From 2b12f16b3d1045a1d08e27c3927daffa7b993444 Mon Sep 17 00:00:00 2001
From: Martin Ambrus <martin@martinambrus.com>
Date: Tue, 17 Oct 2017 16:13:06 +0200
Subject: [PATCH] fix: more sql injection escapes...

---
 GameEngine/Alliance.php     | 1 +
 GameEngine/Logging.php      | 7 +++++++
 Templates/a2b/startRaid.tpl | 2 +-
 build.php                   | 4 ++--
 dorf1.php                   | 2 +-
 dorf2.php                   | 2 +-
 dorf3.php                   | 2 +-
 7 files changed, 14 insertions(+), 6 deletions(-)

diff --git a/GameEngine/Alliance.php b/GameEngine/Alliance.php
index 0f1647e7..8fb52b4c 100755
--- a/GameEngine/Alliance.php
+++ b/GameEngine/Alliance.php
@@ -454,6 +454,7 @@
 		
 		private function updateMax($leader) {
 			global $bid18, $database;
+			$leader = $database->escape($leader);
 			$q = mysqli_query($GLOBALS['link'],"SELECT * FROM " . TB_PREFIX . "alidata where leader = $leader");
 			if(mysqli_num_rows($q) > 0){
 			$villages = $database->getVillagesID2($leader);
diff --git a/GameEngine/Logging.php b/GameEngine/Logging.php
index 62394a3c..271199b3 100755
--- a/GameEngine/Logging.php
+++ b/GameEngine/Logging.php
@@ -13,6 +13,7 @@ class Logging {
 
 	public function addIllegal($uid,$ref,$type) {
 		global $database;
+		list($uid,$ref,$type) = $database->escape_input($uid,$ref,$type);
 		if(LOG_ILLEGAL) {
 			$log = "Attempted to ";
 			switch($type) {
@@ -27,6 +28,7 @@ class Logging {
 
 	public function addLoginLog($id,$ip) {
 		global $database;
+		list($id,$ip) = $database->escape_input($id,$ip);
 		if(LOG_LOGIN) {
 			$q = "Insert into ".TB_PREFIX."login_log values (0,$id,'$ip')";
 			$database->query($q);
@@ -35,6 +37,7 @@ class Logging {
 
 	public function addBuildLog($wid,$building,$level,$type) {
 		global $database;
+		list($wid,$building,$level,$type) = $database->escape_input($wid,$building,$level,$type);
 		if(LOG_BUILD) {
 			if($type) {
 				$log = "Start Construction of ";
@@ -50,6 +53,7 @@ class Logging {
 
 	public function addTechLog($wid,$tech,$level) {
 		global $database;
+		list($wid,$tech,$level) = $database->escape_input($wid,$tech,$level);
 		if(LOG_TECH) {
 			$log = "Upgrading of tech ".$tech." to level ".$level;
 			$q = "Insert into ".TB_PREFIX."tech_log values (0,$wid,'$log')";
@@ -59,6 +63,7 @@ class Logging {
 
 	public function goldFinLog($wid) {
 		global $database;
+		list($wid) = $database->escape_input($wid);
 		if(LOG_GOLD_FIN) {
 			$log = "Finish construction and research with gold";
 			$q = "Insert into ".TB_PREFIX."gold_fin_log values (0,$wid,'$log')";
@@ -72,6 +77,7 @@ class Logging {
 
 	public function addMarketLog($wid,$type,$data) {
 		global $database;
+		list($wid,$type,$data) = $database->escape_input($wid,$type,$data);
 		if(LOG_MARKET) {
 			if($type == 1) {
 				$log = "Sent ".$data[0].",".$data[1].",".$data[2].",".$data[3]." to village ".$data[4];
@@ -94,6 +100,7 @@ class Logging {
 
 	public function debug($time,$uid,$debug_info) {
 		global $database;
+		list($time,$uid,$debug_info) = $database->escape_input($time,$uid,$debug_info);
 
 		//$debugFile = "/tmp/debug";
 		//$fh = fopen($debugFile, 'a') or die('No debug file');
diff --git a/Templates/a2b/startRaid.tpl b/Templates/a2b/startRaid.tpl
index b86f84ba..32712209 100644
--- a/Templates/a2b/startRaid.tpl
+++ b/Templates/a2b/startRaid.tpl
@@ -4,7 +4,7 @@
     $lid = $_POST['lid'];
     $tribe = $_POST['tribe'];
     $getFLData = $database->getFLData($lid);
-    $sql = "SELECT * FROM ".TB_PREFIX."raidlist WHERE lid = ".$lid." order by id asc";
+    $sql = "SELECT * FROM ".TB_PREFIX."raidlist WHERE lid = ".$database->escape($lid)." order by id asc";
 	$array = $database->query_return($sql);
     foreach($array as $row){
 	$sql1 = mysqli_fetch_array(mysqli_query($GLOBALS['link'],"SELECT * FROM ".TB_PREFIX."units WHERE vref = ".$getFLData['wref']));
diff --git a/build.php b/build.php
index 15d2717c..9f03723b 100644
--- a/build.php
+++ b/build.php
@@ -236,12 +236,12 @@ $oldmovement=$database->getMovementById($_GET['moveid']);
 $now=time();
 if(($now-$oldmovement[0]['starttime'])<90 && $oldmovement[0]['from'] == $village->wid){
 
-$qc="SELECT * FROM " . TB_PREFIX . "movement where proc = 0 and moveid = ".$_GET['moveid'];
+    $qc="SELECT * FROM " . TB_PREFIX . "movement where proc = 0 and moveid = ".$database->escape($_GET['moveid']);
 $resultc=$database->query($qc) or die(mysqli_error($database->dblink));
 
 	if (mysqli_num_rows($resultc)==1){
 
-	$q = "UPDATE " . TB_PREFIX . "movement set proc  = 1 where proc = 0 and moveid = ".$_GET['moveid'];
+	    $q = "UPDATE " . TB_PREFIX . "movement set proc  = 1 where proc = 0 and moveid = ".$database->escape($_GET['moveid']);
 	$database->query($q);
 	$end=$now+($now-$oldmovement[0]['starttime']);
 	//echo "6,".$oldmovement[0]['to'].",".$oldmovement[0]['from'].",0,".$now.",".$end;
diff --git a/dorf1.php b/dorf1.php
index 09752aa0..b8543439 100644
--- a/dorf1.php
+++ b/dorf1.php
@@ -16,7 +16,7 @@ if(isset($_GET['ok'])){
 }
 if(isset($_GET['newdid'])) {
     $_SESSION['wid'] = $_GET['newdid'];
-    $database->query("UPDATE ".TB_PREFIX."users SET village_select=".$_GET['newdid']." WHERE id=".$session->uid);  
+    $database->query("UPDATE ".TB_PREFIX."users SET village_select=".$database->escape($_GET['newdid'])." WHERE id=".$session->uid);  
 	header("Location: ".$_SERVER['PHP_SELF']);
 } else {
 	$building->procBuild($_GET);
diff --git a/dorf2.php b/dorf2.php
index 515fced1..8e07bec9 100644
--- a/dorf2.php
+++ b/dorf2.php
@@ -13,7 +13,7 @@ include("GameEngine/Village.php");
 $start = $generator->pageLoadTimeStart();
 if(isset($_GET['newdid'])) {
     $_SESSION['wid'] = $_GET['newdid'];
-    $database->query("UPDATE ".TB_PREFIX."users SET village_select=".$_GET['newdid']." WHERE id=".$session->uid);  
+    $database->query("UPDATE ".TB_PREFIX."users SET village_select=".$database->escape($_GET['newdid'])." WHERE id=".$session->uid);  
 	header("Location: ".$_SERVER['PHP_SELF']);
 }else{
 $building->procBuild($_GET);
diff --git a/dorf3.php b/dorf3.php
index 33e3ca49..ca8de93d 100644
--- a/dorf3.php
+++ b/dorf3.php
@@ -15,7 +15,7 @@ include("GameEngine/Village.php");
 $start = $generator->pageLoadTimeStart();
 if(isset($_GET['newdid'])) {
     $_SESSION['wid'] = $_GET['newdid'];
-    $database->query("UPDATE ".TB_PREFIX."users SET village_select=".$_GET['newdid']." WHERE id=".$session->uid);  
+    $database->query("UPDATE ".TB_PREFIX."users SET village_select=".$database->escape($_GET['newdid'])." WHERE id=".$session->uid);  
 	if(isset($_GET['s'])){
 	header("Location: ".$_SERVER['PHP_SELF']."?s=".$_GET['s']);
 	}else{