From 324bdad746f97b257f904f4bef48e0c6bb30164f Mon Sep 17 00:00:00 2001 From: nikrou Date: Thu, 17 Jun 2010 18:10:11 +0000 Subject: Bug 1733 fixed : single quotes in queries git-svn-id: http://piwigo.org/svn/trunk@6550 68402e56-0260-453c-a942-63ccdbb3a9ee --- admin/cat_modify.php | 4 ++-- admin/extend_for_templates.php | 8 ++++---- admin/include/functions_permalinks.php | 12 ++++++------ admin/include/functions_upgrade.php | 8 ++++---- admin/include/languages.class.php | 14 +++++++------- admin/include/themes.class.php | 10 +++++----- admin/languages_installed.php | 12 ++++++------ admin/permalinks.php | 2 +- admin/thumbnail.php | 2 +- 9 files changed, 36 insertions(+), 36 deletions(-) (limited to 'admin') diff --git a/admin/cat_modify.php b/admin/cat_modify.php index ff48e8ac4..f058d0f73 100644 --- a/admin/cat_modify.php +++ b/admin/cat_modify.php @@ -92,8 +92,8 @@ if (isset($_POST['submit'])) if (isset($_POST['image_order_subcats'])) { $query = ' -UPDATE '.CATEGORIES_TABLE.' SET image_order='.(isset($image_order) ? 'NULL':"'$image_order'").' - WHERE uppercats LIKE "'.$cat_info['uppercats'].',%"'; +UPDATE '.CATEGORIES_TABLE.' SET image_order='.(isset($image_order) ? 'NULL':'\''.$image_order.'\'').' + WHERE uppercats LIKE \''.$cat_info['uppercats'].',%\''; pwg_query($query); } diff --git a/admin/extend_for_templates.php b/admin/extend_for_templates.php index 79321191e..a6cd56d92 100644 --- a/admin/extend_for_templates.php +++ b/admin/extend_for_templates.php @@ -139,10 +139,10 @@ if (isset($_POST['submit']) and !is_adviser()) $conf['extents_for_templates'] = serialize($replacements); $tpl_extension = $replacements; /* ecrire la nouvelle conf */ - $query = " -UPDATE ".CONFIG_TABLE." - SET value = '". $conf['extents_for_templates'] ."' -WHERE param = 'extents_for_templates';"; + $query = ' +UPDATE '.CONFIG_TABLE.' + SET value = \''. $conf['extents_for_templates'] .'\' +WHERE param = \'extents_for_templates\';'; if (pwg_query($query)) { array_push($page['infos'], diff --git a/admin/include/functions_permalinks.php b/admin/include/functions_permalinks.php index 3a613f96b..a61ed32a0 100644 --- a/admin/include/functions_permalinks.php +++ b/admin/include/functions_permalinks.php @@ -28,7 +28,7 @@ function get_cat_id_from_permalink( $permalink ) { $query =' SELECT id FROM '.CATEGORIES_TABLE.' - WHERE permalink="'.$permalink.'"'; + WHERE permalink=\''.$permalink.'\''; $ids = array_from_query($query, 'id'); if (!empty($ids)) { @@ -69,7 +69,7 @@ function delete_cat_permalink( $cat_id, $save ) $query = ' SELECT permalink FROM '.CATEGORIES_TABLE.' - WHERE id="'.$cat_id.'" + WHERE id=\''.$cat_id.'\' ;'; $result = pwg_query($query); if ( pwg_db_num_rows($result) ) @@ -108,7 +108,7 @@ UPDATE '.CATEGORIES_TABLE.' $query = ' UPDATE '.OLD_PERMALINKS_TABLE.' SET date_deleted=NOW() - WHERE cat_id='.$cat_id.' AND permalink="'.$permalink.'"'; + WHERE cat_id='.$cat_id.' AND permalink=\''.$permalink.'\''; } else { @@ -116,7 +116,7 @@ UPDATE '.OLD_PERMALINKS_TABLE.' INSERT INTO '.OLD_PERMALINKS_TABLE.' (permalink, cat_id, date_deleted) VALUES - ( "'.$permalink.'",'.$cat_id.',NOW() )'; + ( \''.$permalink.'\','.$cat_id.',NOW() )'; } pwg_query( $query ); } @@ -185,13 +185,13 @@ function set_cat_permalink( $cat_id, $permalink, $save ) assert( $old_cat_id==$cat_id ); $query = ' DELETE FROM '.OLD_PERMALINKS_TABLE.' - WHERE cat_id='.$old_cat_id.' AND permalink="'.$permalink.'"'; + WHERE cat_id='.$old_cat_id.' AND permalink=\''.$permalink.'\''; pwg_query($query); } $query = ' UPDATE '.CATEGORIES_TABLE.' - SET permalink="'.$permalink.'" + SET permalink=\''.$permalink.'\' WHERE id='.$cat_id; // LIMIT 1'; pwg_query($query); diff --git a/admin/include/functions_upgrade.php b/admin/include/functions_upgrade.php index c2df4d5df..b3f4692e6 100644 --- a/admin/include/functions_upgrade.php +++ b/admin/include/functions_upgrade.php @@ -87,7 +87,7 @@ function deactivate_non_standard_plugins() SELECT id FROM '.PREFIX_TABLE.'plugins WHERE state = "active" -AND id NOT IN ("' . implode('","', $standard_plugins) . '") +AND id NOT IN (\'' . implode('\',\'', $standard_plugins) . '\') ;'; $result = pwg_query($query); @@ -102,7 +102,7 @@ AND id NOT IN ("' . implode('","', $standard_plugins) . '") $query = ' UPDATE '.PREFIX_TABLE.'plugins SET state="inactive" -WHERE id IN ("' . implode('","', $plugins) . '") +WHERE id IN (\'' . implode('\',\'', $plugins) . '\') ;'; pwg_query($query); @@ -162,7 +162,7 @@ SELECT status $query = ' SELECT password, status FROM '.USERS_TABLE.' -WHERE username = "'.$username.'" +WHERE username = \''.$username.'\' ;'; } else @@ -172,7 +172,7 @@ SELECT u.password, ui.status FROM '.USERS_TABLE.' AS u INNER JOIN '.USER_INFOS_TABLE.' AS ui ON u.'.$conf['user_fields']['id'].'=ui.user_id -WHERE '.$conf['user_fields']['username'].'="'.$username.'" +WHERE '.$conf['user_fields']['username'].'=\''.$username.'\' ;'; } $row = pwg_db_fetch_assoc(pwg_query($query)); diff --git a/admin/include/languages.class.php b/admin/include/languages.class.php index 053852154..88b37da36 100644 --- a/admin/include/languages.class.php +++ b/admin/include/languages.class.php @@ -99,11 +99,11 @@ INSERT INTO '.LANGUAGES_TABLE.' break; } - $query = " + $query = ' DELETE - FROM ".LANGUAGES_TABLE." - WHERE id= '".$language_id."' -;"; + FROM '.LANGUAGES_TABLE.' + WHERE id= \''.$language_id.'\' +;'; pwg_query($query); break; @@ -122,8 +122,8 @@ DELETE // Set default language to user who are using this language $query = ' UPDATE '.USER_INFOS_TABLE.' - SET language = "'.get_default_language().'" - WHERE language = "'.$language_id.'" + SET language = \''.get_default_language().'\' + WHERE language = \''.$language_id.'\' ;'; pwg_query($query); @@ -136,7 +136,7 @@ UPDATE '.USER_INFOS_TABLE.' case 'set_default': $query = ' UPDATE '.USER_INFOS_TABLE.' - SET language = "'.$language_id.'" + SET language = \''.$language_id.'\' WHERE user_id = '.$conf['default_user_id'].' ;'; pwg_query($query); diff --git a/admin/include/themes.class.php b/admin/include/themes.class.php index 73a9e149e..7601f6d60 100644 --- a/admin/include/themes.class.php +++ b/admin/include/themes.class.php @@ -175,11 +175,11 @@ SELECT } } - $query = " + $query = ' DELETE - FROM ".THEMES_TABLE." - WHERE id= '".$theme_id."' -;"; + FROM '.THEMES_TABLE.' + WHERE id= \''.$theme_id.'\' +;'; pwg_query($query); break; @@ -300,7 +300,7 @@ SELECT $clauses = array(); if (!empty($id)) { - $clauses[] = "id = '".$id."'"; + $clauses[] = 'id = \''.$id.'\''; } if (count($clauses) > 0) { diff --git a/admin/languages_installed.php b/admin/languages_installed.php index fb1ee0d27..98c085ed3 100644 --- a/admin/languages_installed.php +++ b/admin/languages_installed.php @@ -114,16 +114,16 @@ foreach($missing_language_ids as $language_id) { $query = ' UPDATE '.USER_INFOS_TABLE.' - SET language = "'.get_default_language().'" - WHERE language = "'.$language_id.'" + SET language = \''.get_default_language().'\' + WHERE language = \''.$language_id.'\' ;'; pwg_query($query); - $query = " + $query = ' DELETE - FROM ".LANGUAGES_TABLE." - WHERE id= '".$language_id."' -;"; + FROM '.LANGUAGES_TABLE.' + WHERE id= \''.$language_id.'\' +;'; pwg_query($query); } diff --git a/admin/permalinks.php b/admin/permalinks.php index 7d847d3c6..7ec83efc2 100644 --- a/admin/permalinks.php +++ b/admin/permalinks.php @@ -96,7 +96,7 @@ elseif ( isset($_GET['delete_permanent']) and !is_adviser() ) { $query = ' DELETE FROM '.OLD_PERMALINKS_TABLE.' - WHERE permalink="'.$_GET['delete_permanent'].'" + WHERE permalink=\''.$_GET['delete_permanent'].'\' LIMIT 1'; $result = pwg_query($query); if (pwg_db_changes($result)==0) diff --git a/admin/thumbnail.php b/admin/thumbnail.php index 06e14bd2a..87223ca00 100644 --- a/admin/thumbnail.php +++ b/admin/thumbnail.php @@ -183,7 +183,7 @@ $thumbnalized = array(); // what is the directory to search in ? $query = ' SELECT galleries_url FROM '.SITES_TABLE.' - WHERE galleries_url NOT LIKE "http://%" + WHERE galleries_url NOT LIKE \'http://%\' ;'; $result = pwg_query($query); while ( $row=pwg_db_fetch_assoc($result) ) -- cgit v1.2.3