We are no longer offering accounts on this server. Consider https://gitlab.freedesktop.org/ as a place to host projects.

Commit 826a6950 authored by Brion Vibber's avatar Brion Vibber

Ticket #2797: replace addslashes() with explicit escape calls on the DB objects

parent e0e7cb7c
......@@ -32,7 +32,7 @@ class Queue_item extends Memcached_DataObject
if ($transports) {
if (is_array($transports)) {
// @fixme use safer escaping
$list = implode("','", array_map('addslashes', $transports));
$list = implode("','", array_map(array($qi, 'escape'), $transports));
$qi->whereAdd("transport in ('$list')");
} else {
$qi->transport = $transports;
......
......@@ -52,10 +52,10 @@ class MySQLSearch extends SearchEngine
{
if ('profile' === $this->table) {
$this->target->whereAdd('MATCH(nickname, fullname, location, bio, homepage) ' .
'AGAINST (\''.addslashes($q).'\' IN BOOLEAN MODE)');
'AGAINST (\''.$this->target->escape($q).'\' IN BOOLEAN MODE)');
if (strtolower($q) != $q) {
$this->target->whereAdd('MATCH(nickname, fullname, location, bio, homepage) ' .
'AGAINST (\''.addslashes(strtolower($q)).'\' IN BOOLEAN MODE)', 'OR');
'AGAINST (\''.$this->target->escape(strtolower($q)).'\' IN BOOLEAN MODE)', 'OR');
}
return true;
} else if ('notice' === $this->table) {
......@@ -64,13 +64,13 @@ class MySQLSearch extends SearchEngine
$this->target->whereAdd('notice.is_local != ' . Notice::GATEWAY);
if (strtolower($q) != $q) {
$this->target->whereAdd("( MATCH(content) AGAINST ('" . addslashes($q) .
$this->target->whereAdd("( MATCH(content) AGAINST ('" . $this->target->escape($q) .
"' IN BOOLEAN MODE)) OR ( MATCH(content) " .
"AGAINST ('" . addslashes(strtolower($q)) .
"AGAINST ('" . $this->target->escape(strtolower($q)) .
"' IN BOOLEAN MODE))");
} else {
$this->target->whereAdd('MATCH(content) ' .
'AGAINST (\''.addslashes($q).'\' IN BOOLEAN MODE)');
'AGAINST (\''.$this->target->escape($q).'\' IN BOOLEAN MODE)');
}
return true;
......@@ -89,9 +89,9 @@ class MySQLLikeSearch extends SearchEngine
' fullname LIKE "%%%1$s%%" OR '.
' location LIKE "%%%1$s%%" OR '.
' bio LIKE "%%%1$s%%" OR '.
' homepage LIKE "%%%1$s%%")', addslashes($q));
' homepage LIKE "%%%1$s%%")', $this->target->escape($q, true));
} else if ('notice' === $this->table) {
$qry = sprintf('content LIKE "%%%1$s%%"', addslashes($q));
$qry = sprintf('content LIKE "%%%1$s%%"', $this->target->escape($q, true));
} else {
throw new ServerException('Unknown table: ' . $this->table);
}
......@@ -107,12 +107,12 @@ class PGSearch extends SearchEngine
function query($q)
{
if ('profile' === $this->table) {
return $this->target->whereAdd('textsearch @@ plainto_tsquery(\''.addslashes($q).'\')');
return $this->target->whereAdd('textsearch @@ plainto_tsquery(\''.$this->target->escape($q).'\')');
} else if ('notice' === $this->table) {
// XXX: We need to filter out gateway notices (notice.is_local = -2) --Zach
return $this->target->whereAdd('to_tsvector(\'english\', content) @@ plainto_tsquery(\''.addslashes($q).'\')');
return $this->target->whereAdd('to_tsvector(\'english\', content) @@ plainto_tsquery(\''.$this->target->escape($q).'\')');
} else {
throw new ServerException('Unknown table: ' . $this->table);
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment