From 67efd6686ade650d2405754ca91f90dfba01e012 Mon Sep 17 00:00:00 2001 From: tomash Date: Fri, 15 Sep 2006 06:09:02 +0000 Subject: [PATCH] #1709 addslashed replaced by pg_escape_string + pg_escape_string added before addObj --- livesupport/src/modules/storageServer/var/BasicStor.php | 9 +++++---- livesupport/src/modules/storageServer/var/DataEngine.php | 2 +- livesupport/src/modules/storageServer/var/MetaData.php | 6 +++--- livesupport/src/modules/storageServer/var/StoredFile.php | 8 ++++---- 4 files changed, 13 insertions(+), 12 deletions(-) diff --git a/livesupport/src/modules/storageServer/var/BasicStor.php b/livesupport/src/modules/storageServer/var/BasicStor.php index 3a6e22d03..344e27a35 100644 --- a/livesupport/src/modules/storageServer/var/BasicStor.php +++ b/livesupport/src/modules/storageServer/var/BasicStor.php @@ -90,7 +90,7 @@ class BasicStor extends Alib{ $this->dbc->setErrorHandling(PEAR_ERROR_RETURN); $this->rootId = $this->getRootNode(); $this->storId = $this->wd = - $this->getObjId('StorageRoot', $this->rootId); + $this->getObjId('StorageRoot', $this->rootId); $this->dbc->setErrorHandling(); } @@ -123,7 +123,7 @@ class BasicStor extends Alib{ function bsPutFile($parid, $fileName, $mediaFileLP, $mdataFileLP, $gunid=NULL, $ftype='unKnown', $mdataLoc='file') { - $name = addslashes("$fileName"); + $name = $fileName; $ftype = strtolower($ftype); $id = $this->addObj($name , $ftype, $parid); if($this->dbc->isError($id)) return $id; @@ -357,7 +357,7 @@ class BasicStor extends Alib{ if(!is_null($gunid)){ $gunid = StoredFile::_normalizeGunid($gunid); } - foreach(array('ext', 'type') as $v) $$v = addslashes($$v); + foreach(array('ext', 'type') as $v) $$v = pg_escape_string($$v); $token = StoredFile::_createGunid(); if(!is_null($realFname)){ $linkFname = "{$this->accessDir}/$token.$ext"; @@ -533,7 +533,7 @@ class BasicStor extends Alib{ if(!is_null($gunid)){ $gunid = StoredFile::_normalizeGunid($gunid); } - foreach(array('chsum') as $v) $$v = addslashes($$v); + foreach(array('chsum') as $v) $$v = pg_escape_string($$v); $ext = ''; $token = StoredFile::_createGunid(); $res = $this->dbc->query(" @@ -1588,6 +1588,7 @@ class BasicStor extends Alib{ */ function addObj($name, $type, $parid=1, $aftid=NULL, $param='') { + $name = pg_escape_string($name); $exid = $this->getObjId($name, $parid); if($this->dbc->isError($exid)) return $exid; //if(!is_null($exid)){ $this->removeObj($exid); } diff --git a/livesupport/src/modules/storageServer/var/DataEngine.php b/livesupport/src/modules/storageServer/var/DataEngine.php index 4e0fc77df..1021379ac 100644 --- a/livesupport/src/modules/storageServer/var/DataEngine.php +++ b/livesupport/src/modules/storageServer/var/DataEngine.php @@ -110,7 +110,7 @@ class DataEngine{ $splittedQn = XML_Util::splitQualifiedName($catQn); $catNs = $splittedQn['namespace']; $cat = $splittedQn['localPart']; - $opVal = sprintf($ops[$op], addslashes($value)); + $opVal = sprintf($ops[$op], pg_escape_string($value)); // retype for timestamp value if($cat == 'mtime'){ switch($op){ diff --git a/livesupport/src/modules/storageServer/var/MetaData.php b/livesupport/src/modules/storageServer/var/MetaData.php index e19a436e5..a8abe5391 100644 --- a/livesupport/src/modules/storageServer/var/MetaData.php +++ b/livesupport/src/modules/storageServer/var/MetaData.php @@ -254,7 +254,7 @@ class MetaData{ $r = $this->validateOneValue($parname, $category, $predxml, $value); if(PEAR::isError($r)) return $r; if(!is_null($value)){ - foreach(array('value') as $v) $$v = addslashes($$v); + foreach(array('value') as $v) $$v = pg_escape_string($$v); $sql = " UPDATE {$this->mdataTable} SET object='$value', objns='_L' @@ -635,7 +635,7 @@ class MetaData{ function updateRecord($mdid, $object, $objns='_L') { foreach(array('objns', 'object') as $v){ - ${$v."_sql"} = (is_null($$v) ? "NULL" : "'".addslashes($$v)."'" ); + ${$v."_sql"} = (is_null($$v) ? "NULL" : "'".pg_escape_string($$v)."'" ); } $res = $this->dbc->query("UPDATE {$this->mdataTable} SET objns = $objns_sql, object = $object_sql @@ -669,7 +669,7 @@ class MetaData{ foreach(array( 'subjns', 'subject', 'predns', 'predicate', 'objns', 'object', ) as $v){ - ${$v."_sql"} = (is_null($$v) ? "NULL" : "'".addslashes($$v)."'" ); + ${$v."_sql"} = (is_null($$v) ? "NULL" : "'".pg_escape_string($$v)."'" ); } $id = $this->dbc->nextId("{$this->mdataTable}_id_seq"); if(PEAR::isError($id)) return $id; diff --git a/livesupport/src/modules/storageServer/var/StoredFile.php b/livesupport/src/modules/storageServer/var/StoredFile.php index 2f8a7cdbb..8c0d767e8 100644 --- a/livesupport/src/modules/storageServer/var/StoredFile.php +++ b/livesupport/src/modules/storageServer/var/StoredFile.php @@ -88,7 +88,7 @@ class StoredFile{ $mediaFileLP='', $metadata='', $mdataLoc='file', $gunid=NULL, $ftype=NULL, $className='StoredFile') { - foreach(array('name', 'ftype') as $v) $$v = addslashes($$v); + foreach(array('name', 'ftype') as $v) $$v = pg_escape_string($$v); $ac =& new $className($gb, ($gunid ? $gunid : NULL)); if(PEAR::isError($ac)) return $ac; $ac->name = $name; @@ -385,7 +385,7 @@ class StoredFile{ */ function rename($newname) { - foreach(array('newname') as $v) $$v = addslashes($$v); + foreach(array('newname') as $v) $$v = pg_escape_string($$v); $res = $this->dbc->query(" UPDATE {$this->filesTable} SET name='$newname', mtime=now() WHERE gunid=x'{$this->gunid}'::bigint @@ -404,7 +404,7 @@ class StoredFile{ */ function setState($state, $editedby=NULL) { - foreach(array('state') as $v) $$v = addslashes($$v); + foreach(array('state') as $v) $$v = pg_escape_string($$v); $eb = (!is_null($editedby) ? ", editedBy=$editedby" : ''); $res = $this->dbc->query(" UPDATE {$this->filesTable} @@ -423,7 +423,7 @@ class StoredFile{ */ function setMime($mime) { - foreach(array('mime') as $v) $$v = addslashes($$v); + foreach(array('mime') as $v) $$v = pg_escape_string($$v); $res = $this->dbc->query(" UPDATE {$this->filesTable} SET mime='$mime', mtime=now() WHERE gunid=x'{$this->gunid}'::bigint