qemudb

Archived

Author	SHA1	Message	Date
Jonathan Ernst	735a2bc65f	Prefix all GPC variables according to our coding standard	2006-07-06 17:27:54 +00:00
Chris Morgan	fad9278013	Stop using compile_update_string(). compile_update_string() can be passed a value that includes a character considered special by query_parameters(). We then use the output from compile_update_string() as a part of the first parameter to query_parameters(), the format string. Having extra special characters causes a token mismatch and query_parameters() will reject the queries entirely. Remove now unused compile_update_string().	2006-07-04 03:43:06 +00:00
Chris Morgan	245a6b993e	Cleanup User class. Move user related functions into class as static member functions	2006-06-29 15:54:29 +00:00
Chris Morgan	e3f9e5371a	Use query_parameters() in SQL select, update and delete statements to protect against sql injection attacks	2006-06-27 19:16:27 +00:00
Chris Morgan	ac5b4b0a95	Warn if magic quotes is enabled and explain a bit about why we require that magic quotes be disabled. Also remove all of the conditional code that was working around cases where we had magic quotes enabled. We were only working around a small portion of cases where magic quotes was affecting the appdb.	2006-06-26 00:44:44 +00:00
Chris Morgan	fb0f3b5dd3	Protect against sql injection attacks in sql INSERT statements	2006-06-24 04:20:32 +00:00
Chris Morgan	67550405c3	Make code more consistent by making it follow the appdb coding standards. Fix some spaces vs. tabs odd indenting.	2006-06-21 01:04:12 +00:00
EA Durbin	f982c8459e	Filter all user input to reduce the security impact of manipulated data	2006-06-17 06:10:10 +00:00
WineHQ	8f65897592	Chris Morgan Only display testing results for applications that are not currently queued if the user isn't an admin.	2006-01-14 03:30:35 +00:00
Tony Lambregts	ba6e92d184	Lets users submit application testing results in a uniform and easy to process manner	2005-10-17 03:59:24 +00:00

10 Commits