fix: security patching due to mysql injection vulnerabilities everywhere

This commit is contained in:
Martin Ambrus
2017-10-17 12:21:41 +02:00
parent 74cccb2a74
commit 1654ce498f
10 changed files with 694 additions and 12 deletions
+2 -2
View File
@@ -139,7 +139,7 @@ class Account {
if(START_DATE < date('m/d/Y') or START_DATE == date('m/d/Y') && START_TIME <= date('H:i'))
{
global $database;
$q = "SELECT * FROM ".TB_PREFIX."activate where act = '".$_POST['id']."'";
$q = "SELECT * FROM ".TB_PREFIX."activate where act = '".$database->escape($_POST['id'])."'";
$result = mysqli_query($GLOBALS['link'],$q);
$dbarray = mysqli_fetch_array($result);
if($dbarray['act'] == $_POST['id']) {
@@ -164,7 +164,7 @@ class Account {
private function Unreg() {
global $database;
$q = "SELECT * FROM ".TB_PREFIX."activate where id = '".$_POST['id']."'";
$q = "SELECT * FROM ".TB_PREFIX."activate where id = '".$database->escape($_POST['id'])."'";
$result = mysqli_query($GLOBALS['link'],$q);
$dbarray = mysqli_fetch_array($result);
if(md5($_POST['pw']) == $dbarray['password']) {
+1
View File
@@ -354,6 +354,7 @@ if (!isset($SAJAX_INCLUDED)) {
//$data = explode("|",$data);
if (is_array($data)){$msg = htmlspecialchars($data[1]);}else{$msg = htmlspecialchars($data);};
$msg = $database->escape($msg);
// $msg=htmlspecialchars($msg);
$name = addslashes($session->username);
+677 -3
View File
File diff suppressed because it is too large Load Diff
+1
View File
@@ -208,6 +208,7 @@ class Message {
private function removeMessage($post) {
global $database,$session;
$post = $database->escape($post);
for($i = 1; $i <= 10; $i++) {
if(isset($post['n' . $i])) {
$message1 = mysqli_query($GLOBALS['link'],"SELECT * FROM " . TB_PREFIX . "mdata where id = ".$post['n' . $i]."");
+2 -1
View File
@@ -292,7 +292,8 @@
}
public function procRankRaceArray($race) {
global $multisort;
global $multisort,$database;
$race = $database->escape($race);
//$array = $GLOBALS['db']->getRanking();
$holder = array();
//$value['totalvillage'] = count($GLOBALS['db']->getVillagesID($value['id']));
+1 -1
View File
@@ -84,7 +84,7 @@ class Session {
global $database, $generator, $logging;
$this->logged_in = true;
$_SESSION['sessid'] = $generator->generateRandID();
$_SESSION['username'] = $user;
$_SESSION['username'] = $database->escape($user);
$_SESSION['checker'] = $generator->generateRandStr(3);
$_SESSION['mchecker'] = $generator->generateRandStr(5);
$_SESSION['qst'] = $database->getUserField($_SESSION['username'], "quest", 1);