when converting to postgres, each mysql_real_escape_string instance had to be
changed, which was tedious. Centralizing the escape mechanism code would allow
for much easier porting, in the same way that db_query provides a lightweight
query abstraction.
---
web/html/account.php | 2 +-
web/html/addvote.php | 10 +++++-----
web/html/logout.php | 2 +-
web/html/passreset.php | 4 ++--
web/html/pkgsubmit.php | 36 ++++++++++++++++++------------------
web/html/voters.php | 2 +-
web/lib/acctfuncs.inc | 26 +++++++++++++-------------
web/lib/aur.inc | 30 ++++++++++++++++++------------
web/lib/aurjson.class.php | 8 ++++----
web/lib/pkgfuncs.inc | 12 ++++++------
web/lib/stats.inc | 2 +-
web/template/pkg_comment_form.php | 2 +-
12 files changed, 71 insertions(+), 65 deletions(-)
diff --git a/web/html/account.php b/web/html/account.php
index afb0d7c..029ae79 100644
--- a/web/html/account.php
+++ b/web/html/account.php
@@ -111,7 +111,7 @@ if (isset($_COOKIE["AURSID"])) {
$q.= "WHERE AccountTypes.ID = Users.AccountTypeID ";
$q.= "AND Users.ID = Sessions.UsersID ";
$q.= "AND Sessions.SessionID = '";
- $q.= mysql_real_escape_string($_COOKIE["AURSID"])."'";
+ $q.= db_escape($_COOKIE["AURSID"])."'";
$result = db_query($q, $dbh);
if (!mysql_num_rows($result)) {
print __("Could not retrieve information for
the specified user.");
diff --git a/web/html/addvote.php b/web/html/addvote.php
index 5936d56..e039d06 100644
--- a/web/html/addvote.php
+++ b/web/html/addvote.php
@@ -20,13 +20,13 @@ if ($atype == "Trusted User" OR $atype == "Developer") {
$error = "";
if (!empty($_POST['user'])) {
- $qcheck = "SELECT * FROM Users WHERE Username = '" .
mysql_real_escape_string($_POST['user']) . "'";
+ $qcheck = "SELECT * FROM Users WHERE Username = '" .
db_escape($_POST['user']) . "'";
$check = mysql_num_rows(db_query($qcheck, $dbh));
if ($check == 0) {
$error.= __("Username does not exist.");
} else {
- $qcheck = "SELECT * FROM TU_VoteInfo WHERE User
= '" . mysql_real_escape_string($_POST['user']) . "'";
+ $qcheck = "SELECT * FROM TU_VoteInfo WHERE User
= '" . db_escape($_POST['user']) . "'";
$qcheck.= " AND End > UNIX_TIMESTAMP()";
$check = mysql_num_rows(db_query($qcheck,
$dbh));
@@ -55,9 +55,9 @@ if ($atype == "Trusted User" OR $atype == "Developer") {
if (!empty($_POST['addVote']) && empty($error)) {
$q = "INSERT INTO TU_VoteInfo (Agenda, User, Submitted, End,
SubmitterID) VALUES ";
- $q.= "('" . mysql_real_escape_string($_POST['agenda']) . "', ";
- $q.= "'" . mysql_real_escape_string($_POST['user']) . "', ";
- $q.= "UNIX_TIMESTAMP(), UNIX_TIMESTAMP() + " .
mysql_real_escape_string($len);
+ $q.= "('" . db_escape($_POST['agenda']) . "', ";
+ $q.= "'" . db_escape($_POST['user']) . "', ";
+ $q.= "UNIX_TIMESTAMP(), UNIX_TIMESTAMP() + " . db_escape($len);
$q.= ", " . uid_from_sid($_COOKIE["AURSID"]) . ")";
db_query($q, $dbh);
diff --git a/web/html/logout.php b/web/html/logout.php
index 95cf460..ffde619 100644
--- a/web/html/logout.php
+++ b/web/html/logout.php
@@ -12,7 +12,7 @@ include_once("acctfuncs.inc"); # access AUR common
functions
if (isset($_COOKIE["AURSID"])) {
$dbh = db_connect();
$q = "DELETE FROM Sessions WHERE SessionID = '";
- $q.= mysql_real_escape_string($_COOKIE["AURSID"]) . "'";
+ $q.= db_escape($_COOKIE["AURSID"]) . "'";
db_query($q, $dbh);
# setting expiration to 1 means '1 second after midnight January 1,
1970'
setcookie("AURSID", "", 1, "/");
diff --git a/web/html/passreset.php b/web/html/passreset.php
index 2c7801d..daba63e 100644
--- a/web/html/passreset.php
+++ b/web/html/passreset.php
@@ -40,8 +40,8 @@ if (isset($_GET['resetkey'], $_POST['email'],
$_POST['password'], $_POST['confir
Salt = '$salt',
ResetKey = ''
WHERE ResetKey != ''
- AND ResetKey = '".mysql_real_escape_string($resetkey)."'
- AND Email = '".mysql_real_escape_string($email)."'";
+ AND ResetKey = '".db_escape($resetkey)."'
+ AND Email = '".db_escape($email)."'";
$result = db_query($q, $dbh);
if (!mysql_affected_rows($dbh)) {
$error = __('Invalid e-mail and reset key
combination.');
diff --git a/web/html/pkgsubmit.php b/web/html/pkgsubmit.php
index 5797626..177f5e1 100644
--- a/web/html/pkgsubmit.php
+++ b/web/html/pkgsubmit.php
@@ -294,7 +294,7 @@ if ($_COOKIE["AURSID"]):
$dbh = db_connect();
- $q = "SELECT * FROM Packages WHERE Name = '" .
mysql_real_escape_string($new_pkgbuild['pkgname']) . "'";
+ $q = "SELECT * FROM Packages WHERE Name = '" .
db_escape($new_pkgbuild['pkgname']) . "'";
$result = db_query($q, $dbh);
$pdata = mysql_fetch_assoc($result);
@@ -313,7 +313,7 @@ if ($_COOKIE["AURSID"]):
# If a new category was chosen, change it to
that
if ($_POST['category'] > 1) {
$q = sprintf( "UPDATE Packages SET
CategoryID = %d WHERE ID = %d",
-
mysql_real_escape_string($_REQUEST['category']),
+
db_escape($_REQUEST['category']),
$packageID);
db_query($q, $dbh);
@@ -321,12 +321,12 @@ if ($_COOKIE["AURSID"]):
# Update package data
$q = sprintf("UPDATE Packages SET ModifiedTS =
UNIX_TIMESTAMP(), Name = '%s', Version = '%s-%s', License = '%s', Description =
'%s', URL = '%s', OutOfDateTS = NULL, MaintainerUID = '%d' WHERE ID = %d",
-
mysql_real_escape_string($new_pkgbuild['pkgname']),
-
mysql_real_escape_string($new_pkgbuild['pkgver']),
-
mysql_real_escape_string($new_pkgbuild['pkgrel']),
-
mysql_real_escape_string($new_pkgbuild['license']),
-
mysql_real_escape_string($new_pkgbuild['pkgdesc']),
-
mysql_real_escape_string($new_pkgbuild['url']),
+ db_escape($new_pkgbuild['pkgname']),
+ db_escape($new_pkgbuild['pkgver']),
+ db_escape($new_pkgbuild['pkgrel']),
+ db_escape($new_pkgbuild['license']),
+ db_escape($new_pkgbuild['pkgdesc']),
+ db_escape($new_pkgbuild['url']),
uid_from_sid($_COOKIE["AURSID"]),
$packageID);
@@ -337,13 +337,13 @@ if ($_COOKIE["AURSID"]):
# This is a brand new package
$q = sprintf("INSERT INTO Packages (Name,
License, Version, CategoryID, Description, URL, SubmittedTS, ModifiedTS,
SubmitterUID, MaintainerUID) VALUES ('%s', '%s', '%s-%s', %d, '%s', '%s',
UNIX_TIMESTAMP(), UNIX_TIMESTAMP(), %d, %d)",
-
mysql_real_escape_string($new_pkgbuild['pkgname']),
-
mysql_real_escape_string($new_pkgbuild['license']),
-
mysql_real_escape_string($new_pkgbuild['pkgver']),
-
mysql_real_escape_string($new_pkgbuild['pkgrel']),
-
mysql_real_escape_string($_REQUEST['category']),
-
mysql_real_escape_string($new_pkgbuild['pkgdesc']),
-
mysql_real_escape_string($new_pkgbuild['url']),
+ db_escape($new_pkgbuild['pkgname']),
+ db_escape($new_pkgbuild['license']),
+ db_escape($new_pkgbuild['pkgver']),
+ db_escape($new_pkgbuild['pkgrel']),
+ db_escape($_REQUEST['category']),
+ db_escape($new_pkgbuild['pkgdesc']),
+ db_escape($new_pkgbuild['url']),
$uid,
$uid);
@@ -364,8 +364,8 @@ if ($_COOKIE["AURSID"]):
$q = sprintf("INSERT INTO PackageDepends
(PackageID, DepName, DepCondition) VALUES (%d, '%s', '%s')",
$packageID,
- mysql_real_escape_string($deppkgname),
-
mysql_real_escape_string($depcondition));
+ db_escape($deppkgname),
+ db_escape($depcondition));
db_query($q, $dbh);
}
@@ -375,7 +375,7 @@ if ($_COOKIE["AURSID"]):
foreach ($sources as $src) {
if ($src != "" ) {
$q = "INSERT INTO PackageSources
(PackageID, Source) VALUES (";
- $q .= $packageID . ", '" .
mysql_real_escape_string($src) . "')";
+ $q .= $packageID . ", '" .
db_escape($src) . "')";
db_query($q, $dbh);
}
}
diff --git a/web/html/voters.php b/web/html/voters.php
index 6a16818..384a782 100644
--- a/web/html/voters.php
+++ b/web/html/voters.php
@@ -5,7 +5,7 @@ include('pkgfuncs.inc');
function getvotes($pkgid) {
$dbh = db_connect();
- $pkgid = mysql_real_escape_string($pkgid);
+ $pkgid = db_escape($pkgid);
$result = db_query("SELECT UsersID,Username FROM PackageVotes LEFT JOIN
Users on (UsersID = ID) WHERE PackageID = $pkgid ORDER BY Username", $dbh);
return $result;
diff --git a/web/lib/acctfuncs.inc b/web/lib/acctfuncs.inc
index f07c1fc..a0efa6e 100644
--- a/web/lib/acctfuncs.inc
+++ b/web/lib/acctfuncs.inc
@@ -225,7 +225,7 @@ function
process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="",
# NOTE: a race condition exists here if we care...
#
$q = "SELECT COUNT(*) AS CNT FROM Users ";
- $q.= "WHERE Username = '".mysql_real_escape_string($U)."'";
+ $q.= "WHERE Username = '".db_escape($U)."'";
if ($TYPE == "edit") {
$q.= " AND ID != ".intval($UID);
}
@@ -243,7 +243,7 @@ function
process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="",
# NOTE: a race condition exists here if we care...
#
$q = "SELECT COUNT(*) AS CNT FROM Users ";
- $q.= "WHERE Email = '".mysql_real_escape_string($E)."'";
+ $q.= "WHERE Email = '".db_escape($E)."'";
if ($TYPE == "edit") {
$q.= " AND ID != ".intval($UID);
}
@@ -265,7 +265,7 @@ function
process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="",
# no errors, go ahead and create the unprivileged user
$salt = generate_salt();
$P = salted_hash($P, $salt);
- $escaped = array_map('mysql_real_escape_string',
+ $escaped = array_map('db_escape',
array($U, $E, $P, $salt, $R, $L, $I));
$q = "INSERT INTO Users (" .
"AccountTypeID, Suspended, Username, Email,
Passwd, Salt" .
@@ -289,7 +289,7 @@ function
process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="",
# no errors, go ahead and modify the user account
$q = "UPDATE Users SET ";
- $q.= "Username = '".mysql_real_escape_string($U)."'";
+ $q.= "Username = '".db_escape($U)."'";
if ($T) {
$q.= ", AccountTypeID = ".intval($T);
}
@@ -298,15 +298,15 @@ function
process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="",
} else {
$q.= ", Suspended = 0";
}
- $q.= ", Email = '".mysql_real_escape_string($E)."'";
+ $q.= ", Email = '".db_escape($E)."'";
if ($P) {
$salt = generate_salt();
$hash = salted_hash($P, $salt);
$q .= ", Passwd = '$hash', Salt = '$salt'";
}
- $q.= ", RealName = '".mysql_real_escape_string($R)."'";
- $q.= ", LangPreference =
'".mysql_real_escape_string($L)."'";
- $q.= ", IRCNick = '".mysql_real_escape_string($I)."'";
+ $q.= ", RealName = '".db_escape($R)."'";
+ $q.= ", LangPreference = '".db_escape($L)."'";
+ $q.= ", IRCNick = '".db_escape($I)."'";
$q.= " WHERE ID = ".intval($UID);
$result = db_query($q, $dbh);
if (!$result) {
@@ -372,19 +372,19 @@ function
search_results_page($UTYPE,$O=0,$SB="",$U="",$T="",
$search_vars[] = "S";
}
if ($U) {
- $q.= "AND Username LIKE '%".mysql_real_escape_string($U)."%' ";
+ $q.= "AND Username LIKE '%".db_escape($U)."%' ";
$search_vars[] = "U";
}
if ($E) {
- $q.= "AND Email LIKE '%".mysql_real_escape_string($E)."%' ";
+ $q.= "AND Email LIKE '%".db_escape($E)."%' ";
$search_vars[] = "E";
}
if ($R) {
- $q.= "AND RealName LIKE '%".mysql_real_escape_string($R)."%' ";
+ $q.= "AND RealName LIKE '%".db_escape($R)."%' ";
$search_vars[] = "R";
}
if ($I) {
- $q.= "AND IRCNick LIKE '%".mysql_real_escape_string($I)."%' ";
+ $q.= "AND IRCNick LIKE '%".db_escape($I)."%' ";
$search_vars[] = "I";
}
switch ($SB) {
@@ -716,7 +716,7 @@ function valid_user( $user )
if ( $user ) {
$dbh = db_connect();
$q = "SELECT ID FROM Users WHERE Username = '"
- . mysql_real_escape_string($user). "'";
+ . db_escape($user). "'";
$result = mysql_fetch_row(db_query($q, $dbh));
diff --git a/web/lib/aur.inc b/web/lib/aur.inc
index 744b31e..f0a07a7 100644
--- a/web/lib/aur.inc
+++ b/web/lib/aur.inc
@@ -26,7 +26,7 @@ function check_sid() {
#
$dbh = db_connect();
$q = "SELECT LastUpdateTS, UNIX_TIMESTAMP() FROM Sessions ";
- $q.= "WHERE SessionID = '" .
mysql_real_escape_string($_COOKIE["AURSID"]) . "'";
+ $q.= "WHERE SessionID = '" . db_escape($_COOKIE["AURSID"]) .
"'";
$result = db_query($q, $dbh);
if (mysql_num_rows($result) == 0) {
# Invalid SessionID - hacker alert!
@@ -50,7 +50,7 @@ function check_sid() {
# session id timeout was reached and they must login
again.
#
$q = "DELETE FROM Sessions WHERE SessionID = '";
- $q.= mysql_real_escape_string($_COOKIE["AURSID"]) . "'";
+ $q.= db_escape($_COOKIE["AURSID"]) . "'";
db_query($q, $dbh);
setcookie("AURSID", "", 1, "/");
@@ -66,7 +66,7 @@ function check_sid() {
# overwritten.
if ($last_update < time() + $LOGIN_TIMEOUT) {
$q = "UPDATE Sessions SET LastUpdateTS =
UNIX_TIMESTAMP() ";
- $q.= "WHERE SessionID =
'".mysql_real_escape_string($_COOKIE["AURSID"])."'";
+ $q.= "WHERE SessionID =
'".db_escape($_COOKIE["AURSID"])."'";
db_query($q, $dbh);
}
}
@@ -110,7 +110,7 @@ function username_from_id($id="") {
return "";
}
$dbh = db_connect();
- $q = "SELECT Username FROM Users WHERE ID = " .
mysql_real_escape_string($id);
+ $q = "SELECT Username FROM Users WHERE ID = " . db_escape($id);
$result = db_query($q, $dbh);
if (!$result) {
return "None";
@@ -131,7 +131,7 @@ function username_from_sid($sid="") {
$q = "SELECT Username ";
$q.= "FROM Users, Sessions ";
$q.= "WHERE Users.ID = Sessions.UsersID ";
- $q.= "AND Sessions.SessionID = '" . mysql_real_escape_string($sid) .
"'";
+ $q.= "AND Sessions.SessionID = '" . db_escape($sid) . "'";
$result = db_query($q, $dbh);
if (!$result) {
return "";
@@ -151,7 +151,7 @@ function email_from_sid($sid="") {
$q = "SELECT Email ";
$q.= "FROM Users, Sessions ";
$q.= "WHERE Users.ID = Sessions.UsersID ";
- $q.= "AND Sessions.SessionID = '" . mysql_real_escape_string($sid) .
"'";
+ $q.= "AND Sessions.SessionID = '" . db_escape($sid) . "'";
$result = db_query($q, $dbh);
if (!$result) {
return "";
@@ -173,7 +173,7 @@ function account_from_sid($sid="") {
$q.= "FROM Users, AccountTypes, Sessions ";
$q.= "WHERE Users.ID = Sessions.UsersID ";
$q.= "AND AccountTypes.ID = Users.AccountTypeID ";
- $q.= "AND Sessions.SessionID = '" . mysql_real_escape_string($sid) .
"'";
+ $q.= "AND Sessions.SessionID = '" . db_escape($sid) . "'";
$result = db_query($q, $dbh);
if (!$result) {
return "";
@@ -193,7 +193,7 @@ function uid_from_sid($sid="") {
$q = "SELECT Users.ID ";
$q.= "FROM Users, Sessions ";
$q.= "WHERE Users.ID = Sessions.UsersID ";
- $q.= "AND Sessions.SessionID = '" . mysql_real_escape_string($sid) .
"'";
+ $q.= "AND Sessions.SessionID = '" . db_escape($sid) . "'";
$result = db_query($q, $dbh);
if (!$result) {
return 0;
@@ -245,6 +245,12 @@ function db_query($query="", $db_handle="") {
return $result;
}
+# database escape abstraction, to make porting
+# to alternate databases slightly easier
+function db_escape($unescaped) {
+ return mysql_real_escape_string($unescaped);
+}
+
# set up the visitor's language
#
function set_lang() {
@@ -272,7 +278,7 @@ function set_lang() {
$q = "SELECT LangPreference FROM Users, Sessions ";
$q.= "WHERE Users.ID = Sessions.UsersID ";
$q.= "AND Sessions.SessionID = '";
- $q.= mysql_real_escape_string($_COOKIE["AURSID"])."'";
+ $q.= db_escape($_COOKIE["AURSID"])."'";
$result = db_query($q, $dbh);
if ($result) {
@@ -332,7 +338,7 @@ function can_submit_pkg($name="", $sid="") {
if (!$name || !$sid) {return 0;}
$dbh = db_connect();
$q = "SELECT MaintainerUID ";
- $q.= "FROM Packages WHERE Name = '".mysql_real_escape_string($name)."'";
+ $q.= "FROM Packages WHERE Name = '".db_escape($name)."'";
$result = db_query($q, $dbh);
if (mysql_num_rows($result) == 0) {return 1;}
$row = mysql_fetch_row($result);
@@ -403,7 +409,7 @@ function uid_from_username($username="")
return "";
}
$dbh = db_connect();
- $q = "SELECT ID FROM Users WHERE Username =
'".mysql_real_escape_string($username)
+ $q = "SELECT ID FROM Users WHERE Username = '".db_escape($username)
."'";
$result = db_query($q, $dbh);
if (!$result) {
@@ -422,7 +428,7 @@ function uid_from_email($email="")
return "";
}
$dbh = db_connect();
- $q = "SELECT ID FROM Users WHERE Email =
'".mysql_real_escape_string($email)
+ $q = "SELECT ID FROM Users WHERE Email = '".db_escape($email)
."'";
$result = db_query($q, $dbh);
if (!$result) {
diff --git a/web/lib/aurjson.class.php b/web/lib/aurjson.class.php
index 50cf6d0..6719206 100644
--- a/web/lib/aurjson.class.php
+++ b/web/lib/aurjson.class.php
@@ -136,7 +136,7 @@ class AurJSON {
if (is_numeric($arg)) {
$id_args[] = intval($arg);
} else {
- $escaped = mysql_real_escape_string($arg, $this->dbh);
+ $escaped = db_escape($arg, $this->dbh);
$name_args[] = "'" . $escaped . "'";
}
}
@@ -154,7 +154,7 @@ class AurJSON {
return $this->json_error('Query arg too small');
}
- $keyword_string = mysql_real_escape_string($keyword_string,
$this->dbh);
+ $keyword_string = db_escape($keyword_string, $this->dbh);
$keyword_string = addcslashes($keyword_string, '%_');
$where_condition = "( Name LIKE '%{$keyword_string}%' OR " .
@@ -177,7 +177,7 @@ class AurJSON {
}
else {
$where_condition = sprintf("Name=\"%s\"",
- mysql_real_escape_string($pqdata, $this->dbh));
+ db_escape($pqdata, $this->dbh));
}
return $this->process_query('info', $where_condition);
@@ -220,7 +220,7 @@ class AurJSON {
* @return mixed Returns an array of value data containing the package data
**/
private function msearch($maintainer) {
- $maintainer = mysql_real_escape_string($maintainer, $this->dbh);
+ $maintainer = db_escape($maintainer, $this->dbh);
$where_condition = "Users.Username = '{$maintainer}'";
diff --git a/web/lib/pkgfuncs.inc b/web/lib/pkgfuncs.inc
index 25a09c4..f16d2be 100644
--- a/web/lib/pkgfuncs.inc
+++ b/web/lib/pkgfuncs.inc
@@ -94,7 +94,7 @@ function package_exists($name="") {
if (!$name) {return NULL;}
$dbh = db_connect();
$q = "SELECT ID FROM Packages ";
- $q.= "WHERE Name = '".mysql_real_escape_string($name)."' ";
+ $q.= "WHERE Name = '".db_escape($name)."' ";
$result = db_query($q, $dbh);
if (!$result) {return NULL;}
$row = mysql_fetch_row($result);
@@ -127,7 +127,7 @@ function package_required($name="") {
$dbh = db_connect();
$q = "SELECT p.Name, PackageID FROM PackageDepends pd ";
$q.= "JOIN Packages p ON pd.PackageID = p.ID ";
- $q.= "WHERE DepName = '".mysql_real_escape_string($name)."' ";
+ $q.= "WHERE DepName = '".db_escape($name)."' ";
$q.= "ORDER BY p.Name";
$result = db_query($q, $dbh);
if (!$result) {return array();}
@@ -216,7 +216,7 @@ function pkgvotes_from_sid($sid="") {
$q.= "FROM PackageVotes, Users, Sessions ";
$q.= "WHERE Users.ID = Sessions.UsersID ";
$q.= "AND Users.ID = PackageVotes.UsersID ";
- $q.= "AND Sessions.SessionID = '".mysql_real_escape_string($sid)."'";
+ $q.= "AND Sessions.SessionID = '".db_escape($sid)."'";
$result = db_query($q, $dbh);
if ($result) {
while ($row = mysql_fetch_row($result)) {
@@ -237,7 +237,7 @@ function pkgnotify_from_sid($sid="") {
$q.= "FROM CommentNotify, Users, Sessions ";
$q.= "WHERE Users.ID = Sessions.UsersID ";
$q.= "AND Users.ID = CommentNotify.UserID ";
- $q.= "AND Sessions.SessionID = '".mysql_real_escape_string($sid)."'";
+ $q.= "AND Sessions.SessionID = '".db_escape($sid)."'";
$result = db_query($q, $dbh);
if ($result) {
while ($row = mysql_fetch_row($result)) {
@@ -267,7 +267,7 @@ function pkgname_from_id($pkgid=0) {
#
function pkgname_is_blacklisted($name) {
$dbh = db_connect();
- $q = "SELECT COUNT(*) FROM PackageBlacklist WHERE Name = '" .
mysql_real_escape_string($name) . "'";
+ $q = "SELECT COUNT(*) FROM PackageBlacklist WHERE Name = '" .
db_escape($name) . "'";
$result = db_query($q, $dbh);
if (!$result) return false;
@@ -432,7 +432,7 @@ function pkg_search_page($SID="") {
}
if (isset($_GET['K'])) {
- $_GET['K'] = mysql_real_escape_string(trim($_GET['K']));
+ $_GET['K'] = db_escape(trim($_GET['K']));
# Search by maintainer
if (isset($_GET["SeB"]) && $_GET["SeB"] == "m") {
diff --git a/web/lib/stats.inc b/web/lib/stats.inc
index 75b2537..b825b2e 100644
--- a/web/lib/stats.inc
+++ b/web/lib/stats.inc
@@ -53,7 +53,7 @@ function updates_table($dbh)
function user_table($user, $dbh)
{
global $apc_prefix;
- $escuser = mysql_real_escape_string($user);
+ $escuser = db_escape($user);
$base_q = "SELECT count(*) FROM Packages,Users WHERE
Packages.MaintainerUID = Users.ID AND Users.Username='" . $escuser . "'";
$maintainer_unsupported_count = db_cache_value($base_q, $dbh,
diff --git a/web/template/pkg_comment_form.php
b/web/template/pkg_comment_form.php
index e52c92d..eab32b4 100644
--- a/web/template/pkg_comment_form.php
+++ b/web/template/pkg_comment_form.php
@@ -7,7 +7,7 @@ if (isset($_REQUEST['comment'])) {
$q = 'INSERT INTO PackageComments ';
$q.= '(PackageID, UsersID, Comments, CommentTS) VALUES (';
$q.= intval($_REQUEST['ID']) . ', ' . uid_from_sid($_COOKIE['AURSID'])
. ', ';
- $q.= "'" . mysql_real_escape_string($_REQUEST['comment']) . "', ";
+ $q.= "'" . db_escape($_REQUEST['comment']) . "', ";
$q.= 'UNIX_TIMESTAMP())';
db_query($q, $dbh);
--
1.7.4.1
