$link); } else { - mysql_query("UPDATE mysql.user SET Host = 'localhost' WHERE User = '".addslashes($data["new"]["database_user"])."' and Host = '%';",$link); - mysql_query("UPDATE mysql.db SET Host = 'localhost' WHERE User = '".addslashes($data["new"]["database_user"])."' and Host = '%';",$link); + mysql_query("UPDATE mysql.user SET Host = 'localhost' WHERE User = '".mysql_real_escape_string($data["new"]["database_user"])."' and Host = '%';",$link); + mysql_query("UPDATE mysql.db SET Host = 'localhost' WHERE User = '".mysql_real_escape_string($data["new"]["database_user"])."' and Host = '%';",$link); } $app->log('Changing mysql remote access priveliges for database: '.$data["new"]["database_name"],LOGLEVEL_DEBUG); } @@ -142,7 +142,7 @@ class mysql_clientdb_plugin { //* Change password if($data["new"]["database_password"] != $data["old"]["database_password"]) { - mysql_query("SET PASSWORD FOR '".addslashes($data["new"]["database_user"])."'@'$db_host' = PASSWORD('".addslashes($data["new"]["database_password"])."');",$link); + mysql_query("SET PASSWORD FOR '".mysql_real_escape_string($data["new"]["database_user"])."'@'$db_host' = PASSWORD('".mysql_real_escape_string($data["new"]["database_password"])."');",$link); $app->log('Changing mysql user password for: '.$data["new"]["database_user"],LOGLEVEL_DEBUG); } @@ -175,13 +175,13 @@ class mysql_clientdb_plugin { $db_host = 'localhost'; } - if(mysql_query("DROP USER '".addslashes($data["old"]["database_user"])."'@'$db_host';",$link)) { + if(mysql_query("DROP USER '".mysql_real_escape_string($data["old"]["database_user"])."'@'$db_host';",$link)) { $app->log('Dropping mysql user: '.$data["old"]["database_user"],LOGLEVEL_DEBUG); } else { $app->log('Error while dropping mysql user: '.$data["old"]["database_user"].' '.mysql_error($link),LOGLEVEL_ERROR); } - if(mysql_query('DROP DATABASE '.addslashes($data["old"]["database_name"]),$link)) { + if(mysql_query('DROP DATABASE '.mysql_real_escape_string($data["old"]["database_name"]),$link)) { $app->log('Dropping mysql database: '.$data["old"]["database_name"],LOGLEVEL_DEBUG); } else { $app->log('Error while dropping mysql database: '.$data["old"]["database_name"].' '.mysql_error($link),LOGLEVEL_ERROR); -- GitLab