- Add config option to allow sorting by bookmark creation date
instead of modification date
- Fix bug #2887063: Common tag combination description feels broken
+- Fix several SQL injection possibilities
0.95.1 - 2009-11-16
$privacy = ' AND B.bStatus = 0 ';
}
- $query = 'SELECT T.tag, COUNT(T.tag) AS bCount FROM '.$GLOBALS['tableprefix'].'bookmarks AS B LEFT JOIN '.$GLOBALS['tableprefix'].'bookmarks2tags AS T ON B.bId = T.bId WHERE B.bHash = "'. $hash .'" '. $privacy .'AND LEFT(T.tag, 7) <> "system:" GROUP BY T.tag ORDER BY bCount DESC';
+ $query = 'SELECT T.tag, COUNT(T.tag) AS bCount FROM '.$GLOBALS['tableprefix'].'bookmarks AS B LEFT JOIN '.$GLOBALS['tableprefix'].'bookmarks2tags AS T ON B.bId = T.bId WHERE B.bHash = \''. $this->db->sql_escape($hash) .'\' '. $privacy .'AND LEFT(T.tag, 7) <> "system:" GROUP BY T.tag ORDER BY bCount DESC';
if (!($dbresult =& $this->db->sql_query_limit($query, $limit))) {
message_die(GENERAL_ERROR, 'Could not get related tags for this hash', '', __LINE__, __FILE__, $query, $this->db);
$query = "SELECT *";
$query.= " FROM `". $this->getTableName() ."`";
- $query.= " WHERE tag='".$tag."'";
+ $query.= ' WHERE tag=\'' . $this->db->sql_escape($tag) . "'";
$query.= " ORDER BY cdDatetime DESC";
if (!($dbresult = & $this->db->sql_query_limit($query, 1, 0))) {
function getAllTagsDescription($tag) {
$query = "SELECT *";
$query.= " FROM `". $this->getTableName() ."`";
- $query.= " WHERE tag='".$tag."'";
+ $query.= ' WHERE tag=\'' . $this->db->sql_escape($tag) . "'";
$query.= " ORDER BY cdDatetime DESC";
if (!($dbresult = & $this->db->sql_query($query))) {
function getDescriptionById($cdId) {
$query = "SELECT *";
$query.= " FROM `". $this->getTableName() ."`";
- $query.= " WHERE cdId='".$cdId."'";
+ $query.= ' WHERE cdId=\'' . $this->db->sql_escape($cdId) . "'";
if (!($dbresult = & $this->db->sql_query($query))) {
message_die(GENERAL_ERROR, 'Could not get tag descriptions', '', __LINE__, __FILE__, $query, $this->db);
function getLastBookmarkDescription($bHash) {
$query = "SELECT *";
$query.= " FROM `". $this->getTableName() ."`";
- $query.= " WHERE bHash='".$bHash."'";
+ $query.= ' WHERE bHash=\'' . $this->db->sql_escape($bHash) . "'";
$query.= " ORDER BY cdDatetime DESC";
if (!($dbresult = & $this->db->sql_query_limit($query, 1, 0))) {
function getAllBookmarksDescription($bHash) {
$query = "SELECT *";
$query.= " FROM `". $this->getTableName() ."`";
- $query.= " WHERE bHash='".$bHash."'";
+ $query.= ' WHERE bHash=\'' . $this->db->sql_escape($bHash) . "'";
$query.= " ORDER BY cdDatetime DESC";
if (!($dbresult = & $this->db->sql_query($query))) {
function getDescription($tag, $uId) {
$query = 'SELECT tag, uId, tDescription';
$query.= ' FROM '.$this->getTableName();
- $query.= ' WHERE tag = "'.$tag.'"';
- $query.= ' AND uId = "'.$uId.'"';
+ $query.= ' WHERE tag = \''. $this->db->sql_escape($tag) . "'";
+ $query.= ' AND uId = ' . intval($uId);
if (!($dbresult = & $this->db->sql_query($query))) {
message_die(GENERAL_ERROR, 'Could not get tag description', '', __LINE__, __FILE__, $query, $this->db);
function existsDescription($tag, $uId) {
$query = 'SELECT tag, uId, tDescription';
$query.= ' FROM '.$this->getTableName();
- $query.= ' WHERE tag = "'.$tag.'"';
- $query.= ' AND uId = "'.$uId.'"';
+ $query.= ' WHERE tag = \'' . $this->db->sql_escape($tag) . "'";
+ $query.= ' AND uId = "' . intval($uId) . '"';
if (!($dbresult = & $this->db->sql_query($query))) {
message_die(GENERAL_ERROR, 'Could not get tag description', '', __LINE__, __FILE__, $query, $this->db);
function getAllDescriptions($tag) {
$query = 'SELECT tag, uId, tDescription';
$query.= ' FROM '.$this->getTableName();
- $query.= ' WHERE tag = "'.$tag.'"';
+ $query.= ' WHERE tag = \''. $this->db->sql_escape($tag) . "'";
if (!($dbresult = & $this->db->sql_query($query))) {
message_die(GENERAL_ERROR, 'Could not get tag description', '', __LINE__, __FILE__, $query, $this->db);
function updateDescription($tag, $uId, $desc) {
if($this->existsDescription($tag, $uId)) {
$query = 'UPDATE '.$this->getTableName();
- $query.= ' SET tDescription="'.$this->db->sql_escape($desc).'"';
- $query.= ' WHERE tag="'.$tag.'" AND uId="'.$uId.'"';
+ $query.= ' SET tDescription= \'' . $this->db->sql_escape($desc) . "'";
+ $query.= ' WHERE tag=\'' . $this->db->sql_escape($tag) . "' AND uId=" . intval($uId);
} else {
$values = array('tag'=>$tag, 'uId'=>$uId, 'tDescription'=>$desc);
$query = 'INSERT INTO '. $this->getTableName() .' '. $this->db->sql_build_array('INSERT', $values);
$newname = $this->normalize($newName);
$query = 'UPDATE `'. $this->getTableName() .'`';
- $query.= ' SET tag="'.$newName.'"';
- $query.= ' WHERE tag="'.$oldName.'"';
- $query.= ' AND uId="'.$uId.'"';
+ $query.= ' SET tag=\'' . $this->db->sql_escape($newName) . "'";
+ $query.= ' WHERE tag=\'' . $this->db->sql_escape($oldName) . "'";
+ $query.= ' AND uId=' . intval($uId);
$this->db->sql_query($query);
return true;
}
$query.= " FROM `". $this->getTableName() ."`";
$query.= " WHERE 1=1";
if($tag !=null) {
- $query.= " AND ". $givenTag ." = '". $tag ."'";
+ $query.= " AND ". $givenTag ." = '". $this->db->sql_escape($tag) ."'";
}
if($relationType) {
- $query.= " AND relationType = '". $relationType ."'";
+ $query.= " AND relationType = '". $this->db->sql_escape($relationType) ."'";
}
if(is_array($uId)) {
$query.= " AND ( 1=0 "; //tricks always false
foreach($uId as $u) {
- $query.= " OR uId = '".$u."'";
+ $query.= " OR uId = '".intval($u)."'";
}
$query.= " ) ";
} elseif($uId != null) {
- $query.= " AND uId = '".$uId."'";
+ $query.= " AND uId = '".intval($uId)."'";
}
//die($query);
if (! ($dbresult =& $this->db->sql_query($query)) ){
}
$query.= " WHERE tts.tag1 <> ALL";
$query.= " (SELECT DISTINCT tag2 FROM `". $this->getTableName() ."`";
- $query.= " WHERE relationType = '".$relationType."'";
+ $query.= " WHERE relationType = '" . $this->db->sql_escape($relationType) . "'";
if($uId > 0) {
- $query.= " AND uId = '".$uId."'";
+ $query.= " AND uId = '".intval($uId)."'";
}
$query.= ")";
if($uId > 0) {
- $query.= " AND tts.uId = '".$uId."'";
+ $query.= " AND tts.uId = '".intval($uId)."'";
}
switch($orderBy) {
case "nb":
$query.= " AND tts.tag1 = tsts.tag1";
- $query.= " AND tsts.relationType = '".$relationType."'";
+ $query.= " AND tsts.relationType = '" . $this->db->sql_escape($relationType) . "'";
if($uId > 0) {
- $query.= " AND tsts.uId = ".$uId;
+ $query.= " AND tsts.uId = " . intval($uId);
}
$query.= " ORDER BY tsts.nb DESC";
break;
case "depth": // by nb of descendants
$query.= " AND tts.tag1 = tsts.tag1";
- $query.= " AND tsts.relationType = '".$relationType."'";
+ $query.= " AND tsts.relationType = '" . $this->db->sql_escape($relationType) . "'";
if($uId > 0) {
- $query.= " AND tsts.uId = ".$uId;
+ $query.= " AND tsts.uId = " . intval($uId);
}
$query.= " ORDER BY tsts.depth DESC";
break;
case "nbupdate":
$query.= " AND tts.tag1 = tsts.tag1";
- $query.= " AND tsts.relationType = '".$relationType."'";
+ $query.= " AND tsts.relationType = '" . $this->db->sql_escape($relationType) . "'";
if($uId > 0) {
- $query.= " AND tsts.uId = ".$uId;
+ $query.= " AND tsts.uId = " . intval($uId);
}
$query.= " ORDER BY tsts.nbupdate DESC";
break;
}
if($limit != null) {
- $query.= " LIMIT 0,".$limit;
+ $query.= " LIMIT 0," . intval($limit);
}
if (! ($dbresult =& $this->db->sql_query($query)) ){
// we don't use the getAllLinkedTags function in order to improve performance
$query = "SELECT tag2 as 'tag', COUNT(tag2) as 'count'";
$query.= " FROM `". $this->getTableName() ."`";
- $query.= " WHERE tag1 = '".$GLOBALS['menuTag']."'";
+ $query.= " WHERE tag1 = '" . $this->db->sql_escape($GLOBALS['menuTag']) . "'";
$query.= " AND relationType = '>'";
if($uId > 0) {
- $query.= " AND uId = '".$uId."'";
+ $query.= " AND uId = " . intval($uId);
}
$query.= " GROUP BY tag2";
$query.= " ORDER BY count DESC";
- $query.= " LIMIT 0, ".$GLOBALS['maxSizeMenuBlock'];
+ $query.= " LIMIT 0, " . intval($GLOBALS['maxSizeMenuBlock']);
if (! ($dbresult =& $this->db->sql_query($query)) ){
message_die(GENERAL_ERROR, 'Could not get linked tags', '', __LINE__, __FILE__, $query, $this->db);
//$tag2 = mysql_real_escape_string($tag2);
$query = "SELECT tag1, tag2, relationType, uId FROM `". $this->getTableName() ."`";
- $query.= " WHERE tag1 = '" .$tag1 ."'";
- $query.= " AND tag2 = '".$tag2."'";
- $query.= " AND relationType = '". $relationType ."'";
- $query.= " AND uId = '".$uId."'";
+ $query.= " WHERE tag1 = '" . $this->db->sql_escape($tag1) . "'";
+ $query.= " AND tag2 = '" . $this->db->sql_escape($tag2) . "'";
+ $query.= " AND relationType = '" . $this->db->sql_escape($relationType) . "'";
+ $query.= " AND uId = " . intval($uId);
//echo($query."<br>\n");
$query = "SELECT tag1, tag2, relationType, uId FROM `". $this->getTableName() ."`";
$query.= " WHERE 1=1";
if($uId > 0) {
- $query.= " AND uId = '".$uId."'";
+ $query.= " AND uId = " . intval($uId);
}
$dbres = $this->db->sql_query($query);
}
$query = 'DELETE FROM '. $this->getTableName();
$query.= ' WHERE 1=1';
- $query.= strlen($tag1)>0 ? ' AND tag1 = "'. $tag1 .'"' : '';
- $query.= strlen($tag2)>0 ? ' AND tag2 = "'. $tag2 .'"' : '';
- $query.= strlen($relationType)>0 ? ' AND relationType = "'. $relationType .'"' : '';
- $query.= strlen($uId)>0 ? ' AND uId = "'. $uId .'"' : '';
+ $query.= strlen($tag1)>0 ? ' AND tag1 = \''. $this->db->sql_escape($tag1) . "'" : '';
+ $query.= strlen($tag2)>0 ? ' AND tag2 = \''. $this->db->sql_escape($tag2) . "'" : '';
+ $query.= strlen($relationType)>0 ? ' AND relationType = \''. $this->db->sql_escape($relationType) . "'" : '';
+ $query.= strlen($uId)>0 ? ' AND uId = '. intval($uId) : '';
if (!($dbresult =& $this->db->sql_query($query))) {
message_die(GENERAL_ERROR, 'Could not remove tag relation', '', __LINE__, __FILE__, $query, $this->db);
function removeLinkedTagsForUser($uId) {
$query = 'DELETE FROM '. $this->getTableName();
- $query.= ' WHERE uId = "'. $uId .'"';
+ $query.= ' WHERE uId = '. intval($uId);
if (!($dbresult =& $this->db->sql_query($query))) {
message_die(GENERAL_ERROR, 'Could not remove tag relation', '', __LINE__, __FILE__, $query, $this->db);
$newName = $tagservice->normalize($newName);
$query = 'UPDATE `'. $this->getTableName() .'`';
- $query.= ' SET tag1="'.$newName.'"';
- $query.= ' WHERE tag1="'.$oldName.'"';
- $query.= ' AND uId="'.$uId.'"';
+ $query.= ' SET tag1=\'' . $this->db->sql_escape($newName) ."'";
+ $query.= ' WHERE tag1=\'' . $this->db->sql_escape($oldName) . "'";
+ $query.= ' AND uId=' . intval($uId);
$this->db->sql_query($query);
$query = 'UPDATE `'. $this->getTableName() .'`';
- $query.= ' SET tag2="'.$newName.'"';
- $query.= ' WHERE tag2="'.$oldName.'"';
- $query.= ' AND uId="'.$uId.'"';
+ $query.= ' SET tag2=\'' . $this->db->sql_escape($newName) . "'";
+ $query.= ' WHERE tag2=\'' . $this->db->sql_escape($oldName) . "'";
+ $query.= ' AND uId=' . intval($uId);
$this->db->sql_query($query);
$query = "SELECT DISTINCT tag2 as 'tag'";
$query.= " FROM `". $this->getTableName() ."`";
$query.= " WHERE relationType = '>'";
- $query.= " AND tag1 = '".$tag1."'";
- $query.= " AND uId = '".$uId."'";
+ $query.= " AND tag1 = '" . $this->db->sql_escape($tag1) . "'";
+ $query.= " AND uId = " . intval($uId);
//die($query);
if (! ($dbresult =& $this->db->sql_query($query)) ){
$query = 'DELETE FROM '. $this->getTableName();
$query.= ' WHERE 1=1';
- $query.= strlen($tag1)>0 ? ' AND tag1 = "'. $tag1 .'"' : '';
- $query.= strlen($tag2)>0 ? ' AND tag2 = "'. $tag2 .'"' : '';
+ $query.= strlen($tag1)>0 ? ' AND tag1 = \''. $this->db->sql_escape($tag1) . "'" : '';
+ $query.= strlen($tag2)>0 ? ' AND tag2 = \''. $this->db->sql_escape($tag2) . "'" : '';
$query.= ' AND relationType = ">"';
- $query.= strlen($uId)>0 ? ' AND uId = "'. $uId .'"' : '';
+ $query.= strlen($uId)>0 ? ' AND uId = ' . intval($uId) : '';
if (!($dbresult =& $this->db->sql_query($query))) {
message_die(GENERAL_ERROR, 'Could not remove tag cache inference', '', __LINE__, __FILE__, $query, $this->db);
$tag2 = $tagservice->normalize($tag2);
$query = "SELECT tag1, tag2, relationType, uId FROM `". $this->getTableName() ."`";
- $query.= " WHERE tag1 = '" .$tag1 ."'";
- $query.= " AND tag2 = '".$tag2."'";
+ $query.= " WHERE tag1 = '" . $this->db->sql_escape($tag1) . "'";
+ $query.= " AND tag2 = '" . $this->db->sql_escape($tag2) . "'";
$query.= " AND relationType = '>'";
- $query.= " AND uId = '".$uId."'";
+ $query.= " AND uId = " . intval($uId);
//echo($query."<br>\n");
function removeSynonymGroup($tag1, $uId) {
$query = 'DELETE FROM '. $this->getTableName();
$query.= ' WHERE 1=1';
- $query.= ' AND tag1 = "'. $tag1 .'"';
+ $query.= ' AND tag1 = \''. $this->db->sql_escape($tag1) . "'";
$query.= ' AND relationType = "="';
- $query.= ' AND uId = "'. $uId .'"';
+ $query.= ' AND uId = ' . intval($uId);
if (!($dbresult =& $this->db->sql_query($query))) {
message_die(GENERAL_ERROR, 'Could not remove tag cache inference', '', __LINE__, __FILE__, $query, $this->db);
$tag1 = $tagservice->normalize($tag1);
$query = "SELECT tag1 FROM `". $this->getTableName() ."`";
- $query.= " WHERE tag1 = '" .$tag1 ."'";
+ $query.= " WHERE tag1 = '" . $this->db->sql_escape($tag1) ."'";
$query.= " AND relationType = '='";
- $query.= " AND uId = '".$uId."'";
+ $query.= " AND uId = " . intval($uId);
$dbres = $this->db->sql_query($query);
$rows = $this->db->sql_numrows($dbres);
$tag2 = $tagservice->normalize($tag2);
$query = "SELECT tag2 FROM `". $this->getTableName() ."`";
- $query.= " WHERE tag2 = '" .$tag2 ."'";
+ $query.= " WHERE tag2 = '" . $this->db->sql_escape($tag2) . "'";
$query.= " AND relationType = '='";
- $query.= " AND uId = '".$uId."'";
+ $query.= " AND uId = " . intval($uId);
$dbres = $this->db->sql_query($query);
$rows = $this->db->sql_numrows($dbres);
$query = "SELECT DISTINCT tag1 as 'tag'";
$query.= " FROM `". $this->getTableName() ."`";
$query.= " WHERE relationType = '='";
- $query.= " AND tag2 = '".$tag2."'";
- $query.= " AND uId = '".$uId."'";
+ $query.= " AND tag2 = '" . $this->db->sql_escape($tag2) . "'";
+ $query.= " AND uId = " . intval($uId);
//die($query);
if (! ($dbresult =& $this->db->sql_query($query)) ){
$query = "SELECT DISTINCT tag2 as 'tag'";
$query.= " FROM `". $this->getTableName() ."`";
$query.= " WHERE relationType = '='";
- $query.= " AND tag1 = '".$tag1."'";
- $query.= " AND uId = '".$uId."'";
- $query.= $tagExcepted!=''?" AND tag2!='".$tagExcepted."'":"";
+ $query.= " AND tag1 = '" . $this->db->sql_escape($tag1) . "'";
+ $query.= " AND uId = " . intval($uId);
+ $query.= $tagExcepted!=''?" AND tag2!='" . $this->db->sql_escape($tagExcepted) . "'" : '';
if (! ($dbresult =& $this->db->sql_query($query)) ){
message_die(GENERAL_ERROR, 'Could not get related tags', '', __LINE__, __FILE__, $query, $this->db);
projects / semanticscuttle.git / commitdiff