public/tt-rss
1
0
Fork 0
mirror of https://git.tt-rss.org/git/tt-rss.git synced 2025-12-16 04:35:56 +00:00
Code Issues Releases Wiki Activity

db_escape_string: specify link parameter for consistency; sessions: do not force-close db connection in _close()

Browse Source
This commit is contained in:
Andrew Dolgov
2013-03-22 09:14:55 +04:00
parent 9d9432dab8
commit 3972bf5981
40 changed files with 342 additions and 350 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
plugins/auth_internal/init.php
View File

@@ -22,8 +22,8 @@ class Auth_Internal extends Plugin implements IAuthModule {
$pwd_hash1 = encrypt_password($password);
$pwd_hash2 = encrypt_password($password, $login);
$login = db_escape_string($login);
$otp = db_escape_string($_REQUEST["otp"]);
$login = db_escape_string($this->link, $login);
$otp = db_escape_string($this->link, $_REQUEST["otp"]);
if (get_schema_version($this->link) > 96) {
if (!defined('AUTH_DISABLE_OTP') || !AUTH_DISABLE_OTP) {
@@ -140,7 +140,7 @@ class Auth_Internal extends Plugin implements IAuthModule {
}
function check_password($owner_uid, $password) {
$owner_uid = db_escape_string($owner_uid);
$owner_uid = db_escape_string($this->link, $owner_uid);
$result = db_query($this->link, "SELECT salt,login FROM ttrss_users WHERE
id = '$owner_uid'");
@@ -169,7 +169,7 @@ class Auth_Internal extends Plugin implements IAuthModule {
}
function change_password($owner_uid, $old_password, $new_password) {
$owner_uid = db_escape_string($owner_uid);
$owner_uid = db_escape_string($this->link, $owner_uid);
if ($this->check_password($owner_uid, $old_password)) {

12
plugins/auth_remote/init.php
View File

@@ -21,7 +21,7 @@ class Auth_Remote extends Plugin implements IAuthModule {
}
function get_login_by_ssl_certificate() {
$cert_serial = db_escape_string(get_ssl_certificate_id());
$cert_serial = db_escape_string($this->link, get_ssl_certificate_id());
if ($cert_serial) {
$result = db_query($this->link, "SELECT login FROM ttrss_user_prefs, ttrss_users
@@ -29,7 +29,7 @@ class Auth_Remote extends Plugin implements IAuthModule {
owner_uid = ttrss_users.id");
if (db_num_rows($result) != 0) {
return db_escape_string(db_fetch_result($result, 0, "login"));
return db_escape_string($this->link, db_fetch_result($result, 0, "login"));
}
}
@@ -38,10 +38,10 @@ class Auth_Remote extends Plugin implements IAuthModule {
function authenticate($login, $password) {
$try_login = db_escape_string($_SERVER["REMOTE_USER"]);
$try_login = db_escape_string($this->link, $_SERVER["REMOTE_USER"]);
// php-cgi
if (!$try_login) $try_login = db_escape_string($_SERVER["REDIRECT_REMOTE_USER"]);
if (!$try_login) $try_login = db_escape_string($this->link, $_SERVER["REDIRECT_REMOTE_USER"]);
if (!$try_login) $try_login = $this->get_login_by_ssl_certificate();
# if (!$try_login) $try_login = "test_qqq";
@@ -60,14 +60,14 @@ class Auth_Remote extends Plugin implements IAuthModule {
// update user name
$fullname = $_SERVER['HTTP_USER_NAME'] ? $_SERVER['HTTP_USER_NAME'] : $_SERVER['AUTHENTICATE_CN'];
if ($fullname){
$fullname = db_escape_string($fullname);
$fullname = db_escape_string($this->link, $fullname);
db_query($this->link, "UPDATE ttrss_users SET full_name = '$fullname' WHERE id = " .
$user_id);
}
// update user mail
$email = $_SERVER['HTTP_USER_MAIL'] ? $_SERVER['HTTP_USER_MAIL'] : $_SERVER['AUTHENTICATE_MAIL'];
if ($email){
$email = db_escape_string($email);
$email = db_escape_string($this->link, $email);
db_query($this->link, "UPDATE ttrss_users SET email = '$email' WHERE id = " .
$user_id);
}

8
plugins/digest/init.php
View File

@@ -47,7 +47,7 @@ class Digest extends Plugin implements IHandler {
}
function digestgetcontents() {
$article_id = db_escape_string($_REQUEST['article_id']);
$article_id = db_escape_string($this->link, $_REQUEST['article_id']);
$result = db_query($this->link, "SELECT content,title,link,marked,published
FROM ttrss_entries, ttrss_user_entries
@@ -67,9 +67,9 @@ class Digest extends Plugin implements IHandler {
}
function digestupdate() {
$feed_id = db_escape_string($_REQUEST['feed_id']);
$offset = db_escape_string($_REQUEST['offset']);
$seq = db_escape_string($_REQUEST['seq']);
$feed_id = db_escape_string($this->link, $_REQUEST['feed_id']);
$offset = db_escape_string($this->link, $_REQUEST['offset']);
$seq = db_escape_string($this->link, $_REQUEST['seq']);
if (!$feed_id) $feed_id = -4;
if (!$offset) $offset = 0;

2
plugins/embed_original/init.php
View File

@@ -36,7 +36,7 @@ class Embed_Original extends Plugin {
}
function getUrl() {
$id = db_escape_string($_REQUEST['id']);
$id = db_escape_string($this->link, $_REQUEST['id']);
$result = db_query($this->link, "SELECT link
FROM ttrss_entries, ttrss_user_entries

2
plugins/example/init.php
View File

@@ -21,7 +21,7 @@ class Example extends Plugin {
}
function save() {
$example_value = db_escape_string($_POST["example_value"]);
$example_value = db_escape_string($this->link, $_POST["example_value"]);
$this->host->set($this, "example", $example_value);

2
plugins/googleplus/init.php
View File

@@ -32,7 +32,7 @@ class GooglePlus extends Plugin {
}
function getInfo() {
$id = db_escape_string($_REQUEST['id']);
$id = db_escape_string($this->link, $_REQUEST['id']);
$result = db_query($this->link, "SELECT title, link
FROM ttrss_entries, ttrss_user_entries

2
plugins/identica/init.php
View File

@@ -32,7 +32,7 @@ class Identica extends Plugin {
}
function getInfo() {
$id = db_escape_string($_REQUEST['id']);
$id = db_escape_string($this->link, $_REQUEST['id']);
$result = db_query($this->link, "SELECT title, link
FROM ttrss_entries, ttrss_user_entries

8
plugins/import_export/init.php
View File

@@ -49,7 +49,7 @@ class Import_Export extends Plugin implements IHandler {
}
function save() {
$example_value = db_escape_string($_POST["example_value"]);
$example_value = db_escape_string($this->link, $_POST["example_value"]);
echo "Value set to $example_value (not really)";
}
@@ -122,7 +122,7 @@ class Import_Export extends Plugin implements IHandler {
}
function exportrun() {
$offset = (int) db_escape_string($_REQUEST['offset']);
$offset = (int) db_escape_string($this->link, $_REQUEST['offset']);
$exported = 0;
$limit = 250;
@@ -238,7 +238,7 @@ class Import_Export extends Plugin implements IHandler {
foreach ($article_node->childNodes as $child) {
if ($child->nodeName != 'label_cache')
$article[$child->nodeName] = db_escape_string($child->nodeValue);
$article[$child->nodeName] = db_escape_string($this->link, $child->nodeValue);
else
$article[$child->nodeName] = $child->nodeValue;
}
@@ -346,7 +346,7 @@ class Import_Export extends Plugin implements IHandler {
$score = (int) $article['score'];
$tag_cache = $article['tag_cache'];
$label_cache = db_escape_string($article['label_cache']);
$label_cache = db_escape_string($this->link, $article['label_cache']);
$note = $article['note'];
//print "Importing " . $article['title'] . "<br/>";

28
plugins/instances/init.php
View File

@@ -92,10 +92,10 @@ class Instances extends Plugin implements IHandler {
WHERE instance_id = '$id'");
foreach ($feeds['feeds'] as $feed) {
$feed_url = db_escape_string($feed['feed_url']);
$title = db_escape_string($feed['title']);
$subscribers = db_escape_string($feed['subscribers']);
$site_url = db_escape_string($feed['site_url']);
$feed_url = db_escape_string($this->link, $feed['feed_url']);
$title = db_escape_string($this->link, $feed['title']);
$subscribers = db_escape_string($this->link, $feed['subscribers']);
$site_url = db_escape_string($this->link, $feed['site_url']);
db_query($link, "INSERT INTO ttrss_linked_feeds
(feed_url, site_url, title, subscribers, instance_id, created, updated)
@@ -167,16 +167,16 @@ class Instances extends Plugin implements IHandler {
}
function remove() {
$ids = db_escape_string($_REQUEST['ids']);
$ids = db_escape_string($this->link, $_REQUEST['ids']);
db_query($this->link, "DELETE FROM ttrss_linked_instances WHERE
id IN ($ids)");
}
function add() {
$id = db_escape_string($_REQUEST["id"]);
$access_url = db_escape_string($_REQUEST["access_url"]);
$access_key = db_escape_string($_REQUEST["access_key"]);
$id = db_escape_string($this->link, $_REQUEST["id"]);
$access_url = db_escape_string($this->link, $_REQUEST["access_url"]);
$access_key = db_escape_string($this->link, $_REQUEST["access_key"]);
db_query($this->link, "BEGIN");
@@ -195,7 +195,7 @@ class Instances extends Plugin implements IHandler {
}
function edit() {
$id = db_escape_string($_REQUEST["id"]);
$id = db_escape_string($this->link, $_REQUEST["id"]);
$result = db_query($this->link, "SELECT * FROM ttrss_linked_instances WHERE
id = '$id'");
@@ -253,9 +253,9 @@ class Instances extends Plugin implements IHandler {
}
function editSave() {
$id = db_escape_string($_REQUEST["id"]);
$access_url = db_escape_string($_REQUEST["access_url"]);
$access_key = db_escape_string($_REQUEST["access_key"]);
$id = db_escape_string($this->link, $_REQUEST["id"]);
$access_url = db_escape_string($this->link, $_REQUEST["access_url"]);
$access_key = db_escape_string($this->link, $_REQUEST["access_key"]);
db_query($this->link, "UPDATE ttrss_linked_instances SET
access_key = '$access_key', access_url = '$access_url',
@@ -277,7 +277,7 @@ class Instances extends Plugin implements IHandler {
print "<div id=\"pref-instance-toolbar\" dojoType=\"dijit.Toolbar\">";
$sort = db_escape_string($_REQUEST["sort"]);
$sort = db_escape_string($this->link, $_REQUEST["sort"]);
if (!$sort || $sort == "undefined") {
$sort = "access_url";
@@ -364,7 +364,7 @@ class Instances extends Plugin implements IHandler {
function fbexport() {
$access_key = db_escape_string($_POST["key"]);
$access_key = db_escape_string($this->link, $_POST["key"]);
// TODO: rate limit checking using last_connected
$result = db_query($this->link, "SELECT id FROM ttrss_linked_instances

6
plugins/mail/init.php
View File

@@ -30,7 +30,7 @@ class Mail extends Plugin {
function emailArticle() {
$param = db_escape_string($_REQUEST['param']);
$param = db_escape_string($this->link, $_REQUEST['param']);
$secretkey = sha1(uniqid(rand(), true));
@@ -181,7 +181,7 @@ class Mail extends Plugin {
if (!$rc) {
$reply['error'] = $mail->ErrorInfo;
} else {
save_email_address($this->link, db_escape_string($destination));
save_email_address($this->link, db_escape_string($this->link, $destination));
$reply['message'] = "UPDATE_COUNTERS";
}
@@ -193,7 +193,7 @@ class Mail extends Plugin {
}
function completeEmails() {
$search = db_escape_string($_REQUEST["search"]);
$search = db_escape_string($this->link, $_REQUEST["search"]);
print "<ul>";

2
plugins/mailto/init.php
View File

@@ -30,7 +30,7 @@ class MailTo extends Plugin {
function emailArticle() {
$param = db_escape_string($_REQUEST['param']);
$param = db_escape_string($this->link, $_REQUEST['param']);
require_once "lib/MiniTemplator.class.php";

6
plugins/note/init.php
View File

@@ -29,7 +29,7 @@ class Note extends Plugin {
}
function edit() {
$param = db_escape_string($_REQUEST['param']);
$param = db_escape_string($this->link, $_REQUEST['param']);
$result = db_query($this->link, "SELECT note FROM ttrss_user_entries WHERE
ref_id = '$param' AND owner_uid = " . $_SESSION['uid']);
@@ -58,8 +58,8 @@ class Note extends Plugin {
}
function setNote() {
$id = db_escape_string($_REQUEST["id"]);
$note = trim(strip_tags(db_escape_string($_REQUEST["note"])));
$id = db_escape_string($this->link, $_REQUEST["id"]);
$note = trim(strip_tags(db_escape_string($this->link, $_REQUEST["note"])));
db_query($this->link, "UPDATE ttrss_user_entries SET note = '$note'
WHERE ref_id = '$id' AND owner_uid = " . $_SESSION["uid"]);

2
plugins/nsfw/init.php
View File

@@ -91,7 +91,7 @@ class NSFW extends Plugin {
}
function save() {
$tags = explode(",", db_escape_string($_POST["tags"]));
$tags = explode(",", db_escape_string($this->link, $_POST["tags"]));
$tags = array_map("trim", $tags);
$tags = array_map("mb_strtolower", $tags);
$tags = join(", ", $tags);

4
plugins/owncloud/init.php
View File

@@ -20,7 +20,7 @@ class OwnCloud extends Plugin {
}
function save() {
$owncloud_url = db_escape_string($_POST["owncloud_url"]);
$owncloud_url = db_escape_string($this->link, $_POST["owncloud_url"]);
$this->host->set($this, "owncloud", $owncloud_url);
echo "Value set to $owncloud_url";
}
@@ -75,7 +75,7 @@ class OwnCloud extends Plugin {
}
function getOwnCloud() {
$id = db_escape_string($_REQUEST['id']);
$id = db_escape_string($this->link, $_REQUEST['id']);
$result = db_query($this->link, "SELECT title, link
FROM ttrss_entries, ttrss_user_entries

2
plugins/pinterest/init.php
View File

@@ -32,7 +32,7 @@ class Pinterest extends Plugin {
}
function getInfo() {
$id = db_escape_string($_REQUEST['id']);
$id = db_escape_string($this->link, $_REQUEST['id']);
$result = db_query($this->link, "SELECT title, link
FROM ttrss_entries, ttrss_user_entries

2
plugins/pocket/init.php
View File

@@ -33,7 +33,7 @@ class Pocket extends Plugin {
}
function getInfo() {
$id = db_escape_string($_REQUEST['id']);
$id = db_escape_string($this->link, $_REQUEST['id']);
$result = db_query($this->link, "SELECT title, link
FROM ttrss_entries, ttrss_user_entries

4
plugins/share/init.php
View File

@@ -28,7 +28,7 @@ class Share extends Plugin {
}
function shareArticle() {
$param = db_escape_string($_REQUEST['param']);
$param = db_escape_string($this->link, $_REQUEST['param']);
$result = db_query($this->link, "SELECT uuid, ref_id FROM ttrss_user_entries WHERE int_id = '$param'
AND owner_uid = " . $_SESSION['uid']);
@@ -41,7 +41,7 @@ class Share extends Plugin {
$ref_id = db_fetch_result($result, 0, "ref_id");
if (!$uuid) {
$uuid = db_escape_string(sha1(uniqid(rand(), true)));
$uuid = db_escape_string($this->link, sha1(uniqid(rand(), true)));
db_query($this->link, "UPDATE ttrss_user_entries SET uuid = '$uuid' WHERE int_id = '$param'
AND owner_uid = " . $_SESSION['uid']);
}

2
plugins/tweet/init.php
View File

@@ -32,7 +32,7 @@ class Tweet extends Plugin {
}
function getInfo() {
$id = db_escape_string($_REQUEST['id']);
$id = db_escape_string($this->link, $_REQUEST['id']);
$result = db_query($this->link, "SELECT title, link
FROM ttrss_entries, ttrss_user_entries