mirror of
https://github.com/phpbb/phpbb.git
synced 2025-05-06 07:35:29 +02:00
[Change] Remove NUL-Bytes directly in request_var() for strings and within the custom DBAL sql_escape() functions (MSSQL, Firebird, Oracle) (reported by AdhostMikeSw)
git-svn-id: file:///svn/phpbb/trunk@8968 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Meik Sievertsen
parent
8f2b4562b1
commit
9a7804cb71
@ -351,7 +351,7 @@ class dbal_firebird extends dbal
|
|||||||
*/
|
*/
|
||||||
function sql_escape($msg)
|
function sql_escape($msg)
|
||||||
{
|
{
|
||||||
return str_replace("'", "''", $msg);
|
return str_replace(array("'", "\0"), array("''", ''), $msg);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|||||||
@ -302,7 +302,7 @@ class dbal_mssql extends dbal
|
|||||||
*/
|
*/
|
||||||
function sql_escape($msg)
|
function sql_escape($msg)
|
||||||
{
|
{
|
||||||
return str_replace("'", "''", $msg);
|
return str_replace(array("'", "\0"), array("''", ''), $msg);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|||||||
@ -312,7 +312,7 @@ class dbal_mssql_odbc extends dbal
|
|||||||
*/
|
*/
|
||||||
function sql_escape($msg)
|
function sql_escape($msg)
|
||||||
{
|
{
|
||||||
return str_replace("'", "''", $msg);
|
return str_replace(array("'", "\0"), array("''", ''), $msg);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|||||||
@ -515,7 +515,7 @@ class dbal_oracle extends dbal
|
|||||||
*/
|
*/
|
||||||
function sql_escape($msg)
|
function sql_escape($msg)
|
||||||
{
|
{
|
||||||
return str_replace("'", "''", $msg);
|
return str_replace(array("'", "\0"), array("''", ''), $msg);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|||||||
@ -32,7 +32,7 @@ function set_var(&$result, $var, $type, $multibyte = false)
|
|||||||
|
|
||||||
if ($type == 'string')
|
if ($type == 'string')
|
||||||
{
|
{
|
||||||
$result = trim(htmlspecialchars(str_replace(array("\r\n", "\r"), array("\n", "\n"), $result), ENT_COMPAT, 'UTF-8'));
|
$result = trim(htmlspecialchars(str_replace(array("\r\n", "\r", "\0"), array("\n", "\n", ''), $result), ENT_COMPAT, 'UTF-8'));
|
||||||
|
|
||||||
if (!empty($result))
|
if (!empty($result))
|
||||||
{
|
{
|
||||||
|
|||||||
@ -1339,12 +1339,17 @@ function submit_pm($mode, $subject, &$data, $put_in_outbox = true)
|
|||||||
|
|
||||||
if (isset($data['address_list']['g']) && sizeof($data['address_list']['g']))
|
if (isset($data['address_list']['g']) && sizeof($data['address_list']['g']))
|
||||||
{
|
{
|
||||||
|
// We need to check the PM status of group members (do they want to receive PM's?)
|
||||||
|
// Only check if not a moderator or admin, since they are allowed to override this user setting
|
||||||
|
$sql_allow_pm = (!$auth->acl_gets('a_', 'm_') && !$auth->acl_getf_global('m_')) ? ' AND u.user_allow_pm = 1' : '';
|
||||||
|
|
||||||
$sql = 'SELECT u.user_type, ug.group_id, ug.user_id
|
$sql = 'SELECT u.user_type, ug.group_id, ug.user_id
|
||||||
FROM ' . USERS_TABLE . ' u, ' . USER_GROUP_TABLE . ' ug
|
FROM ' . USERS_TABLE . ' u, ' . USER_GROUP_TABLE . ' ug
|
||||||
WHERE ' . $db->sql_in_set('ug.group_id', array_keys($data['address_list']['g'])) . '
|
WHERE ' . $db->sql_in_set('ug.group_id', array_keys($data['address_list']['g'])) . '
|
||||||
AND ug.user_pending = 0
|
AND ug.user_pending = 0
|
||||||
AND u.user_id = ug.user_id
|
AND u.user_id = ug.user_id
|
||||||
AND u.user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ')';
|
AND u.user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ')' .
|
||||||
|
$sql_allow_pm;
|
||||||
$result = $db->sql_query($sql);
|
$result = $db->sql_query($sql);
|
||||||
|
|
||||||
while ($row = $db->sql_fetchrow($result))
|
while ($row = $db->sql_fetchrow($result))
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user