--- ../drupal-orig/./includes/bootstrap.inc 2004-11-20 19:21:41.000000000 +0100 +++ ./includes/bootstrap.inc 2004-11-19 20:19:58.000000000 +0100 @@ -346,13 +346,6 @@ function arg($index) { } /** - * Prepare user input for use in a database query, preventing SQL injection attacks. - */ -function check_query($text) { - return addslashes($text); -} - -/** * Prepare user input for use in a URI. * * We replace ( and ) with their entity equivalents to prevent XSS attacks. --- ../drupal-orig/./includes/common.inc 2004-11-19 20:18:52.000000000 +0100 +++ ./includes/common.inc 2004-11-20 19:17:10.000000000 +0100 @@ -228,7 +228,7 @@ function drupal_goto($path = '', $query */ function drupal_not_found() { header('HTTP/1.0 404 Not Found'); - watchdog('httpd', t('404 error: %page not found.', array('%page' => ''. check_query($_GET['q']) .''))); + watchdog('httpd', t('404 error: %page not found.', array('%page' => ''. db_escape_string($_GET['q']) .''))); $path = drupal_get_normal_path(variable_get('site_404', '')); $status = MENU_NOT_FOUND; --- ../drupal-orig/./includes/database.mysql.inc 2004-11-20 19:19:58.000000000 +0100 +++ ./includes/database.mysql.inc 2004-11-20 19:26:01.000000000 +0100 @@ -55,11 +55,11 @@ function db_query($query) { $query = db_prefix_tables($query); if (count($args) > 1) { if(is_array($args[1])){ - $args1 = array_map('check_query', $args[1]); + $args1 = array_map('db_escape_string', $args[1]); $nargs = array_merge(array($query), $args1); } else { - $nargs = array_map('check_query', $args); + $nargs = array_map('db_escape_string', $args); $nargs[0] = $query; } return _db_query(call_user_func_array('sprintf', $nargs)); @@ -79,11 +79,11 @@ function db_queryd($query) { $query = db_prefix_tables($query); if (count($args) > 1) { if(is_array($args[1])){ - $args1 = array_map('check_query', $args[1]); + $args1 = array_map('db_escape_string', $args[1]); $nargs = array_merge(array($query), $args1); } else { - $nargs = array_map('check_query', $args); + $nargs = array_map('db_escape_string', $args); $nargs[0] = $query; } return _db_query(call_user_func_array('sprintf', $nargs), 1); @@ -248,7 +248,7 @@ function db_query_range($query) { $count = array_pop($args); $from = array_pop($args); if (count(func_get_args()) > 3) { - $args = array_map('check_query', $args); + $args = array_map('db_escape_string', $args); $query = db_prefix_tables($query); $args[0] = $query; $query = call_user_func_array('sprintf', $args); @@ -286,6 +286,13 @@ function db_decode_blob($data) { } /** + * Prepare user input for use in a database query, preventing SQL injection attacks. + */ +function db_escape_string($text) { + return addslashes($text); +} + +/** * @} End of "ingroup database". */ --- ../drupal-orig/./includes/database.pear.inc 2004-11-20 19:20:06.000000000 +0100 +++ ./includes/database.pear.inc 2004-11-20 19:26:01.000000000 +0100 @@ -45,11 +45,11 @@ function db_query($query) { $query = db_prefix_tables($query); if (count($args) > 1) { if(is_array($args[1])){ - $args1 = array_map('check_query', $args[1]); + $args1 = array_map('db_escape_string', $args[1]); $nargs = array_merge(array($query), $args1); } else { - $nargs = array_map('check_query', $args); + $nargs = array_map('db_escape_string', $args); $nargs[0] = $query; } return _db_query(call_user_func_array('sprintf', $nargs)); @@ -69,11 +69,11 @@ function db_queryd($query) { $query = db_prefix_tables($query); if (count($args) > 1) { if(is_array($args[1])){ - $args1 = array_map('check_query', $args[1]); + $args1 = array_map('db_escape_string', $args[1]); $nargs = array_merge(array($query), $args1); } else { - $nargs = array_map('check_query', $args); + $nargs = array_map('db_escape_string', $args); $nargs[0] = $query; } return _db_query(call_user_func_array('sprintf', $nargs), 1); @@ -252,7 +252,7 @@ function db_query_range($query) { $count = array_pop($args); $from = array_pop($args); if (count(func_get_args()) > 3) { - $args = array_map('check_query', $args); + $args = array_map('db_escape_string', $args); $query = db_prefix_tables($query); $args[0] = $query; $result = $active_db->limitQuery(call_user_func_array('sprintf', $args), $from, $count); @@ -278,4 +278,11 @@ function db_query_range($query) { } } +/** + * Prepare user input for use in a database query, preventing SQL injection attacks. + */ +function db_escape_string($text) { + return addslashes($text); +} + ?> --- ../drupal-orig/./includes/database.pgsql.inc 2004-11-20 19:20:15.000000000 +0100 +++ ./includes/database.pgsql.inc 2004-11-20 19:26:01.000000000 +0100 @@ -51,11 +51,11 @@ function db_query($query) { $query = db_prefix_tables($query); if (count($args) > 1) { if(is_array($args[1])){ - $args1 = array_map('check_query', $args[1]); + $args1 = array_map('db_escape_string', $args[1]); $nargs = array_merge(array($query), $args1); } else { - $nargs = array_map('check_query', $args); + $nargs = array_map('db_escape_string', $args); $nargs[0] = $query; } return _db_query(call_user_func_array('sprintf', $nargs)); @@ -75,11 +75,11 @@ function db_queryd($query) { $query = db_prefix_tables($query); if (count($args) > 1) { if(is_array($args[1])){ - $args1 = array_map('check_query', $args[1]); + $args1 = array_map('db_escape_string', $args[1]); $nargs = array_merge(array($query), $args1); } else { - $nargs = array_map('check_query', $args); + $nargs = array_map('db_escape_string', $args); $nargs[0] = $query; } return _db_query(call_user_func_array('sprintf', $nargs), 1); @@ -242,7 +242,7 @@ function db_query_range($query) { $count = array_pop($args); $from = array_pop($args); if (count(func_get_args()) > 3) { - $args = array_map('check_query', $args); + $args = array_map('db_escape_string', $args); $query = db_prefix_tables($query); $args[0] = $query; $query = call_user_func_array('sprintf', $args); @@ -280,6 +280,14 @@ function db_decode_blob($data) { } /** + * Prepare user input for use in a database query, preventing SQL injection attacks. + * http://tarp.worldserve.net/software/sarep-1.1 + */ +function db_escape_string($text) { + return pg_escape_string($text); +} + +/** * @} End of "ingroup database". */ --- ../drupal-orig/./includes/locale.inc 2004-10-26 19:20:57.000000000 +0200 +++ ./includes/locale.inc 2004-11-20 19:17:11.000000000 +0100 @@ -1012,16 +1012,16 @@ function _locale_string_seek() { // Compute LIKE section switch ($query->searchin) { case 'translated': - $where = "WHERE (t.translation LIKE '%". check_query($query->string) ."%' AND t.translation != '')"; + $where = "WHERE (t.translation LIKE '%". db_escape_string($query->string) ."%' AND t.translation != '')"; $orderby = "ORDER BY t.translation"; break; case 'untranslated': - $where = "WHERE (s.source LIKE '%". check_query($query->string) ."%' AND t.translation = '')"; + $where = "WHERE (s.source LIKE '%". db_escape_string($query->string) ."%' AND t.translation = '')"; $orderby = "ORDER BY s.source"; break; case 'all' : default: - $where = "WHERE (s.source LIKE '%". check_query($query->string) ."%' OR t.translation LIKE '%". check_query($query->string) ."%')"; + $where = "WHERE (s.source LIKE '%". db_escape_string($query->string) ."%' OR t.translation LIKE '%". db_escape_string($query->string) ."%')"; $orderby = ''; break; } @@ -1029,7 +1029,7 @@ function _locale_string_seek() { switch ($query->language) { // Force search in source strings case "en": - $sql = $join ." WHERE s.source LIKE '%". check_query($query->string) ."%' ORDER BY s.source"; + $sql = $join ." WHERE s.source LIKE '%". db_escape_string($query->string) ."%' ORDER BY s.source"; break; // Search in all languages case "all": @@ -1037,7 +1037,7 @@ function _locale_string_seek() { break; // Some different language default: - $sql = "$join $where AND t.locale = '". check_query($query->language) ."' $orderby"; + $sql = "$join $where AND t.locale = '". db_escape_string($query->language) ."' $orderby"; } $result = pager_query($sql, 50); --- ../drupal-orig/./includes/tablesort.inc 2004-10-16 00:16:00.000000000 +0200 +++ ./includes/tablesort.inc 2004-11-20 19:17:11.000000000 +0100 @@ -51,8 +51,8 @@ function tablesort_pager() { function tablesort_sql($header, $before = '') { $ts = tablesort_init($header); if ($ts['sql']) { - $sql = check_query($ts['sql']); - $sort = strtoupper(check_query($ts['sort'])); + $sql = db_escape_string($ts['sql']); + $sort = strtoupper(db_escape_string($ts['sort'])); return " ORDER BY $before $sql $sort"; } } --- ../drupal-orig/./modules/comment.module 2004-11-15 12:16:39.000000000 +0100 +++ ./modules/comment.module 2004-11-20 19:17:33.000000000 +0100 @@ -751,7 +751,7 @@ function comment_render($node, $cid = 0) else { // Multiple comment view - $query .= "SELECT c.cid as cid, c.pid, c.nid, c.subject, c.comment, c.format, c.timestamp, c.name , c.mail, c.homepage, u.uid, u.name AS registered_name, u.picture, u.data, c.score, c.users, c.thread FROM {comments} c INNER JOIN {users} u ON c.uid = u.uid WHERE c.nid = '". check_query($nid) ."' AND c.status = 0"; + $query .= "SELECT c.cid as cid, c.pid, c.nid, c.subject, c.comment, c.format, c.timestamp, c.name , c.mail, c.homepage, u.uid, u.name AS registered_name, u.picture, u.data, c.score, c.users, c.thread FROM {comments} c INNER JOIN {users} u ON c.uid = u.uid WHERE c.nid = '". db_escape_string($nid) ."' AND c.status = 0"; $query .= ' GROUP BY c.cid, c.pid, c.nid, c.subject, c.comment, c.format, c.timestamp, c.name, c.mail, u.picture, c.homepage, u.uid, u.name, u.picture, u.data, c.score, c.users, c.thread'; @@ -843,7 +843,7 @@ function comment_render($node, $cid = 0) } // Start a form, for use with comment control and moderation. - $result = pager_query($query, $comments_per_page, 0, "SELECT COUNT(*) FROM {comments} WHERE nid = '". check_query($nid) ."'"); + $result = pager_query($query, $comments_per_page, 0, "SELECT COUNT(*) FROM {comments} WHERE nid = '". db_escape_string($nid) ."'"); if (db_num_rows($result) && (variable_get('comment_controls', 0) == 0 || variable_get('comment_controls', 0) == 2)) { $output .= '