We are no longer offering accounts on this server. Consider https://gitlab.freedesktop.org/ as a place to host projects.

Commit 2dd59096 authored by clint's avatar clint

move db quoting back to the index.php files

parent 8ce34c41
......@@ -46,7 +46,13 @@ if(isset($_POST['l']) && is_numeric($_POST['l'])) {
$expires = time() + 250; //Expire in 5 minutes if we don't know the track length
}
$mbid = validateMBID($_POST['m']);
$mb = validateMBID($_POST['m']);
if($mb) {
$mbid = $mdb2->quote($mb, "text");
} else {
$mbid = 'NULL';
}
createArtistIfNew($artist);
if($album != 'NULL') {
......
......@@ -211,16 +211,15 @@ $image = $aws_xml->Items->Item->MediumImage->URL;
}
function validateMBID ($input) {
if(isset($input)) {
$input = strtolower(rtrim($input));
if(preg_match('/^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/', $input)) {
return $mdb2->quote($input, "text");
return $input;
} else {
return 'NULL';
return null;
}
} else {
return 'NULL';
return null;
}
}
......
......@@ -84,7 +84,13 @@ for($i = 0; $i < count($_POST['a']); $i++) {
$time = strtotime($_POST['i'][$i]);
}
$mbid = validateMBID($_POST['m']);
$mb = validateMBID($_POST['m']);
if($mb) {
$mbid = $mdb2->quote($mb, "text");
} else {
$mbid = 'NULL';
}
if(isset($_POST['o'][$i])) {
$source = $mdb2->quote($_POST['o'][$i], "text");
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment