open-dsi
/
nextcloud-server
mirror of https://github.com/nextcloud/server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

use MDB2's escape instead of mysql_escape

Browse Source
remotes/origin/stable
Robin 15 years ago
parent 6668793f4a
commit 7b08854f70
2 changed files with 19 additions and 18 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 17
      inc/lib_base.php
  2. 20
      inc/lib_user.php

17
inc/lib_base.php
Unescape View File

@ -474,14 +474,15 @@ class OC_DB {
}
}
static public function createTable($name,$definition){
self::connect();
self::$DBConnection->createTable($name,$definition);
}
static public function createConstraint($table,$name,$definition){
self::connect();
self::$DBConnection->createConstraint($table,$name,$definition);
/**
* escape strings so they can be used in queries
*
* @param string string
* @return string
*/
static function escape($string){
OC_DB::connect();
return self::$DBConnection->escape($string);
}
}

20
inc/lib_user.php
Unescape View File

@ -60,8 +60,8 @@ class OC_USER {
}else{
$password=sha1($password);
$usernameclean=strtolower($username);
$username=mysql_escape_string($username);
$usernameclean=mysql_escape_string($usernameclean);
$username=OC_DB::escape($username);
$usernameclean=OC_DB::escape($usernameclean);
$query="INSERT INTO `users` (`user_id` ,`user_name` ,`user_name_clean` ,`user_password`) VALUES (NULL , '$username', '$usernameclean', '$password')";
$result=OC_DB::query($query);
return ($result)?true:false;
@ -76,8 +76,8 @@ class OC_USER {
public static function login($username,$password){
$password=sha1($password);
$usernameclean=strtolower($username);
$username=mysql_escape_string($username);
$usernameclean=mysql_escape_string($usernameclean);
$username=OC_DB::escape($username);
$usernameclean=OC_DB::escape($usernameclean);
$query="SELECT user_id FROM users WHERE user_name_clean = '$usernameclean' AND user_password = '$password' LIMIT 1";
$result=OC_DB::select($query);
if(isset($result[0]) && isset($result[0]['user_id'])){
@ -117,7 +117,7 @@ class OC_USER {
*/
public static function creategroup($groupname){
if(OC_USER::getgroupid($groupname)==0){
$groupname=mysql_escape_string($groupname);
$groupname=OC_DB::escape($groupname);
$query="INSERT INTO `groups` (`group_id` ,`group_name`) VALUES (NULL , '$groupname')";
$result=OC_DB::query($query);
return ($result)?true:false;
@ -132,8 +132,8 @@ class OC_USER {
*/
public static function getuserid($username){
$usernameclean=strtolower($username);
$username=mysql_escape_string($username);
$usernameclean=mysql_escape_string($usernameclean);
$username=OC_DB::escape($username);
$usernameclean=OC_DB::escape($usernameclean);
$query="SELECT user_id FROM users WHERE user_name_clean = '$usernameclean'";
$result=OC_DB::select($query);
if(!is_array($result)){
@ -151,7 +151,7 @@ class OC_USER {
*
*/
public static function getgroupid($groupname){
$groupname=mysql_escape_string($groupname);
$groupname=OC_DB::escape($groupname);
$query="SELECT group_id FROM groups WHERE group_name = '$groupname'";
$result=OC_DB::select($query);
if(!is_array($result)){
@ -268,8 +268,8 @@ class OC_USER {
public static function checkpassword($username,$password){
$password=sha1($password);
$usernameclean=strtolower($username);
$username=mysql_escape_string($username);
$usernameclean=mysql_escape_string($usernameclean);
$username=OC_DB::escape($username);
$usernameclean=OC_DB::escape($usernameclean);
$query="SELECT user_id FROM 'users' WHERE user_name_clean = '$usernameclean' AND user_password = '$password' LIMIT 1";
$result=OC_DB::select($query);
if(isset($result[0]) && isset($result[0]['user_id']) && $result[0]['user_id']>0){

Write Preview
Loading…
Cancel
Save