claunia/qemudb
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Stop using compile_update_string(). compile_update_string() can be passed a value that includes a character considered

Browse Source 
special by query_parameters().  We then use the output from compile_update_string() as a part of the first
parameter to query_parameters(), the format string.  Having extra special characters causes a token mismatch
and query_parameters() will reject the queries entirely.  Remove now unused compile_update_string().
This commit is contained in:
Chris Morgan
2006-07-04 03:43:06 +00:00
committed by WineHQ
parent 611cc12aeb
commit fad9278013
5 changed files with 46 additions and 77 deletions
Download Patch File Download Diff File Expand all files Collapse all files

46
include/application.php
View File

@@ -148,45 +148,40 @@ class Application {
if ($this->sName && ($this->sName!=$oApp->sName)) if ($this->sName && ($this->sName!=$oApp->sName))
{ {
$sUpdate = compile_update_string(array('appName' => $this->sName)); if (!query_parameters("UPDATE appFamily SET appName = '?' WHERE appId = '?'",
if (!query_parameters("UPDATE appFamily SET ".$sUpdate." WHERE appId = '?'", $this->sName, $this->iAppId))
$this->iAppId))
return false; return false;
$sWhatChanged .= "Name was changed from ".$oApp->sName." to ".$this->sName.".\n\n"; $sWhatChanged .= "Name was changed from ".$oApp->sName." to ".$this->sName.".\n\n";
} }
if ($this->sDescription && ($this->sDescription!=$oApp->sDescription)) if ($this->sDescription && ($this->sDescription!=$oApp->sDescription))
{ {
$sUpdate = compile_update_string(array('description' => $this->sDescription)); if (!query_parameters("UPDATE appFamily SET description = '?' WHERE appId = '?'",
if (!query_parameters("UPDATE appFamily SET ".$sUpdate." WHERE appId = '?'", $this->sDescription, $this->iAppId))
$this->iAppId))
return false; return false;
$sWhatChanged .= "Description was changed from\n ".$oApp->sDescription."\n to \n".$this->sDescription.".\n\n"; $sWhatChanged .= "Description was changed from\n ".$oApp->sDescription."\n to \n".$this->sDescription.".\n\n";
} }
if ($this->sKeywords && ($this->sKeywords!=$oApp->sKeywords)) if ($this->sKeywords && ($this->sKeywords!=$oApp->sKeywords))
{ {
$sUpdate = compile_update_string(array('keywords' => $this->sKeywords)); if (!query_parameters("UPDATE appFamily SET keywords = '?' WHERE appId = '?'",
if (!query_parameters("UPDATE appFamily SET ".$sUpdate." WHERE appId = '?'", $this->sKeywords, $this->iAppId))
$this->iAppId))
return false; return false;
$sWhatChanged .= "Keywords were changed from\n ".$oApp->sKeywords."\n to \n".$this->sKeywords.".\n\n"; $sWhatChanged .= "Keywords were changed from\n ".$oApp->sKeywords."\n to \n".$this->sKeywords.".\n\n";
} }
if ($this->sWebpage && ($this->sWebpage!=$oApp->sWebpage)) if ($this->sWebpage && ($this->sWebpage!=$oApp->sWebpage))
{ {
$sUpdate = compile_update_string(array('webPage' => $this->sWebpage)); if (!query_parameters("UPDATE appFamily SET webPage = '?' WHERE appId = '?'",
if (!query_parameters("UPDATE appFamily SET ".$sUpdate." WHERE appId = '?'", $this->sWebPage, $this->iAppId))
$this->iAppId))
return false; return false;
$sWhatChanged .= "Web page was changed from ".$oApp->sWebpage." to ".$this->sWebpage.".\n\n"; $sWhatChanged .= "Web page was changed from ".$oApp->sWebpage." to ".$this->sWebpage.".\n\n";
} }
if ($this->iVendorId && ($this->iVendorId!=$oApp->iVendorId)) if ($this->iVendorId && ($this->iVendorId!=$oApp->iVendorId))
{ {
$sUpdate = compile_update_string(array('vendorId' => $this->iVendorId)); if (!query_parameters("UPDATE appFamily SET vendorId = '?' WHERE appId = '?'",
if (!query_parameters("UPDATE appFamily SET ".$sUpdate." WHERE appId = '?'", $this->iVendorId, $this->iAppId))
$this->iAppId))
return false; return false;
$oVendorBefore = new Vendor($oApp->iVendorId); $oVendorBefore = new Vendor($oApp->iVendorId);
$oVendorAfter = new Vendor($this->iVendorId); $oVendorAfter = new Vendor($this->iVendorId);
@@ -195,9 +190,8 @@ class Application {
if ($this->iCatId && ($this->iCatId!=$oApp->iCatId)) if ($this->iCatId && ($this->iCatId!=$oApp->iCatId))
{ {
$sUpdate = compile_update_string(array('catId' => $this->iCatId)); if (!query_parameters("UPDATE appFamily SET catId = '?' WHERE appId = '?'",
if (!query_parameters("UPDATE appFamily SET ".$sUpdate." WHERE appId = '?'", $this->iCatId, $this->iAppId))
$this->iAppId))
return false; return false;
$oCatBefore = new Category($oApp->iCatId); $oCatBefore = new Category($oApp->iCatId);
$oCatAfter = new Category($this->iCatId); $oCatAfter = new Category($this->iCatId);
@@ -260,10 +254,8 @@ class Application {
if(!$_SESSION['current']->canUnQueueApplication()) if(!$_SESSION['current']->canUnQueueApplication())
return; return;
$sUpdate = compile_update_string(array('queued' => "false", if(query_parameters("UPDATE appFamily SET queued = '?', keywords = '?' WHERE appId = '?'",
'keywords'=> str_replace(" *** ","",$this->sKeywords) )); "false", str_replace(" *** ","",$this->sKeywords), $this->iAppId))
if(query_parameters("UPDATE appFamily SET ".$sUpdate." WHERE appId = '?'",
$this->iAppId))
{ {
$this->sQueued = 'false'; $this->sQueued = 'false';
// we send an e-mail to intersted people // we send an e-mail to intersted people
@@ -281,9 +273,8 @@ class Application {
if(!$this->sQueued == 'true') if(!$this->sQueued == 'true')
return false; return false;
$sUpdate = compile_update_string(array('queued' => "rejected")); if(query_parameters("UPDATE appFamily SET queued = '?' WHERE appId = '?'",
if(query_parameters("UPDATE appFamily SET ".$sUpdate." WHERE appId = '?'", "rejected", $this->iAppId))
$this->iAppId))
{ {
$this->sQueued = 'rejected'; $this->sQueued = 'rejected';
// we send an e-mail to intersted people // we send an e-mail to intersted people
@@ -299,9 +290,8 @@ class Application {
if(!$_SESSION['current']->canRequeueApplication($this)) if(!$_SESSION['current']->canRequeueApplication($this))
return false; return false;
$sUpdate = compile_update_string(array('queued' => "true")); if(query_parameters("UPDATE appFamily SET queued = '?' WHERE appId = '?'",
if(query_parameters("UPDATE appFamily SET ".$sUpdate." WHERE appId = '?'", "true", $this->iAppId))
$this->iAppId))
{ {
$this->sQueued = 'true'; $this->sQueued = 'true';
// we send an e-mail to intersted people // we send an e-mail to intersted people

5
include/bugs.php
View File

@@ -175,9 +175,8 @@ class Bug {
if(!$this->bQueued) if(!$this->bQueued)
return false; return false;
$sUpdate = compile_update_string(array('queued' => "false")); if(query_parameters("UPDATE buglinks SET queued = '?' WHERE linkId='?'",
if(query_parameters("UPDATE buglinks SET ".$sUpdate." WHERE linkId='?'", "false", $this->iLinkId))
$this->iLinkId))
{ {
$this->bQueued = false; $this->bQueued = false;
// we send an e-mail to intersted people // we send an e-mail to intersted people

29
include/db.php
View File

@@ -112,33 +112,4 @@ function query_error($sQuery, $sComment="")
addmsg($sStatusMessage, "red"); addmsg($sStatusMessage, "red");
} }
/**
* Expects an array in this form:
* $aFoo['field'] = 'value';
*
* Returns a string ready to be put in a query like this
* $sQuery = "UPDATE `foo` $sReturn";
*
* Values are mysql_real_escape_string()'ed.
*/
function compile_update_string($aData)
{
global $hAppdbLink;
if(!is_resource($hAppdbLink))
{
// The last argument makes sure we are really opening a new connection
$hAppdbLink = mysql_connect(APPS_DBHOST, APPS_DBUSER, APPS_DBPASS,true);
mysql_select_db(APPS_DB, $hAppdbLink);
}
foreach ($aData as $k => $v)
{
$return .= "`$k`='".mysql_real_escape_string($v)."',";
}
$return = preg_replace( "/,$/" , "" , $return );
return $return;
}
?> ?>

6
include/distributions.php
View File

@@ -123,10 +123,8 @@ class distribution{
{ {
return; return;
} }
$sUpdate = compile_update_string(array( 'name' => $this->sName, if(query_parameters("UPDATE distributions SET name = '?', url = '?' WHERE distributionId = '?'",
'url' => $this->sUrl )); $this->sName, $this->sUrl, $this->iDistributionId))
if(query_parameters("UPDATE distributions SET ".$sUpdate." WHERE distributionId = '?'",
$this->iDistributionId))
{ {
$this->SendNotificationMail("edit"); $this->SendNotificationMail("edit");
return true; return true;

37
include/testResults.php
View File

@@ -106,19 +106,30 @@ class testData{
return; return;
} }
$sUpdate = compile_update_string(array( 'versionId' => $this->iVersionId, if(query_parameters("UPDATE testResults SET
'whatWorks' => $this->sWhatWorks, versionId = '?',
'whatDoesnt' => $this->sWhatDoesnt, whatWorks = '?',
'whatNotTested' => $this->sWhatNotTested, whatDoesnt = '?',
'testedDate' => $this->sTestedDate, whatNotTested = '?',
'distributionId' => $this->iDistributionId, testedDate = '?',
'testedRelease' => $this->sTestedRelease, distributionId = '?',
'installs' => $this->sInstalls, testedRelease = '?',
'runs' => $this->sRuns, installs = '?',
'testedRating' => $this->sTestedRating, runs = '?',
'comments' => $this->sComments)); testedRating = '?',
comments = '?'
if(query_parameters("UPDATE testResults SET ".$sUpdate." WHERE testingId = '?'", WHERE testingId = '?'",
$this->iVersionId,
$this->sWhatWorks,
$this->sWhatDoesnt,
$this->sWhatNotTested,
$this->sTestedDate,
$this->iDistributionId,
$this->sTestedRelease,
$this->sInstalls,
$this->sRuns,
$this->sTestedRating,
$this->sComments,
$this->iTestingId)) $this->iTestingId))
{ {
if(!$bSilent) if(!$bSilent)