diff options
-rw-r--r-- | admin/group_list.php | 2 | ||||
-rw-r--r-- | admin/history.php | 2 | ||||
-rw-r--r-- | admin/template/goto/install.tpl | 2 | ||||
-rw-r--r-- | admin/user_list.php | 9 | ||||
-rw-r--r-- | include/functions_user.inc.php | 4 | ||||
-rw-r--r-- | language/fr_FR/install.lang.php | 2 | ||||
-rw-r--r-- | password.php | 2 |
7 files changed, 8 insertions, 15 deletions
diff --git a/admin/group_list.php b/admin/group_list.php index 09462025e..8bb0412b4 100644 --- a/admin/group_list.php +++ b/admin/group_list.php @@ -107,7 +107,7 @@ SELECT COUNT(*) INSERT INTO '.GROUPS_TABLE.' (name) VALUES - (\''.mysql_escape_string($_POST['groupname']).'\') + (\''.mysql_real_escape_string($_POST['groupname']).'\') ;'; pwg_query($query); diff --git a/admin/history.php b/admin/history.php index 222deaaf1..a915704d4 100644 --- a/admin/history.php +++ b/admin/history.php @@ -110,7 +110,7 @@ if (isset($_POST['submit'])) $search['fields']['filename'] = str_replace( '*', '%', - mysql_escape_string($_POST['filename']) + mysql_real_escape_string($_POST['filename']) ); } diff --git a/admin/template/goto/install.tpl b/admin/template/goto/install.tpl index 0fdf9b709..553eb737d 100644 --- a/admin/template/goto/install.tpl +++ b/admin/template/goto/install.tpl @@ -29,7 +29,7 @@ TD { height: 2.5em; } -.sql_content { +.sql_content, .infos a { color: #ff3363; } </style> diff --git a/admin/user_list.php b/admin/user_list.php index 8f0430ee5..80d3306f7 100644 --- a/admin/user_list.php +++ b/admin/user_list.php @@ -49,14 +49,7 @@ function get_filtered_user_list() if (isset($_GET['username']) and !empty($_GET['username'])) { $username = str_replace('*', '%', $_GET['username']); - if (function_exists('mysql_real_escape_string')) - { - $filter['username'] = mysql_real_escape_string($username); - } - else - { - $filter['username'] = mysql_escape_string($username); - } + $filter['username'] = mysql_real_escape_string($username); } if (isset($_GET['group']) diff --git a/include/functions_user.inc.php b/include/functions_user.inc.php index 472487342..02aa2a5d8 100644 --- a/include/functions_user.inc.php +++ b/include/functions_user.inc.php @@ -115,7 +115,7 @@ SELECT MAX('.$conf['user_fields']['id'].') + 1 $insert = array( $conf['user_fields']['id'] => $next_id, - $conf['user_fields']['username'] => mysql_escape_string($login), + $conf['user_fields']['username'] => mysql_real_escape_string($login), $conf['user_fields']['password'] => $conf['pass_convert']($password), $conf['user_fields']['email'] => $mail_address ); @@ -716,7 +716,7 @@ function get_userid($username) { global $conf; - $username = mysql_escape_string($username); + $username = mysql_real_escape_string($username); $query = ' SELECT '.$conf['user_fields']['id'].' diff --git a/language/fr_FR/install.lang.php b/language/fr_FR/install.lang.php index 012499550..6e90429e8 100644 --- a/language/fr_FR/install.lang.php +++ b/language/fr_FR/install.lang.php @@ -59,7 +59,7 @@ $lang['install_help'] = 'Besoin d\'aide ? Posez votre question sur le <a href="% $lang['install_end_message'] = 'La configuration de l\'application s\'est correctement déroulée, place à la prochaine étape<br /><br /> Par mesure de sécurité, merci de supprimer le fichier "install.php"<br /> Un fois ce fichier supprimé, veuillez suivre ces indications :<br /> -* allez sur la page d\'identification : [ <a href="./identification.php">identification</a> ] et connectez-vous avec le pseudo donné pour le webmasterbr<br /> +* allez sur la page d\'identification : [ <a href="./identification.php">identification</a> ] et connectez-vous avec le pseudo donné pour le webmaster<br /> * celui-ci vous permet d\'accéder à la partie administration et aux instructions pour placer les images dans les répertoires.'; $lang['conf_mail_webmaster'] = 'Adresse e-mail de l\'Administrateur'; $lang['conf_mail_webmaster_info'] = 'Les visiteurs pourront vous contacter par ce mail'; diff --git a/password.php b/password.php index 2161188b7..0a7ca4b87 100644 --- a/password.php +++ b/password.php @@ -56,7 +56,7 @@ if (isset($_POST['submit'])) } else if (isset($_POST['mail_address']) and !empty($_POST['mail_address'])) { - $mail_address = mysql_escape_string($_POST['mail_address']); + $mail_address = mysql_real_escape_string($_POST['mail_address']); $query = ' SELECT '.$conf['user_fields']['id'].' AS id |