Ignore:
Timestamp:
May 18, 2011, 10:32:20 PM (13 years ago)
Author:
J.Commelin
Message:

Added banners to php files.
Escaped user data that would be inserted in queries.

Location:
extensions/Copyrights
Files:
1 deleted
3 edited

Legend:

Unmodified
Added
Removed
  • extensions/Copyrights/admin.php

    r10874 r10931  
    11<?php
     2// +-----------------------------------------------------------------------+
     3// | Piwigo - a PHP based picture gallery                                  |
     4// +-----------------------------------------------------------------------+
     5// | Copyright(C) 2008-2009 Piwigo Team                  http://piwigo.org |
     6// | Copyright(C) 2003-2008 PhpWebGallery Team    http://phpwebgallery.net |
     7// | Copyright(C) 2002-2003 Pierrick LE GALL   http://le-gall.net/pierrick |
     8// +-----------------------------------------------------------------------+
     9// | This program is free software; you can redistribute it and/or modify  |
     10// | it under the terms of the GNU General Public License as published by  |
     11// | the Free Software Foundation                                          |
     12// |                                                                       |
     13// | This program is distributed in the hope that it will be useful, but   |
     14// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
     15// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
     16// | General Public License for more details.                              |
     17// |                                                                       |
     18// | You should have received a copy of the GNU General Public License     |
     19// | along with this program; if not, write to the Free Software           |
     20// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
     21// | USA.                                                                  |
     22// +-----------------------------------------------------------------------+
    223
    324if (!defined("PHPWG_ROOT_PATH")){
     
    2243if (isset($_GET['tab'])) {
    2344  if ($_GET['tab'] == 'create') {
    24     $name = $_REQUEST['name'];
    25     $url = $_REQUEST['url'];
     45    $name = pwg_db_real_escape_string($_REQUEST['name']);
     46    $url = pwg_db_real_escape_string($_REQUEST['url']);
    2647    $visible = (isset($_REQUEST['visible']) ? 1 : 0);
    27     $query = '
    28       INSERT INTO '.COPYRIGHTS_ADMIN.'
     48    $query = sprintf(
     49      'INSERT INTO %s
    2950      (`name`,`url`,`visible`) VALUES
    30       ("'.$name.'","'.$url.'",'.$visible.')
    31       ;';
     51      ("%s","%s",%d)
     52      ;',
     53      COPYRIGHTS_ADMIN, $name, $url, $visible);
    3254    pwg_query($query);
    3355  }
     
    3658    $edit = 1;
    3759    $CRid = $_REQUEST['id'];
    38     $query = '
    39       SELECT *
    40       FROM '.COPYRIGHTS_ADMIN.'
    41       WHERE `cr_id`='.$CRid.'
    42       ;';
     60    $query = sprintf(
     61      'SELECT *
     62      FROM %s
     63      WHERE `cr_id`=%d
     64      ;',
     65      COPYRIGHTS_ADMIN, $CRid);
    4366    $result = pwg_query($query);
    4467    $row = pwg_db_fetch_assoc($result);
     
    4972
    5073  if ($_GET['tab'] == 'update') {
    51     $id = $_REQUEST['id'];
    52     $name = $_REQUEST['name'];
    53     $url = $_REQUEST['url'];
     74    $id = pwg_db_real_escape_string($_REQUEST['id']);
     75    $name = pwg_db_real_escape_string($_REQUEST['name']);
     76    $url = pwg_db_real_escape_string($_REQUEST['url']);
    5477    $visible = (isset($_REQUEST['visible']) ? 1 : 0);
    55     $query = '
    56       UPDATE '.$prefixeTable.'copyrights_admin
    57       SET `name`="'.$name.'", `url`="'.$url.'", `visible`='.$visible.'
    58       WHERE `cr_id`='.$id.'
    59       ;';
     78    $query = sprintf(
     79      'UPDATE %s
     80      SET `name`="%s", `url`="%s", `visible`=%d
     81      WHERE `cr_id`=%d
     82      ;',
     83      COPYRIGHTS_ADMIN, $name, $url, $visible, $id);
    6084    pwg_query($query);
    6185  }
     
    6387  if ($_GET['tab'] == 'delete') {
    6488    $id = $_REQUEST['id'];
    65     $query = '
    66       DELETE FROM '.$prefixeTable.'copyrights_admin
    67       WHERE `cr_id`='.$id.'
    68       ;';
     89    $query = sprintf(
     90      'DELETE FROM %s
     91      WHERE `cr_id`=%d
     92      ;',
     93      COPYRIGHTS_ADMIN, $id);
    6994    pwg_query($query);
    7095  }
     
    80105);
    81106
    82 $query = '
    83   SELECT *
    84   FROM '.COPYRIGHTS_ADMIN.'
    85   ;';
     107$query = sprintf(
     108  'SELECT *
     109  FROM %s
     110  ;',
     111  COPYTIGHTS_ADMIN);
    86112$result = pwg_query($query);
    87113
  • extensions/Copyrights/main.inc.php

    r10874 r10931  
    88Author URI: http://www.watergallery.nl/piwigo/plugins/copyrights/
    99*/
     10// +-----------------------------------------------------------------------+
     11// | Piwigo - a PHP based picture gallery                                  |
     12// +-----------------------------------------------------------------------+
     13// | Copyright(C) 2008-2009 Piwigo Team                  http://piwigo.org |
     14// | Copyright(C) 2003-2008 PhpWebGallery Team    http://phpwebgallery.net |
     15// | Copyright(C) 2002-2003 Pierrick LE GALL   http://le-gall.net/pierrick |
     16// +-----------------------------------------------------------------------+
     17// | This program is free software; you can redistribute it and/or modify  |
     18// | it under the terms of the GNU General Public License as published by  |
     19// | the Free Software Foundation                                          |
     20// |                                                                       |
     21// | This program is distributed in the hope that it will be useful, but   |
     22// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
     23// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
     24// | General Public License for more details.                              |
     25// |                                                                       |
     26// | You should have received a copy of the GNU General Public License     |
     27// | along with this program; if not, write to the Free Software           |
     28// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
     29// | USA.                                                                  |
     30// +-----------------------------------------------------------------------+
    1031
    1132if (!defined('PHPWG_ROOT_PATH')) die('Hacking attempt!');
     
    4970
    5071  // Fetch all the copyrights and assign them to the template
    51   $query = '
    52     SELECT `cr_id`,`name`
    53     FROM '.COPYRIGHTS_ADMIN.'
     72  $query = sprintf(
     73    'SELECT `cr_id`,`name`
     74    FROM %s
    5475    WHERE `visible`<>0
    55     ;';
     76    ;',
     77    COPYRIGHT_ADMIN);
    5678  $result = pwg_query($query);
    5779  $CRoptions = array();
     
    79101  if ($action == 'copyrights')
    80102  {
    81           $crID = $_POST['copyrightID'];
     103          $crID = pwg_db_real_escape_string($_POST['copyrightID']);
    82104   
    83105    if (count($collection) > 0) {
    84       $query = '
    85         DELETE
    86         FROM '.COPYRIGHTS_MEDIA.'
    87         WHERE media_id IN ('.implode(',', $collection).')
    88         ;';
     106      $query = sprintf(
     107        'DELETE
     108        FROM %s
     109        WHERE media_id IN (%s)
     110        ;',
     111        COPYRIGHT_MEDIA, implode(',', $collection));
    89112      pwg_query($query);
    90113    }
  • extensions/Copyrights/maintain.inc.php

    r10874 r10931  
    11<?php
     2// +-----------------------------------------------------------------------+
     3// | Piwigo - a PHP based picture gallery                                  |
     4// +-----------------------------------------------------------------------+
     5// | Copyright(C) 2008-2009 Piwigo Team                  http://piwigo.org |
     6// | Copyright(C) 2003-2008 PhpWebGallery Team    http://phpwebgallery.net |
     7// | Copyright(C) 2002-2003 Pierrick LE GALL   http://le-gall.net/pierrick |
     8// +-----------------------------------------------------------------------+
     9// | This program is free software; you can redistribute it and/or modify  |
     10// | it under the terms of the GNU General Public License as published by  |
     11// | the Free Software Foundation                                          |
     12// |                                                                       |
     13// | This program is distributed in the hope that it will be useful, but   |
     14// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
     15// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
     16// | General Public License for more details.                              |
     17// |                                                                       |
     18// | You should have received a copy of the GNU General Public License     |
     19// | along with this program; if not, write to the Free Software           |
     20// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
     21// | USA.                                                                  |
     22// +-----------------------------------------------------------------------+
    223
    324function plugin_install() {
Note: See TracChangeset for help on using the changeset viewer.