external/aurweb
0
0
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/aurweb.git synced 2025-02-03 09:43:03 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

test return value from db_query before assuming it is valid

Browse source 
make the sql query form consistent in usage by cleaning up instances
where db_query's result was not inspected before attempting to fetch row
data from the handle

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
This commit is contained in:
elij 2011-05-11 16:17:12 -07:00 committed by Lukas Fleischer
parent d38f3460e5
commit 0898f1447a
7 changed files with 135 additions and 68 deletions
Download patch file Download diff file Expand all files Collapse all files

16
web/html/addvote.php
View file

@ -21,14 +21,26 @@ if ($atype == "Trusted User" OR $atype == "Developer") {
if (!empty($_POST['user'])) {
$qcheck = "SELECT * FROM Users WHERE Username = '" . mysql_real_escape_string($_POST['user']) . "'";
$check = mysql_num_rows(db_query($qcheck, $dbh));
$result = db_query($qcheck, $dbh);
if ($result) {
$check = mysql_num_rows($result);
}
else {
$check = 0;
}
if ($check == 0) {
$error.= __("Username does not exist.");
} else {
$qcheck = "SELECT * FROM TU_VoteInfo WHERE User = '" . mysql_real_escape_string($_POST['user']) . "'";
$qcheck.= " AND End > UNIX_TIMESTAMP()";
$check = mysql_num_rows(db_query($qcheck, $dbh));
$result = db_query($qcheck, $dbh);
if ($result) {
$check = mysql_num_rows($result);
}
else {
$check = 0;
}
if ($check != 0) {
$error.= __("%s already has proposal running for them.", htmlentities($_POST['user']));

17
web/html/tu.php
View file

@ -36,7 +36,13 @@ if ($atype == "Trusted User" OR $atype == "Developer") {
$qvoted = "SELECT * FROM TU_Votes WHERE ";
$qvoted.= "VoteID = " . $row['ID'] . " AND ";
$qvoted.= "UserID = " . uid_from_sid($_COOKIE["AURSID"]);
$hasvoted = mysql_num_rows(db_query($qvoted, $dbh));
$result = db_query($qvoted, $dbh);
if ($result) {
$hasvoted = mysql_num_rows($result);
}
else {
$hasvoted = 0;
}
# List voters of a proposal.
$qwhoVoted = "SELECT tv.UserID,U.Username
@ -85,10 +91,15 @@ if ($atype == "Trusted User" OR $atype == "Developer") {
$canvote = 0;
$errorvote = __("You've already voted for this proposal.");
# Update if they voted
$hasvoted = mysql_num_rows(db_query($qvoted, $dbh));
$result = db_query($qvoted, $dbh);
if ($result) {
$hasvoted = mysql_num_rows($result);
}
$results = db_query($q, $dbh);
$row = mysql_fetch_assoc($results);
if ($results) {
$row = mysql_fetch_assoc($results);
}
}
}
include("tu_details.php");