diff --git a/bureau/class/m_ftp.php b/bureau/class/m_ftp.php index df536fdb..ac7b9337 100644 --- a/bureau/class/m_ftp.php +++ b/bureau/class/m_ftp.php @@ -118,7 +118,7 @@ class m_ftp { // Be sure what is in $status, in case of it was a parameter $status = ($status ? 'true' : 'false'); - if (!$db->query("UPDATE ftpusers SET enabled = $status WHERE uid = '$cuid' AND id = '$id' ;")) { + if (!$db->query("UPDATE ftpusers SET enabled = ? WHERE uid = ? AND id = ? ;", array($status, $cuid, $id))) { $err->raise('ftp', _("Error during update")); return false; } else { @@ -140,7 +140,7 @@ class m_ftp { global $db, $err, $cuid; $err->log("ftp", "get_list"); $r = array(); - $db->query("SELECT id, name, homedir, enabled FROM ftpusers WHERE uid='$cuid' ORDER BY name;"); + $db->query("SELECT id, name, homedir, enabled FROM ftpusers WHERE uid= ? ORDER BY name;", array($cuid)); if ($db->num_rows()) { while ($db->next_record()) { $r[] = array( @@ -169,7 +169,7 @@ class m_ftp { global $db, $err, $cuid; $err->log("ftp", "get_ftp_details", $id); $r = array(); - $db->query("SELECT id, name, homedir, enabled FROM ftpusers WHERE uid='$cuid' AND id='$id';"); + $db->query("SELECT id, name, homedir, enabled FROM ftpusers WHERE uid= ? AND id= ?;", array($cuid, $id)); if ($db->num_rows()) { $db->next_record(); @@ -206,7 +206,7 @@ class m_ftp { global $db, $mem, $cuid; $r = array(); $r[] = $mem->user["login"]; - $db->query("SELECT domaine FROM domaines WHERE compte='$cuid' ORDER BY domaine;"); + $db->query("SELECT domaine FROM domaines WHERE compte= ? ORDER BY domaine;", array($cuid)); while ($db->next_record()) { $r[] = $db->f("domaine"); } @@ -274,7 +274,7 @@ class m_ftp { function put_ftp_details($id, $prefixe, $login, $pass, $dir) { global $db, $err, $bro, $cuid, $admin; $err->log("ftp", "put_ftp_details", $id); - $db->query("SELECT count(*) AS cnt FROM ftpusers WHERE id='$id' and uid='$cuid';"); + $db->query("SELECT count(*) AS cnt FROM ftpusers WHERE id= ? and uid= ?;", array($id, $cuid)); $db->next_record(); if (!$db->f("cnt")) { $err->raise("ftp", _("This FTP account does not exist")); @@ -297,7 +297,7 @@ class m_ftp { if (!$this->check_login($full_login)) { return false; } - $db->query("SELECT COUNT(*) AS cnt FROM ftpusers WHERE id!='$id' AND name='$full_login';"); + $db->query("SELECT COUNT(*) AS cnt FROM ftpusers WHERE id!= ? AND name= ?;", array($id, $full_login)); $db->next_record(); if ($db->f("cnt")) { $err->raise("ftp", _("This FTP account already exists")); @@ -320,9 +320,9 @@ class m_ftp { } } $encrypted_password = _md5cr($pass, strrev(microtime(true))); - $db->query("UPDATE ftpusers SET name='" . $full_login . "', password='', encrypted_password='$encrypted_password', homedir='$absolute', uid='$cuid' WHERE id='$id';"); + $db->query("UPDATE ftpusers SET name= ? , password='', encrypted_password= ?, homedir= ?, uid= ? WHERE id= ?;", array($full_login, $encrypted_password, $absolute, $cuid, $id)); } else { - $db->query("UPDATE ftpusers SET name='" . $full_login . "', homedir='$absolute', uid='$cuid' WHERE id='$id';"); + $db->query("UPDATE ftpusers SET name= ? , homedir= ? , uid= ? WHERE id= ? ;", array($full_login, $absolute, $cuid, $id)); } return true; } @@ -336,14 +336,14 @@ class m_ftp { function delete_ftp($id) { global $db, $err, $cuid; $err->log("ftp", "delete_ftp", $id); - $db->query("SELECT name FROM ftpusers WHERE id='$id' and uid='$cuid';"); + $db->query("SELECT name FROM ftpusers WHERE id= ? and uid= ? ;", array($id, $cuid)); $db->next_record(); $name = $db->f("name"); if (!$name) { $err->raise("ftp", _("This FTP account does not exist")); return false; } - $db->query("DELETE FROM ftpusers WHERE id='$id'"); + $db->query("DELETE FROM ftpusers WHERE id= ? ;", array($id)); return $name; } @@ -380,13 +380,13 @@ class m_ftp { if (!$this->check_login($full_login)) { return false; } - $db->query("SELECT count(*) AS cnt FROM ftpusers WHERE name='" . $full_login . "'"); + $db->query("SELECT count(*) AS cnt FROM ftpusers WHERE name= ? ;", array($full_login)); $db->next_record(); if ($db->f("cnt")) { $err->raise("ftp", _("This FTP account already exists")); return false; } - $db->query("SELECT login FROM membres WHERE uid='$cuid';"); + $db->query("SELECT login FROM membres WHERE uid= ? ;", array($cuid)); $db->next_record(); $absolute = getuserpath() . "/$dir"; if (!file_exists($absolute)) { @@ -406,7 +406,7 @@ class m_ftp { if ($quota->cancreate("ftp")) { $encrypted_password = _md5cr($pass, strrev(microtime(true))); - $db->query("INSERT INTO ftpusers (name,password, encrypted_password,homedir,uid) VALUES ('" . $full_login . "', '', '$encrypted_password', '$absolute', '$cuid')"); + $db->query("INSERT INTO ftpusers (name,password, encrypted_password,homedir,uid) VALUES ( ?, '', ?, ?, ?)", array($full_login, $encrypted_password, $absolute, $cuid)); return true; } else { $err->raise("ftp", _("Your FTP account quota is over. You cannot create more ftp accounts")); @@ -426,7 +426,7 @@ class m_ftp { if (substr($dir, 0, 1) == "/") { $dir = substr($dir, 1); } - $db->query("SELECT id FROM ftpusers WHERE homedir='" . getuserpath() . "/$dir';"); + $db->query("SELECT id FROM ftpusers WHERE homedir= ? ;", array( getuserpath() . "/" .$dir )); if ($db->num_rows()) { $db->next_record(); return $db->f("id"); @@ -444,7 +444,7 @@ class m_ftp { function alternc_del_domain($dom) { global $db, $err, $cuid; $err->log("ftp", "alternc_del_domain", $dom); - $db->query("DELETE FROM ftpusers WHERE uid='$cuid' AND ( name LIKE '$dom\_%' OR name LIKE '$dom') "); + $db->query("DELETE FROM ftpusers WHERE uid= ? AND ( name LIKE ? OR name LIKE ?) ", array($cuid, $dom."\_%", $dom)); return true; } @@ -456,7 +456,7 @@ class m_ftp { function alternc_del_member() { global $db, $err, $cuid; $err->log("ftp", "alternc_del_member"); - $db->query("DELETE FROM ftpusers WHERE uid='$cuid'"); + $db->query("DELETE FROM ftpusers WHERE uid= ?", array($cuid)); return true; } @@ -472,7 +472,7 @@ class m_ftp { global $db, $err, $cuid; $err->log("ftp", "getquota"); $q = Array("name" => "ftp", "description" => _("FTP accounts"), "used" => 0); - $db->query("SELECT COUNT(*) AS cnt FROM ftpusers WHERE uid='$cuid'"); + $db->query("SELECT COUNT(*) AS cnt FROM ftpusers WHERE uid= ? ", array($cuid)); if ($db->next_record()) { $q['used'] = $db->f("cnt"); } diff --git a/bureau/class/m_lxc.php b/bureau/class/m_lxc.php index 89fb591c..27095129 100644 --- a/bureau/class/m_lxc.php +++ b/bureau/class/m_lxc.php @@ -71,7 +71,7 @@ class m_lxc implements vm { function hook_admin_del_member() { global $db, $err, $cuid; $err->log("lxc", "alternc_del_member"); - $db->query("DELETE FROM vm_history WHERE uid='$cuid'"); + $db->query("DELETE FROM vm_history WHERE uid= ?", array($cuid)); return true; } @@ -153,7 +153,7 @@ class m_lxc implements vm { $err->raise('lxc', _($msg)); return FALSE; } - $db->query("INSERT INTO vm_history (ip,date_start,uid,serialized_object) VALUES ('$hostname', $date_start, '$uid', '$res')"); + $db->query("INSERT INTO vm_history (ip,date_start,uid,serialized_object) VALUES (?, ?, ?, ?);", array($hostname, $date_start, $uid, $res)); return $res; } } diff --git a/bureau/class/m_mail.php b/bureau/class/m_mail.php index 3836f260..15be9e4a 100644 --- a/bureau/class/m_mail.php +++ b/bureau/class/m_mail.php @@ -139,7 +139,7 @@ class m_mail { 'type' => '', ); - $db->query("select r.recipients as dst, a.id mail_id from address a, recipient r where a.domain_id = $domain_id and r.address_id = a.id and a.address='';"); + $db->query("select r.recipients as dst, a.id mail_id from address a, recipient r where a.domain_id = ? and r.address_id = a.id and a.address='';", array($domain_id)); if ($db->next_record()) { $rr['target'] = $db->f('dst'); $rr['mail_id'] = $db->f('mail_id'); @@ -204,7 +204,7 @@ class m_mail { global $db, $err, $cuid; $err->log("mail", "getquota"); $q = Array("name" => "mail", "description" => _("Email addresses"), "used" => 0); - $db->query("SELECT COUNT(*) AS cnt FROM address a, domaines d WHERE a.domain_id=d.id AND d.compte=$cuid AND a.type='';"); + $db->query("SELECT COUNT(*) AS cnt FROM address a, domaines d WHERE a.domain_id=d.id AND d.compte= ? AND a.type='';", array($cuid)); if ($db->next_record()) { $q['used'] = $db->f("cnt"); } @@ -239,14 +239,14 @@ SELECT FROM domaines d LEFT JOIN address a ON (d.id=a.domain_id AND a.type='') WHERE - d.compte = $uid + d.compte = ? and d.gesmx = 1 GROUP BY d.id ORDER BY d.domaine ; -"); +", array($uid)); $this->enum_domains = array(); while ($db->next_record()) { $this->enum_domains[] = $db->Record; @@ -275,7 +275,7 @@ ORDER BY return false; } // Check the availability - $db->query("SELECT a.id FROM address a WHERE a.domain_id=" . $dom_id . " AND a.address='" . addslashes($login) . "';"); + $db->query("SELECT a.id FROM address a WHERE a.domain_id= ? AND a.address= ?;", array($dom_id, $login)); if ($db->next_record()) { return false; } else { @@ -290,6 +290,7 @@ ORDER BY * @param $offset integer skip THAT much emails in the result. * @param $count integer return no more than THAT much emails. -1 for ALL. Offset is ignored then. * @result an array of each mail hosted under the domain. + * @TODO:EM: It has to be escaped */ function enum_domain_mails($dom_id = null, $search = "", $offset = 0, $count = 30, $show_systemmails = false) { @@ -381,13 +382,13 @@ ORDER BY return false; } // Already exists? - $db->query("SELECT * FROM address WHERE domain_id=" . $dom_id . " AND address='" . addslashes($mail) . "';"); + $db->query("SELECT * FROM address WHERE domain_id= ? AND address= ? ;", array($dom_id, $mail)); if ($db->next_record()) { $err->raise("mail", _("This email address already exists")); return false; } // Create it now - $db->query("INSERT INTO address (domain_id, address,type) VALUES ($dom_id, '" . addslashes($mail) . "','$type');"); + $db->query("INSERT INTO address (domain_id, address,type) VALUES (?, ?, ?);", array($dom_id, $mail, $type)); if (!($id = $db->lastid())) { $err->raise("mail", _("An unexpected error occured when creating the email")); return false; @@ -412,7 +413,7 @@ ORDER BY } // We fetch all the informations for that email: these will fill the hastable : - $db->query("SELECT a.id, a.address, a.password, a.enabled, d.domaine AS domain, m.path, m.quota, m.quota*1024*1024 AS quotabytes, m.bytes AS used, NOT ISNULL(m.id) AS islocal, a.type, r.recipients, m.lastlogin, a.mail_action, m.mail_action AS mailbox_action FROM (address a LEFT JOIN mailbox m ON m.address_id=a.id) LEFT JOIN recipient r ON r.address_id=a.id, domaines d WHERE a.id=" . $mail_id . " AND d.id=a.domain_id;"); + $db->query("SELECT a.id, a.address, a.password, a.enabled, d.domaine AS domain, m.path, m.quota, m.quota*1024*1024 AS quotabytes, m.bytes AS used, NOT ISNULL(m.id) AS islocal, a.type, r.recipients, m.lastlogin, a.mail_action, m.mail_action AS mailbox_action FROM (address a LEFT JOIN mailbox m ON m.address_id=a.id) LEFT JOIN recipient r ON r.address_id=a.id, domaines d WHERE a.id= ? AND d.id=a.domain_id;", array($mail_id)); if (!$db->next_record()) { return false; } @@ -442,7 +443,7 @@ ORDER BY if (isset($this->isitmy_cache[$mail_id])) { return $this->isitmy_cache[$mail_id]; } - $db->query("SELECT concat(a.address,'@',d.domaine) AS email FROM address a, domaines d WHERE d.id=a.domain_id AND a.id=$mail_id AND d.compte=$cuid;"); + $db->query("SELECT concat(a.address,'@',d.domaine) AS email FROM address a, domaines d WHERE d.id=a.domain_id AND a.id= ? AND d.compte= ?;", array($mail_id, $cuid)); if ($db->next_record()) { return $this->isitmy_cache[$mail_id] = $db->f("email"); } else { @@ -467,10 +468,10 @@ ORDER BY $this->delete($one["id"]); } } - $db->query("SELECT domaine FROM domaines WHERE id=$domain_id;"); + $db->query("SELECT domaine FROM domaines WHERE id= ? ;", array($domain_id)); if ($db->next_record()) { - $db->query("UPDATE sub_domaines SET web_action='DELETE' WHERE domaine='" . addslashes($db->Record["domaine"]) . "' AND type='txt' AND (sub='' AND valeur LIKE 'v=spf1 %') OR (sub='_dmarc' AND valeur LIKE 'v=dmarc1;%');"); - $db->query("UPDATE domaines SET dns_action='UPDATE' WHERE id=$domain_id;"); + $db->query("UPDATE sub_domaines SET web_action='DELETE' WHERE domaine= ? AND type='txt' AND (sub='' AND valeur LIKE 'v=spf1 %') OR (sub='_dmarc' AND valeur LIKE 'v=dmarc1;%');", array($db->Record["domaine"])); + $db->query("UPDATE domaines SET dns_action='UPDATE' WHERE id= ? ;", array($domain_id)); } return true; @@ -479,7 +480,7 @@ ORDER BY // return the alternc account's ID of the mail_id function get_account_by_mail_id($mail_id) { global $db; - $db->query("select compte as uid from domaines d, address a where a.domain_id = d.id and a.id = $mail_id"); + $db->query("select compte as uid from domaines d, address a where a.domain_id = d.id and a.id = ? ;", array($mail_id)); if (!$db->next_record()) { return false; } @@ -514,7 +515,7 @@ ORDER BY $hooks->invoke('hook_mail_delete', array($mail_id, $mailinfos['address'] . '@' . $mailinfos['domain'])); // Search for that address: - $db->query("SELECT a.id, a.type, a.mail_action, m.mail_action AS mailbox_action, NOT ISNULL(m.id) AS islocal FROM address a LEFT JOIN mailbox m ON m.address_id=a.id WHERE a.id='$mail_id';"); + $db->query("SELECT a.id, a.type, a.mail_action, m.mail_action AS mailbox_action, NOT ISNULL(m.id) AS islocal FROM address a LEFT JOIN mailbox m ON m.address_id=a.id WHERE a.id= ? ;", array($mail_id)); if (!$db->next_record()) { $err->raise("mail", _("The email %s does not exist, it can't be deleted"), $mail); return false; @@ -527,14 +528,14 @@ ORDER BY if ($db->f("islocal")) { // If it's a pop/imap mailbox, mark it for deletion - $db->query("UPDATE address SET mail_action='DELETE', enabled=0 WHERE id='$mail_id';"); - $db->query("UPDATE mailbox SET mail_action='DELETE' WHERE address_id='$mail_id';"); + $db->query("UPDATE address SET mail_action='DELETE', enabled=0 WHERE id= ?;", array($mail_id)); + $db->query("UPDATE mailbox SET mail_action='DELETE' WHERE address_id= ?;", array($mail_id)); $err->raise("mail", _("The email %s has been marked for deletion"), $mail); } else { // If it's only aliases, delete it NOW. - $db->query("DELETE FROM address WHERE id='$mail_id';"); - $db->query("DELETE FROM mailbox WHERE address_id='$mail_id';"); - $db->query("DELETE FROM recipient WHERE address_id='$mail_id';"); + $db->query("DELETE FROM address WHERE id= ? ;", array($mail_id)); + $db->query("DELETE FROM mailbox WHERE address_id= ? ;", array($mail_id)); + $db->query("DELETE FROM recipient WHERE address_id= ? ;", array($mail_id)); $err->raise("mail", _("The email %s has been successfully deleted"), $mail); } return true; @@ -565,7 +566,7 @@ ORDER BY } // Search for that address: - $db->query("SELECT a.id, a.type, a.mail_action, m.mail_action AS mailbox_action, NOT ISNULL(m.id) AS islocal FROM address a LEFT JOIN mailbox m ON m.address_id=a.id WHERE a.id='$mail_id';"); + $db->query("SELECT a.id, a.type, a.mail_action, m.mail_action AS mailbox_action, NOT ISNULL(m.id) AS islocal FROM address a LEFT JOIN mailbox m ON m.address_id=a.id WHERE a.id= ? ;", array($mail_id)); if (!$db->next_record()) { $err->raise("mail", _("The email %s does not exist, it can't be undeleted"), $mail); return false; @@ -582,8 +583,8 @@ ORDER BY if ($db->f("islocal")) { // If it's a pop/imap mailbox, mark it for deletion - $db->query("UPDATE address SET mail_action='OK', `enabled`=1 WHERE id='$mail_id';"); - $db->query("UPDATE mailbox SET mail_action='OK' WHERE address_id='$mail_id';"); + $db->query("UPDATE address SET mail_action='OK', `enabled`=1 WHERE id= ?;", array($mail_id)); + $db->query("UPDATE mailbox SET mail_action='OK' WHERE address_id= ? ;", array($mail_id)); $err->raise("mail", _("The email %s has been undeleted"), $mail); return true; } else { @@ -609,7 +610,7 @@ ORDER BY if (!$admin->checkPolicy("pop", $email, $pass)) { return false; } - if (!$db->query("UPDATE address SET password='" . _md5cr($pass) . "' where id=$mail_id;")) { + if (!$db->query("UPDATE address SET password= ? where id = ? ;", array(_md5cr($pass), $mail_id ))) { return false; } return true; @@ -627,7 +628,7 @@ ORDER BY if (!($email = $this->is_it_my_mail($mail_id))) { return false; } - if (!$db->query("UPDATE address SET `enabled`=1 where id=$mail_id;")) { + if (!$db->query("UPDATE address SET `enabled`=1 where id= ? ;", array($mail_id))) { return false; } return true; @@ -645,7 +646,7 @@ ORDER BY if (!($email = $this->is_it_my_mail($mail_id))) { return false; } - if (!$db->query("UPDATE address SET `enabled`=0 where id=$mail_id;")) { + if (!$db->query("UPDATE address SET `enabled`=0 where id= ? ;", array($mail_id))) { return false; } return true; @@ -665,14 +666,13 @@ ORDER BY */ function set_details($mail_id, $islocal, $quotamb, $recipients, $delivery = "dovecot", $dontcheck = false) { global $err, $db; - $delivery = mysql_real_escape_string($delivery); $err->log("mail", "set_details"); if (!($me = $this->get_details($mail_id))) { return false; } if ($me["islocal"] && !$islocal) { // delete pop - $db->query("UPDATE mailbox SET mail_action='DELETE' WHERE address_id=" . $mail_id . ";"); + $db->query("UPDATE mailbox SET mail_action='DELETE' WHERE address_id= ? ;", array($mail_id)); } if (!$me["islocal"] && $islocal) { // create pop @@ -692,10 +692,10 @@ ORDER BY break; } } - $db->query("INSERT INTO mailbox SET address_id=$mail_id, delivery='$delivery', path='" . addslashes($path) . "';"); + $db->query("INSERT INTO mailbox SET address_id= ? , delivery= ?, path= ? ;", array($mail_id, $delivery, $path)); } if ($me["islocal"] && $islocal && $me["mailbox_action"] == "DELETE") { - $db->query("UPDATE mailbox SET mail_action='OK' WHERE mail_action='DELETE' AND address_id=" . $mail_id . ";"); + $db->query("UPDATE mailbox SET mail_action='OK' WHERE mail_action='DELETE' AND address_id= ? ;", array($mail_id)); } if ($islocal) { @@ -703,7 +703,7 @@ ORDER BY $quotamb = intval($me["used"] / 1024 / 1024) + 1; $err->raise("mail", _("You set a quota smaller than the current mailbox size. Since it's not allowed, we set the quota to the current mailbox size")); } - $db->query("UPDATE mailbox SET quota=" . intval($quotamb) . " WHERE address_id=" . $mail_id . ";"); + $db->query("UPDATE mailbox SET quota= ? WHERE address_id= ? ;", array($quotamb, $mail_id)); } $recipients = preg_replace('/[\r\t\s]/', "\n", $recipients); // Handle space AND new line @@ -716,9 +716,9 @@ ORDER BY $red.=$m . "\n"; } } - $db->query("DELETE FROM recipient WHERE address_id=" . $mail_id . ";"); + $db->query("DELETE FROM recipient WHERE address_id= ? ;", array($mail_id)); if (isset($red) && $red) { - $db->query("INSERT INTO recipient SET address_id=" . $mail_id . ", recipients='" . addslashes($red) . "';"); + $db->query("INSERT INTO recipient SET address_id= ?, recipients= ? ;", array($mail_id, $red)); } if (!$islocal && !$red) { $err->raise("mail", _("Warning: you created an email which is not an alias, and not a POP/IMAP mailbox. This is certainly NOT what you want to do. To fix this, edit the email address and check 'Yes' in POP/IMAP account, or set some recipients in the redirection field.")); @@ -847,9 +847,7 @@ ORDER BY */ function check_slave_account($login, $pass) { global $db; - $login = mysql_real_escape_string($login); - $pass = mysql_real_escape_string($pass); - $db->query("SELECT * FROM mxaccount WHERE login='$login' AND pass='$pass';"); + $db->query("SELECT * FROM mxaccount WHERE login= ? AND pass= ?;", array($login, $pass)); if ($db->next_record()) { return true; } @@ -894,14 +892,12 @@ ORDER BY */ function add_slave_account($login, $pass) { global $db, $err; - $login = mysql_real_escape_string($login); - $pass = mysql_real_escape_string($pass); - $db->query("SELECT * FROM mxaccount WHERE login='$login'"); + $db->query("SELECT * FROM mxaccount WHERE login= ? ;", array($login)); if ($db->next_record()) { $err->raise("mail", _("The slave MX account was not found")); return false; } - $db->query("INSERT INTO mxaccount (login,pass) VALUES ('$login','$pass')"); + $db->query("INSERT INTO mxaccount (login,pass) VALUES (?, ?);", array($login, $pass)); return true; } @@ -913,8 +909,7 @@ ORDER BY */ function del_slave_account($login) { global $db; - $login = mysql_real_escape_string($login); - $db->query("DELETE FROM mxaccount WHERE login='$login'"); + $db->query("DELETE FROM mxaccount WHERE login= ? ;", array($login)); return true; } @@ -954,7 +949,7 @@ ORDER BY } $mailname = $db->f("value"); // set spf & dmarc for this domain - $db->query("SELECT domaine FROM domaines WHERE id=$domain_id;"); + $db->query("SELECT domaine FROM domaines WHERE id= ?;", array($domain_id)); if ($db->next_record()) { if ($spf = variable_get("default_spf_value")) { $this->set_dns_spf($db->Record["domaine"], $spf); @@ -1015,15 +1010,15 @@ ORDER BY $login = $mem->user["login"]; } // Search for the record in sub_domaines table - $db->query("SELECT * FROM sub_domaines WHERE compte=$uid AND domaine='" . addslashes($domain) . "' AND sub='' AND type='txt' AND valeur LIKE 'v=spf1 %' AND web_action!='DELETE';"); + $db->query("SELECT * FROM sub_domaines WHERE compte= ? AND domaine= ? AND sub='' AND type='txt' AND valeur LIKE 'v=spf1 %' AND web_action!='DELETE';", array($uid, $domain)); if ($db->next_record()) { if ($previous !== -1 && $db->Record["valeur"] == "v=spf1 " . $spf) { return; // skip, no change asked. } - $db->query("UPDATE sub_domaines SET web_action='DELETE' WHERE id='" . $db->Record["id"] . "';"); + $db->query("UPDATE sub_domaines SET web_action='DELETE' WHERE id= ? ;",array($db->Record["id"])); } - $db->query("INSERT INTO sub_domaines SET compte=$uid, domaine='" . addslashes($domain) . "', sub='', type='txt', valeur='" . addslashes("v=spf1 " . $spf) . "', web_action='UPDATE';"); - $db->query("UPDATE domaines SET dns_action='UPDATE' WHERE domaine='" . addslashes($domain) . "';"); + $db->query("INSERT INTO sub_domaines SET compte= ?, domaine= ?, sub='', type='txt', valeur= ? , web_action='UPDATE';", array($uid, $domain, "v=spf1 " . $spf)); + $db->query("UPDATE domaines SET dns_action='UPDATE' WHERE domaine= ?;", array($domain)); } /* ----------------------------------------------------------------- */ @@ -1048,15 +1043,15 @@ ORDER BY $dmarc = str_replace("%%USERMAIL%%", $login . "@" . $L_FQDN, $dmarc); // Search for the record in sub_domaines table - $db->query("SELECT * FROM sub_domaines WHERE compte=$uid AND domaine='" . addslashes($domain) . "' AND sub='_dmarc' AND type='txt' AND valeur LIKE 'v=dmarc1;%' AND web_action!='DELETE';"); + $db->query("SELECT * FROM sub_domaines WHERE compte= ? AND domaine= ? AND sub='_dmarc' AND type='txt' AND valeur LIKE 'v=dmarc1;%' AND web_action!='DELETE';", array($uid, $domain)); if ($db->next_record()) { if ($previous !== -1 && $db->Record["valeur"] == "v=dmarc1;" . $dmarc) { return; // skip, no change asked. } - $db->query("UPDATE sub_domaines SET web_action='DELETE' WHERE id='" . $db->Record["id"] . "';"); + $db->query("UPDATE sub_domaines SET web_action='DELETE' WHERE id= ?;", array($db->Record["id"])); } - $db->query("INSERT INTO sub_domaines SET compte=$uid, domaine='" . addslashes($domain) . "', sub='_dmarc', type='txt', valeur='" . addslashes("v=dmarc1;" . $dmarc) . "', web_action='UPDATE';"); - $db->query("UPDATE domaines SET dns_action='UPDATE' WHERE domaine='" . addslashes($domain) . "';"); + $db->query("INSERT INTO sub_domaines SET compte= ?, domaine= ?, sub='_dmarc', type='txt', valeur= ?, web_action='UPDATE';", array($uid, $domain, "v=dmarc1;" . $dmarc)); + $db->query("UPDATE domaines SET dns_action='UPDATE' WHERE domaine= ?;", array($domain)); } /* ----------------------------------------------------------------- */ diff --git a/bureau/class/m_mem.php b/bureau/class/m_mem.php index 8952bdff..fb84f3c4 100644 --- a/bureau/class/m_mem.php +++ b/bureau/class/m_mem.php @@ -98,14 +98,14 @@ class m_mem { $err->log("mem", "login", $username); // $username=addslashes($username); // $password=addslashes($password); - $db->query("select * from membres where login='$username';"); + $db->query("select * from membres where login= ? ;", array($username)); if ($db->num_rows() == 0) { $err->raise("mem", _("User or password incorrect")); return false; } $db->next_record(); if (_md5cr($password, $db->f("pass")) != $db->f("pass")) { - $db->query("UPDATE membres SET lastfail=lastfail+1 WHERE uid='" . $db->f("uid") . "';"); + $db->query("UPDATE membres SET lastfail=lastfail+1 WHERE uid= ? ;", array($db->f("uid"))); $err->raise("mem", _("User or password incorrect")); return false; } @@ -155,11 +155,11 @@ class m_mem { /* Open the session : */ $sess = md5(uniqid(mt_rand())); $_REQUEST["session"] = $sess; - $db->query("insert into sessions (sid,ip,uid) values ('$sess',$ip,'$cuid');"); + $db->query("insert into sessions (sid,ip,uid) values (?, ?, ?);", array($sess, $ip, $cuid)); setcookie("session", $sess, 0, "/"); $err->error = 0; /* Fill in $local */ - $db->query("SELECT * FROM local WHERE uid='$cuid';"); + $db->query("SELECT * FROM local WHERE uid= ? ;", array($cuid)); if ($db->num_rows()) { $db->next_record(); $this->local = $db->Record; @@ -180,7 +180,7 @@ class m_mem { function setid($id) { global $db, $err, $cuid, $mysql, $quota; $err->log("mem", "setid", $id); - $db->query("select * from membres where uid='$id';"); + $db->query("select * from membres where uid= ? ;", array($id)); if ($db->num_rows() == 0) { $err->raise("mem", _("User or password incorrect")); return false; @@ -194,11 +194,11 @@ class m_mem { $ip = get_remote_ip(); $sess = md5(uniqid(mt_rand())); $_REQUEST["session"] = $sess; - $db->query("insert into sessions (sid,ip,uid) values ('$sess','$ip','$cuid');"); + $db->query("insert into sessions (sid,ip,uid) values (?, ?, ?);", array($sess, $ip, $cuid)); setcookie("session", $sess, 0, "/"); $err->error = 0; /* Fill in $local */ - $db->query("SELECT * FROM local WHERE uid='$cuid';"); + $db->query("SELECT * FROM local WHERE uid= ? ;", array($cuid)); if ($db->num_rows()) { $db->next_record(); $this->local = $db->Record; @@ -213,16 +213,16 @@ class m_mem { */ function resetlast() { global $db, $cuid; - $ip = addslashes(getenv("REMOTE_HOST")); + $ip = getenv("REMOTE_HOST"); if (!$ip) { - $ip = addslashes(get_remote_ip()); + $ip = get_remote_ip(); } - $db->query("UPDATE membres SET lastlogin=NOW(), lastfail=0, lastip='$ip' WHERE uid='$cuid';"); + $db->query("UPDATE membres SET lastlogin=NOW(), lastfail=0, lastip= ? WHERE uid= ?;", array($ip, $cuid)); } function authip_token($bis = false) { global $db, $cuid; - $db->query("select pass from membres where uid='$cuid';"); + $db->query("select pass from membres where uid= ?;", array($cuid)); $db->next_record(); $i = intval(time() / 3600); if ($bis) { @@ -272,13 +272,13 @@ class m_mem { return $this->login($_REQUEST["username"], $_REQUEST["password"], (isset($_REQUEST["restrictip"]) ? $_REQUEST["restrictip"] : 0)); } } // end isset - $_COOKIE["session"] = isset($_COOKIE["session"]) ? addslashes($_COOKIE["session"]) : ""; + $_COOKIE["session"] = isset($_COOKIE["session"]) ? $_COOKIE["session"] : ""; if (strlen($_COOKIE["session"]) != 32) { $err->raise("mem", _("Identity lost or unknown, please login")); return false; } $ip = get_remote_ip(); - $db->query("select uid,'$ip' as me,ip from sessions where sid='" . $_COOKIE["session"] . "'"); + $db->query("select uid, ? as me,ip from sessions where sid= ?;", array($ip, $_COOKIE["session"])); if ($db->num_rows() == 0) { $err->raise("mem", _("Session unknown, contact the administrator")); return false; @@ -297,12 +297,12 @@ class m_mem { return false; } - $db->query("select * from membres where uid='$cuid';"); + $db->query("select * from membres where uid= ? ;", array($cuid)); $db->next_record(); $this->user = $db->Record; $err->error = 0; /* Remplissage de $local */ - $db->query("SELECT * FROM local WHERE uid='$cuid';"); + $db->query("SELECT * FROM local WHERE uid= ? ;", array($cuid)); if ($db->num_rows()) { $db->next_record(); $this->local = $db->Record; @@ -321,7 +321,7 @@ class m_mem { if (!$this->olduid) { $this->olduid = $cuid; } - $db->query("select * from membres where uid='$uid';"); + $db->query("select * from membres where uid= ? ;", array($uid)); if ($db->num_rows() == 0) { $err->raise("mem", _("User or password incorrect")); return false; @@ -359,7 +359,7 @@ class m_mem { */ function del_session() { global $db, $user, $err, $cuid, $hooks; - $_COOKIE["session"] = addslashes(isset($_COOKIE["session"]) ? $_COOKIE["session"] : ''); + $_COOKIE["session"] = isset($_COOKIE["session"]) ? $_COOKIE["session"] : ''; setcookie("session", "", 0, "/"); setcookie("oldid", "", 0, "/"); if ($_COOKIE["session"] == "") { @@ -371,7 +371,7 @@ class m_mem { return false; } $ip = get_remote_ip(); - $db->query("select uid,'$ip' as me,ip from sessions where sid='" . $_COOKIE["session"] . "'"); + $db->query("select uid, ? as me,ip from sessions where sid= ? ;", array($ip, $_COOKIE["session"])); if ($db->num_rows() == 0) { $err->raise("mem", _("Session unknown, contact the administrator")); return false; @@ -382,7 +382,7 @@ class m_mem { return false; } $cuid = $db->f("uid"); - $db->query("delete from sessions where sid='" . $_COOKIE["session"] . "';"); + $db->query("delete from sessions where sid= ? ;", array($_COOKIE["session"])); $err->error = 0; # Invoker le logout dans toutes les autres classes @@ -411,9 +411,6 @@ class m_mem { function passwd($oldpass, $newpass, $newpass2) { global $db, $err, $cuid, $admin; $err->log("mem", "passwd"); - $oldpass = stripslashes($oldpass); - $newpass = stripslashes($newpass); - $newpass2 = stripslashes($newpass2); if (!$this->user["canpass"]) { $err->raise("mem", _("You are not allowed to change your password.")); return false; @@ -426,14 +423,14 @@ class m_mem { $err->raise("mem", _("The new passwords are differents, please retry")); return false; } - $db->query("SELECT login FROM membres WHERE uid='$cuid';"); + $db->query("SELECT login FROM membres WHERE uid= ? ;", array($cuid)); $db->next_record(); $login = $db->Record["login"]; if (!$admin->checkPolicy("mem", $login, $newpass)) { return false; // The error has been raised by checkPolicy() } $newpass = _md5cr($newpass); - $db->query("UPDATE membres SET pass='$newpass' WHERE uid='$cuid';"); + $db->query("UPDATE membres SET pass= ? WHERE uid= ?;", array($newpass, $cuid)); $err->error = 0; return true; } @@ -451,7 +448,7 @@ class m_mem { $err->raise("mem", _("You must be a system administrator to do this.")); return false; } - $db->query("UPDATE membres SET admlist='$admlist' WHERE uid='$cuid';"); + $db->query("UPDATE membres SET admlist= ? WHERE uid= ?;", array($admlist, $cuid)); $err->error = 0; return true; } @@ -467,7 +464,7 @@ class m_mem { function send_pass($login) { global $err, $db, $L_HOSTING, $L_FQDN; $err->log("mem", "send_pass"); - $db->query("SELECT * FROM membres WHERE login='$login';"); + $db->query("SELECT * FROM membres WHERE login= ? ;", array($login)); if (!$db->num_rows()) { $err->raise("mem", _("This account is locked, contact the administrator.")); return false; @@ -497,7 +494,7 @@ If it happens again, please contact your server's Administrator. Cordially. "), $login, $L_HOSTING, $db->f("login"), $db->f("pass")); mail($db->f("mail"), "Your password on $L_HOSTING", $txt, "From: postmaster@$L_FQDN\nReply-to: postmaster@$L_FQDN"); - $db->query("UPDATE membres SET lastaskpass=" . time() . " WHERE login='$login';"); + $db->query("UPDATE membres SET lastaskpass= ? WHERE login= ? ;", array(time(), $login)); return true; } @@ -511,7 +508,7 @@ Cordially. function ChangeMail1($newmail) { global $err, $db, $L_HOSTING, $L_FQDN, $cuid; $err->log("mem", "changemail1", $newmail); - $db->query("SELECT * FROM membres WHERE uid='$cuid';"); + $db->query("SELECT * FROM membres WHERE uid= ? ;", array($cuid)); if (!$db->num_rows()) { $err->raise("mem", _("This account is locked, contact the administrator.")); return false; @@ -544,11 +541,11 @@ Cordially. "), $db->f("login"), $L_HOSTING, $link); mail($newmail, "Email modification request on $L_HOSTING", $txt, "From: postmaster@$L_FQDN\nReply-to: postmaster@$L_FQDN"); // Supprime les demandes pr�c�dentes de ce compte ! - $db->query("DELETE FROM chgmail WHERE uid='$cuid';"); - $db->query("INSERT INTO chgmail (cookie,ckey,uid,mail,ts) VALUES ('$COOKIE','$KEY','$cuid','$newmail'," . time() . ");"); + $db->query("DELETE FROM chgmail WHERE uid= ? ;", array($cuid)); + $db->query("INSERT INTO chgmail (cookie,ckey,uid,mail,ts) VALUES ( ?, ?, ?, ?, ?);", array($COOKIE, $KEY, $cuid, $newmail, time())); // Supprime les cookies de la veille :) $lts = time() - 86400; - $db->query("DELETE FROM chgmail WHERE ts<'$lts';"); + $db->query("DELETE FROM chgmail WHERE ts< ? ;", array($lts)); return $KEY; } @@ -563,7 +560,7 @@ Cordially. function ChangeMail2($COOKIE, $KEY, $uid) { global $err, $db; $err->log("mem", "changemail2", $uid); - $db->query("SELECT * FROM chgmail WHERE cookie='$COOKIE' and ckey='$KEY' and uid='$uid';"); + $db->query("SELECT * FROM chgmail WHERE cookie= ? and ckey= ? and uid= ?;", array($COOKIE, $KEY, $uid)); if (!$db->num_rows()) { $err->raise("mem", _("The information you entered is incorrect.")); return false; @@ -571,12 +568,12 @@ Cordially. $db->next_record(); // met a jour le compte : - $db->query("UPDATE membres SET mail='" . $db->f("mail") . "' WHERE uid='$uid';"); + $db->query("UPDATE membres SET mail= ? WHERE uid = ? ;", array($db->f("mail"), $uid)); - $db->query("DELETE FROM chgmail WHERE uid='$uid';"); + $db->query("DELETE FROM chgmail WHERE uid= ? ;", array($uid)); // Supprime les cookies de la veille :) $lts = time() - 86400; - $db->query("DELETE FROM chgmail WHERE ts<'$lts';"); + $db->query("DELETE FROM chgmail WHERE ts< ? ;", array($lts)); return true; } @@ -588,7 +585,7 @@ Cordially. function set_help_param($show) { global $db, $err, $cuid; $err->log("mem", "set_help_param", $show); - $db->query("UPDATE membres SET show_help='$show' WHERE uid='$cuid';"); + $db->query("UPDATE membres SET show_help= ? WHERE uid= ? ;", array($show, $cuid)); } /* ----------------------------------------------------------------- */ @@ -627,8 +624,7 @@ Cordially. function get_creator_by_uid($uid) { global $db, $err; $err->log("dom", "get_creator_by_uid"); - $uid = mysql_real_escape_string(intval($uid)); - $db->query("select creator from membres where uid = '$uid';"); + $db->query("select creator from membres where uid = ? ;", array($uid)); if (!$db->next_record()) { return false; } diff --git a/bureau/class/m_mysql.php b/bureau/class/m_mysql.php index 926bb151..f3c960a7 100644 --- a/bureau/class/m_mysql.php +++ b/bureau/class/m_mysql.php @@ -46,7 +46,7 @@ class DB_users extends DB_Sql { global $cuid, $db, $err; if (!$empty) { - $db->query("select db_servers.* from db_servers, membres where membres.uid=$cuid and membres.db_server_id=db_servers.id;"); + $db->query("select db_servers.* from db_servers, membres where membres.uid= ? and membres.db_server_id=db_servers.id;", array($cuid)); if (!$db->next_record()) { $err->raise('db_user', _("There are no databases in db_servers for this user. Please contact your administrator.")); die(); @@ -156,7 +156,7 @@ class m_mysql { global $db, $err, $bro, $cuid; $err->log("mysql", "get_dblist"); $db->free(); - $db->query("SELECT login,pass,db, bck_mode, bck_dir FROM db WHERE uid='$cuid' ORDER BY db;"); + $db->query("SELECT login,pass,db, bck_mode, bck_dir FROM db WHERE uid= ? ORDER BY db;", array($cuid)); $c = array(); while ($db->next_record()) { list($dbu, $dbn) = split_mysql_database_name($db->f("db")); @@ -174,7 +174,7 @@ class m_mysql { function php_myadmin_connect() { global $db, $cuid, $err; $err->log("mysql", "php_myadmin_connect"); - $db->query("SELECT dbu.name,dbu.password, dbs.host FROM dbusers dbu, db_servers dbs, membres m WHERE dbu.uid='$cuid' and enable='ADMIN' and dbs.id=m.db_server_id and m.uid='$cuid';"); + $db->query("SELECT dbu.name,dbu.password, dbs.host FROM dbusers dbu, db_servers dbs, membres m WHERE dbu.uid= ? and enable='ADMIN' and dbs.id=m.db_server_id and m.uid= ? ;", array($cuid, $cuid)); if (!$db->num_rows()) { $err->raise("mysql", _("Cannot connect to PhpMyAdmin")); return false; @@ -215,7 +215,7 @@ class m_mysql { $dbn = $dbncomp[1]; } $size = $this->get_db_size($dbname); - $db->query("SELECT login,pass,db, bck_mode, bck_gzip, bck_dir, bck_history FROM db WHERE uid='$cuid' AND db='$dbname';"); + $db->query("SELECT login,pass,db, bck_mode, bck_gzip, bck_dir, bck_history FROM db WHERE uid= ? AND db= ?;", array($cuid, $dbname)); if (!$db->num_rows()) { $err->raise("mysql", _("Database %s not found"), $dbn); return array("enabled" => false); @@ -262,13 +262,13 @@ class m_mysql { $err->raise("mysql", _("Database name cannot exceed %d characters"), $len); return false; } - $db->query("SELECT * FROM db WHERE db='$dbname';"); + $db->query("SELECT * FROM db WHERE db= ? ;", array($dbname)); if ($db->num_rows()) { $err->raise("mysql", _("Database %s already exists"), $dbn); return false; } - $db->query("SELECT name from dbusers where name='" . $dbname . "' and enable='ACTIVATED' ;"); + $db->query("SELECT name from dbusers where name= ? and enable='ACTIVATED' ;", array($dbname)); if (!$db->num_rows()) { $password_user = create_pass(8); if (!$this->add_user($dbn, $password_user, $password_user)) { @@ -277,7 +277,7 @@ class m_mysql { } //checking for the phpmyadmin user - $db->query("SELECT * FROM dbusers WHERE uid=$cuid AND enable='ADMIN';"); + $db->query("SELECT * FROM dbusers WHERE uid= ? AND enable='ADMIN';", array($cuid)); if ($db->num_rows()) { $db->next_record(); $myadm = $db->f("name"); @@ -288,10 +288,10 @@ class m_mysql { } //Grant the special user every rights. - if ($this->dbus->query("CREATE DATABASE `$dbname`;")) { + if ($this->dbus->query("CREATE DATABASE ? ;", array($dbname)) { $err->log("mysql", "add_db_succes", $dbn); // Ok, database does not exist, quota is ok and dbname is compliant. Let's proceed - $db->query("INSERT INTO db (uid,login,pass,db,bck_mode) VALUES ('$cuid','$myadm','$password','$dbname',0);"); + $db->query("INSERT INTO db (uid,login,pass,db,bck_mode) VALUES (?, ?, ?, ? ,0)", array($cuid, $myadm, $password, $dbname)); $dbuser = $dbname; $dbname = str_replace('_', '\_', $dbname); $this->grant($dbname, $myadm, "ALL PRIVILEGES", $password); @@ -317,8 +317,7 @@ class m_mysql { function del_db($dbn) { global $db, $err, $cuid; $err->log("mysql", "del_db", $dbn); - $dbname = addslashes($dbn); - $db->query("SELECT uid FROM db WHERE db='$dbname';"); + $db->query("SELECT uid FROM db WHERE db= ?;", array($dbname)); if (!$db->num_rows()) { $err->raise("mysql", _("The database was not found. I can't delete it")); return false; @@ -326,15 +325,15 @@ class m_mysql { $db->next_record(); // Ok, database exists and dbname is compliant. Let's proceed - $db->query("DELETE FROM size_db WHERE db='$dbname';"); - $db->query("DELETE FROM db WHERE uid='$cuid' AND db='$dbname';"); - $this->dbus->query("DROP DATABASE `$dbname`;"); + $db->query("DELETE FROM size_db WHERE db ?;", array($dbname)); + $db->query("DELETE FROM db WHERE uid= ? AND db= ? ;", array($cuid, $dbname)); + $this->dbus->query("DROP DATABASE ? ;", array($dbname)); $db_esc = str_replace('_', '\_', $dbname); - $this->dbus->query("DELETE FROM mysql.db WHERE Db='$db_esc';"); + $this->dbus->query("DELETE FROM mysql.db WHERE Db= ? ;", array($db_esc)); #We test if the user created with the database is associated with more than 1 database. - $this->dbus->query("select User from mysql.db where User='" . $dbname . "' and (Select_priv='Y' or Insert_priv='Y' or Update_priv='Y' or Delete_priv='Y' or Create_priv='Y' or Drop_priv='Y' or References_priv='Y' or Index_priv='Y' or Alter_priv='Y' or Create_tmp_table_priv='Y' or Lock_tables_priv='Y');"); + $this->dbus->query("select User from mysql.db where User= ? and (Select_priv='Y' or Insert_priv='Y' or Update_priv='Y' or Delete_priv='Y' or Create_priv='Y' or Drop_priv='Y' or References_priv='Y' or Index_priv='Y' or Alter_priv='Y' or Create_tmp_table_priv='Y' or Lock_tables_priv='Y');", array($dbname)); if (($this->dbus->num_rows()) == 0) { #If not we can delete it. $this->del_user($dbname); @@ -373,7 +372,7 @@ class m_mysql { $err->raise("mysql", _("Database name can contain only letters and numbers")); return false; } - $db->query("SELECT * FROM db WHERE uid='$cuid' AND db='$dbname';"); + $db->query("SELECT * FROM db WHERE uid= ? AND db= ? ;", array($cuid, $dbname)); if (!$db->num_rows()) { $err->raise("mysql", _("Database %s not found"), $dbn); return false; @@ -397,7 +396,7 @@ class m_mysql { $err->raise("mysql", _("Directory does not exist")); return false; } - $db->query("UPDATE db SET bck_mode='$bck_mode', bck_history='$bck_history', bck_gzip='$bck_gzip', bck_dir='$bck_dir' WHERE uid='$cuid' AND db='$dbname';"); + $db->query("UPDATE db SET bck_mode= ? , bck_history= ?, bck_gzip= ?, bck_dir= ? WHERE uid= ? AND db= ? ;", array($bck_mode, $bck_history, $bck_gzip, $bck_dir, $cuid, $dbname)); return true; } @@ -410,7 +409,7 @@ class m_mysql { function put_mysql_details($password) { global $db, $err, $cuid, $admin; $err->log("mysql", "put_mysql_details"); - $db->query("SELECT * FROM db WHERE uid='$cuid';"); + $db->query("SELECT * FROM db WHERE uid= ?;", array($cuid)); if (!$db->num_rows()) { $err->raise("mysql", _("Database not found")); return false; @@ -437,8 +436,8 @@ class m_mysql { } // Update all the "pass" fields for this user : - $db->query("UPDATE db SET pass='$password' WHERE uid='$cuid';"); - $this->dbus->query("SET PASSWORD FOR " . $login . "@" . $this->dbus->Client . " = PASSWORD('$password');"); + $db->query("UPDATE db SET pass= ? WHERE uid= ?;", array($password, $cuid)); + $this->dbus->query("SET PASSWORD FOR ? = PASSWORD(?);", array( $login . "@" . $this->dbus->Client, $password)); return true; } @@ -457,7 +456,7 @@ class m_mysql { if (!preg_match("#^[0-9a-z_\\*\\\\]*$#", $base)) { $err->raise("mysql", _("Database name can contain only letters and numbers")); return false; - } elseif (!$this->dbus->query("select db from db where db='$base';")) { + } elseif (!$this->dbus->query("select db from db where db= ?;", array($base))) { $err->raise("mysql", _("Database not found")); return false; }