[Change] Remove NUL-Bytes directly in request_var() for strings and within the custom DBAL sql_escape() functions (MSSQL, Firebird, Oracle) (reported by AdhostMikeSw)

git-svn-id: file:///svn/phpbb/trunk@8968 89ea8834-ac86-4346-8a33-228a782c2dd0
2025-05-05 23:25:30 +02:00 · 2008-10-02 12:05:13 +00:00 · 2008-10-02 12:05:13 +00:00 · 9a7804cb71
commit 9a7804cb71
parent 8f2b4562b1
6 changed files with 11 additions and 6 deletions
--- a/phpBB/includes/db/firebird.php
+++ b/phpBB/includes/db/firebird.php
@ -351,7 +351,7 @@ class dbal_firebird extends dbal
 	*/
 	function sql_escape($msg)
 	{
-		return str_replace("'", "''", $msg);
+		return str_replace(array("'", "\0"), array("''", ''), $msg);
 	}

 	/**
--- a/phpBB/includes/db/mssql.php
+++ b/phpBB/includes/db/mssql.php
@ -302,7 +302,7 @@ class dbal_mssql extends dbal
 	*/
 	function sql_escape($msg)
 	{
-		return str_replace("'", "''", $msg);
+		return str_replace(array("'", "\0"), array("''", ''), $msg);
 	}

 	/**
--- a/phpBB/includes/db/mssql_odbc.php
+++ b/phpBB/includes/db/mssql_odbc.php
@ -312,7 +312,7 @@ class dbal_mssql_odbc extends dbal
 	*/
 	function sql_escape($msg)
 	{
-		return str_replace("'", "''", $msg);
+		return str_replace(array("'", "\0"), array("''", ''), $msg);
 	}

 	/**
--- a/phpBB/includes/db/oracle.php
+++ b/phpBB/includes/db/oracle.php
@ -515,7 +515,7 @@ class dbal_oracle extends dbal
 	*/
 	function sql_escape($msg)
 	{
-		return str_replace("'", "''", $msg);
+		return str_replace(array("'", "\0"), array("''", ''), $msg);
 	}

 	/**
--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@ -32,7 +32,7 @@ function set_var(&$result, $var, $type, $multibyte = false)

 	if ($type == 'string')
 	{
-		$result = trim(htmlspecialchars(str_replace(array("\r\n", "\r"), array("\n", "\n"), $result), ENT_COMPAT, 'UTF-8'));
+		$result = trim(htmlspecialchars(str_replace(array("\r\n", "\r", "\0"), array("\n", "\n", ''), $result), ENT_COMPAT, 'UTF-8'));

 		if (!empty($result))
 		{
--- a/phpBB/includes/functions_privmsgs.php
+++ b/phpBB/includes/functions_privmsgs.php
@ -1339,12 +1339,17 @@ function submit_pm($mode, $subject, &$data, $put_in_outbox = true)

 		if (isset($data['address_list']['g']) && sizeof($data['address_list']['g']))
 		{
+			// We need to check the PM status of group members (do they want to receive PM's?)
+			// Only check if not a moderator or admin, since they are allowed to override this user setting
+			$sql_allow_pm = (!$auth->acl_gets('a_', 'm_') && !$auth->acl_getf_global('m_')) ? ' AND u.user_allow_pm = 1' : '';
+
 			$sql = 'SELECT u.user_type, ug.group_id, ug.user_id
 				FROM ' . USERS_TABLE . ' u, ' . USER_GROUP_TABLE . ' ug
 				WHERE ' . $db->sql_in_set('ug.group_id', array_keys($data['address_list']['g'])) . '
 					AND ug.user_pending = 0
 					AND u.user_id = ug.user_id
-					AND u.user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ')';
+					AND u.user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ')' . 
+					$sql_allow_pm;
 			$result = $db->sql_query($sql);

 			while ($row = $db->sql_fetchrow($result))