XOOPS

[xoops-cvslog 2744] CVS update: xoops2jp/html/kernel

NobuNobu nobun****@users*****
2006年 4月 11日 (火) 17:41:12 JST

• 前の記事 [xoops-cvslog 2743] CVS update: xoops2jp/html/install/wizards
• 次の記事 [xoops-cvslog 2745] CVS update: xoops2jp/html/class
• 記事の並び順: [ 日付 ] [ スレッド ] [ 件名 ] [ 著者 ]

Index: xoops2jp/html/kernel/module.php
diff -u xoops2jp/html/kernel/module.php:1.2.8.6 xoops2jp/html/kernel/module.php:1.2.8.7
--- xoops2jp/html/kernel/module.php:1.2.8.6	Fri Jan 27 13:24:28 2006
+++ xoops2jp/html/kernel/module.php	Tue Apr 11 17:41:12 2006
@@ -1,5 +1,5 @@
 <?php
-// $Id: module.php,v 1.2.8.6 2006/01/27 04:24:28 minahito Exp $
+// $Id: module.php,v 1.2.8.7 2006/04/11 08:41:12 nobunobu Exp $
 //  ------------------------------------------------------------------------ //
 //                XOOPS - PHP Content Management System                      //
 //                    Copyright (c) 2000 XOOPS.org                           //
@@ -389,10 +389,13 @@
     {
         static $_cachedModule_mid;
         static $_cachedModule_dirname;
+
+        $dirname =  trim($dirname);
+        
         if (!empty($_cachedModule_dirname[$dirname])) {
             return $_cachedModule_dirname[$dirname];
         } else {
-            $sql = "SELECT * FROM ".$this->db->prefix('modules')." WHERE dirname = '".trim($dirname)."'";
+            $sql = "SELECT * FROM ".$this->db->prefix('modules')." WHERE dirname = ".$this->db->quoteString($dirname);
             if (!$result = $this->db->query($sql)) {
                 return false;
             }
Index: xoops2jp/html/kernel/online.php
diff -u xoops2jp/html/kernel/online.php:1.2 xoops2jp/html/kernel/online.php:1.2.8.1
--- xoops2jp/html/kernel/online.php:1.2	Fri Mar 18 21:52:14 2005
+++ xoops2jp/html/kernel/online.php	Tue Apr 11 17:41:12 2006
@@ -1,5 +1,5 @@
 <?php
-// $Id: online.php,v 1.2 2005/03/18 12:52:14 onokazu Exp $
+// $Id: online.php,v 1.2.8.1 2006/04/11 08:41:12 nobunobu Exp $
 //  ------------------------------------------------------------------------ //
 //                XOOPS - PHP Content Management System                      //
 //                    Copyright (c) 2000 XOOPS.org                           //
@@ -78,19 +78,20 @@
     function write($uid, $uname, $time, $module, $ip)
 	{
 		$uid = intval($uid);
+		$ip = $this->db->quoteString($ip);
 		if ($uid > 0) {
 			$sql = "SELECT COUNT(*) FROM ".$this->db->prefix('online')." WHERE online_uid=".$uid;
 		} else {
-			$sql = "SELECT COUNT(*) FROM ".$this->db->prefix('online')." WHERE online_uid=".$uid." AND online_ip='".$ip."'";
+			$sql = "SELECT COUNT(*) FROM ".$this->db->prefix('online')." WHERE online_uid=".$uid." AND online_ip=".$ip;
 		}
 		list($count) = $this->db->fetchRow($this->db->queryF($sql));
         if ( $count > 0 ) {
             $sql = "UPDATE ".$this->db->prefix('online')." SET online_updated=".$time.", online_module = ".$module." WHERE online_uid = ".$uid;
             if ($uid == 0) {
-                $sql .= " AND online_ip='".$ip."'";
+                $sql .= " AND online_ip=".$ip;
             }
         } else {
-			$sql = sprintf("INSERT INTO %s (online_uid, online_uname, online_updated, online_ip, online_module) VALUES (%u, %s, %u, %s, %u)", $this->db->prefix('online'), $uid, $this->db->quoteString($uname), $time, $this->db->quoteString($ip), $module);
+			$sql = sprintf("INSERT INTO %s (online_uid, online_uname, online_updated, online_ip, online_module) VALUES (%u, %s, %u, %s, %u)", $this->db->prefix('online'), $uid, $this->db->quoteString($uname), $time, $ip, $module);
         }
 		if (!$this->db->queryF($sql)) {
             return false;
Index: xoops2jp/html/kernel/tplfile.php
diff -u xoops2jp/html/kernel/tplfile.php:1.2.8.2 xoops2jp/html/kernel/tplfile.php:1.2.8.3
--- xoops2jp/html/kernel/tplfile.php:1.2.8.2	Fri Dec 16 18:05:43 2005
+++ xoops2jp/html/kernel/tplfile.php	Tue Apr 11 17:41:12 2006
@@ -1,5 +1,5 @@
 <?php
-// $Id: tplfile.php,v 1.2.8.2 2005/12/16 09:05:43 minahito Exp $
+// $Id: tplfile.php,v 1.2.8.3 2006/04/11 08:41:12 nobunobu Exp $
 //  ------------------------------------------------------------------------ //
 //                XOOPS - PHP Content Management System                      //
 //                    Copyright (c) 2000 XOOPS.org                           //
@@ -306,17 +306,17 @@
             $criteria->add(new Criteria('tpl_refid', $refid));
         }
         if (isset($file)) {
-            $criteria->add(new Criteria('tpl_file', $file));
+            $criteria->add(new Criteria('tpl_file', addslashes(trim($file))));
         }
         if (isset($type)) {
             if (is_array($type)) {
                 $criteria2 = new CriteriaCompo();
                 foreach ($type as $t) {
-                    $criteria2->add(new Criteria('tpl_type', $t), 'OR');
+                    $criteria2->add(new Criteria('tpl_type', addslashes(trim($t))), 'OR');
                 }
                 $criteria->add($criteria2);
             } else {
-                $criteria->add(new Criteria('tpl_type', $type));
+                $criteria->add(new Criteria('tpl_type', addslashes(trim($type))));
             }
         }
         return $this->getObjects($criteria, $getsource, false);
@@ -324,7 +324,7 @@
 
     function templateExists($tplname, $tplset_name)
     {
-        $criteria = new CriteriaCompo(new Criteria('tpl_file', trim($tplname)));
+        $criteria = new CriteriaCompo(new Criteria('tpl_file', addslashes(trim($tplname))));
         $criteria->add(new Criteria('tpl_tplset', addslashes(trim($tplset_name))));
         if ($this->getCount($criteria) > 0) {
             return true;

• 前の記事 [xoops-cvslog 2743] CVS update: xoops2jp/html/install/wizards
• 次の記事 [xoops-cvslog 2745] CVS update: xoops2jp/html/class
• 記事の並び順: [ 日付 ] [ スレッド ] [ 件名 ] [ 著者 ]