From 9a7804cb717850afe209c347b05b957b72d866fb Mon Sep 17 00:00:00 2001 From: Meik Sievertsen Date: Thu, 2 Oct 2008 12:05:13 +0000 Subject: [PATCH] [Change] Remove NUL-Bytes directly in request_var() for strings and within the custom DBAL sql_escape() functions (MSSQL, Firebird, Oracle) (reported by AdhostMikeSw) git-svn-id: file:///svn/phpbb/trunk@8968 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/db/firebird.php | 2 +- phpBB/includes/db/mssql.php | 2 +- phpBB/includes/db/mssql_odbc.php | 2 +- phpBB/includes/db/oracle.php | 2 +- phpBB/includes/functions.php | 2 +- phpBB/includes/functions_privmsgs.php | 7 ++++++- 6 files changed, 11 insertions(+), 6 deletions(-) diff --git a/phpBB/includes/db/firebird.php b/phpBB/includes/db/firebird.php index 2f577244eb..f39db15d0d 100644 --- a/phpBB/includes/db/firebird.php +++ b/phpBB/includes/db/firebird.php @@ -351,7 +351,7 @@ class dbal_firebird extends dbal */ function sql_escape($msg) { - return str_replace("'", "''", $msg); + return str_replace(array("'", "\0"), array("''", ''), $msg); } /** diff --git a/phpBB/includes/db/mssql.php b/phpBB/includes/db/mssql.php index 84e356efdd..32ab1597c7 100644 --- a/phpBB/includes/db/mssql.php +++ b/phpBB/includes/db/mssql.php @@ -302,7 +302,7 @@ class dbal_mssql extends dbal */ function sql_escape($msg) { - return str_replace("'", "''", $msg); + return str_replace(array("'", "\0"), array("''", ''), $msg); } /** diff --git a/phpBB/includes/db/mssql_odbc.php b/phpBB/includes/db/mssql_odbc.php index af13c2dc70..e2416ee951 100644 --- a/phpBB/includes/db/mssql_odbc.php +++ b/phpBB/includes/db/mssql_odbc.php @@ -312,7 +312,7 @@ class dbal_mssql_odbc extends dbal */ function sql_escape($msg) { - return str_replace("'", "''", $msg); + return str_replace(array("'", "\0"), array("''", ''), $msg); } /** diff --git a/phpBB/includes/db/oracle.php b/phpBB/includes/db/oracle.php index e0b04f4ce7..6329652f96 100644 --- a/phpBB/includes/db/oracle.php +++ b/phpBB/includes/db/oracle.php @@ -515,7 +515,7 @@ class dbal_oracle extends dbal */ function sql_escape($msg) { - return str_replace("'", "''", $msg); + return str_replace(array("'", "\0"), array("''", ''), $msg); } /** diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index ca8e71906a..7bfbda394b 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -32,7 +32,7 @@ function set_var(&$result, $var, $type, $multibyte = false) if ($type == 'string') { - $result = trim(htmlspecialchars(str_replace(array("\r\n", "\r"), array("\n", "\n"), $result), ENT_COMPAT, 'UTF-8')); + $result = trim(htmlspecialchars(str_replace(array("\r\n", "\r", "\0"), array("\n", "\n", ''), $result), ENT_COMPAT, 'UTF-8')); if (!empty($result)) { diff --git a/phpBB/includes/functions_privmsgs.php b/phpBB/includes/functions_privmsgs.php index f0c0a566de..577e9954aa 100644 --- a/phpBB/includes/functions_privmsgs.php +++ b/phpBB/includes/functions_privmsgs.php @@ -1339,12 +1339,17 @@ function submit_pm($mode, $subject, &$data, $put_in_outbox = true) if (isset($data['address_list']['g']) && sizeof($data['address_list']['g'])) { + // We need to check the PM status of group members (do they want to receive PM's?) + // Only check if not a moderator or admin, since they are allowed to override this user setting + $sql_allow_pm = (!$auth->acl_gets('a_', 'm_') && !$auth->acl_getf_global('m_')) ? ' AND u.user_allow_pm = 1' : ''; + $sql = 'SELECT u.user_type, ug.group_id, ug.user_id FROM ' . USERS_TABLE . ' u, ' . USER_GROUP_TABLE . ' ug WHERE ' . $db->sql_in_set('ug.group_id', array_keys($data['address_list']['g'])) . ' AND ug.user_pending = 0 AND u.user_id = ug.user_id - AND u.user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ')'; + AND u.user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ')' . + $sql_allow_pm; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result))