external/aurweb
0
0
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/aurweb.git synced 2025-02-03 09:43:03 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

SQL: treat all UID/ID values as numbers, not strings

Browse source 
Ensure we are not quoting these values in any of our SQL queries.

Thanks-to: elij <elij.mx@gmail.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
This commit is contained in:
Dan McGee 2011-04-25 23:23:01 -05:00 committed by Lukas Fleischer
parent fcda6671f3
commit 3609cf140e
4 changed files with 15 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

4
web/html/passreset.php
View file

@ -58,8 +58,8 @@ if (isset($_GET['resetkey'], $_POST['email'], $_POST['password'], $_POST['confir
$resetkey = new_sid();
$dbh = db_connect();
$q = "UPDATE Users
SET ResetKey = '$resetkey'
WHERE ID = '$uid'";
SET ResetKey = '" . $resetkey . "'
WHERE ID = " . $uid;
db_query($q, $dbh);
# Send email with confirmation link
$body = __('A password reset request was submitted for the account '.

2
web/html/pkgsubmit.php
View file

@ -325,7 +325,7 @@ if ($uid):
}
# Update package data
$q = sprintf("UPDATE Packages SET ModifiedTS = UNIX_TIMESTAMP(), Name = '%s', Version = '%s-%s', License = '%s', Description = '%s', URL = '%s', OutOfDateTS = NULL, MaintainerUID = '%d' WHERE ID = %d",
$q = sprintf("UPDATE Packages SET ModifiedTS = UNIX_TIMESTAMP(), Name = '%s', Version = '%s-%s', License = '%s', Description = '%s', URL = '%s', OutOfDateTS = NULL, MaintainerUID = %d WHERE ID = %d",
mysql_real_escape_string($new_pkgbuild['pkgname']),
mysql_real_escape_string($new_pkgbuild['pkgver']),
mysql_real_escape_string($new_pkgbuild['pkgrel']),