claunia/qemudb
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Security fixes. Use include/db.php

Browse Source
This commit is contained in:
Paul van Schayck
2005-01-06 16:47:52 +00:00
committed by Jeremy Newman
parent ff64795163
commit 2221455c48
1 changed files with 26 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

45
admin/editAppVersion.php
View File

@@ -7,9 +7,14 @@ include(BASE."include/"."tableve.php");
include(BASE."include/"."qclass.php"); include(BASE."include/"."qclass.php");
require(BASE."include/"."application.php"); require(BASE."include/"."application.php");
if(!is_numeric($_REQUEST['appId']) OR !is_numeric($_REQUEST['versionId']))
{
errorpage("Wrong ID");
exit;
}
//check for admin privs //check for admin privs
if(!loggedin() || (!havepriv("admin") && !$_SESSION['current']->is_maintainer($_REQUEST['appId'], $_REQUEST['versionId'])) ) if(!(havepriv("admin") || $_SESSION['current']->is_maintainer($_REQUEST['appId'],$_REQUEST['versionId'])))
{ {
errorpage("Insufficient Privileges!"); errorpage("Insufficient Privileges!");
exit; exit;
@@ -23,7 +28,7 @@ if(isset($_REQUEST['submit1']))
$statusMessage = ''; $statusMessage = '';
// Get the old values from the database // Get the old values from the database
$query = "SELECT * FROM appVersion WHERE appId = ".$_REQUEST['appId']." and versionId = ".$_REQUEST['versionId']; $query = "SELECT * FROM appVersion WHERE appId = ".$_REQUEST['appId']." and versionId = ".$_REQUEST['versionId'];
$result = mysql_query($query); $result = query_appdb($query);
$ob = mysql_fetch_object($result); $ob = mysql_fetch_object($result);
$old_versionName = $ob->versionName; $old_versionName = $ob->versionName;
$old_keywords = $ob->keywords; $old_keywords = $ob->keywords;
@@ -32,10 +37,10 @@ if(isset($_REQUEST['submit1']))
$old_rating = $ob->maintainer_rating; $old_rating = $ob->maintainer_rating;
$old_release = $ob->maintainer_release; $old_release = $ob->maintainer_release;
$versionName = addslashes($_REQUEST['versionName']); $versionName = $_REQUEST['versionName'];
$keywords = $_REQUEST['keywords']; $keywords = $_REQUEST['keywords'];
$description = addslashes($_REQUEST['description']); $description = $_REQUEST['description'];
$webPage = addslashes($_REQUEST['webPage']); $webPage = $_REQUEST['webPage'];
$maintainer_rating = $_REQUEST['maintainer_rating']; $maintainer_rating = $_REQUEST['maintainer_rating'];
$maintainer_release = $_REQUEST['maintainer_release']; $maintainer_release = $_REQUEST['maintainer_release'];
@@ -44,19 +49,19 @@ if(isset($_REQUEST['submit1']))
if ($old_versionName <> $versionName) if ($old_versionName <> $versionName)
{ {
$WhatChanged .= "Version name: Old Value: ".stripslashes($old_versionName)."\n"; $WhatChanged .= "Version name: Old Value: ".stripslashes($old_versionName)."\n";
$WhatChanged .= " New Value: ".stripslashes($versionName)."\n"; $WhatChanged .= " New Value: ".$versionName."\n";
$VersionChanged = true; $VersionChanged = true;
} }
if ($old_keywords <> $keywords) if ($old_keywords <> $keywords)
{ {
$WhatChanged .= " Key Words: Old Value: ".stripslashes($old_keywords)."\n"; $WhatChanged .= " Key Words: Old Value: ".stripslashes($old_keywords)."\n";
$WhatChanged .= " New Value: ".stripslashes($keywords)."\n"; $WhatChanged .= " New Value: ".$keywords."\n";
$VersionChanged = true; $VersionChanged = true;
} }
if ($old_webPage <> $webPage) if ($old_webPage <> $webPage)
{ {
$WhatChanged .= " Web Page: Old Value: ".stripslashes($old_webPage)."\n"; $WhatChanged .= " Web Page: Old Value: ".stripslashes($old_webPage)."\n";
$WhatChanged .= " New Value: ".stripslashes($webPage)."\n"; $WhatChanged .= " New Value: ".$webPage."\n";
$VersionChanged = true; $VersionChanged = true;
} }
if ($old_description <> $description) if ($old_description <> $description)
@@ -74,28 +79,30 @@ if(isset($_REQUEST['submit1']))
if ($old_rating <> $maintainer_rating) if ($old_rating <> $maintainer_rating)
{ {
$WhatChanged .= " Release: Old Value: ".stripslashes($old_rating)."\n"; $WhatChanged .= " Release: Old Value: ".stripslashes($old_rating)."\n";
$WhatChanged .= " New Value: ".stripslashes($maintainer_rating)."\n"; $WhatChanged .= " New Value: ".$maintainer_rating."\n";
$VersionChanged = true; $VersionChanged = true;
} }
if ($old_release <> $maintainer_release) if ($old_release <> $maintainer_release)
{ {
$WhatChanged .= " Release: Old Value: ".stripslashes($old_release)."\n"; $WhatChanged .= " Release: Old Value: ".stripslashes($old_release)."\n";
$WhatChanged .= " New Value: ".stripslashes($maintainer_release)."\n"; $WhatChanged .= " New Value: ".$maintainer_release."\n";
$VersionChanged = true; $VersionChanged = true;
} }
//did anything change? //did anything change?
if ($VersionChanged) if ($VersionChanged)
{ {
$query = "UPDATE appVersion SET versionName = '".$versionName."', ". $sUpdate = compile_update_string( array('versionName' => $versionName,
"keywords = '".$_REQUEST['keywords']."', ". 'description' => $description,
"description = '".$description."', ". 'webPage' => $webPage,
"webPage = '".$webPage."',". 'keywords' => $keywords,
"maintainer_rating = '".$maintainer_rating."',". 'maintainer_rating' => $maintainer_rating,
"maintainer_release = '".$maintainer_release."'". 'maintainer_release' => $maintainer_release));
" WHERE appId = ".$_REQUEST['appId']." and versionId = ".$_REQUEST['versionId'];
if (mysql_query($query)) $query = "UPDATE appVersion SET $sUpdate WHERE appId = ".$_REQUEST['appId']." and versionId = ".$_REQUEST['versionId'];
if (query_appdb($query))
{ {
//success //success
$email = getNotifyEmailAddressList($_REQUEST['appId'], $_REQUEST['versionId']); $email = getNotifyEmailAddressList($_REQUEST['appId'], $_REQUEST['versionId']);
@@ -143,7 +150,7 @@ if(isset($_REQUEST['submit1']))
"appId = '".$_REQUEST['appId']."' and versionId = '".$_REQUEST['versionId']."'"; "appId = '".$_REQUEST['appId']."' and versionId = '".$_REQUEST['versionId']."'";
if(debugging()) { echo "<p align=center><b>query:</b> $query </p>"; } if(debugging()) { echo "<p align=center><b>query:</b> $query </p>"; }
$result = mysql_query($query); $result = query_appdb($query);
list($versionName, $keywords, $description, $webPage, $maintainer_rating, $maintainer_release) = mysql_fetch_row($result); list($versionName, $keywords, $description, $webPage, $maintainer_rating, $maintainer_release) = mysql_fetch_row($result);
apidb_header("Edit Application Version"); apidb_header("Edit Application Version");