github/torrentpier
1
0
Fork 0
mirror of https://github.com/torrentpier/torrentpier synced 2025-08-21 22:03:49 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

r71

Browse source 
Экранирование в запросах git-svn-id: https://torrentpier2.googlecode.com/svn/trunk@71 a8ac35ab-4ca4-ca47-4c2d-a49a94f06293
This commit is contained in:
nanosimbiot 2011-07-04 05:36:35 +00:00
commit 4c616ae52f
24 changed files with 83 additions and 130 deletions
Download patch file Download diff file Expand all files Collapse all files

2
upload/admin/admin_disallow.php
View file

@ -28,7 +28,7 @@ if( isset($_POST['add_name']) )
else
{
$sql = "INSERT INTO " . BB_DISALLOW . " (disallow_username)
VALUES('" . str_replace("\'", "''", $disallowed_user) . "')";
VALUES('" . DB()->escape($disallowed_user) . "')";
$result = DB()->sql_query( $sql );
if ( !$result )
{

8
upload/admin/admin_forums.php
View file

@ -172,8 +172,8 @@ if ($mode)
// Create a forum in the DB
//
$cat_id = intval($_POST[POST_CAT_URL]);
$forum_name = str_replace("\'", "''", trim($_POST['forumname']));
$forum_desc = str_replace("\'", "''", trim($_POST['forumdesc']));
$forum_name = DB()->escape(trim($_POST['forumname']));
$forum_desc = DB()->escape(trim($_POST['forumdesc']));
$forum_status = intval($_POST['forumstatus']);
$prune_enable = isset($_POST['prune_enable']);
@ -240,8 +240,8 @@ if ($mode)
//
$cat_id = intval($_POST[POST_CAT_URL]);
$forum_id = intval($_POST[POST_FORUM_URL]);
$forum_name = str_replace("\'", "''", trim($_POST['forumname']));
$forum_desc = str_replace("\'", "''", trim($_POST['forumdesc']));
$forum_name = DB()->escape(trim($_POST['forumname']));
$forum_desc = DB()->escape(trim($_POST['forumdesc']));
$forum_status = intval($_POST['forumstatus']);
$prune_enable = isset($_POST['prune_enable']);

1
upload/admin/admin_log.php
View file

@ -182,7 +182,6 @@ if ($var =& $_REQUEST[$title_match_key])
{
if ($tmp_title_match = substr(urldecode(trim($var)), 0, $title_match_max_len))
{
$title_match_val = htmlspecialchars($tmp_title_match);
$title_match_sql = DB()->escape($tmp_title_match);
$url = url_arg($url, $title_match_key, urlencode($tmp_title_match));
}

4
upload/admin/admin_ranks.php
View file

@ -144,7 +144,7 @@ if( $mode != "" )
}
}
$sql = "UPDATE " . BB_RANKS . "
SET rank_title = '" . str_replace("\'", "''", $rank_title) . "', rank_special = $special_rank, rank_min = $min_posts, rank_image = '" . str_replace("\'", "''", $rank_image) . "'
SET rank_title = '" . DB()->escape($rank_title) . "', rank_special = $special_rank, rank_min = $min_posts, rank_image = '" . DB()->escape($rank_image) . "'
WHERE rank_id = $rank_id";
$message = $lang['RANK_UPDATED'];
@ -152,7 +152,7 @@ if( $mode != "" )
else
{
$sql = "INSERT INTO " . BB_RANKS . " (rank_title, rank_special, rank_min, rank_image)
VALUES ('" . str_replace("\'", "''", $rank_title) . "', $special_rank, $min_posts, '" . str_replace("\'", "''", $rank_image) . "')";
VALUES ('" . DB()->escape($rank_title) . "', $special_rank, $min_posts, '" . DB()->escape($rank_image) . "')";
$message = $lang['RANK_ADDED'];
}

10
upload/admin/admin_smilies.php
View file

@ -121,8 +121,8 @@ if( isset($_GET['import_pack']) || isset($_POST['import_pack']) )
if( !empty($replace_existing) )
{
$sql = "UPDATE " . BB_SMILIES . "
SET smile_url = '" . str_replace("\'", "''", $smile_data[0]) . "', emoticon = '" . str_replace("\'", "''", $smile_data[1]) . "'
WHERE code = '" . str_replace("\'", "''", $smile_data[$j]) . "'";
SET smile_url = '" . DB()->escape($smile_data[0]) . "', emoticon = '" . DB()->escape($smile_data[1]) . "'
WHERE code = '" . DB()->escape($smile_data[$j]) . "'";
}
else
{
@ -132,7 +132,7 @@ if( isset($_GET['import_pack']) || isset($_POST['import_pack']) )
else
{
$sql = "INSERT INTO " . BB_SMILIES . " (code, smile_url, emoticon)
VALUES('" . str_replace("\'", "''", $smile_data[$j]) . "', '" . str_replace("\'", "''", $smile_data[0]) . "', '" . str_replace("\'", "''", $smile_data[1]) . "')";
VALUES('" . DB()->escape($smile_data[$j]) . "', '" . DB()->escape($smile_data[0]) . "', '" . DB()->escape($smile_data[1]) . "')";
}
if( $sql != '' )
@ -357,7 +357,7 @@ else if ( $mode != "" )
// Proceed with updating the smiley table.
//
$sql = "UPDATE " . BB_SMILIES . "
SET code = '" . str_replace("\'", "''", $smile_code) . "', smile_url = '" . str_replace("\'", "''", $smile_url) . "', emoticon = '" . str_replace("\'", "''", $smile_emotion) . "'
SET code = '" . DB()->escape($smile_code) . "', smile_url = '" . DB()->escape($smile_url) . "', emoticon = '" . DB()->escape($smile_emotion) . "'
WHERE smilies_id = $smile_id";
if( !($result = DB()->sql_query($sql)) )
{
@ -402,7 +402,7 @@ else if ( $mode != "" )
// Save the data to the smiley table.
//
$sql = "INSERT INTO " . BB_SMILIES . " (code, smile_url, emoticon)
VALUES ('" . str_replace("\'", "''", $smile_code) . "', '" . str_replace("\'", "''", $smile_url) . "', '" . str_replace("\'", "''", $smile_emotion) . "')";
VALUES ('" . DB()->escape($smile_code) . "', '" . DB()->escape($smile_url) . "', '" . DB()->escape($smile_emotion) . "')";
$result = DB()->sql_query($sql);
if( !$result )
{

6
upload/admin/admin_user_ban.php
View file

@ -231,7 +231,7 @@ if ( isset($_POST['submit']) )
if ( !$in_banlist )
{
$sql = "INSERT INTO " . BB_BANLIST . " (ban_email)
VALUES ('" . str_replace("\'", "''", $email_list[$i]) . "')";
VALUES ('" . DB()->escape($email_list[$i]) . "')";
if ( !DB()->sql_query($sql) )
{
message_die(GENERAL_ERROR, "Couldn't insert ban_email info into database", "", __LINE__, __FILE__, $sql);
@ -262,7 +262,7 @@ if ( isset($_POST['submit']) )
{
if ( $ip_list[$i] != -1 )
{
$where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . str_replace("\'", "''", $ip_list[$i]);
$where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . DB()->escape($ip_list[$i]);
}
}
}
@ -275,7 +275,7 @@ if ( isset($_POST['submit']) )
{
if ( $email_list[$i] != -1 )
{
$where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . str_replace("\'", "''", $email_list[$i]);
$where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . DB()->escape($email_list[$i]);
}
}
}

28
upload/admin/admin_user_search.php
View file

@ -404,20 +404,20 @@ else
{
$total_sql .= "SELECT COUNT(user_id) AS total
FROM ".BB_USERS."
WHERE REGEXP_LIKE(username, '".str_replace("\'", "''", $username)."')
WHERE REGEXP_LIKE(username, '".DB()->escape($username)."')
AND user_id <> ".ANONYMOUS;
$select_sql .= " WHERE REGEXP_LIKE(u.username, '".str_replace("\'", "''", $username)."')
$select_sql .= " WHERE REGEXP_LIKE(u.username, '".DB()->escape($username)."')
AND u.user_id <> ".ANONYMOUS;
}
else
{
$total_sql .= "SELECT COUNT(user_id) AS total
FROM ".BB_USERS."
WHERE {$lower_b}username{$lower_e} $op '".str_replace("\'", "''", $username)."'
WHERE {$lower_b}username{$lower_e} $op '".DB()->escape($username)."'
AND user_id <> ".ANONYMOUS;
$select_sql .= " WHERE {$lower_b}u.username{$lower_e} $op '".str_replace("\'", "''", $username)."'
$select_sql .= " WHERE {$lower_b}u.username{$lower_e} $op '".DB()->escape($username)."'
AND u.user_id <> ".ANONYMOUS;
}
break;
@ -453,20 +453,20 @@ else
{
$total_sql .= "SELECT COUNT(user_id) AS total
FROM ".BB_USERS."
WHERE REGEXP_LIKE(user_email, '".str_replace("\'", "''", $email)."')
WHERE REGEXP_LIKE(user_email, '".DB()->escape($email)."')
AND user_id <> ".ANONYMOUS;
$select_sql .= " WHERE REGEXP_LIKE(u.user_email, '".str_replace("\'", "''", $email)."')
$select_sql .= " WHERE REGEXP_LIKE(u.user_email, '".DB()->escape($email)."')
AND u.user_id <> ".ANONYMOUS;
}
else
{
$total_sql .= "SELECT COUNT(user_id) AS total
FROM ".BB_USERS."
WHERE {$lower_b}user_email{$lower_e} $op '".str_replace("\'", "''", $email)."'
WHERE {$lower_b}user_email{$lower_e} $op '".DB()->escape($email)."'
AND user_id <> ".ANONYMOUS;
$select_sql .= " WHERE {$lower_b}u.user_email{$lower_e} $op '".str_replace("\'", "''", $email)."'
$select_sql .= " WHERE {$lower_b}u.user_email{$lower_e} $op '".DB()->escape($email)."'
AND u.user_id <> ".ANONYMOUS;
}
break;
@ -955,20 +955,20 @@ else
{
$total_sql .= "SELECT COUNT(user_id) AS total
FROM ".BB_USERS."
WHERE REGEXP_LIKE($field, '".str_replace("\'", "''", $userfield_value)."')
WHERE REGEXP_LIKE($field, '".DB()->escape($userfield_value)."')
AND user_id <> ".ANONYMOUS;
$select_sql .= " WHERE REGEXP_LIKE(u.$field, '".str_replace("\'", "''", $userfield_value)."')
$select_sql .= " WHERE REGEXP_LIKE(u.$field, '".DB()->escape($userfield_value)."')
AND u.user_id <> ".ANONYMOUS;
}
else
{
$total_sql .= "SELECT COUNT(user_id) AS total
FROM ".BB_USERS."
WHERE {$lower_b}$field{$lower_e} $op '".str_replace("\'", "''", $userfield_value)."'
WHERE {$lower_b}$field{$lower_e} $op '".DB()->escape($userfield_value)."'
AND user_id <> ".ANONYMOUS;
$select_sql .= " WHERE {$lower_b}u.$field{$lower_e} $op '".str_replace("\'", "''", $userfield_value)."'
$select_sql .= " WHERE {$lower_b}u.$field{$lower_e} $op '".DB()->escape($userfield_value)."'
AND u.user_id <> ".ANONYMOUS;
}
@ -1025,10 +1025,10 @@ else
$total_sql .= "SELECT COUNT(user_id) AS total
FROM ".BB_USERS."
WHERE user_lang = '".str_replace("\'", "''", $language_type)."'
WHERE user_lang = '".DB()->escape($language_type)."'
AND user_id <> ".ANONYMOUS;
$select_sql .= " WHERE u.user_lang = '".str_replace("\'", "''", $language_type)."'
$select_sql .= " WHERE u.user_lang = '".DB()->escape($language_type)."'
AND u.user_id <> ".ANONYMOUS;
break;

4
upload/admin/admin_words.php
View file

@ -86,14 +86,14 @@ if( $mode != "" )
if( $word_id )
{
$sql = "UPDATE " . BB_WORDS . "
SET word = '" . str_replace("\'", "''", $word) . "', replacement = '" . str_replace("\'", "''", $replacement) . "'
SET word = '" . DB()->escape($word) . "', replacement = '" . DB()->escape($replacement) . "'
WHERE word_id = $word_id";
$message = $lang['WORD_UPDATED'];
}
else
{
$sql = "INSERT INTO " . BB_WORDS . " (word, replacement)
VALUES ('" . str_replace("\'", "''", $word) . "', '" . str_replace("\'", "''", $replacement) . "')";
VALUES ('" . DB()->escape($word) . "', '" . DB()->escape($replacement) . "')";
$message = $lang['WORD_ADDED'];
}

2
upload/ajax/mod_action.php
View file

@ -33,7 +33,7 @@ switch ($mode)
case 'edit_topic_title':
$topic_id = (int) $this->request['topic_id'];
$topic_title = (string) $this->request['topic_title'];
$new_title = clean_topic_title($topic_title);
$new_title = clean_title($topic_title);
if (!$topic_id) $this->ajax_die('invalid topic_id (empty)');
if ($new_title == '') $this->ajax_die('Вы должны указать заголовок сообщения');

2
upload/config.php
View file

@ -57,7 +57,7 @@ $bb_cfg['css_ver'] = 1;
// Increase number of revision after update
$bb_cfg['tp_version'] = '2.0.2';
$bb_cfg['tp_release_state'] = 'TP II r70';
$bb_cfg['tp_release_state'] = 'TP II r71';
$bb_cfg['tp_release_date'] = '04-07-2011';
$bb_cfg['board_disabled_msg'] = 'форум временно отключен'; // 'forums temporarily disabled'; // show this msg if board has been disabled via ON/OFF trigger

2
upload/includes/functions.php
View file

@ -2714,7 +2714,7 @@ function bb_json_decode ($data)
return json_decode($data, true);
}
function clean_topic_title ($str, $replace_underscore = false)
function clean_title ($str, $replace_underscore = false)
{
$str = ($replace_underscore) ? str_replace('_', ' ', $str) : $str;
$str = htmlCHR(str_compact($str));

4
upload/includes/functions_post.php
View file

@ -171,7 +171,7 @@ function submit_post($mode, &$post_data, &$message, &$meta, &$forum_id, &$topic_
if ($row = DB()->fetch_row($sql))
{
$last_msg = str_replace("\'", "''", $last_msg);
$last_msg = DB()->escape($last_msg);
if ($last_msg == $post_message)
{
@ -286,7 +286,7 @@ function submit_post($mode, &$post_data, &$message, &$meta, &$forum_id, &$topic_
{
if (!empty($option_text))
{
$option_text = str_replace("\'", "''", htmlspecialchars($option_text));
$option_text = DB()->escape(htmlspecialchars($option_text));
$poll_result = ($mode == "editpost" && isset($old_poll_result[$option_id])) ? $old_poll_result[$option_id] : 0;
$sql = ($mode != "editpost" || !isset($old_poll_result[$option_id])) ? "INSERT INTO " . BB_VOTE_RESULTS . " (vote_id, vote_option_id, vote_option_text, vote_result) VALUES ($poll_id, $poll_option_id, '$option_text', $poll_result)" : "UPDATE " . BB_VOTE_RESULTS . " SET vote_option_text = '$option_text', vote_result = $poll_result WHERE vote_option_id = $option_id AND vote_id = $poll_id";

6
upload/includes/functions_report.php
View file

@ -1072,8 +1072,8 @@ function report_insert($module_id, $report_subject, $report_reason, $report_titl
$sql = 'INSERT INTO ' . BB_REPORTS . ' (user_id, report_time, report_module_id, report_status, report_reason_id,
report_subject, report_subject_data, report_title, report_desc)
VALUES (' . $userdata['user_id'] . ', ' . time() . ', ' . (int) $module_id . ', ' . REPORT_NEW . ', ' . (int) $report_reason . ',
' . (int) $report_subject . ", $report_subject_data_sql, '" . str_replace("'", "''", $report_title) . "',
'" . str_replace("'", "''", $report_desc) . "')";
' . (int) $report_subject . ", $report_subject_data_sql, '" . DB()->escape($report_title) . "',
'" . DB()->escape($report_desc) . "')";
if (!DB()->sql_query($sql))
{
message_die(GENERAL_ERROR, 'Could not insert report', '', __LINE__, __FILE__, $sql);
@ -1185,7 +1185,7 @@ function reports_update_status($report_ids, $report_status, $comment = '', $auth
//
// Insert report status changes and update reports
//
$comment = str_replace("'", "''", $comment);
$comment = DB()->escape($comment);
foreach ($report_ids as $report_id)
{
$sql = 'INSERT INTO ' . BB_REPORTS_CHANGES . " (report_id, user_id, report_change_time, report_status, report_change_comment)

6
upload/includes/functions_report_admin.php
View file

@ -196,7 +196,7 @@ function report_module_install($module_notify, $module_prune, $module_name, $aut
$sql = 'INSERT INTO ' . BB_REPORTS_MODULES . ' (report_module_order, report_module_notify, report_module_prune,
report_module_name, auth_write, auth_view, auth_notify, auth_delete)
VALUES(' . ($max_order + 1) . ', ' . (int) $module_notify . ', ' . (int) $module_prune . ",
'" . str_replace("'", "''", $module_name) . "', " . (int) $auth_write . ', ' . (int) $auth_view . ',
'" . DB()->escape($module_name) . "', " . (int) $auth_write . ', ' . (int) $auth_view . ',
' . (int) $auth_notify . ', ' . (int) $auth_delete . ')';
if (!DB()->sql_query($sql))
{
@ -427,7 +427,7 @@ function report_reason_insert($module_id, $reason_desc)
// Insert reason
//
$sql = 'INSERT INTO ' . BB_REPORTS_REASONS . ' (report_module_id, report_reason_order, report_reason_desc)
VALUES(' . (int) $module_id . ', ' . ($max_order + 1) . ", '" . str_replace("'", "''", $reason_desc) . "')";
VALUES(' . (int) $module_id . ', ' . ($max_order + 1) . ", '" . DB()->escape($reason_desc) . "')";
if (!DB()->sql_query($sql))
{
message_die(GENERAL_ERROR, 'Could not insert report reason', '', __LINE__, __FILE__, $sql);
@ -444,7 +444,7 @@ function report_reason_edit($reason_id, $module_id, $reason_desc)
$sql = 'UPDATE ' . BB_REPORTS_REASONS . '
SET
report_module_id = ' . (int) $module_id . ",
report_reason_desc = '" . str_replace("'", "''", $reason_desc) . "'
report_reason_desc = '" . DB()->escape($reason_desc) . "'
WHERE report_reason_id = " . (int) $reason_id;
if (!DB()->sql_query($sql))
{

2
upload/includes/ucp/usercp_activate.php
View file

@ -39,7 +39,7 @@ if ( $row = DB()->sql_fetchrow($result) )
}
}
$sql_update_pass = ( $row['user_newpasswd'] != '' ) ? ", user_password = '" . str_replace("\'", "''", $row['user_newpasswd']) . "', user_newpasswd = ''" : '';
$sql_update_pass = ( $row['user_newpasswd'] != '' ) ? ", user_password = '" . DB()->escape($row['user_newpasswd']) . "', user_newpasswd = ''" : '';
$sql = "UPDATE " . BB_USERS . "
SET user_active = 1, user_actkey = ''" . $sql_update_pass . "

4
upload/includes/ucp/usercp_avatar.php
View file

@ -91,7 +91,7 @@ function user_avatar_gallery($mode, &$errors, $avatar_filename, $avatar_category
if ( file_exists(@phpbb_realpath($bb_cfg['avatar_gallery_path'] . '/' . $avatar_category . '/' . $avatar_filename)) && ($mode == 'editprofile') )
{
return array('user_avatar' => str_replace("\'", "''", $avatar_category . '/' . $avatar_filename), 'user_avatar_type' => USER_AVATAR_GALLERY);
return array('user_avatar' => DB()->escape($avatar_category . '/' . $avatar_filename), 'user_avatar_type' => USER_AVATAR_GALLERY);
}
else
{
@ -116,7 +116,7 @@ function user_avatar_url($mode, &$errors, $avatar_filename)
return;
}
return array('user_avatar' => str_replace("\'", "''", $avatar_filename), 'user_avatar_type' => USER_AVATAR_REMOTE);
return array('user_avatar' => DB()->escape($avatar_filename), 'user_avatar_type' => USER_AVATAR_REMOTE);
}

4
upload/includes/ucp/usercp_sendpasswd.php
View file

@ -18,8 +18,8 @@ if ( isset($_POST['submit']) )
$sql = "SELECT *
FROM " . BB_USERS . "
WHERE user_email = '" . str_replace("\'", "''", $email) . "'
AND username = '" . str_replace("\'", "''", $username) . "'";
WHERE user_email = '" . DB()->escape($email) . "'
AND username = '" . DB()->escape($username) . "'";
if ( $result = DB()->sql_query($sql) )
{
if ( $row = DB()->sql_fetchrow($result) )

2
upload/memberlist.php
View file

@ -158,7 +158,7 @@ $sql = "SELECT username, user_id, user_opt, user_posts, user_regdate, user_from,
if ( $username )
{
$username = preg_replace('/\*/', '%', clean_username($username));
$letter_sql = "username LIKE '". str_replace("\'", "''", $username) ."'";
$letter_sql = "username LIKE '". DB()->escape($username) ."'";
}
$sql .= ($letter_sql) ? " AND $letter_sql" : '';
$sql .= " ORDER BY $order_by";

4
upload/modcp.php
View file

@ -440,7 +440,7 @@ switch ($mode)
}
while ($row = DB()->sql_fetchrow($result));
$post_subject = trim(htmlspecialchars($_POST['subject']));
$post_subject = clean_title($_POST['subject']);
if (empty($post_subject))
{
message_die(GENERAL_MESSAGE, $lang['EMPTY_SUBJECT']);
@ -464,7 +464,7 @@ switch ($mode)
DB()->sql_freeresult($result);
$sql = "INSERT INTO " . BB_TOPICS . " (topic_title, topic_poster, topic_time, forum_id, topic_status, topic_type)
VALUES ('" . str_replace("\'", "''", $post_subject) . "', $first_poster, " . $topic_time . ", $new_forum_id, " . TOPIC_UNLOCKED . ", " . POST_NORMAL . ")";
VALUES ('" . DB()->escape($post_subject) . "', $first_poster, " . $topic_time . ", $new_forum_id, " . TOPIC_UNLOCKED . ", " . POST_NORMAL . ")";
if (!(DB()->sql_query($sql)))
{
message_die(GENERAL_ERROR, 'Could not insert new topic', '', __LINE__, __FILE__, $sql);

72
upload/posting.php
View file

@ -502,7 +502,7 @@ else if ( ($submit || $confirm) && !$topic_has_new_posts )
{
$topic_type = ( isset($post_data['topic_type']) && $topic_type != $post_data['topic_type'] && !$is_auth['auth_sticky'] && !$is_auth['auth_announce'] ) ? $post_data['topic_type'] : $topic_type;
submit_post($mode, $post_data, $return_message, $return_meta, $forum_id, $topic_id, $post_id, $poll_id, $topic_type, str_replace("\'", "''", $username), str_replace("\'", "''", $subject), str_replace("\'", "''", $message), str_replace("\'", "''", $poll_title), $poll_options, $poll_length, $update_post_time);
submit_post($mode, $post_data, $return_message, $return_meta, $forum_id, $topic_id, $post_id, $poll_id, $topic_type, DB()->escape($username), DB()->escape($subject), DB()->escape($message), DB()->escape($poll_title), $poll_options, $poll_length, $update_post_time);
}
break;
@ -561,11 +561,11 @@ else if ( ($submit || $confirm) && !$topic_has_new_posts )
if( $refresh || isset($_POST['del_poll_option']) || $error_msg || ($submit && $topic_has_new_posts) )
//snp end
{
$username = ( !empty($_POST['username']) ) ? htmlspecialchars(trim(stripslashes($_POST['username']))) : '';
$subject = ( !empty($_POST['subject']) ) ? htmlspecialchars(trim(stripslashes($_POST['subject']))) : '';
$message = ( !empty($_POST['message']) ) ? htmlspecialchars(trim(stripslashes($_POST['message']))) : '';
$username = ( !empty($_POST['username']) ) ? clean_username($_POST['username']) : '';
$subject = ( !empty($_POST['subject']) ) ? clean_title($_POST['subject']) : '';
$message = ( !empty($_POST['message']) ) ? $_POST['message'] : '';
$poll_title = ( !empty($_POST['poll_title']) ) ? htmlspecialchars(trim(stripslashes($_POST['poll_title']))) : '';
$poll_title = ( !empty($_POST['poll_title']) ) ? clean_title($_POST['poll_title']) : '';
$poll_length = ( isset($_POST['poll_length']) ) ? max(0, intval($_POST['poll_length'])) : 0;
$poll_options = array();
@ -580,66 +580,30 @@ if( $refresh || isset($_POST['del_poll_option']) || $error_msg || ($submit && $t
}
else if ( !empty($option_text) )
{
$poll_options[$option_id] = htmlspecialchars(trim(stripslashes($option_text)));
$poll_options[$option_id] = clean_title($option_text);
}
}
}
if ( $poll_add && !empty($_POST['add_poll_option_text']) )
{
$poll_options[] = htmlspecialchars(trim(stripslashes($_POST['add_poll_option_text'])));
$poll_options[] = clean_title($_POST['add_poll_option_text']);
}
if ($preview)
{
$preview_message = $msg_html = $msg_html_tidy = '';
$text = $message;
$text = htmlCHR($text, false, ENT_NOQUOTES);
$preview_message = bbcode2html($text); // создает объект $bbcode
// ### DBG ###
if (0 && $user->id == 10838)
{
$text = $_POST['message'];
$text = htmlCHR($text, false, ENT_NOQUOTES);
$msg_html_tidy = $bbcode->bbcode2html($text, true);
if (1 && !empty($_COOKIE['explain']))
{
$msg_html = $bbcode->bbcode2html($text, false);
$msg_html = html_compact($msg_html, true);
$msg_html_tidy = html_compact($msg_html_tidy, true);
$preview_message = html_compact($preview_message, true);
file_write($msg_html, LOG_DIR.'before_tidy', false, true, true);
file_write($msg_html_tidy, LOG_DIR.'after_tidy', false, true, true);
}
$template->assign_vars(array(
'MSG_HTML_TIDY' => $msg_html_tidy,
));
}
if (IS_AM)
{
$template->assign_vars(array(
'SPAM_WORD' => ($bbcode->found_spam) ? '<pre>'. htmlCHR(join("\n", $bbcode->found_spam)) .'</pre>' : '',
));
}
if (0 && $user->id == 10838)
{
$template->assign_vars(array(
'PREVIEW_INPUT_SRC' => get_html_src($_POST['message']),
'PREVIEW_HTML_SRC' => get_html_src($preview_message),
));
}
// ### DBG ###
$preview_subject = $subject;
$preview_username = $username;
$preview_message = bbcode2html($message);
$template->assign_vars(array(
'TPL_PREVIEW_POST' => true,
'PREVIEW_MSG' => $preview_message,
'TPL_PREVIEW_POST' => true,
'TOPIC_TITLE' => wbr($preview_subject),
'POST_SUBJECT' => $preview_subject,
'POSTER_NAME' => $preview_username,
'POST_DATE' => bb_date(TIMENOW),
'PREVIEW_MSG' => $preview_message,
));
}
}
else
@ -664,10 +628,6 @@ else
$subject = ( $post_data['first_post'] ) ? $post_info['topic_title'] : $post_info['post_subject'];
$message = $post_info['post_text'];
$message = str_replace('<', '&lt;', $message);
$message = str_replace('>', '&gt;', $message);
$message = str_replace('<br />', "\n", $message);
if ( $mode == 'quote' )
{
if (!defined('WORD_LIST_OBTAINED'))

26
upload/privmsg.php
View file

@ -280,7 +280,7 @@ if ( $mode == 'read' )
// set limits on numbers of storable posts for users ... hopefully!
//
$sql = "INSERT INTO " . BB_PRIVMSGS . " (privmsgs_type, privmsgs_subject, privmsgs_from_userid, privmsgs_to_userid, privmsgs_date, privmsgs_ip)
VALUES (" . PRIVMSGS_SENT_MAIL . ", '" . str_replace("\'", "''", addslashes($privmsg['privmsgs_subject'])) . "', " . $privmsg['privmsgs_from_userid'] . ", " . $privmsg['privmsgs_to_userid'] . ", " . $privmsg['privmsgs_date'] . ", '" . $privmsg['privmsgs_ip'] . "')";
VALUES (" . PRIVMSGS_SENT_MAIL . ", '" . DB()->escape($privmsg['privmsgs_subject']) . "', " . $privmsg['privmsgs_from_userid'] . ", " . $privmsg['privmsgs_to_userid'] . ", " . $privmsg['privmsgs_date'] . ", '" . $privmsg['privmsgs_ip'] . "')";
if ( !DB()->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not insert private message sent info', '', __LINE__, __FILE__, $sql);
@ -289,7 +289,7 @@ if ( $mode == 'read' )
$privmsg_sent_id = DB()->sql_nextid();
$sql = "INSERT INTO " . BB_PRIVMSGS_TEXT . " (privmsgs_text_id, privmsgs_text)
VALUES ($privmsg_sent_id, '" . str_replace("\'", "''", addslashes($privmsg['privmsgs_text'])) . "')";
VALUES ($privmsg_sent_id, '" . DB()->escape($privmsg['privmsgs_text']) . "')";
if ( !DB()->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not insert private message sent text', '', __LINE__, __FILE__, $sql);
@ -968,7 +968,7 @@ else if ( $submit || $refresh || $mode != '' )
{
$to_username = clean_username($_POST['username']);
// DelUsrKeepPM
$to_username_sql = str_replace("\'", "''", $to_username);
$to_username_sql = DB()->escape($to_username);
$to_userdata = get_userdata ($to_username_sql);
@ -996,7 +996,7 @@ else if ( $submit || $refresh || $mode != '' )
{
if ( !$error )
{
$privmsg_message = DB()->escape($_POST['message']);
$privmsg_message = $_POST['message'];
}
}
else
@ -1068,12 +1068,12 @@ else if ( $submit || $refresh || $mode != '' )
}
$sql_info = "INSERT INTO " . BB_PRIVMSGS . " (privmsgs_type, privmsgs_subject, privmsgs_from_userid, privmsgs_to_userid, privmsgs_date, privmsgs_ip)
VALUES (" . PRIVMSGS_NEW_MAIL . ", '" . str_replace("\'", "''", $privmsg_subject) . "', " . $userdata['user_id'] . ", " . $to_userdata['user_id'] . ", $msg_time, '". USER_IP ."')";
VALUES (" . PRIVMSGS_NEW_MAIL . ", '" . DB()->escape($privmsg_subject) . "', " . $userdata['user_id'] . ", " . $to_userdata['user_id'] . ", $msg_time, '". USER_IP ."')";
}
else
{
$sql_info = "UPDATE " . BB_PRIVMSGS . "
SET privmsgs_type = " . PRIVMSGS_NEW_MAIL . ", privmsgs_subject = '" . str_replace("\'", "''", $privmsg_subject) . "', privmsgs_from_userid = " . $userdata['user_id'] . ", privmsgs_to_userid = " . $to_userdata['user_id'] . ", privmsgs_date = $msg_time, privmsgs_ip = '". USER_IP ."'
SET privmsgs_type = " . PRIVMSGS_NEW_MAIL . ", privmsgs_subject = '" . DB()->escape($privmsg_subject) . "', privmsgs_from_userid = " . $userdata['user_id'] . ", privmsgs_to_userid = " . $to_userdata['user_id'] . ", privmsgs_date = $msg_time, privmsgs_ip = '". USER_IP ."'
WHERE privmsgs_id = $privmsg_id";
}
@ -1087,12 +1087,12 @@ else if ( $submit || $refresh || $mode != '' )
$privmsg_sent_id = DB()->sql_nextid();
$sql = "INSERT INTO " . BB_PRIVMSGS_TEXT . " (privmsgs_text_id, privmsgs_text)
VALUES ($privmsg_sent_id, '" . str_replace("\'", "''", $privmsg_message) . "')";
VALUES ($privmsg_sent_id, '" . DB()->escape($privmsg_message) . "')";
}
else
{
$sql = "UPDATE " . BB_PRIVMSGS_TEXT . "
SET privmsgs_text = '" . str_replace("\'", "''", $privmsg_message) . "'
SET privmsgs_text = '" . DB()->escape($privmsg_message) . "'
WHERE privmsgs_text_id = $privmsg_id";
}
@ -1163,14 +1163,10 @@ else if ( $submit || $refresh || $mode != '' )
// passed to the script, process it a little, do some checks
// where neccessary, etc.
//
$to_username = (isset($_POST['username']) ) ? trim(htmlspecialchars(stripslashes($_POST['username']))) : '';
$to_username = (isset($_POST['username']) ) ? clean_username($_POST['username']) : '';
$privmsg_subject = ( isset($_POST['subject']) ) ? trim(strip_tags(stripslashes($_POST['subject']))) : '';
$privmsg_subject = ( isset($_POST['subject']) ) ? clean_title($_POST['subject']) : '';
$privmsg_message = ( isset($_POST['message']) ) ? trim($_POST['message']) : '';
if ( !$preview )
{
$privmsg_message = stripslashes($privmsg_message);
}
//
// Do mode specific things
@ -1334,8 +1330,6 @@ else if ( $submit || $refresh || $mode != '' )
$preview_subject = $privmsg_subject;
}
$preview_message = str_replace("\n", '<br />', $preview_message);
$s_hidden_fields = '<input type="hidden" name="folder" value="' . $folder . '" />';
$s_hidden_fields .= '<input type="hidden" name="mode" value="' . $mode . '" />';

10
upload/report.php
View file

@ -77,7 +77,7 @@ if (isset($report_module))
if (isset($_POST['submit']))
{
$report_reason = (isset($_POST['reason'])) ? (int) $_POST['reason'] : 0;
$report_desc = (isset($_POST['message'])) ? htmlspecialchars($_POST['message']) : '';
$report_desc = (isset($_POST['message'])) ? $_POST['message'] : '';
//
// Obtain report title if necessary
@ -88,7 +88,7 @@ if (isset($report_module))
}
else
{
$report_title = (isset($_POST['title'])) ? htmlspecialchars($_POST['title']) : '';
$report_title = (isset($_POST['title'])) ? $_POST['title'] : '';
$report_subject_id = 0;
}
@ -110,8 +110,8 @@ if (isset($report_module))
//
if (empty($errors))
{
$report_desc = str_replace("\'", "'", $report_desc);
$report_title = str_replace("\'", "'", $report_title);
$report_desc = DB()->escape($report_desc);
$report_title = clean_title($report_title);
report_insert($report_module->id, $report_subject_id, $report_reason, $report_title, $report_desc, false);
@ -304,7 +304,7 @@ else
{
if (isset($_POST['confirm']))
{
$comment = (isset($_POST['comment'])) ? htmlspecialchars(str_replace("\'", "'", $_POST['comment'])) : '';
$comment = (isset($_POST['comment'])) ? DB()->escape($_POST['comment']) : '';
switch ($mode)
{

2
upload/search.php
View file

@ -866,7 +866,7 @@ function username_search ($search_match)
$sql = "
SELECT username
FROM ". BB_USERS ."
WHERE username LIKE '". str_replace("\'", "''", $username_search) . "'
WHERE username LIKE '". DB()->escape($username_search) . "'
AND user_id <> ". ANONYMOUS ."
ORDER BY username
LIMIT 200

2
upload/viewtopic.php
View file

@ -893,7 +893,7 @@ for($i = 0; $i < $total_posts; $i++)
//
if ($user_sig)
{
$user_sig = '<br />_________________<br />' . str_replace("\n", "\n<br />\n", $user_sig);
$user_sig = '<br />_________________<br />'. $user_sig;
}
//