mirror of
https://gitlab.archlinux.org/archlinux/aurweb.git
synced 2025-02-03 09:43:03 +00:00
test return value from db_query before assuming it is valid
make the sql query form consistent in usage by cleaning up instances where db_query's result was not inspected before attempting to fetch row data from the handle Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
This commit is contained in:
elij
Lukas Fleischer
parent
d38f3460e5
commit
0898f1447a
7 changed files with 135 additions and 68 deletions
|
|
@ -197,7 +197,7 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="",
|
|||
}
|
||||
|
||||
if (!$error && !valid_username($U) && !user_is_privileged($editor_user))
|
||||
$error = __("The username is invalid.") . "<ul>\n"
|
||||
$error = __("The username is invalid.") . "<ul>\n"
|
||||
."<li>" . __("It must be between %s and %s characters long",
|
||||
USERNAME_MIN_LEN, USERNAME_MAX_LEN )
|
||||
. "</li>"
|
||||
|
|
@ -718,11 +718,11 @@ function valid_user( $user )
|
|||
$q = "SELECT ID FROM Users WHERE Username = '"
|
||||
. mysql_real_escape_string($user). "'";
|
||||
|
||||
$result = mysql_fetch_row(db_query($q, $dbh));
|
||||
|
||||
$result = db_query($q, $dbh);
|
||||
# Is the username in the database?
|
||||
if ($result[0]) {
|
||||
return $result[0];
|
||||
if ($result) {
|
||||
$row = mysql_fetch_row($result);
|
||||
return $row[0];
|
||||
}
|
||||
}
|
||||
return;
|
||||
|
|
@ -751,25 +751,30 @@ function valid_passwd( $userID, $passwd )
|
|||
$passwd_q = "SELECT ID FROM Users" .
|
||||
" WHERE ID = " . $userID . " AND Passwd = '" .
|
||||
salted_hash($passwd, $salt) . "'";
|
||||
$passwd_result = mysql_fetch_row(db_query($passwd_q, $dbh));
|
||||
if ($passwd_result[0]) {
|
||||
return true;
|
||||
$result = db_query($passwd_q, $dbh);
|
||||
if ($result) {
|
||||
$passwd_result = mysql_fetch_row($result);
|
||||
if ($passwd_result[0]) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
} else {
|
||||
# check without salt
|
||||
$nosalt_q = "SELECT ID FROM Users".
|
||||
" WHERE ID = " . $userID .
|
||||
" AND Passwd = '" . md5($passwd) . "'";
|
||||
$nosalt_result = mysql_fetch_row(db_query($nosalt_q, $dbh));
|
||||
if ($nosalt_result[0]) {
|
||||
# password correct, but salt it first
|
||||
if (!save_salt($userID, $passwd)) {
|
||||
trigger_error("Unable to salt user's password;" .
|
||||
" ID " . $userID, E_USER_WARNING);
|
||||
return false;
|
||||
$result = db_query($nosalt_q, $dbh);
|
||||
if ($result) {
|
||||
$nosalt_row = mysql_fetch_row($result);
|
||||
if ($nosalt_row[0]) {
|
||||
# password correct, but salt it first
|
||||
if (!save_salt($userID, $passwd)) {
|
||||
trigger_error("Unable to salt user's password;" .
|
||||
" ID " . $userID, E_USER_WARNING);
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -783,9 +788,12 @@ function user_suspended( $id )
|
|||
{
|
||||
$dbh = db_connect();
|
||||
$q = "SELECT Suspended FROM Users WHERE ID = " . $id;
|
||||
$result = mysql_fetch_row(db_query($q, $dbh));
|
||||
if ($result[0] == 1 ) {
|
||||
return true;
|
||||
$result = db_query($q, $dbh);
|
||||
if ($result) {
|
||||
$row = mysql_fetch_row($result);
|
||||
if ($result[0] == 1 ) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
|
@ -797,7 +805,7 @@ function user_delete( $id )
|
|||
{
|
||||
$dbh = db_connect();
|
||||
$q = "DELETE FROM Users WHERE ID = " . $id;
|
||||
$result = mysql_fetch_row(db_query($q, $dbh));
|
||||
db_query($q, $dbh);
|
||||
return;
|
||||
}
|
||||
|
||||
|
|
@ -809,9 +817,12 @@ function user_is_privileged( $id )
|
|||
{
|
||||
$dbh = db_connect();
|
||||
$q = "SELECT AccountTypeID FROM Users WHERE ID = " . $id;
|
||||
$result = mysql_fetch_row(db_query($q, $dbh));
|
||||
if( $result[0] > 1) {
|
||||
return $result[0];
|
||||
$result = db_query($q, $dbh);
|
||||
if ($result) {
|
||||
$row = mysql_fetch_row($result);
|
||||
if( $result[0] > 1) {
|
||||
return $result[0];
|
||||
}
|
||||
}
|
||||
return 0;
|
||||
|
||||
|
|
|
|||
|
|
@ -491,8 +491,12 @@ function get_salt($user_id)
|
|||
{
|
||||
$dbh = db_connect();
|
||||
$salt_q = "SELECT Salt FROM Users WHERE ID = " . $user_id;
|
||||
$salt_result = mysql_fetch_row(db_query($salt_q, $dbh));
|
||||
return $salt_result[0];
|
||||
$result = db_query($salt_q, $dbh);
|
||||
if ($result) {
|
||||
$salt_row = mysql_fetch_row($result);
|
||||
return $salt_row[0];
|
||||
}
|
||||
return;
|
||||
}
|
||||
|
||||
function save_salt($user_id, $passwd)
|
||||
|
|
|
|||
|
|
@ -403,7 +403,7 @@ function pkg_search_page($SID="") {
|
|||
$q_select = "SELECT ";
|
||||
if ($SID) {
|
||||
$q_select .= "CommentNotify.UserID AS Notify,
|
||||
PackageVotes.UsersID AS Voted, ";
|
||||
PackageVotes.UsersID AS Voted, ";
|
||||
}
|
||||
$q_select .= "Users.Username AS Maintainer,
|
||||
PackageCategories.Category,
|
||||
|
|
@ -507,7 +507,13 @@ function pkg_search_page($SID="") {
|
|||
$q_total = "SELECT COUNT(*) " . $q_from . $q_where;
|
||||
|
||||
$result = db_query($q, $dbh);
|
||||
$total = mysql_result(db_query($q_total, $dbh), 0);
|
||||
$result_t = db_query($q_total, $dbh);
|
||||
if ($result_t) {
|
||||
$total = mysql_result($result_t, 0);
|
||||
}
|
||||
else {
|
||||
$total = 0;
|
||||
}
|
||||
|
||||
if ($result && $total > 0) {
|
||||
if (isset($_GET["SO"]) && $_GET["SO"] == "d"){
|
||||
|
|
@ -859,7 +865,13 @@ function pkg_notify ($atype, $ids, $action = True) {
|
|||
# format in which it's sent requires this.
|
||||
foreach ($ids as $pid) {
|
||||
$q = "SELECT Name FROM Packages WHERE ID = $pid";
|
||||
$pkgname = mysql_result(db_query($q, $dbh), 0);
|
||||
$result = db_query($q, $dbh);
|
||||
if ($result) {
|
||||
$pkgname = mysql_result($result , 0);
|
||||
}
|
||||
else {
|
||||
$pkgname = '';
|
||||
}
|
||||
|
||||
if ($first)
|
||||
$first = False;
|
||||
|
|
@ -872,7 +884,8 @@ function pkg_notify ($atype, $ids, $action = True) {
|
|||
$q .= " AND PkgID = $pid";
|
||||
|
||||
# Notification already added. Don't add again.
|
||||
if (!mysql_num_rows(db_query($q, $dbh))) {
|
||||
$result = db_query($q, $dbh);
|
||||
if (!mysql_num_rows($result)) {
|
||||
$q = "INSERT INTO CommentNotify (PkgID, UserID) VALUES ($pid, $uid)";
|
||||
db_query($q, $dbh);
|
||||
}
|
||||
|
|
@ -921,14 +934,14 @@ function pkg_delete_comment($atype) {
|
|||
$uid = uid_from_sid($_COOKIE["AURSID"]);
|
||||
if (canDeleteComment($comment_id, $atype, $uid)) {
|
||||
|
||||
$dbh = db_connect();
|
||||
$q = "UPDATE PackageComments ";
|
||||
$q.= "SET DelUsersID = ".$uid." ";
|
||||
$q.= "WHERE ID = ".intval($comment_id);
|
||||
db_query($q, $dbh);
|
||||
return __("Comment has been deleted.");
|
||||
$dbh = db_connect();
|
||||
$q = "UPDATE PackageComments ";
|
||||
$q.= "SET DelUsersID = ".$uid." ";
|
||||
$q.= "WHERE ID = ".intval($comment_id);
|
||||
db_query($q, $dbh);
|
||||
return __("Comment has been deleted.");
|
||||
} else {
|
||||
return __("You are not allowed to delete this comment.");
|
||||
return __("You are not allowed to delete this comment.");
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -967,8 +980,12 @@ function pkg_change_category($atype) {
|
|||
$q.= "FROM Packages ";
|
||||
$q.= "WHERE Packages.ID = ".$pid;
|
||||
$result = db_query($q, $dbh);
|
||||
echo mysql_error();
|
||||
$pkg = mysql_fetch_assoc($result);
|
||||
if ($result) {
|
||||
$pkg = mysql_fetch_assoc($result);
|
||||
}
|
||||
else {
|
||||
return __("You are not allowed to change this package category.");
|
||||
}
|
||||
|
||||
$uid = uid_from_sid($_COOKIE["AURSID"]);
|
||||
if ($uid == $pkg["MaintainerUID"] or
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue