diff --git a/bureau/class/m_mysql.php b/bureau/class/m_mysql.php index f3c960a7..dbb3785f 100644 --- a/bureau/class/m_mysql.php +++ b/bureau/class/m_mysql.php @@ -288,7 +288,7 @@ class m_mysql { } //Grant the special user every rights. - if ($this->dbus->query("CREATE DATABASE ? ;", array($dbname)) { + if ($this->dbus->query("CREATE DATABASE ? ;", array($dbname))) { $err->log("mysql", "add_db_succes", $dbn); // Ok, database does not exist, quota is ok and dbname is compliant. Let's proceed $db->query("INSERT INTO db (uid,login,pass,db,bck_mode) VALUES (?, ?, ?, ? ,0)", array($cuid, $myadm, $password, $dbname)); @@ -437,7 +437,7 @@ class m_mysql { // Update all the "pass" fields for this user : $db->query("UPDATE db SET pass= ? WHERE uid= ?;", array($password, $cuid)); - $this->dbus->query("SET PASSWORD FOR ? = PASSWORD(?);", array( $login . "@" . $this->dbus->Client, $password)); + $this->dbus->query("SET PASSWORD FOR " .$login . "@" . $this->dbus->Client . " = PASSWORD(?);", array($password)); return true; } @@ -472,13 +472,14 @@ class m_mysql { $err->raise("mysql", _("The username can contain only letters and numbers.")); return false; } - $db->query("select name from dbusers where name='" . $user . "' ;"); + $db->query("select name from dbusers where name= ? ;", array($user)); if (!$db->num_rows()) { $err->raise("mysql", _("Database user not found")); return false; } + // @TODO:EM: does this part have to be escaped? # Protect database name if not wildcard if ($base != '*') { $base = "`" . $base . "`"; @@ -555,6 +556,7 @@ class m_mysql { * @access private */ function get_db_size($dbname) { + // @TODO:EM: does this part have to be escaped? $this->dbus->query("SHOW TABLE STATUS FROM `$dbname`;"); $size = 0; while ($this->dbus->next_record()) { @@ -576,9 +578,9 @@ class m_mysql { $err->log("mysql", "get_userslist"); $c = array(); if (!$all) { - $db->query("SELECT name FROM dbusers WHERE uid='$cuid' and enable not in ('ADMIN','HIDDEN') ORDER BY name;"); + $db->query("SELECT name FROM dbusers WHERE uid= ? and enable not in ('ADMIN','HIDDEN') ORDER BY name;", array($cuid)); } else { - $db->query("SELECT name FROM dbusers WHERE uid='$cuid' ORDER BY name;"); + $db->query("SELECT name FROM dbusers WHERE uid= ? ORDER BY name;", array($cuid)); } while ($db->next_record()) { $pos = strpos($db->f("name"), "_"); @@ -600,7 +602,7 @@ class m_mysql { $dbu = $dbn; $r = array(); $dbn = str_replace('_', '\_', $dbn); - $this->dbus->query("Select * from mysql.db where Db='" . $dbn . "' and User!='" . $cuid . "_myadm';"); + $this->dbus->query("Select * from mysql.db where Db= ? and User!= ? ;", array($dbn, $cuid."_myadm")); if (!$db->num_rows()) { return $r; @@ -666,7 +668,7 @@ class m_mysql { } } } //endwhile - if (!$db->query("SELECT name,password from dbusers where name='" . $dbu . "';")) { + if (!$db->query("SELECT name,password from dbusers where name= ? ;", array($dbu))) { return $r; } @@ -699,7 +701,6 @@ class m_mysql { } else { $user = $usern; } - $pass = addslashes($password); if (!$usern) { $err->raise("mysql", _("The username is mandatory")); @@ -720,7 +721,7 @@ class m_mysql { $err->raise("mysql", _("MySQL username cannot exceed %d characters"), $len); return false; } - $db->query("SELECT * FROM dbusers WHERE name='$user';"); + $db->query("SELECT * FROM dbusers WHERE name= ? ;", array($user)); if ($db->num_rows()) { $err->raise("mysql", _("The database user already exists")); return false; @@ -738,7 +739,7 @@ class m_mysql { } // We add him to the user table - $db->query("INSERT INTO dbusers (uid,name,password,enable) VALUES($cuid,'$user','$password','ACTIVATED');"); + $db->query("INSERT INTO dbusers (uid,name,password,enable) VALUES( ?, ?, ?, 'ACTIVATED');", array($cuid, $user, $password)); $this->grant("*", $user, "USAGE", $pass); return true; @@ -752,14 +753,13 @@ class m_mysql { * @param $password The password for this username * @param $passconf The password confirmation * @return boolean if the password has been changed in MySQL or FALSE if an error occurred + * @TODO:EM: is this correctly escaped ? * */ function change_user_password($usern, $password, $passconf) { global $db, $err, $cuid, $admin; $err->log("mysql", "change_user_pass", $usern); $usern = trim($usern); - $user = addslashes($usern); - $pass = addslashes($password); if ($password != $passconf || !$password) { $err->raise("mysql", _("The passwords do not match")); return false; @@ -771,8 +771,8 @@ class m_mysql { return false; // The error has been raised by checkPolicy() } } - $this->dbus->query("SET PASSWORD FOR '" . $user . "'@'" . $this->dbus->Client . "' = PASSWORD('" . $pass . "');"); - $db->query("UPDATE dbusers set password='" . $pass . "' where name='" . $usern . "' and uid=$cuid ;"); + $this->dbus->query("SET PASSWORD FOR '" . addslashes($usern) . "'@'" . $this->dbus->Client . "' = PASSWORD(?);", array($pass)); + $db->query("UPDATE dbusers set password= ? where name= ? and uid= ? ;", array($pass, $usern, $cuid)); return true; } @@ -792,9 +792,9 @@ class m_mysql { return false; } if (!$all) { - $db->query("SELECT name FROM dbusers WHERE name='" . $user . "' and enable not in ('ADMIN','HIDDEN');"); + $db->query("SELECT name FROM dbusers WHERE name= ? and enable not in ('ADMIN','HIDDEN');", array($user)); } else { - $db->query("SELECT name FROM dbusers WHERE uid='" . $cuid . "' ;"); + $db->query("SELECT name FROM dbusers WHERE uid= ? ;", array($cuid)); } if (!$db->num_rows()) { @@ -805,12 +805,13 @@ class m_mysql { $login = $db->f("name"); // Ok, database exists and dbname is compliant. Let's proceed + // @TODO:EM: is this correctly escaped ? $this->dbus->query("REVOKE ALL PRIVILEGES ON *.* FROM '" . $user . "'@'" . $this->dbus->Client . "';"); - $this->dbus->query("DELETE FROM mysql.db WHERE User='" . $user . "' AND Host='" . $this->dbus->Client . "';"); - $this->dbus->query("DELETE FROM mysql.user WHERE User='" . $user . "' AND Host='" . $this->dbus->Client . "';"); + $this->dbus->query("DELETE FROM mysql.db WHERE User= ? AND Host= ? ;", array($user, $this->dbus->Client)); + $this->dbus->query("DELETE FROM mysql.user WHERE User= ? AND Host= ? ;", array($user, $this->dbus->Client)); $this->dbus->query("FLUSH PRIVILEGES"); - $db->query("DELETE FROM dbusers WHERE uid='$cuid' AND name='" . $user . "';"); + $db->query("DELETE FROM dbusers WHERE uid= ? AND name= ? ;", array($cuid, $user)); return true; } @@ -824,7 +825,7 @@ class m_mysql { function get_user_dblist($user) { global $db, $err; - $this->dbus->query("SELECT * FROM mysql.user WHERE User='" . $user . "' AND Host='" . $this->dbus->Client . "';"); + $this->dbus->query("SELECT * FROM mysql.user WHERE User= ? AND Host= ? ;", array($user, $this->dbus->Client)); if (!$this->dbus->next_record()) { $err->raise('mysql', _("This user does not exist in the MySQL/User database")); return false; @@ -836,10 +837,10 @@ class m_mysql { foreach ($dblist as $tab) { $pos = strpos($tab['db'], "_"); if ($pos === false) { - $this->dbus->query("SELECT * FROM mysql.db WHERE User='" . $user . "' AND Host='" . $this->dbus->Client . "' AND Db='" . $tab["db"] . "';"); + $this->dbus->query("SELECT * FROM mysql.db WHERE User= ? AND Host= ? AND Db= ? ;", array($user, $this->dbus->Client, $tab["db"])); } else { $dbname = str_replace('_', '\_', $tab['db']); - $this->dbus->query("SELECT * FROM mysql.db WHERE User='" . $user . "' AND Host='" . $this->dbus->Client . "' AND Db='" . $dbname . "';"); + $this->dbus->query("SELECT * FROM mysql.db WHERE User= ? AND Host= ? AND Db= ? ;", array($user, $this->dbus->Client, $dbname) ); } if ($this->dbus->next_record()) { $r[] = array("db" => $tab["db"], "select" => $this->dbus->f("Select_priv"), "insert" => $this->dbus->f("Insert_priv"), "update" => $this->dbus->f("Update_priv"), "delete" => $this->dbus->f("Delete_priv"), "create" => $this->dbus->f("Create_priv"), "drop" => $this->dbus->f("Drop_priv"), "references" => $this->dbus->f("References_priv"), "index" => $this->dbus->f("Index_priv"), "alter" => $this->dbus->f("Alter_priv"), "create_tmp" => $this->dbus->f("Create_tmp_table_priv"), "lock" => $this->dbus->f("Lock_tables_priv"), @@ -872,9 +873,7 @@ class m_mysql { global $err; $err->log("mysql", "set_user_rights"); - $usern = addslashes($user); - $dbname = addslashes($dbn); - $dbname = str_replace('_', '\_', $dbname); + $dbname = str_replace('_', '\_', $dbname); // On genere les droits en fonction du tableau de droits $strrights = ""; for ($i = 0; $i < count($rights); $i++) { @@ -937,7 +936,12 @@ class m_mysql { } // We reset all user rights on this DB : - $this->dbus->query("SELECT * FROM mysql.db WHERE User = '$usern' AND Db = '$dbname';"); + $this->dbus->query("SELECT * FROM mysql.db WHERE User = ? AND Db = ?;", array($usern, $dbname)); + + // @TODO:EM: This has to be verified, and maybe we should use another way to escape those requests + $usern = addslashes($user); + $dbname = addslashes($dbn); + if ($this->dbus->num_rows()) { $this->dbus->query("REVOKE ALL PRIVILEGES ON `$dbname`.* FROM '$usern'@'" . $this->dbus->Client . "';"); } @@ -999,7 +1003,7 @@ class m_mysql { global $db, $err, $cuid, $mem; $err->log("mysql", "alternc_add_member"); //checking for the phpmyadmin user - $db->query("SELECT name,password FROM dbusers WHERE uid=$cuid AND Type='ADMIN';"); + $db->query("SELECT name,password FROM dbusers WHERE uid= ? AND Type='ADMIN';", array($cuid)); if ($db->num_rows()) { $myadm = $db->f("name"); $password = $db->f("password"); @@ -1009,7 +1013,7 @@ class m_mysql { } - $db->query("INSERT INTO dbusers (uid,name,password,enable) VALUES ('$cuid','$myadm','$password','ADMIN');"); + $db->query("INSERT INTO dbusers (uid,name,password,enable) VALUES (?, ?, ?, 'ADMIN');", array($cuid, $myadm, $password)); return true; } @@ -1061,7 +1065,7 @@ class m_mysql { //TODO don't work with separated sql server for dbusers global $db, $err, $cuid; $err->log("mysql", "export"); - $db->query("SELECT login, pass, db, bck_mode, bck_dir, bck_history, bck_gzip FROM db WHERE uid='$cuid';"); + $db->query("SELECT login, pass, db, bck_mode, bck_dir, bck_history, bck_gzip FROM db WHERE uid= ? ;", array($cuid)); $str = ""; if ($db->next_record()) { $str.=" \n"; @@ -1093,7 +1097,7 @@ class m_mysql { function alternc_export_data($dir) { global $db, $err, $cuid; $err->log("mysql", "export_data"); - $db->query("SELECT db.login, db.pass, db.db, dbusers.name FROM db,dbusers WHERE db.uid='$cuid' AND dbusers.uid=db.uid;"); + $db->query("SELECT db.login, db.pass, db.db, dbusers.name FROM db,dbusers WHERE db.uid= ? AND dbusers.uid=db.uid;", array($cuid)); $dir.="sql/"; if (!is_dir($dir)) { if (!mkdir($dir)) { @@ -1133,6 +1137,7 @@ class m_mysql { $this->dbus->query("show databases;"); $res = array(); + //@TODO: this has to be done in another way while ($this->dbus->next_record()) { $dbname = $this->dbus->f("Database"); $c = mysql_query("SHOW TABLE STATUS FROM $dbname;"); diff --git a/bureau/class/m_piwik.php b/bureau/class/m_piwik.php index 982fdf1c..2ae6edc1 100644 --- a/bureau/class/m_piwik.php +++ b/bureau/class/m_piwik.php @@ -77,7 +77,7 @@ class m_piwik { */ function hook_quota_get() { global $db, $cuid; - $db->query("SELECT COUNT(id) AS nb FROM piwik_users WHERE uid='$cuid'"); + $db->query("SELECT COUNT(id) AS nb FROM piwik_users WHERE uid= ? ;", array($cuid)); $q=Array("name"=>"piwik", "description"=>_("Statistics through Piwik accounts"), "used"=>0); if ($db->next_record()) { $q['used']=$db->f('nb'); @@ -110,7 +110,7 @@ class m_piwik { if ($api_data->result === 'success') { $user = $this->get_user($user_login); $user_creation_date = $user->date_registered; - return $db->query("INSERT INTO piwik_users (uid, login, created_date) VALUES ('$cuid', '$user_login', '$user_creation_date')"); + return $db->query("INSERT INTO piwik_users (uid, login, created_date) VALUES ( ?, ?, ?,);", array($cuid, $user_login, $user_creation_date)); } } else { // api_data = false -> error is already filled return FALSE; @@ -169,7 +169,7 @@ class m_piwik { global $db, $cuid; static $alternc_users = array(); - $db->query("SELECT login FROM piwik_users WHERE uid='$cuid'"); + $db->query("SELECT login FROM piwik_users WHERE uid= ?;", array($cuid)); while ($db->next_record()) array_push($alternc_users, $db->f('login')); @@ -180,13 +180,13 @@ class m_piwik { function user_delete($piwik_user_login) { global $db, $cuid, $err; - $db->query("SELECT created_date, COUNT(id) AS cnt FROM piwik_users WHERE uid='$cuid' AND login='$piwik_user_login'"); + $db->query("SELECT created_date, COUNT(id) AS cnt FROM piwik_users WHERE uid= ? AND login= ? ", array($cuid, $piwik_user_login)); $db->next_record(); if ($db->f('cnt') == 1) { $api_data = $this->call_privileged_page('API', 'UsersManager.deleteUser', array('userLogin' => $piwik_user_login)); if ($api_data->result == 'success') { - return $db->query("DELETE FROM piwik_users WHERE uid='$cuid' AND login='$piwik_user_login'"); + return $db->query("DELETE FROM piwik_users WHERE uid= ? AND login= ? ;", array($cuid, $piwik_user_login)); } else { return FALSE; @@ -200,7 +200,7 @@ class m_piwik { function users_list() { global $db, $cuid; - $db->query("SELECT login FROM piwik_users WHERE uid = '$cuid'"); + $db->query("SELECT login FROM piwik_users WHERE uid = ?;", array($cuid)); if ($db->num_rows() == 0) return array(); $users = ''; @@ -277,7 +277,7 @@ class m_piwik { global $db, $cuid; static $alternc_sites = array(); - $db->query("SELECT piwik_id AS site_id FROM piwik_sites WHERE uid='$cuid'"); + $db->query("SELECT piwik_id AS site_id FROM piwik_sites WHERE uid= ? ;", array($cuid)); while ($db->next_record()) array_push($alternc_sites, $db->f('site_id')); @@ -294,7 +294,7 @@ class m_piwik { global $db, $cuid; $urls = is_array($urls) ? implode(',', $urls) : $urls; $api_data = $this->call_privileged_page('API', 'SitesManager.addSite', array('siteName' => $siteName, 'urls' => $urls)); - $db->query("INSERT INTO piwik_sites set uid='$cuid', piwik_id='{$api_data->value}'"); + $db->query("INSERT INTO piwik_sites set uid= ? , piwik_id= ? ", array($cuid, $api_data->value)); return TRUE; } @@ -304,13 +304,13 @@ class m_piwik { function site_delete($site_id) { global $db, $cuid, $err; - $db->query("SELECT COUNT(id) AS cnt FROM piwik_sites WHERE uid='$cuid' AND piwik_id='$site_id'"); + $db->query("SELECT COUNT(id) AS cnt FROM piwik_sites WHERE uid= ? AND piwik_id= ? ;", array($cuid, $site_id)); $db->next_record(); if ($db->f('cnt') == 1) { $api_data = $this->call_privileged_page('API', 'SitesManager.deleteSite', array('idSite' => $site_id)); if ($api_data->result == 'success') { - return $db->query("DELETE FROM piwik_sites where uid='$cuid' AND piwik_id='$site_id' LIMIT 1"); + return $db->query("DELETE FROM piwik_sites where uid= ? AND piwik_id= ? LIMIT 1", array($cuid, $site_id)); } else { return FALSE; } diff --git a/bureau/class/m_quota.php b/bureau/class/m_quota.php index 08b9ac00..69f3d46a 100644 --- a/bureau/class/m_quota.php +++ b/bureau/class/m_quota.php @@ -157,7 +157,7 @@ class m_quota { $type = $quota->listtype(); foreach ($type as $t) { foreach ($qt as $q => $vv) { - $db->query("INSERT IGNORE defquotas (value,quota,type) VALUES (0,'$q','$t');"); + $db->query("INSERT IGNORE defquotas (value,quota,type) VALUES (0, ?, ?);", array($q, $t)); } } return true; @@ -212,7 +212,7 @@ class m_quota { } // Get the allowed quota from database. - $db->query("select name, total from quotas where uid='$cuid';"); + $db->query("select name, total from quotas where uid= ? ;", array($cuid)); while ($db->next_record()) { $this->quotas[$db->f('name')]['t'] = $db->f('total'); } @@ -255,11 +255,11 @@ class m_quota { } } // We check that this ressource exists for this client : - $db->query("SELECT * FROM quotas WHERE uid='$cuid' AND name='$ressource'"); + $db->query("SELECT * FROM quotas WHERE uid= ? AND name= ? ", array($cuid, $ressource)); if ($db->num_rows()) { - $db->query("UPDATE quotas SET total='$size' WHERE uid='$cuid' AND name='$ressource';"); + $db->query("UPDATE quotas SET total= e WHERE uid= ? AND name= ?;", array($size, $cuid, $ressource)); } else { - $db->query("INSERT INTO quotas (uid,name,total) VALUES ('$cuid','$ressource','$size');"); + $db->query("INSERT INTO quotas (uid,name,total) VALUES (?, ?, ?);", array($cuid, $ressource, $size)); } return true; } @@ -272,7 +272,7 @@ class m_quota { function delquotas() { global $db, $err, $cuid; $err->log("quota", "delquota"); - $db->query("DELETE FROM quotas WHERE uid='$cuid';"); + $db->query("DELETE FROM quotas WHERE uid= ?;", array($cuid)); return true; } @@ -309,7 +309,7 @@ class m_quota { foreach ($newq as $type => $quotas) { foreach ($quotas as $qname => $value) { if (array_key_exists($qname, $qlist)) { - if (!$db->query("REPLACE INTO defquotas (value,quota,type) VALUES ($value,'$qname','$type');")) { + if (!$db->query("REPLACE INTO defquotas (value,quota,type) VALUES ( ?, ?, ?); ", array($value, $qname, $type))) { return false; } } @@ -336,7 +336,7 @@ class m_quota { return false; } while (list($key, $val) = each($qlist)) { - if (!$db->query("INSERT IGNORE INTO defquotas (quota,type) VALUES('$key', '$type');") || $db->affected_rows() == 0) { + if (!$db->query("INSERT IGNORE INTO defquotas (quota,type) VALUES(?, ?);", array($key, $type)) || $db->affected_rows() == 0) { return false; } } @@ -367,8 +367,8 @@ class m_quota { function deltype($type) { global $db; - if ($db->query("UPDATE membres SET type='default' WHERE type='$type'") && - $db->query("DELETE FROM defquotas WHERE type='$type'")) { + if ($db->query("UPDATE membres SET type='default' WHERE type= ? ;", array($type)) && + $db->query("DELETE FROM defquotas WHERE type= ?;", array($type))) { return true; } else { return false; @@ -390,12 +390,12 @@ class m_quota { if (!$db->next_record()) { $this->addtype('default'); } - $db->query("SELECT type FROM membres WHERE uid='$cuid'"); + $db->query("SELECT type FROM membres WHERE uid= ?;", array($cuid)); $db->next_record(); $t = $db->f("type"); foreach ($ql as $res => $val) { - $db->query("SELECT value FROM defquotas WHERE quota='$res' AND type='$t'"); + $db->query("SELECT value FROM defquotas WHERE quota= ? AND type= ? ;", array($res, $t)); $q = $db->next_record() ? $db->f("value") : 0; $this->setquota($res, $q); } diff --git a/bureau/class/variables.php b/bureau/class/variables.php index 11d439da..43ab6d43 100644 --- a/bureau/class/variables.php +++ b/bureau/class/variables.php @@ -128,11 +128,14 @@ function variable_set($name, $value, $comment = null) { if (!array_key_exists($name, $conf) || $value != $conf[$name]) { $conf[$name] = $value; if (empty($comment)) { - $query = "INSERT INTO variable (name, value) values ('" . $name . "', '" . addslashes($value2) . "') on duplicate key update name='" . $name . "', value='" . addslashes($value2) . "';"; + $query = "INSERT INTO variable (name, value) values ( ?, ?) on duplicate key update name= ?, value= ? ;"; + $query_args = array($name, $value2, $name, $value2); + } else { - $query = "INSERT INTO variable (name, value, comment) values ('" . $name . "', '" . addslashes($value2) . "', '$comment') on duplicate key update name='" . $name . "', value='" . addslashes($value2) . "', comment='" . addslashes($comment) . "';"; + $query = "INSERT INTO variable (name, value, comment) values ( ?, ?, ?) on duplicate key update name= ?, value= ?, comment= ? ;"; + $query_args = array($name, $value2, $comment, $name, $value2, $comment); } - $db->query($query); + $db->query($query, $query_args); $hooks->invoke("hook_variable_set", array("name" => $name, "old" => $previous, "new" => $value)); } } @@ -145,7 +148,7 @@ function variable_set($name, $value, $comment = null) { */ function variable_del($name) { global $conf, $db; - $db->query("DELETE FROM `variable` WHERE name = '" . $name . "'"); + $db->query("DELETE FROM `variable` WHERE name = ?;", array($name)); unset($conf[$name]); }