mirror of
https://github.com/Shadowss/TravianZ.git
synced 2026-06-28 00:24:23 +00:00
fix: security patching due to mysql injection vulnerabilities everywhere
This commit is contained in:
Martin Ambrus
@@ -139,7 +139,7 @@ class Account {
|
||||
if(START_DATE < date('m/d/Y') or START_DATE == date('m/d/Y') && START_TIME <= date('H:i'))
|
||||
{
|
||||
global $database;
|
||||
$q = "SELECT * FROM ".TB_PREFIX."activate where act = '".$_POST['id']."'";
|
||||
$q = "SELECT * FROM ".TB_PREFIX."activate where act = '".$database->escape($_POST['id'])."'";
|
||||
$result = mysqli_query($GLOBALS['link'],$q);
|
||||
$dbarray = mysqli_fetch_array($result);
|
||||
if($dbarray['act'] == $_POST['id']) {
|
||||
@@ -164,7 +164,7 @@ class Account {
|
||||
|
||||
private function Unreg() {
|
||||
global $database;
|
||||
$q = "SELECT * FROM ".TB_PREFIX."activate where id = '".$_POST['id']."'";
|
||||
$q = "SELECT * FROM ".TB_PREFIX."activate where id = '".$database->escape($_POST['id'])."'";
|
||||
$result = mysqli_query($GLOBALS['link'],$q);
|
||||
$dbarray = mysqli_fetch_array($result);
|
||||
if(md5($_POST['pw']) == $dbarray['password']) {
|
||||
|
||||
@@ -354,6 +354,7 @@ if (!isset($SAJAX_INCLUDED)) {
|
||||
|
||||
//$data = explode("|",$data);
|
||||
if (is_array($data)){$msg = htmlspecialchars($data[1]);}else{$msg = htmlspecialchars($data);};
|
||||
$msg = $database->escape($msg);
|
||||
// $msg=htmlspecialchars($msg);
|
||||
$name = addslashes($session->username);
|
||||
|
||||
|
||||
+677
-3
File diff suppressed because it is too large
Load Diff
@@ -208,6 +208,7 @@ class Message {
|
||||
|
||||
private function removeMessage($post) {
|
||||
global $database,$session;
|
||||
$post = $database->escape($post);
|
||||
for($i = 1; $i <= 10; $i++) {
|
||||
if(isset($post['n' . $i])) {
|
||||
$message1 = mysqli_query($GLOBALS['link'],"SELECT * FROM " . TB_PREFIX . "mdata where id = ".$post['n' . $i]."");
|
||||
|
||||
@@ -292,7 +292,8 @@
|
||||
}
|
||||
|
||||
public function procRankRaceArray($race) {
|
||||
global $multisort;
|
||||
global $multisort,$database;
|
||||
$race = $database->escape($race);
|
||||
//$array = $GLOBALS['db']->getRanking();
|
||||
$holder = array();
|
||||
//$value['totalvillage'] = count($GLOBALS['db']->getVillagesID($value['id']));
|
||||
|
||||
@@ -84,7 +84,7 @@ class Session {
|
||||
global $database, $generator, $logging;
|
||||
$this->logged_in = true;
|
||||
$_SESSION['sessid'] = $generator->generateRandID();
|
||||
$_SESSION['username'] = $user;
|
||||
$_SESSION['username'] = $database->escape($user);
|
||||
$_SESSION['checker'] = $generator->generateRandStr(3);
|
||||
$_SESSION['mchecker'] = $generator->generateRandStr(5);
|
||||
$_SESSION['qst'] = $database->getUserField($_SESSION['username'], "quest", 1);
|
||||
|
||||
@@ -9,11 +9,12 @@
|
||||
| Copyright: TravianX Project All rights reserved |
|
||||
\*-------------------------------------------------------*/
|
||||
|
||||
include_once("GameEngine/Data/hero_full.php");
|
||||
include_once("GameEngine/Data/hero_full.php");
|
||||
global $database;
|
||||
|
||||
if (isset($_POST['name'])) {
|
||||
$_POST['name'] = stripslashes($_POST['name']);
|
||||
mysqli_query($GLOBALS['link'],"UPDATE ".TB_PREFIX."hero SET `name`='".($_POST['name'])."' where `uid`='".$session->uid."'") or die("ERROR:".mysqli_error());
|
||||
mysqli_query($GLOBALS['link'],"UPDATE ".TB_PREFIX."hero SET `name`='".($database->escape($_POST['name']))."' where `uid`='".$session->uid."'") or die("ERROR:".mysqli_error());
|
||||
$hero = mysqli_query("SELECT * FROM " . TB_PREFIX . "hero WHERE `uid` = " . $session->uid . "");
|
||||
$hero_info = mysqli_fetch_array($hero);
|
||||
echo "".NAME_CHANGED."";
|
||||
|
||||
@@ -120,7 +120,7 @@ $lvname = $database->getVillageField($row["wref"], 'name');
|
||||
<label class="lastTargets">Last targets:</label>
|
||||
<select name="target_id">
|
||||
<?php
|
||||
$getwref = "SELECT * FROM ".TB_PREFIX."raidlist WHERE lid = ".$_GET['lid']."";
|
||||
$getwref = "SELECT * FROM ".TB_PREFIX."raidlist WHERE lid = ".$database->escape($_GET['lid'])."";
|
||||
$arraywref = $database->query_return($getwref);
|
||||
echo '<option value="">Select village</option>';
|
||||
if(mysqli_num_rows(mysqli_query($GLOBALS['link'],$getwref)) != 0){
|
||||
|
||||
@@ -79,7 +79,7 @@ if($FLData['owner'] == $session->uid){
|
||||
<div class="boxes boxesColor gray"><div class="boxes-tl"></div><div class="boxes-tr"></div><div class="boxes-tc"></div><div class="boxes-ml"></div><div class="boxes-mr"></div><div class="boxes-mc"></div><div class="boxes-bl"></div><div class="boxes-br"></div><div class="boxes-bc"></div><div class="boxes-contents cf">
|
||||
|
||||
<?php
|
||||
$getlid = $database->getRaidList($_GET["eid"]);
|
||||
$getlid = $database->getRaidList($database->escape($_GET["eid"]));
|
||||
$lid2 = $getlid['lid'];
|
||||
?>
|
||||
<input type="hidden" name="action" value="editSlot">
|
||||
|
||||
@@ -14,4 +14,8 @@
|
||||
- disallow installation if existing data are in place, or world map would end up screwed and villages not showing (because there can be multiple villages/oasis generated for one square then)
|
||||
- when editing Additional Information for user and adjusting gold, sometimes the first time will not record the new gold amount
|
||||
- update password hashes (I believe they are md5 only now)
|
||||
- make mass messages work with apostrophes and quotes
|
||||
- allow to redirect Support messages to admin's nickname (for when there's only a single admin and doesn't like switching between Support and themselves)
|
||||
- disallow Support to play (single cookie for Admin and the game means support gets no village and lots of warnings when they switch to game now)
|
||||
- make messages work with apostrophes
|
||||
- resetting res bonus in admin actually says that bonus was given after OK is pressed
|
||||
- pagination in attacks goes to "All" reports instead of staying in "Attacks"
|
||||
Reference in New Issue
Block a user