Use query_parameters() in SQL select, update and delete statements to protect against
sql injection attacks
This commit is contained in:
Chris Morgan
WineHQ
@@ -18,8 +18,8 @@ $aClean['noteTitle'] = makeSafe($_REQUEST['noteTitle']);
|
||||
$aClean['noteDesc'] = makeSafe($_REQUEST['noteDesc']);
|
||||
|
||||
//FIXME: get rid of appId references everywhere, as version is enough.
|
||||
$sQuery = "SELECT appId FROM appVersion WHERE versionId = '".$aClean['versionId']."'";
|
||||
$hResult = query_appdb($sQuery);
|
||||
$sQuery = "SELECT appId FROM appVersion WHERE versionId = '?'";
|
||||
$hResult = query_parameters($sQuery, $aClean['versionId']);
|
||||
$oRow = mysql_fetch_object($hResult);
|
||||
$appId = $oRow->appId;
|
||||
|
||||
|
||||
@@ -24,15 +24,15 @@ if($aClean['submit'])
|
||||
}
|
||||
else
|
||||
{
|
||||
apidb_header("Add Category");
|
||||
$sQuery = "SELECT catId, catName FROM appCategory WHERE catId!='".$aClean['catId']."'";
|
||||
$hResult = query_appdb($sQuery);
|
||||
while($oRow = mysql_fetch_object($hResult))
|
||||
{
|
||||
$aCatsIds[]=$oRow->catId;
|
||||
$aCatsNames[]=$oRow->catName;
|
||||
}
|
||||
echo "<form method=\"post\" action=\"addCategory.php\">
|
||||
apidb_header("Add Category");
|
||||
$sQuery = "SELECT catId, catName FROM appCategory WHERE catId!='?'";
|
||||
$hResult = query_parameters($sQuery, $aClean['catId']);
|
||||
while($oRow = mysql_fetch_object($hResult))
|
||||
{
|
||||
$aCatsIds[]=$oRow->catId;
|
||||
$aCatsNames[]=$oRow->catName;
|
||||
}
|
||||
echo "<form method=\"post\" action=\"addCategory.php\">
|
||||
<input type=\"hidden\" name=\"catId\" value=\"".$oCat->iCatId."\" />
|
||||
<table border=\"0\" width=\"100%\" cellspacing=\"0\" cellpadding=\"2\">
|
||||
<tr>
|
||||
|
||||
@@ -178,7 +178,7 @@ if (!$aClean['id'])
|
||||
$statusMessage = "<p>The application data was successfully added into the database</p>\n";
|
||||
|
||||
//delete the item from the queue
|
||||
query_appdb("DELETE from appData where id = ".$obj_row->id.";");
|
||||
query_parameters("DELETE from appData where id = '?'", $obj_row->id);
|
||||
|
||||
//Send Status Email
|
||||
$oUser = new User($obj_row->userId);
|
||||
|
||||
@@ -54,7 +54,9 @@ function outputSearchTableForDuplicateFlagging($currentAppId, $hResult)
|
||||
$bgcolor = ($c % 2) ? 'color0' : 'color1';
|
||||
|
||||
//count versions
|
||||
$query = query_appdb("SELECT count(*) as versions FROM appVersion WHERE appId = $ob->appId AND versionName != 'NONAME'");
|
||||
$query = query_parameters("SELECT count(*) as versions FROM appVersion WHERE ".
|
||||
"appId = '?' AND versionName != 'NONAME'",
|
||||
$ob->appId);
|
||||
$y = mysql_fetch_object($query);
|
||||
|
||||
//display row
|
||||
@@ -151,8 +153,7 @@ if ($aClean['sub'])
|
||||
|
||||
// if we are processing a queued application there MUST be an implicitly queued
|
||||
// version to go along with it.
|
||||
$sQuery = "Select versionId from appVersion where appId='".$aClean['appId']."';";
|
||||
$hResult = query_appdb($sQuery);
|
||||
$hResult = query_parameters("SELECT versionId from appVersion where appId='?';", $aClean['appId']);
|
||||
$oRow = mysql_fetch_object($hResult);
|
||||
|
||||
$oVersion = new Version($oRow->versionId);
|
||||
@@ -175,8 +176,8 @@ if ($aClean['sub'])
|
||||
}
|
||||
|
||||
// Get the Testing results if they exist
|
||||
$sQuery = "Select testingId from testResults where versionId='".$oVersion->iVersionId."';";
|
||||
$hResult = query_appdb($sQuery);
|
||||
|
||||
$hResult = query_parameters("SELECT testingId from testResults where versionId='?'", $oVersion->iVersionId);
|
||||
if($hResult)
|
||||
{
|
||||
$oRow = mysql_fetch_object($hResult);
|
||||
@@ -234,7 +235,7 @@ if ($aClean['sub'])
|
||||
{
|
||||
if(is_numeric($aClean['versionIdMergeTo']))
|
||||
{
|
||||
// move this Test submission under the existing version //
|
||||
// move this Test submission under the existing version
|
||||
$oTest->iVersionId = $aClean['versionIdMergeTo'];
|
||||
$oTest->update();
|
||||
|
||||
@@ -358,8 +359,8 @@ if ($aClean['sub'])
|
||||
if(!$iVendorId)
|
||||
{
|
||||
$sVendor = get_vendor_from_keywords($oApp->sKeywords);
|
||||
$sQuery = "SELECT vendorId FROM vendor WHERE vendorname = '".$sVendor."';";
|
||||
$hResult = query_appdb($sQuery);
|
||||
$hResult = query_parameters("SELECT vendorId FROM vendor WHERE vendorname = '?'",
|
||||
$sVendor);
|
||||
if($hResult)
|
||||
{
|
||||
$oRow = mysql_fetch_object($hResult);
|
||||
@@ -372,8 +373,7 @@ if ($aClean['sub'])
|
||||
*/
|
||||
if(!$iVendorId)
|
||||
{
|
||||
$sQuery = "select * from vendor where vendorname like '%".$sVendor."%';";
|
||||
$hResult = query_appdb($sQuery);
|
||||
$hResult = query_parameters("SELECT * from vendor where vendorname like '%?%'", $sVendor);
|
||||
if($hResult)
|
||||
{
|
||||
$oRow = mysql_fetch_object($hResult);
|
||||
|
||||
@@ -117,16 +117,6 @@ if ($aClean['sub'])
|
||||
AND buglinks.versionId = appVersion.versionId
|
||||
AND buglinks.bug_id = ".BUGZILLA_DB.".bugs.bug_id";
|
||||
}
|
||||
$sQuery = "SELECT appFamily.description as appDescription,
|
||||
appFamily.appName as appName, appVersion.*,
|
||||
buglinks.versionId as versionId,
|
||||
buglinks.bug_id as bug_id,
|
||||
buglinks.linkId as linkId,
|
||||
buglinks.queued as queued,
|
||||
bugs.*
|
||||
FROM appFamily, appVersion, buglinks, bugs.bugs
|
||||
".$sWhere."
|
||||
ORDER BY buglinks.bug_id, appName, versionName";
|
||||
$sQuery = "SELECT appFamily.description as appDescription,
|
||||
appFamily.appName as appName, appVersion.*,
|
||||
buglinks.versionId as versionId,
|
||||
@@ -137,11 +127,11 @@ if ($aClean['sub'])
|
||||
FROM appFamily, appVersion, buglinks, bugs.bugs
|
||||
".$sWhere."
|
||||
ORDER BY buglinks.bug_id, appName, versionName
|
||||
LIMIT ".$offset.", ".$ItemsPerPage.";";
|
||||
LIMIT ".mysql_real_escape_string($offset).", ".mysql_real_escape_string($ItemsPerPage).";";
|
||||
|
||||
$c = 0;
|
||||
|
||||
if($hResult = query_appdb($sQuery))
|
||||
if($hResult = query_parameters($sQuery))
|
||||
{
|
||||
while($oRow = mysql_fetch_object($hResult))
|
||||
{
|
||||
|
||||
@@ -60,14 +60,14 @@ echo "</center>";
|
||||
|
||||
/* query for all of the commentId's, ordering by their time in reverse order */
|
||||
$offset = (($currentPage-1) * $ItemsPerPage);
|
||||
$commentIds = query_appdb("SELECT commentId from appComments ORDER BY ".
|
||||
"appComments.time ASC LIMIT $offset, $ItemsPerPage;");
|
||||
$commentIds = query_parameters("SELECT commentId from appComments ORDER BY ".
|
||||
"appComments.time ASC LIMIT ?, ?", $offset, $ItemsPerPage);
|
||||
while ($ob = mysql_fetch_object($commentIds))
|
||||
{
|
||||
$sQuery = "SELECT from_unixtime(unix_timestamp(time), \"%W %M %D %Y, %k:%i\") as time, ".
|
||||
"commentId, parentId, versionId, userid, subject, body ".
|
||||
"FROM appComments WHERE commentId = $ob->commentId;";
|
||||
$hResult = query_appdb($sQuery);
|
||||
"FROM appComments WHERE commentId = '?'";
|
||||
$hResult = query_parameters($sQuery, $ob->commentId);
|
||||
/* call view_app_comment to display the comment */
|
||||
$comment_ob = mysql_fetch_object($hResult);
|
||||
view_app_comment($comment_ob);
|
||||
|
||||
@@ -33,8 +33,8 @@ if ($aClean['sub'])
|
||||
$sQuery = "SELECT queueId, appId, versionId,".
|
||||
"userId, maintainReason, superMaintainer,".
|
||||
"UNIX_TIMESTAMP(submitTime) as submitTime ".
|
||||
"FROM appMaintainerQueue WHERE queueId = ".$aClean['queueId'].";";
|
||||
$hResult = query_appdb($sQuery);
|
||||
"FROM appMaintainerQueue WHERE queueId = '?'";
|
||||
$hResult = query_parameters($sQuery, $aClean['queueId']);
|
||||
$oRow = mysql_fetch_object($hResult);
|
||||
$oUser = new User($oRow->userId);
|
||||
mysql_free_result($hResult);
|
||||
@@ -209,8 +209,9 @@ if ($aClean['sub'])
|
||||
}
|
||||
|
||||
//delete main item
|
||||
$sQuery = "DELETE from appMaintainerQueue where queueId = ".$aClean['queueId'].";";
|
||||
$hResult = query_appdb($sQuery,"unable to delete selected maintainer application");
|
||||
$sQuery = "DELETE from appMaintainerQueue where queueId = '?'";
|
||||
$hResult = query_parameters($sQuery, $aClean['queueId']);
|
||||
if(!$hResult) addmsg("unable to delete selected maintainer application", "red");
|
||||
echo html_frame_start("Delete maintainer application",400,"",0);
|
||||
if($hResult)
|
||||
{
|
||||
@@ -237,7 +238,7 @@ if ($aClean['sub'])
|
||||
"superMaintainer,".
|
||||
"submitTime as submitTime ".
|
||||
"from appMaintainerQueue;";
|
||||
$hResult = query_appdb($sQuery);
|
||||
$hResult = query_parameters($sQuery);
|
||||
|
||||
if(!$hResult || !mysql_num_rows($hResult))
|
||||
{
|
||||
|
||||
@@ -28,8 +28,8 @@ if ($aClean['sub'])
|
||||
{
|
||||
if($aClean['sub'] == 'delete')
|
||||
{
|
||||
$sQuery = "DELETE FROM appMaintainers WHERE maintainerId = ".$aClean['maintainerId'].";";
|
||||
$hResult = query_appdb($sQuery);
|
||||
$sQuery = "DELETE FROM appMaintainers WHERE maintainerId = '?'";
|
||||
$hResult = query_parameters($sQuery, $aClean['maintainerId']);
|
||||
echo html_frame_start("Delete maintainer: ".$aClean['maintainerId'],400,"",0);
|
||||
if($hResult)
|
||||
{
|
||||
@@ -44,7 +44,7 @@ if ($aClean['sub'])
|
||||
// get available maintainers
|
||||
$sQuery = "SELECT * FROM appMaintainers, user_list where appMaintainers.userId = user_list.userid";
|
||||
$sQuery.= " ORDER BY realname;";
|
||||
$hResult = query_appdb($sQuery);
|
||||
$hResult = query_parameters($sQuery);
|
||||
|
||||
if(!$hResult || !mysql_num_rows($hResult))
|
||||
{
|
||||
|
||||
@@ -50,7 +50,7 @@ apidb_header("Screenshots");
|
||||
if($aClean['regenerate'])
|
||||
{
|
||||
$sQuery = "SELECT id FROM appData WHERE type = 'image'";
|
||||
$hResult = query_appdb($sQuery);
|
||||
$hResult = query_parameters($sQuery);
|
||||
while($oRow = mysql_fetch_object($hResult))
|
||||
{
|
||||
echo "REGENERATING IMAGE ".$oRow->id."<br/>";
|
||||
@@ -113,9 +113,9 @@ echo "</form>";
|
||||
echo "</center>";
|
||||
|
||||
/* query for all of the Screenshots in assending order */
|
||||
$Ids = query_appdb("SELECT * from appData
|
||||
$Ids = query_parameters("SELECT * from appData
|
||||
WHERE type = 'image'
|
||||
ORDER BY id ASC LIMIT $offset, $ItemsPerPage;");
|
||||
ORDER BY id ASC LIMIT ?, ?", $offset, $ItemsPerPage);
|
||||
$c = 1;
|
||||
echo "<div align=center><table><tr>\n";
|
||||
while ($oRow = mysql_fetch_object($Ids))
|
||||
|
||||
@@ -84,10 +84,11 @@ if($aClean['sSubmit'])
|
||||
{
|
||||
$sSearch = $aClean['sSearch'];
|
||||
$sQuery = "SELECT * FROM user_list
|
||||
WHERE realname LIKE '%".$sSearch."%' OR email LIKE '%".$sSearch."%'
|
||||
ORDER BY ".$aClean['sOrderBy']."
|
||||
LIMIT ".$aClean['iLimit'];
|
||||
$hResult = query_appdb($sQuery);
|
||||
WHERE realname LIKE '%?%' OR email LIKE '%?%'
|
||||
ORDER BY ?
|
||||
LIMIT ?";
|
||||
$hResult = query_parameters($sQuery, $sSearch, $sSearch, $aClean['sOrderBy'],
|
||||
$aClean['iLimit']);
|
||||
$i=0;
|
||||
while($hResult && $oRow = mysql_fetch_object($hResult))
|
||||
{
|
||||
|
||||
@@ -67,7 +67,8 @@ else
|
||||
echo '<table border=0 cellpadding=6 cellspacing=0 width="100%">',"\n";
|
||||
|
||||
$i = 0;
|
||||
$hResult = query_appdb("SELECT * FROM appData WHERE appId = $oApp->iAppId AND type = 'url' AND versionId = 0");
|
||||
$hResult = query_parameters("SELECT * FROM appData WHERE appId = '?' AND type = 'url' AND versionId = 0",
|
||||
$oApp->iAppId);
|
||||
if($hResult && mysql_num_rows($hResult) > 0)
|
||||
{
|
||||
echo '<tr><td class=color1><b>Delete</b></td><td class=color1>',"\n";
|
||||
|
||||
@@ -59,7 +59,8 @@ if(!empty($aClean['submit']))
|
||||
echo '<table border=0 cellpadding=6 cellspacing=0 width="100%">',"\n";
|
||||
|
||||
$i = 0;
|
||||
$hResult = query_appdb("SELECT * FROM appData WHERE versionId = ".$oVersion->iVersionId." AND type = 'url'");
|
||||
$hResult = query_parameters("SELECT * FROM appData WHERE versionId = '?' AND type = 'url'",
|
||||
$oVersion->iVersionId);
|
||||
if($hResult && mysql_num_rows($hResult) > 0)
|
||||
{
|
||||
echo '<tr><td class=color1><b>Delete</b></td><td class=color1>',"\n";
|
||||
|
||||
@@ -11,7 +11,7 @@ if(!$_SESSION['current']->hasPriv("admin"))
|
||||
|
||||
function build_app_list()
|
||||
{
|
||||
$hResult = query_appdb("SELECT appId, appName FROM appFamily ORDER BY appName");
|
||||
$hResult = query_parameters("SELECT appId, appName FROM appFamily ORDER BY appName");
|
||||
|
||||
echo "<select name=appId size=5 onChange='this.form.submit()'>\n";
|
||||
while($oRow = mysql_fetch_object($hResult))
|
||||
@@ -25,7 +25,8 @@ if($_REQUEST['cmd'])
|
||||
{
|
||||
if($_REQUEST['cmd'] == "delete")
|
||||
{
|
||||
$hResult = query_appdb("DELETE FROM appBundle WHERE appId =".$_REQUEST['appId']." AND bundleId =".$_REQUEST['bundleId']);
|
||||
$hResult = query_parameters("DELETE FROM appBundle WHERE appId ='?' AND bundleId = '?'",
|
||||
$_REQUEST['appId'], $_REQUEST['bundleId']);
|
||||
if($hResult)
|
||||
addmsg("App deleted from bundle", "green");
|
||||
else
|
||||
@@ -45,8 +46,9 @@ if($_REQUEST['cmd'])
|
||||
|
||||
apidb_header("Edit Application Bundle");
|
||||
|
||||
$hResult = query_appdb("SELECT bundleId, appBundle.appId, appName FROM appBundle, appFamily ".
|
||||
"WHERE bundleId = ".$_REQUEST['bundleId']." AND appFamily.appId = appBundle.appId");
|
||||
$hResult = query_parameters("SELECT bundleId, appBundle.appId, appName FROM appBundle, appFamily ".
|
||||
"WHERE bundleId = '?' AND appFamily.appId = appBundle.appId",
|
||||
$_REQUEST['bundleId']);
|
||||
|
||||
echo html_frame_start("Apps in this Bundle","300",'',0);
|
||||
echo "<table width='100%' border=0 cellpadding=3 cellspacing=0>\n\n";
|
||||
|
||||
@@ -55,7 +55,7 @@ if(!empty($aClean['action']))
|
||||
// although this cheaper select leaves out all applications that lack versions
|
||||
$sQuery = "select appName, appFamily.appId, versionName, versionId from appFamily left join appVersion ";
|
||||
$sQuery.= "on appVersion.appId = appFamily.appId ORDER BY appFamily.appName, appFamily.appId, appVersion.versionName;";
|
||||
$hResult = query_appdb($sQuery);
|
||||
$hResult = query_parameters($sQuery);
|
||||
$currentAppId = 0;
|
||||
while($oRow = mysql_fetch_object($hResult))
|
||||
{
|
||||
|
||||
Reference in New Issue
Block a user