[geeklog-hg] geeklog: Fixed a bug where you couldn't install with PostgreSQL ...
geeklog-cvs at lists.geeklog.net
geeklog-cvs at lists.geeklog.net
Sat Jan 26 06:19:42 EST 2013
changeset 8932:a4b7551f164c
url: http://project.geeklog.net/cgi-bin/hgwebdir.cgi/geeklog/rev/a4b7551f164c
user: Kenji ITO <mystralkk at gmail.com>
date: Sat Jan 26 20:16:41 2013 +0900
description:
Fixed a bug where you couldn't install with PostgreSQL (bug #0001546, bug #0001547)
diffstat:
plugins/calendar/functions.inc | 28 +++++++++---------
plugins/calendar/sql/mssql_updates.php | 4 +-
plugins/calendar/sql/mysql_updates.php | 4 +-
plugins/links/functions.inc | 30 ++++++++++----------
plugins/links/sql/mssql_updates.php | 4 +-
plugins/links/sql/mysql_updates.php | 4 +-
plugins/links/sql/pgsql_updates.php | 4 +-
plugins/polls/functions.inc | 2 +-
plugins/polls/sql/mysql_updates.php | 2 +-
plugins/spamx/EditBlackList.Admin.class.php | 6 ++--
plugins/spamx/EditHeader.Admin.class.php | 4 +-
plugins/spamx/EditIP.Admin.class.php | 4 +-
plugins/spamx/EditIPofURL.Admin.class.php | 4 +-
plugins/spamx/EditSFS.Admin.class.php | 4 +-
plugins/spamx/SLVwhitelist.Admin.class.php | 4 +-
plugins/spamx/functions.inc | 8 ++--
plugins/staticpages/functions.inc | 4 +-
plugins/staticpages/services.inc.php | 16 +++++-----
plugins/xmlsitemap/functions.inc | 2 +-
plugins/xmlsitemap/sql/mssql_install.php | 4 +-
plugins/xmlsitemap/sql/mysql_install.php | 4 +-
plugins/xmlsitemap/sql/pgsql_install.php | 4 +-
public_html/admin/block.php | 8 ++--
public_html/admin/group.php | 2 +-
public_html/admin/install/index.php | 4 +-
public_html/admin/install/lib-install.php | 10 +++---
public_html/admin/install/lib-upgrade.php | 10 +++---
public_html/admin/install/migrate.php | 4 +-
public_html/admin/moderation.php | 8 ++--
public_html/admin/plugins.php | 10 +++---
public_html/admin/plugins/calendar/index.php | 18 ++++++------
public_html/admin/plugins/links/category.php | 22 +++++++-------
public_html/admin/plugins/links/index.php | 10 +++---
public_html/admin/plugins/polls/index.php | 18 ++++++------
public_html/admin/plugins/staticpages/index.php | 2 +-
public_html/admin/syndication.php | 2 +-
public_html/admin/topic.php | 10 +++---
public_html/admin/trackback.php | 8 ++--
public_html/admin/user.php | 16 +++++-----
public_html/article.php | 2 +-
public_html/directory.php | 2 +-
public_html/index.php | 2 +-
public_html/lib-common.php | 24 ++++++++--------
public_html/links/index.php | 10 +++---
public_html/pingback.php | 4 +-
public_html/trackback.php | 2 +-
public_html/users.php | 8 ++--
public_html/usersettings.php | 36 ++++++++++++------------
sql/pgsql_tableanddata.php | 8 ++--
sql/updates/mssql_1.5.2_to_1.6.0.php | 2 +-
sql/updates/mssql_1.6.0_to_1.6.1.php | 2 +-
sql/updates/mysql_1.5.2_to_1.6.0.php | 2 +-
sql/updates/mysql_1.6.0_to_1.6.1.php | 2 +-
system/classes/config.class.php | 28 +++++++++---------
system/classes/oauth/facebook.auth.class.php | 2 +-
system/classes/oauth/linkedin.auth.class.php | 2 +-
system/classes/oauth/twitter.auth.class.php | 2 +-
system/classes/oauthhelper.class.php | 10 +++---
system/classes/openidhelper.class.php | 2 +-
system/classes/sanitize.class.php | 10 +++---
system/classes/search.class.php | 4 +-
system/classes/story.class.php | 26 +++++++++---------
system/lib-admin.php | 4 +-
system/lib-comment.php | 22 +++++++-------
system/lib-custom.php.dist | 8 ++--
system/lib-security.php | 6 ++--
system/lib-story.php | 2 +-
system/lib-trackback.php | 14 ++++----
system/lib-user.php | 16 +++++-----
system/lib-webservices.php | 2 +-
70 files changed, 289 insertions(+), 289 deletions(-)
diffs (truncated from 2129 to 300 lines):
diff -r b98a0ceb59f5 -r a4b7551f164c plugins/calendar/functions.inc
--- a/plugins/calendar/functions.inc Sat Jan 26 14:01:25 2013 +0900
+++ b/plugins/calendar/functions.inc Sat Jan 26 20:16:41 2013 +0900
@@ -520,23 +520,23 @@
// Remove any autotags the user doesn't have permission to use
$A['description'] = PLG_replaceTags($A['description'], '', true);
- $A['description'] = addslashes (htmlspecialchars (COM_checkWords ($A['description'])));
- $A['address1'] = addslashes (strip_tags (COM_checkWords ($A['address1'])));
- $A['address2'] = addslashes (strip_tags (COM_checkWords ($A['address2'])));
- $A['city'] = addslashes (strip_tags (COM_checkWords ($A['city'])));
- $A['zipcode'] = addslashes (strip_tags (COM_checkWords ($A['zipcode'])));
- $A['state'] = addslashes (strip_tags (COM_checkWords ($A['state'])));
- $A['location'] = addslashes (strip_tags (COM_checkWords ($A['location'])));
- $A['event_type'] = addslashes (strip_tags (COM_checkWords ($A['event_type'])));
- $A['title'] = addslashes ($A['title']);
+ $A['description'] = DB_escapeString(htmlspecialchars (COM_checkWords ($A['description'])));
+ $A['address1'] = DB_escapeString(strip_tags (COM_checkWords ($A['address1'])));
+ $A['address2'] = DB_escapeString(strip_tags (COM_checkWords ($A['address2'])));
+ $A['city'] = DB_escapeString(strip_tags (COM_checkWords ($A['city'])));
+ $A['zipcode'] = DB_escapeString(strip_tags (COM_checkWords ($A['zipcode'])));
+ $A['state'] = DB_escapeString(strip_tags (COM_checkWords ($A['state'])));
+ $A['location'] = DB_escapeString(strip_tags (COM_checkWords ($A['location'])));
+ $A['event_type'] = DB_escapeString(strip_tags (COM_checkWords ($A['event_type'])));
+ $A['title'] = DB_escapeString($A['title']);
- $A['url'] = addslashes(COM_sanitizeUrl($A['url']));
+ $A['url'] = DB_escapeString(COM_sanitizeUrl($A['url']));
if (!empty ($A['eid'])) {
- $A['eid'] = addslashes (COM_applyFilter ($A['eid']));
+ $A['eid'] = DB_escapeString(COM_applyFilter ($A['eid']));
}
if (empty ($A['eid'])) {
- $A['eid'] = addslashes (COM_makeSid ());
+ $A['eid'] = DB_escapeString(COM_makeSid ());
}
COM_updateSpeedlimit ('submit');
@@ -1802,7 +1802,7 @@
global $_TABLES, $_USER, $LANG_CAL_1;
// Make sure the query is SQL safe
- $query = trim(addslashes($query));
+ $query = trim(DB_escapeString($query));
if (COM_isAnonUser()) {
$uid = 1;
@@ -2022,7 +2022,7 @@
$where = '';
$permOp = 'WHERE';
} else {
- $where = " WHERE eid = '" . addslashes($eid) . "'";
+ $where = " WHERE eid = '" . DB_escapeString($eid) . "'";
$permOp = 'AND';
}
if ($uid > 0) {
diff -r b98a0ceb59f5 -r a4b7551f164c plugins/calendar/sql/mssql_updates.php
--- a/plugins/calendar/sql/mssql_updates.php Sat Jan 26 14:01:25 2013 +0900
+++ b/plugins/calendar/sql/mssql_updates.php Sat Jan 26 20:16:41 2013 +0900
@@ -77,8 +77,8 @@
foreach ($_STATES as $key => $state) {
foreach ($tables as $table) {
- DB_change($table, 'state', addslashes($state),
- 'state', addslashes($key));
+ DB_change($table, 'state', DB_escapeString($state),
+ 'state', DB_escapeString($key));
}
}
}
diff -r b98a0ceb59f5 -r a4b7551f164c plugins/calendar/sql/mysql_updates.php
--- a/plugins/calendar/sql/mysql_updates.php Sat Jan 26 14:01:25 2013 +0900
+++ b/plugins/calendar/sql/mysql_updates.php Sat Jan 26 20:16:41 2013 +0900
@@ -77,8 +77,8 @@
foreach ($_STATES as $key => $state) {
foreach ($tables as $table) {
- DB_change($table, 'state', addslashes($state),
- 'state', addslashes($key));
+ DB_change($table, 'state', DB_escapeString($state),
+ 'state', DB_escapeString($key));
}
}
}
diff -r b98a0ceb59f5 -r a4b7551f164c plugins/links/functions.inc
--- a/plugins/links/functions.inc Sat Jan 26 14:01:25 2013 +0900
+++ b/plugins/links/functions.inc Sat Jan 26 20:16:41 2013 +0900
@@ -397,7 +397,7 @@
global $_TABLES, $LANG_LINKS,$_DB_dbms;
// Make sure the query is SQL safe
- $query = trim(addslashes($query));
+ $query = trim(DB_escapeString($query));
$sql = "SELECT lid AS id, title, description, UNIX_TIMESTAMP(date) AS date, owner_id AS uid, hits, CONCAT('/links/portal.php?what=link&item=', lid) AS url ";
$sql .= "FROM {$_TABLES['links']} WHERE date";
@@ -584,7 +584,7 @@
global $_DB_dbms;
$where = '';
if ($cid != 'all') {
- $where = "cid='" . addslashes($cid) . "'";
+ $where = "cid='" . DB_escapeString($cid) . "'";
}
$limitsql = '';
@@ -1072,7 +1072,7 @@
$validcat = false;
if (!empty($A['cid'])) {
- $cid = addslashes($A['cid']);
+ $cid = DB_escapeString($A['cid']);
$cat = DB_getItem($_TABLES['linkcategories'], 'category',
"cid = '$cid'");
if (!empty($cat)) {
@@ -1090,13 +1090,13 @@
return $retval;
}
- $A['cid'] = addslashes($A['cid']);
+ $A['cid'] = DB_escapeString($A['cid']);
// Remove any autotags the user doesn't have permission to use
$A['description'] = PLG_replaceTags($A['description'], '', true);
- $A['description'] = addslashes(htmlspecialchars(COM_checkWords($A['description'])));
- $A['title'] = addslashes(strip_tags(COM_checkWords($A['title'])));
- $A['url'] = addslashes(COM_sanitizeUrl($A['url']));
- $A['lid'] = addslashes(COM_makeSid());
+ $A['description'] = DB_escapeString(htmlspecialchars(COM_checkWords($A['description'])));
+ $A['title'] = DB_escapeString(strip_tags(COM_checkWords($A['title'])));
+ $A['url'] = DB_escapeString(COM_sanitizeUrl($A['url']));
+ $A['lid'] = DB_escapeString(COM_makeSid());
COM_updateSpeedlimit('submit');
if (COM_isAnonUser()) {
@@ -1427,7 +1427,7 @@
{
global $_CONF, $_TABLES;
- $cat = addslashes($cid);
+ $cat = DB_escapeString($cid);
$sql = "SELECT cid,category
FROM {$_TABLES['linkcategories']}
WHERE (pid='{$cat}') " . COM_getPermSQL('AND', 0, $access) . "
@@ -1446,7 +1446,7 @@
. $indent . $category . '</option>';
}
// Check and see if this category has any sub categories
- if (DB_count($_TABLES['linkcategories'], 'pid', addslashes($cid)) > 0) {
+ if (DB_count($_TABLES['linkcategories'], 'pid', DB_escapeString($cid)) > 0) {
// yes, call self
$dum = links_select_box_recursive ($menu, $cid, $sel,
$indent . ' ', $access);
@@ -1470,7 +1470,7 @@
$breadcrumb = '';
$separator = ' > ';
- $cat = addslashes($cid);
+ $cat = DB_escapeString($cid);
$c = $cid;
$pid = '';
if ($root != $cid) {
@@ -1488,7 +1488,7 @@
}
$pid = $A['pid'];
$c = $A['pid'];
- $cat = addslashes($c);
+ $cat = DB_escapeString($c);
}
}
@@ -1524,7 +1524,7 @@
$retval = '';
if (!empty($topic)) {
- $tid = addslashes($topic);
+ $tid = DB_escapeString($topic);
$topic_sql = "(c.tid='{$tid}' OR c.tid='" . TOPIC_ALL_OPTION . "') ";
} else {
$topic_sql = "(c.tid='" . TOPIC_ALL_OPTION . "') ";
@@ -1560,7 +1560,7 @@
$retval = '';
if (!empty($topic)) {
- $tid = addslashes($topic);
+ $tid = DB_escapeString($topic);
$topic_sql = "(tid='{$tid}' OR tid='" . TOPIC_ALL_OPTION . "') ";
} else {
$topic_sql = "(tid='" . TOPIC_ALL_OPTION . "') ";
@@ -1639,7 +1639,7 @@
$where = '';
$permOp = 'WHERE';
} else {
- $where = " WHERE lid = '" . addslashes($lid) . "'";
+ $where = " WHERE lid = '" . DB_escapeString($lid) . "'";
$permOp = 'AND';
}
if ($uid > 0) {
diff -r b98a0ceb59f5 -r a4b7551f164c plugins/links/sql/mssql_updates.php
--- a/plugins/links/sql/mssql_updates.php Sat Jan 26 14:01:25 2013 +0900
+++ b/plugins/links/sql/mssql_updates.php Sat Jan 26 20:16:41 2013 +0900
@@ -88,7 +88,7 @@
if (empty($_LI_CONF['root'])) {
$_LI_CONF['root'] = 'site';
}
- $root = addslashes($_LI_CONF['root']);
+ $root = DB_escapeString($_LI_CONF['root']);
DB_query("INSERT INTO {$_TABLES['linkcategories']} (cid, pid, category, description, tid, created, modified, group_id, owner_id, perm_owner, perm_group, perm_members, perm_anon) VALUES ('{$root}', 'root', 'Root', 'Website root', NULL, NOW(), NOW(), 5, 2, 3, 3, 2, 2)");
@@ -102,7 +102,7 @@
for ($i = 0; $i < $nrows; $i++) {
$A = DB_fetchArray($result);
- $category = addslashes($A['category']);
+ $category = DB_escapeString($A['category']);
$cid = $category;
$sql = "INSERT INTO {$_TABLES['linkcategories']} (cid,pid,category,description,tid,owner_id,group_id,created,modified, perm_owner, perm_group, perm_members, perm_anon) VALUES ('{$cid}','{$root}','{$category}','{$category}','all',2,'{$group_id}',NOW(),NOW(), 3, 3, 2, 2)";
DB_query($sql,0);
diff -r b98a0ceb59f5 -r a4b7551f164c plugins/links/sql/mysql_updates.php
--- a/plugins/links/sql/mysql_updates.php Sat Jan 26 14:01:25 2013 +0900
+++ b/plugins/links/sql/mysql_updates.php Sat Jan 26 20:16:41 2013 +0900
@@ -83,7 +83,7 @@
if (empty($_LI_CONF['root'])) {
$_LI_CONF['root'] = 'site';
}
- $root = addslashes($_LI_CONF['root']);
+ $root = DB_escapeString($_LI_CONF['root']);
DB_query("INSERT INTO {$_TABLES['linkcategories']} (cid, pid, category, description, tid, created, modified, group_id, owner_id, perm_owner, perm_group, perm_members, perm_anon) VALUES ('{$root}', 'root', 'Root', 'Website root', NULL, NOW(), NOW(), 5, 2, 3, 3, 2, 2)");
@@ -97,7 +97,7 @@
for ($i = 0; $i < $nrows; $i++) {
$A = DB_fetchArray($result);
- $category = addslashes($A['category']);
+ $category = DB_escapeString($A['category']);
$cid = $category;
DB_query("INSERT INTO {$_TABLES['linkcategories']} (cid,pid,category,description,tid,owner_id,group_id,created,modified) VALUES ('{$cid}','{$root}','{$category}','{$category}','all',2,'{$group_id}',NOW(),NOW())",1);
if ($cid != $category) { // still experimenting ...
diff -r b98a0ceb59f5 -r a4b7551f164c plugins/links/sql/pgsql_updates.php
--- a/plugins/links/sql/pgsql_updates.php Sat Jan 26 14:01:25 2013 +0900
+++ b/plugins/links/sql/pgsql_updates.php Sat Jan 26 20:16:41 2013 +0900
@@ -43,8 +43,8 @@
"INSERT INTO {$_TABLES['features']} (ft_name, ft_descr, ft_gl_core) VALUES ('config.links.tab_public', 'Access to configure public links list settings', 0)",
"INSERT INTO {$_TABLES['features']} (ft_name, ft_descr, ft_gl_core) VALUES ('config.links.tab_admin', 'Access to configure links admin settings', 0)",
"INSERT INTO {$_TABLES['features']} (ft_name, ft_descr, ft_gl_core) VALUES ('config.links.tab_permissions', 'Access to configure link permissions', 0)",
- "INSERT INTO {$_TABLES['features']} (ft_name, ft_descr, ft_gl_core) VALUES ('config.links.tab_cpermissions', 'Access to configure link''s category permissions', 0)",
- "INSERT INTO {$_TABLES['features']} (ft_name, ft_descr, ft_gl_core) VALUES ('config.links.tab_autotag_permissions', 'Access to configure link''s autotag usage permissions', 0)"
+ "INSERT INTO {$_TABLES['features']} (ft_name, ft_descr, ft_gl_core) VALUES ('config.links.tab_cpermissions', '" . DB_escapeString('Access to configure link\'s category permissions') . "', 0)",
+ "INSERT INTO {$_TABLES['features']} (ft_name, ft_descr, ft_gl_core) VALUES ('config.links.tab_autotag_permissions', '". DB_escapeString('Access to configure link\'s autotag usage permissions') . "', 0)"
)
);
diff -r b98a0ceb59f5 -r a4b7551f164c plugins/polls/functions.inc
--- a/plugins/polls/functions.inc Sat Jan 26 14:01:25 2013 +0900
+++ b/plugins/polls/functions.inc Sat Jan 26 20:16:41 2013 +0900
@@ -1364,7 +1364,7 @@
$where = '';
$permOp = 'WHERE';
} else {
- $where = " WHERE pid = '" . addslashes($pid) . "'";
+ $where = " WHERE pid = '" . DB_escapeString($pid) . "'";
$permOp = 'AND';
}
if ($uid > 0) {
diff -r b98a0ceb59f5 -r a4b7551f164c plugins/polls/sql/mysql_updates.php
--- a/plugins/polls/sql/mysql_updates.php Sat Jan 26 14:01:25 2013 +0900
+++ b/plugins/polls/sql/mysql_updates.php Sat Jan 26 20:16:41 2013 +0900
@@ -106,7 +106,7 @@
$count_move = DB_numRows($move_rst);
for ($i = 0; $i < $count_move; $i++) {
$A = DB_fetchArray($move_rst);
- $A[1] = addslashes($A[1]);
+ $A[1] = DB_escapeString($A[1]);
$P_SQL[] = "INSERT INTO {$_TABLES['pollquestions']} (pid, question) VALUES ('{$A[0]}','{$A[1]}');";
}
diff -r b98a0ceb59f5 -r a4b7551f164c plugins/spamx/EditBlackList.Admin.class.php
--- a/plugins/spamx/EditBlackList.Admin.class.php Sat Jan 26 14:01:25 2013 +0900
+++ b/plugins/spamx/EditBlackList.Admin.class.php Sat Jan 26 20:16:41 2013 +0900
@@ -52,17 +52,17 @@
}
if (($action == 'delete') && SEC_checkToken()) {
- $entry = addslashes($entry);
+ $entry = DB_escapeString($entry);
DB_delete($_TABLES['spamx'], array('name', 'value'),
array('Personal', $entry));
} elseif (($action == $LANG_SX00['addentry']) && SEC_checkToken()) {
if (!empty($entry)) {
- $entry = addslashes($entry);
+ $entry = DB_escapeString($entry);
$result = DB_query("INSERT INTO {$_TABLES['spamx']} VALUES ('Personal', '$entry')");
}
} elseif (($action == $LANG_SX00['addcen']) && SEC_checkToken()) {
foreach ($_CONF['censorlist'] as $entry) {
- $entry = addslashes($entry);
+ $entry = DB_escapeString($entry);
$result = DB_query("INSERT INTO {$_TABLES['spamx']} VALUES ('Personal', '$entry')");
}
More information about the geeklog-cvs
mailing list