Changeset 2753

Timestamp:

Oct 15, 2008, 10:58:36 PM (16 years ago)

Author:

patdenice

Message:

Merge from trunk 2752:

• change mysql_escape_string function (deprecated) by mysql_real_escape_string.
• Correction on install.tpl (link color).

Location:

branches/2.0

Files:

• admin/group_list.php (modified) (1 diff)
• admin/history.php (modified) (1 diff)
• admin/template/goto/install.tpl (modified) (1 diff)
• admin/user_list.php (modified) (1 diff)
• include/functions_user.inc.php (modified) (2 diffs)
• language/fr_FR/install.lang.php (modified) (1 diff)
• password.php (modified) (1 diff)

branches/2.0/admin/group_list.php

@@ -108 +108 @@
   (name)
   VALUES
-  (\''.mysql_escape_string($_POST['groupname']).'\')
+  (\''.mysql_real_escape_string($_POST['groupname']).'\')
 ;';
     pwg_query($query);

branches/2.0/admin/history.php

@@ -111 +111 @@
       '*',
       '%',
-      mysql_escape_string($_POST['filename'])
+      mysql_real_escape_string($_POST['filename'])
       );
   }

branches/2.0/admin/template/goto/install.tpl

@@ -30 +30 @@
 }
 
-.sql_content {
+.sql_content, .infos a {
   color: #ff3363;
 }

branches/2.0/admin/user_list.php

@@ -50 +50 @@
   {
     $username = str_replace('*', '%', $_GET['username']);
-    if (function_exists('mysql_real_escape_string'))
-    {
-      $filter['username'] = mysql_real_escape_string($username);
-    }
-    else
-    {
-      $filter['username'] = mysql_escape_string($username);
-    }
+    $filter['username'] = mysql_real_escape_string($username);
   }
 

branches/2.0/include/functions_user.inc.php

@@ -116 +116 @@
       array(
         $conf['user_fields']['id'] => $next_id,
-        $conf['user_fields']['username'] => mysql_escape_string($login),
+        $conf['user_fields']['username'] => mysql_real_escape_string($login),
         $conf['user_fields']['password'] => $conf['pass_convert']($password),
         $conf['user_fields']['email'] => $mail_address
@@ -717 +717 @@
   global $conf;
 
-  $username = mysql_escape_string($username);
+  $username = mysql_real_escape_string($username);
 
   $query = '

branches/2.0/language/fr_FR/install.lang.php

@@ -60 +60 @@
 Par mesure de sécurité, merci de supprimer le fichier "install.php"<br />
 Un fois ce fichier supprimé, veuillez suivre ces indications :<br />
-* allez sur la page d\'identification : [ <a href="./identification.php">identification</a> ] et connectez-vous avec le pseudo donné pour le webmasterbr<br />
+* allez sur la page d\'identification : [ <a href="./identification.php">identification</a> ] et connectez-vous avec le pseudo donné pour le webmaster<br />
 * celui-ci vous permet d\'accéder à la partie administration et aux instructions pour placer les images dans les répertoires.';
 $lang['conf_mail_webmaster'] = 'Adresse e-mail de l\'Administrateur';

branches/2.0/password.php

@@ -57 +57 @@
   else if (isset($_POST['mail_address']) and !empty($_POST['mail_address']))
   {
-    $mail_address = mysql_escape_string($_POST['mail_address']);
+    $mail_address = mysql_real_escape_string($_POST['mail_address']);
     
     $query = '