From aaf81b8f35512782d34f78c1a0dac8b42d745393 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Roland=20H=C3=A4der?= Date: Fri, 6 Nov 2009 15:19:26 +0000 Subject: [PATCH] addslashes() did escape also single quotes (') which breaks some banner rotation code. Now use escapeQuotes() instead of addslashes() --- inc/classes/cachesystem.class.php | 2 +- inc/config-functions.php | 4 +- inc/db/lib-mysql3.php | 8 +- inc/filters.php | 4 +- inc/functions.php | 205 ++++++++++++++---------------- inc/language-functions.php | 4 +- inc/libs/admins_functions.php | 2 +- inc/libs/sponsor_functions.php | 2 +- inc/libs/surfbar_functions.php | 2 +- inc/libs/theme_functions.php | 2 +- inc/libs/wernis_functions.php | 2 +- inc/modules/admin.php | 4 +- inc/mysql-manager.php | 2 +- inc/session-functions.php | 2 +- inc/stylesheet.php | 2 +- 15 files changed, 119 insertions(+), 128 deletions(-) diff --git a/inc/classes/cachesystem.class.php b/inc/classes/cachesystem.class.php index 7a068539c6..665d39f6ce 100644 --- a/inc/classes/cachesystem.class.php +++ b/inc/classes/cachesystem.class.php @@ -475,7 +475,7 @@ class CacheSystem { // String or non-string? ;-) if (is_string($value)) { // String... - $line = '$this->' . $prefix . "['".$this->name."']['" . $key . "']" . $extender . " = '" . addslashes($value) . "';\n"; + $line = '$this->' . $prefix . "['".$this->name."']['" . $key . "']" . $extender . " = '" . escapeQuotes($value) . "';\n"; } elseif (is_null($value)) { // Null $line = '$this->' . $prefix . "['".$this->name."']['" . $key . "']" . $extender . " = null;\n"; diff --git a/inc/config-functions.php b/inc/config-functions.php index 694a53eb63..609e5c06f9 100644 --- a/inc/config-functions.php +++ b/inc/config-functions.php @@ -201,7 +201,7 @@ function updateOldConfigFile () { // Is the line found? if ((substr($line, 0, strlen($old)) == $old) && (!isset($done[$old]))) { // Entry found! - //* DEBUG: */ outputHtml(htmlentities($line) . " - FOUND!
"); + //* DEBUG: */ outputHtml(secureString($line) . " - FOUND!
"); // Eval the line... eval($line); @@ -259,7 +259,7 @@ function updateOldConfigFile () { } // Debug output only - //* DEBUG: */ outputHtml(htmlentities($line) . " - MySQL!
"); + //* DEBUG: */ outputHtml(secureString($line) . " - MySQL!
"); // Split parts so we can check them and prepare them $parts = explode('=>', $line); diff --git a/inc/db/lib-mysql3.php b/inc/db/lib-mysql3.php index 8c20de47cf..1c96788f11 100644 --- a/inc/db/lib-mysql3.php +++ b/inc/db/lib-mysql3.php @@ -313,8 +313,8 @@ function SQL_ESCAPE ($str, $secureString=true, $strip=true) { } // END - if if (!SQL_IS_LINK_UP()) { - // Fall-back to addslashes() when there is no link - $ret = addslashes($str); + // Fall-back to escapeQuotes() when there is no link + $ret = escapeQuotes($str); } elseif (function_exists('mysql_real_escape_string')) { // The new and improved version //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'str='.$str); @@ -323,8 +323,8 @@ function SQL_ESCAPE ($str, $secureString=true, $strip=true) { // The obsolete function $ret = mysql_escape_string($str, SQL_GET_LINK()); } else { - // If nothing else works, fall back to addslashes() again - $ret = addslashes($str); + // If nothing else works, fall back to escapeQuotes() again + $ret = escapeQuotes($str); } // Cache result diff --git a/inc/filters.php b/inc/filters.php index d18c91e741..90478a949f 100644 --- a/inc/filters.php +++ b/inc/filters.php @@ -423,7 +423,7 @@ function FILTER_COMPILE_CONFIG ($code, $compiled = false) { // Use this for replacing $code = str_replace($match, $GLOBALS['compile_config'][$matches[1][$key]], $code); - //* DEBUG: */ if (($match == '{?URL?}') && (strlen($code) > 10000)) die('
'.htmlentities($code).'
'); + //* DEBUG: */ if (($match == '{?URL?}') && (strlen($code) > 10000)) die('
'.secureString($code).'
'); } // END - foreach } // END - if @@ -473,7 +473,7 @@ function FILTER_COMPILE_EXTENSION ($code) { } // END - if // Return compiled code - //* DEBUG: */ die('
'.htmlentities($code).'
'); + //* DEBUG: */ die('
'.secureString($code).'
'); return $code; } diff --git a/inc/functions.php b/inc/functions.php index c68f9cb293..0d11b7f068 100644 --- a/inc/functions.php +++ b/inc/functions.php @@ -163,7 +163,7 @@ function compileFinalOutput () { $newContent = ''; // Compile it - $eval = "\$newContent = \"".compileCode(addslashes($GLOBALS['output']))."\";"; + $eval = "\$newContent = \"".compileCode(escapeQuotes($GLOBALS['output']))."\";"; eval($eval); // Was that eval okay? @@ -204,7 +204,7 @@ function getFatalArray () { } // Add a fatal error message to the queue array -function addFatalMessage ($F, $L, $message, $extra='') { +function addFatalMessage ($F, $L, $message, $extra = '') { if (is_array($extra)) { // Multiple extras for a message with masks $message = call_user_func_array('sprintf', $extra); @@ -218,7 +218,7 @@ function addFatalMessage ($F, $L, $message, $extra='') { // Log fatal messages away debug_report_bug($message); - logDebugMessage($F, $L, " message={$message}"); + logDebugMessage($F, $L, 'Fatal error message: ' . $message); } // Getter for total fatal message count @@ -237,7 +237,7 @@ function getTotalFatalErrors () { } // Load a template file and return it's content (only it's name; do not use ' or ") -function loadTemplate ($template, $return=false, $content=array()) { +function loadTemplate ($template, $return = false, $content = array()) { // @TODO Remove this sanity-check if all is fine if (!is_bool($return)) debug_report_bug('return is not bool (' . gettype($return) . ')'); @@ -255,73 +255,18 @@ function loadTemplate ($template, $return=false, $content=array()) { // Make all template names lowercase $template = strtolower($template); - // Count the template load - incrementConfigEntry('num_templates'); - // Init some data $ret = ''; if (empty($GLOBALS['refid'])) $GLOBALS['refid'] = '0'; // Base directory $basePath = sprintf("%stemplates/%s/html/", getConfig('PATH'), getLanguage()); - $mode = ''; - - // Check for admin/guest/member templates - if (substr($template, 0, 6) == 'admin_') { - // Admin template found - $mode = 'admin/'; - } elseif (substr($template, 0, 6) == 'guest_') { - // Guest template found - $mode = 'guest/'; - } elseif (substr($template, 0, 7) == 'member_') { - // Member template found - $mode = 'member/'; - } elseif (substr($template, 0, 8) == 'install_') { - // Installation template found - $mode = 'install/'; - } elseif (substr($template, 0, 4) == 'ext_') { - // Extension template found - $mode = 'ext/'; - } elseif (substr($template, 0, 3) == 'la_') { - // 'Logical-area' template found - $mode = 'la/'; - } elseif (substr($template, 0, 3) == 'js_') { - // JavaScript template found - $mode = 'js/'; - } elseif (substr($template, 0, 5) == 'menu_') { - // Menu template found - $mode = 'menu/'; - } else { - // Test for extension - $test = substr($template, 0, strpos($template, '_')); - - // Probe for valid extension name - if (isExtensionNameValid($test)) { - // Set extra path to extension's name - $mode = $test . '/'; - } // END - if - } + $extraPath = detectExtraTemplatePath($template);; //////////////////////// // Generate file name // //////////////////////// - $FQFN = $basePath . $mode . $template . '.tpl'; - - if ((isWhatSet()) && ((strpos($template, '_header') > 0) || (strpos($template, '_footer') > 0)) && (($mode == 'guest/') || ($mode == 'member/') || ($mode == 'admin/'))) { - // Select what depended header/footer template file for admin/guest/member area - $file2 = sprintf("%s%s%s_%s.tpl", - $basePath, - $mode, - $template, - getWhat() - ); - - // Probe for it... - if (isFileReadable($file2)) $FQFN = $file2; - - // Remove variable from memory - unset($file2); - } // END - if + $FQFN = $basePath . $extraPath . $template . '.tpl'; // Does the special template exists? if (!isFileReadable($FQFN)) { @@ -331,6 +276,9 @@ function loadTemplate ($template, $return=false, $content=array()) { // Now does the final template exists? if (isFileReadable($FQFN)) { + // Count the template load + incrementConfigEntry('num_templates'); + // The local file does exists so we load it. :) $GLOBALS['tpl_content'] = readFromFile($FQFN); @@ -343,18 +291,18 @@ function loadTemplate ($template, $return=false, $content=array()) { $ret = "\n" . $GLOBALS['tpl_content'] . "\n"; // Prepare eval() command - $eval = '$ret = "' . compileCode(addslashes($ret)) . '";'; + $eval = '$ret = "' . compileCode(escapeQuotes($ret)) . '";'; } elseif (substr($template, 0, 3) == 'js_') { // JavaScripts don't like entities and timings - $eval = '$ret = decodeEntities("' . compileRawCode(addslashes($GLOBALS['tpl_content'])) . '");'; + $eval = '$ret = decodeEntities("' . compileRawCode(escapeQuotes($GLOBALS['tpl_content'])) . '");'; } else { // Prepare eval() command - $eval = '$ret = "' . compileCode(addslashes($GLOBALS['tpl_content'])) . '";'; + $eval = '$ret = "' . compileCode(escapeQuotes($GLOBALS['tpl_content'])) . '";'; } } else { // Add surrounding HTML comments to help finding bugs faster $ret = "\n" . $GLOBALS['tpl_content'] . "\n"; - $eval = '$ret = "' . addslashes($ret) . '";'; + $eval = '$ret = "' . escapeQuotes($ret) . '";'; } // END - if // Cache the eval() command here @@ -397,6 +345,51 @@ function loadTemplate ($template, $return=false, $content=array()) { } } +// Detects the extra template path from given template name +function detectExtraTemplatePath ($template) { + // Default is empty + $extraPath = ''; + + // Check for admin/guest/member templates + if (substr($template, 0, 6) == 'admin_') { + // Admin template found + $extraPath = 'admin/'; + } elseif (substr($template, 0, 6) == 'guest_') { + // Guest template found + $extraPath = 'guest/'; + } elseif (substr($template, 0, 7) == 'member_') { + // Member template found + $extraPath = 'member/'; + } elseif (substr($template, 0, 8) == 'install_') { + // Installation template found + $extraPath = 'install/'; + } elseif (substr($template, 0, 4) == 'ext_') { + // Extension template found + $extraPath = 'ext/'; + } elseif (substr($template, 0, 3) == 'la_') { + // 'Logical-area' template found + $extraPath = 'la/'; + } elseif (substr($template, 0, 3) == 'js_') { + // JavaScript template found + $extraPath = 'js/'; + } elseif (substr($template, 0, 5) == 'menu_') { + // Menu template found + $extraPath = 'menu/'; + } else { + // Test for extension + $test = substr($template, 0, strpos($template, '_')); + + // Probe for valid extension name + if (isExtensionNameValid($test)) { + // Set extra path to extension's name + $extraPath = $test . '/'; + } // END - if + } + + // Return result + return $extraPath; +} + // Loads an email template and compiles it function loadEmailTemplate ($template, $content = array(), $UID = '0') { global $DATA; @@ -471,37 +464,22 @@ function loadEmailTemplate ($template, $content = array(), $UID = '0') { if (isset($content['email'])) $email = $content['email']; // Store email for some functions in global data array + // @TODO Do only use $contentn, not $DATA or raw variables $DATA['email'] = $email; // Base directory $basePath = sprintf("%stemplates/%s/emails/", getConfig('PATH'), getLanguage()); - // Check for admin/guest/member templates - if (substr($template, 0, 6) == 'admin_') { - // Admin template found - $FQFN = $basePath.'admin/' . $template.'.tpl'; - } elseif (substr($template, 0, 6) == 'guest_') { - // Guest template found - $FQFN = $basePath.'guest/' . $template.'.tpl'; - } elseif (substr($template, 0, 7) == 'member_') { - // Member template found - $FQFN = $basePath.'member/' . $template.'.tpl'; - } else { - // Test for extension - $test = substr($template, 0, strpos($template, '_')); - if (isExtensionNameValid($test)) { - // Set extra path to extension's name - $FQFN = $basePath . $test.'/' . $template.'.tpl'; - } else { - // No special filename - $FQFN = $basePath . $template.'.tpl'; - } - } + // Detect extra path + $extraPath = detectExtraTemplatePath($template); + + // Generate full FQFN + $FQFN = $basePath . $extraPath . $template . '.tpl'; // Does the special template exists? if (!isFileReadable($FQFN)) { // Reset to default template - $FQFN = $basePath . $template.'.tpl'; + $FQFN = $basePath . $template . '.tpl'; } // END - if // Now does the final template exists? @@ -511,16 +489,16 @@ function loadEmailTemplate ($template, $content = array(), $UID = '0') { $GLOBALS['tpl_content'] = readFromFile($FQFN); // Run code - $GLOBALS['tpl_content'] = "\$newContent = decodeEntities(\"".compileRawCode(addslashes($GLOBALS['tpl_content']))."\");"; + $GLOBALS['tpl_content'] = "\$newContent = decodeEntities(\"".compileRawCode(escapeQuotes($GLOBALS['tpl_content']))."\");"; eval($GLOBALS['tpl_content']); } elseif (!empty($template)) { // Template file not found! - $newContent = "{--TEMPLATE_404--}: " . $template."
+ $newContent = '{--TEMPLATE_404--}: ' . $template . '
{--TEMPLATE_CONTENT--} -
".print_r($content, true)."
+
' . print_r($content, true) . '
{--TEMPLATE_DATA--} -
".print_r($DATA, true)."
-

"; +
' . print_r($DATA, true) . '
+

'; // Debug mode not active? Then remove the HTML tags if (!isDebugModeEnabled()) $newContent = secureString($newContent); @@ -533,6 +511,7 @@ function loadEmailTemplate ($template, $content = array(), $UID = '0') { if (empty($newContent)) { // Compiling failed $newContent = "Compiler error for template {$template}!\nUncompiled content:\n" . $GLOBALS['tpl_content']; + // Add last error if the required function exists if (function_exists('error_get_last')) $newContent .= "\n--------------------------------------\nDebug:\n".print_r(error_get_last(), true)."--------------------------------------\nPlease don't alter these informations!\nThanx."; } // END - if @@ -541,10 +520,6 @@ function loadEmailTemplate ($template, $content = array(), $UID = '0') { unset($content); unset($DATA); - // Compile the code and eval it - $eval = '$newContent = "' . compileRawCode(addslashes($newContent)) . '";'; - eval($eval); - // Return content return $newContent; } @@ -554,7 +529,7 @@ function sendEmail ($toEmail, $subject, $message, $isHtml = 'N', $mailHeader = ' //* DEBUG: */ outputHtml(__FUNCTION__."(".__LINE__."):TO={$toEmail},SUBJECT={$subject}
"); // Compile subject line (for POINTS constant etc.) - eval("\$subject = decodeEntities(\"".compileRawCode(addslashes($subject))."\");"); + eval("\$subject = decodeEntities(\"".compileRawCode(escapeQuotes($subject))."\");"); // Set from header if ((!eregi('@', $toEmail)) && ($toEmail > 0)) { @@ -600,17 +575,17 @@ function sendEmail ($toEmail, $subject, $message, $isHtml = 'N', $mailHeader = ' } // Compile "TO" - eval("\$toEmail = \"".compileRawCode(addslashes($toEmail))."\";"); + eval("\$toEmail = \"".compileRawCode(escapeQuotes($toEmail))."\";"); // Compile "MSG" - eval("\$message = \"".compileRawCode(addslashes($message))."\";"); + eval("\$message = \"".compileRawCode(escapeQuotes($message))."\";"); // Fix HTML parameter (default is no!) if (empty($isHtml)) $isHtml = 'N'; if (isDebugModeEnabled()) { // In debug mode we want to display the mail instead of sending it away so we can debug this part outputHtml('
-Headers : ' . str_replace('<', '<', str_replace('>', '>', htmlentities(trim($mailHeader)))) . '
+Headers : ' . str_replace('<', '<', str_replace('>', '>', secureString(trim($mailHeader)))) . '
 To      : ' . $toEmail . '
 Subject : ' . $subject . '
 Message : ' . $message . '
@@ -1040,11 +1015,11 @@ function compileRawCode ($code, $simple = false, $constants = true, $full = true
 		return $code;
 	} // END - if
 
-	// Init replacement-array with full security characters
-	$secChars = $GLOBALS['security_chars'];
+	// Init replacement-array with smaller set of security characters
+	$secChars = $GLOBALS['url_chars'];
 
-	// Select smaller set of chars to replace when we e.g. want to compile URLs
-	if ($full === false) $secChars = $GLOBALS['url_chars'];
+	// Select full set of chars to replace when we e.g. want to compile URLs
+	if ($full === true) $secChars = $GLOBALS['security_chars'];
 
 	// Compile more through a filter
 	$code = runFilterChain('compile_code', $code);
@@ -1067,6 +1042,7 @@ function compileRawCode ($code, $simple = false, $constants = true, $full = true
 	} // END - foreach
 
 	// Find $content[bla][blub] entries
+	// @TODO Do only use $content and deprecate $GLOBALS and $DATA in templates
 	preg_match_all('/\$(content|GLOBALS|DATA)((\[([a-zA-Z0-9-_]+)\])*)/', $code, $matches);
 
 	// Are some matches found?
@@ -2344,9 +2320,9 @@ function getCurrentTheme () {
 		if ((isGetRequestElementSet('theme')) && (isFileReadable($theme))) {
 			// Set cookie from URL data
 			setTheme(getRequestElement('theme'));
-		} elseif (isFileReadable(sprintf("%stheme/%s/theme.php", getConfig('PATH'), SQL_ESCAPE(postRequestElement('theme'))))) {
+		} elseif (isFileReadable(sprintf("%stheme/%s/theme.php", getConfig('PATH'), secureString(postRequestElement('theme'))))) {
 			// Set cookie from posted data
-			setTheme(SQL_ESCAPE(postRequestElement('theme')));
+			setTheme(secureString(postRequestElement('theme')));
 		}
 
 		// Set return value
@@ -3589,7 +3565,7 @@ function linenumberCode ($code)    {
 		$r .= '|';
 
 		// Add code
-		$r .= '' . htmlentities($c) . '';
+		$r .= '' . secureString($c) . '';
 	}
 
 	return '
' . $r . '
'; @@ -3701,6 +3677,21 @@ function readTemplateCache ($template) { return $GLOBALS['template_eval'][$template]; } +// Escapes quotes (default is only double-quotes) +function escapeQuotes ($str, $single = false) { + // Should we escape all? + if ($single === true) { + // Escape all (including null) + $str = addslashes($str); + } else { + // Escape only double-quotes + $str = str_replace('"', "\\\"", $str); + } + + // Return the escaped string + return $str; +} + ////////////////////////////////////////////////// // AUTOMATICALLY RE-GENERATED MISSING FUNCTIONS // ////////////////////////////////////////////////// diff --git a/inc/language-functions.php b/inc/language-functions.php index cb1f925dbc..479848e75c 100644 --- a/inc/language-functions.php +++ b/inc/language-functions.php @@ -122,8 +122,8 @@ function getLanguage () { // "Setter" for language function setLanguage ($lang) { - // Accept only first 2 chars! - $lang = substr(SQL_ESCAPE(secureString($lang)), 0, 2); + // Accept only first 2 chars and still secure them + $lang = substr(secureString($lang), 0, 2); // Set cookie setSession('mx_lang', $lang); diff --git a/inc/libs/admins_functions.php b/inc/libs/admins_functions.php index ed45da64a1..a750428ded 100644 --- a/inc/libs/admins_functions.php +++ b/inc/libs/admins_functions.php @@ -170,7 +170,7 @@ function adminsChangeAdminAccount ($postData) { $hash = generateHash($postData['pass1'][$id]); // Save password when set - if (!empty($postData['pass1'][$id])) $add = sprintf(", password='%s'", SQL_ESCAPE($hash)); + if (!empty($postData['pass1'][$id])) $add = sprintf(", `password`='%s'", SQL_ESCAPE($hash)); // Get admin's id $adminId = getCurrentAdminId(); diff --git a/inc/libs/sponsor_functions.php b/inc/libs/sponsor_functions.php index e1ee608916..3a88f13287 100644 --- a/inc/libs/sponsor_functions.php +++ b/inc/libs/sponsor_functions.php @@ -176,7 +176,7 @@ function handlSponsorRequest (&$postData, $update=false, $messageArray=array(), foreach ($postData as $k => $v) { // Do not add 'force' ! if ($k != 'force') { - $OUT .= "\n"; + $OUT .= "\n"; } // END - if } // END - foreach diff --git a/inc/libs/surfbar_functions.php b/inc/libs/surfbar_functions.php index d87130fee3..d550d625e2 100644 --- a/inc/libs/surfbar_functions.php +++ b/inc/libs/surfbar_functions.php @@ -235,7 +235,7 @@ function SURFBAR_MEMBER_DO_FORM ($formData, $URLs) { } // Secure action - $action = SQL_ESCAPE(secureString($formData['action'])); + $action = secureString($formData['action']); // Has it changed? if ($action != $formData['action']) { diff --git a/inc/libs/theme_functions.php b/inc/libs/theme_functions.php index 64dbda3d65..e53451b33b 100644 --- a/inc/libs/theme_functions.php +++ b/inc/libs/theme_functions.php @@ -72,7 +72,7 @@ function generateThemeSelectionBox () { // Load all themes while ($content = SQL_FETCHARRAY($result)) { // Construct relative include file name - $inc = sprintf("theme/%s/theme.php", SQL_ESCAPE($content['theme_path'])); + $inc = sprintf("theme/%s/theme.php", secureString($content['theme_path'])); // Load it's theme.php file if found if (isIncludeReadable($inc)) { diff --git a/inc/libs/wernis_functions.php b/inc/libs/wernis_functions.php index 468a0db29c..acc613dd53 100644 --- a/inc/libs/wernis_functions.php +++ b/inc/libs/wernis_functions.php @@ -126,7 +126,7 @@ function WERNIS_SEND_REQUEST ($scriptName, $requestData = array()) { // Something badly happened on server-side return array( 'status' => 'request_problem', - 'message' => sprintf(getMessage('WERNIS_API_REQUEST_PROBLEM'), $response[0], htmlentities($responseLine)) + 'message' => sprintf(getMessage('WERNIS_API_REQUEST_PROBLEM'), $response[0], secureString($responseLine)) ); } // END - if diff --git a/inc/modules/admin.php b/inc/modules/admin.php index b9b59ece5f..78705e7aff 100644 --- a/inc/modules/admin.php +++ b/inc/modules/admin.php @@ -163,8 +163,8 @@ if (!isAdminRegistered()) { if ($valid === true) { // Prepare content first $content = array( - 'hash' => SQL_ESCAPE(postRequestElement('hash')), - 'login' => SQL_ESCAPE(postRequestElement('login')) + 'hash' => secureString(postRequestElement('hash')), + 'login' => secureString(postRequestElement('login')) ); // Validation okay so display form for final password change diff --git a/inc/mysql-manager.php b/inc/mysql-manager.php index cc9b9aedca..2a3f33ac87 100644 --- a/inc/mysql-manager.php +++ b/inc/mysql-manager.php @@ -2222,7 +2222,7 @@ function reduceRecipientReceivedMails ($column, $id, $count) { function createNewTask ($subject, $notes, $taskType, $userid = '0', $adminId = '0', $strip = true) { // Insert the task data into the database SQL_QUERY_ESC("INSERT INTO `{?_MYSQL_PREFIX?}_task_system` (`assigned_admin`, `userid`, `status`, `task_type`, `subject`, `text`, `task_created`) VALUES (%s,%s,'NEW','%s','%s','%s', UNIX_TIMESTAMP())", - array($adminId, $userid, $taskType, $subject, addslashes($notes)), __FUNCTION__, __LINE__, true, $strip); + array($adminId, $userid, $taskType, $subject, escapeQuotes($notes)), __FUNCTION__, __LINE__, true, $strip); } // Updates last module / online time diff --git a/inc/session-functions.php b/inc/session-functions.php index ce329769dc..18ed9d0661 100644 --- a/inc/session-functions.php +++ b/inc/session-functions.php @@ -47,7 +47,7 @@ function setSession ($var, $value) { if (getOutputMode() == 1) return true; // Trim value and session variable - $var = trim(SQL_ESCAPE($var)); $value = trim($value); + $var = trim(secureString($var)); $value = trim($value); // Is the session variable set? if (('' . $value . '' == '') && (isSessionVariableSet($var))) { diff --git a/inc/stylesheet.php b/inc/stylesheet.php index d311ef3d29..6e4ac65e7f 100644 --- a/inc/stylesheet.php +++ b/inc/stylesheet.php @@ -111,7 +111,7 @@ if ((getOutputMode() == 1) || (getConfig('css_php') == 'DIRECT')) { // Default theme first $newTheme = 'default'; if (isGetRequestElementSet('theme')) $newTheme = getRequestElement('theme'); - if (isPostRequestElementSet('theme')) $newTheme = SQL_ESCAPE(postRequestElement('theme')); + if (isPostRequestElementSet('theme')) $newTheme = secureString(postRequestElement('theme')); outputHtml('?theme=' . $newTheme . '&installing=1', false); } else { // Add SVN revision to bypass caching problems -- 2.39.5