--- ../drupal-orig/./includes/bootstrap.inc 2004-11-20 19:21:41.000000000 +0100 +++ ./includes/bootstrap.inc 2004-11-19 20:19:58.000000000 +0100 @@ -346,13 +346,6 @@ function arg($index) { } /** - * Prepare user input for use in a database query, preventing SQL injection attacks. - */ -function check_query($text) { - return addslashes($text); -} - -/** * Prepare user input for use in a URI. * * We replace ( and ) with their entity equivalents to prevent XSS attacks. --- ../drupal-orig/./includes/common.inc 2004-11-19 20:18:52.000000000 +0100 +++ ./includes/common.inc 2004-11-20 19:17:10.000000000 +0100 @@ -228,7 +228,7 @@ function drupal_goto($path = '', $query */ function drupal_not_found() { header('HTTP/1.0 404 Not Found'); - watchdog('httpd', t('404 error: %page not found.', array('%page' => ''. check_query($_GET['q']) .''))); + watchdog('httpd', t('404 error: %page not found.', array('%page' => ''. db_escape_string($_GET['q']) .''))); $path = drupal_get_normal_path(variable_get('site_404', '')); $status = MENU_NOT_FOUND; --- ../drupal-orig/./includes/database.mysql.inc 2004-11-20 19:19:58.000000000 +0100 +++ ./includes/database.mysql.inc 2004-11-20 19:26:01.000000000 +0100 @@ -55,11 +55,11 @@ function db_query($query) { $query = db_prefix_tables($query); if (count($args) > 1) { if(is_array($args[1])){ - $args1 = array_map('check_query', $args[1]); + $args1 = array_map('db_escape_string', $args[1]); $nargs = array_merge(array($query), $args1); } else { - $nargs = array_map('check_query', $args); + $nargs = array_map('db_escape_string', $args); $nargs[0] = $query; } return _db_query(call_user_func_array('sprintf', $nargs)); @@ -79,11 +79,11 @@ function db_queryd($query) { $query = db_prefix_tables($query); if (count($args) > 1) { if(is_array($args[1])){ - $args1 = array_map('check_query', $args[1]); + $args1 = array_map('db_escape_string', $args[1]); $nargs = array_merge(array($query), $args1); } else { - $nargs = array_map('check_query', $args); + $nargs = array_map('db_escape_string', $args); $nargs[0] = $query; } return _db_query(call_user_func_array('sprintf', $nargs), 1); @@ -248,7 +248,7 @@ function db_query_range($query) { $count = array_pop($args); $from = array_pop($args); if (count(func_get_args()) > 3) { - $args = array_map('check_query', $args); + $args = array_map('db_escape_string', $args); $query = db_prefix_tables($query); $args[0] = $query; $query = call_user_func_array('sprintf', $args); @@ -286,6 +286,13 @@ function db_decode_blob($data) { } /** + * Prepare user input for use in a database query, preventing SQL injection attacks. + */ +function db_escape_string($text) { + return addslashes($text); +} + +/** * @} End of "ingroup database". */ --- ../drupal-orig/./includes/database.pear.inc 2004-11-20 19:20:06.000000000 +0100 +++ ./includes/database.pear.inc 2004-11-20 19:26:01.000000000 +0100 @@ -45,11 +45,11 @@ function db_query($query) { $query = db_prefix_tables($query); if (count($args) > 1) { if(is_array($args[1])){ - $args1 = array_map('check_query', $args[1]); + $args1 = array_map('db_escape_string', $args[1]); $nargs = array_merge(array($query), $args1); } else { - $nargs = array_map('check_query', $args); + $nargs = array_map('db_escape_string', $args); $nargs[0] = $query; } return _db_query(call_user_func_array('sprintf', $nargs)); @@ -69,11 +69,11 @@ function db_queryd($query) { $query = db_prefix_tables($query); if (count($args) > 1) { if(is_array($args[1])){ - $args1 = array_map('check_query', $args[1]); + $args1 = array_map('db_escape_string', $args[1]); $nargs = array_merge(array($query), $args1); } else { - $nargs = array_map('check_query', $args); + $nargs = array_map('db_escape_string', $args); $nargs[0] = $query; } return _db_query(call_user_func_array('sprintf', $nargs), 1); @@ -252,7 +252,7 @@ function db_query_range($query) { $count = array_pop($args); $from = array_pop($args); if (count(func_get_args()) > 3) { - $args = array_map('check_query', $args); + $args = array_map('db_escape_string', $args); $query = db_prefix_tables($query); $args[0] = $query; $result = $active_db->limitQuery(call_user_func_array('sprintf', $args), $from, $count); @@ -278,4 +278,11 @@ function db_query_range($query) { } } +/** + * Prepare user input for use in a database query, preventing SQL injection attacks. + */ +function db_escape_string($text) { + return addslashes($text); +} + ?> --- ../drupal-orig/./includes/database.pgsql.inc 2004-11-20 19:20:15.000000000 +0100 +++ ./includes/database.pgsql.inc 2004-11-20 19:26:01.000000000 +0100 @@ -51,11 +51,11 @@ function db_query($query) { $query = db_prefix_tables($query); if (count($args) > 1) { if(is_array($args[1])){ - $args1 = array_map('check_query', $args[1]); + $args1 = array_map('db_escape_string', $args[1]); $nargs = array_merge(array($query), $args1); } else { - $nargs = array_map('check_query', $args); + $nargs = array_map('db_escape_string', $args); $nargs[0] = $query; } return _db_query(call_user_func_array('sprintf', $nargs)); @@ -75,11 +75,11 @@ function db_queryd($query) { $query = db_prefix_tables($query); if (count($args) > 1) { if(is_array($args[1])){ - $args1 = array_map('check_query', $args[1]); + $args1 = array_map('db_escape_string', $args[1]); $nargs = array_merge(array($query), $args1); } else { - $nargs = array_map('check_query', $args); + $nargs = array_map('db_escape_string', $args); $nargs[0] = $query; } return _db_query(call_user_func_array('sprintf', $nargs), 1); @@ -242,7 +242,7 @@ function db_query_range($query) { $count = array_pop($args); $from = array_pop($args); if (count(func_get_args()) > 3) { - $args = array_map('check_query', $args); + $args = array_map('db_escape_string', $args); $query = db_prefix_tables($query); $args[0] = $query; $query = call_user_func_array('sprintf', $args); @@ -280,6 +280,14 @@ function db_decode_blob($data) { } /** + * Prepare user input for use in a database query, preventing SQL injection attacks. + * http://tarp.worldserve.net/software/sarep-1.1 + */ +function db_escape_string($text) { + return pg_escape_string($text); +} + +/** * @} End of "ingroup database". */ --- ../drupal-orig/./includes/locale.inc 2004-10-26 19:20:57.000000000 +0200 +++ ./includes/locale.inc 2004-11-20 19:17:11.000000000 +0100 @@ -1012,16 +1012,16 @@ function _locale_string_seek() { // Compute LIKE section switch ($query->searchin) { case 'translated': - $where = "WHERE (t.translation LIKE '%". check_query($query->string) ."%' AND t.translation != '')"; + $where = "WHERE (t.translation LIKE '%". db_escape_string($query->string) ."%' AND t.translation != '')"; $orderby = "ORDER BY t.translation"; break; case 'untranslated': - $where = "WHERE (s.source LIKE '%". check_query($query->string) ."%' AND t.translation = '')"; + $where = "WHERE (s.source LIKE '%". db_escape_string($query->string) ."%' AND t.translation = '')"; $orderby = "ORDER BY s.source"; break; case 'all' : default: - $where = "WHERE (s.source LIKE '%". check_query($query->string) ."%' OR t.translation LIKE '%". check_query($query->string) ."%')"; + $where = "WHERE (s.source LIKE '%". db_escape_string($query->string) ."%' OR t.translation LIKE '%". db_escape_string($query->string) ."%')"; $orderby = ''; break; } @@ -1029,7 +1029,7 @@ function _locale_string_seek() { switch ($query->language) { // Force search in source strings case "en": - $sql = $join ." WHERE s.source LIKE '%". check_query($query->string) ."%' ORDER BY s.source"; + $sql = $join ." WHERE s.source LIKE '%". db_escape_string($query->string) ."%' ORDER BY s.source"; break; // Search in all languages case "all": @@ -1037,7 +1037,7 @@ function _locale_string_seek() { break; // Some different language default: - $sql = "$join $where AND t.locale = '". check_query($query->language) ."' $orderby"; + $sql = "$join $where AND t.locale = '". db_escape_string($query->language) ."' $orderby"; } $result = pager_query($sql, 50); --- ../drupal-orig/./includes/tablesort.inc 2004-10-16 00:16:00.000000000 +0200 +++ ./includes/tablesort.inc 2004-11-20 19:17:11.000000000 +0100 @@ -51,8 +51,8 @@ function tablesort_pager() { function tablesort_sql($header, $before = '') { $ts = tablesort_init($header); if ($ts['sql']) { - $sql = check_query($ts['sql']); - $sort = strtoupper(check_query($ts['sort'])); + $sql = db_escape_string($ts['sql']); + $sort = strtoupper(db_escape_string($ts['sort'])); return " ORDER BY $before $sql $sort"; } } --- ../drupal-orig/./modules/comment.module 2004-11-15 12:16:39.000000000 +0100 +++ ./modules/comment.module 2004-11-20 19:17:33.000000000 +0100 @@ -751,7 +751,7 @@ function comment_render($node, $cid = 0) else { // Multiple comment view - $query .= "SELECT c.cid as cid, c.pid, c.nid, c.subject, c.comment, c.format, c.timestamp, c.name , c.mail, c.homepage, u.uid, u.name AS registered_name, u.picture, u.data, c.score, c.users, c.thread FROM {comments} c INNER JOIN {users} u ON c.uid = u.uid WHERE c.nid = '". check_query($nid) ."' AND c.status = 0"; + $query .= "SELECT c.cid as cid, c.pid, c.nid, c.subject, c.comment, c.format, c.timestamp, c.name , c.mail, c.homepage, u.uid, u.name AS registered_name, u.picture, u.data, c.score, c.users, c.thread FROM {comments} c INNER JOIN {users} u ON c.uid = u.uid WHERE c.nid = '". db_escape_string($nid) ."' AND c.status = 0"; $query .= ' GROUP BY c.cid, c.pid, c.nid, c.subject, c.comment, c.format, c.timestamp, c.name, c.mail, u.picture, c.homepage, u.uid, u.name, u.picture, u.data, c.score, c.users, c.thread'; @@ -843,7 +843,7 @@ function comment_render($node, $cid = 0) } // Start a form, for use with comment control and moderation. - $result = pager_query($query, $comments_per_page, 0, "SELECT COUNT(*) FROM {comments} WHERE nid = '". check_query($nid) ."'"); + $result = pager_query($query, $comments_per_page, 0, "SELECT COUNT(*) FROM {comments} WHERE nid = '". db_escape_string($nid) ."'"); if (db_num_rows($result) && (variable_get('comment_controls', 0) == 0 || variable_get('comment_controls', 0) == 2)) { $output .= '
\n"; $output .= theme('comment_controls', $threshold, $mode, $order, $comments_per_page); @@ -1001,7 +1001,7 @@ function comment_admin_overview($type = ); $status = ($type == 'approval') ? 1 : 0; - $sql = 'SELECT c.subject, c.nid, c.cid, c.comment, c.timestamp, c.status, c.name, c.homepage, u.name AS registered_name, u.uid FROM {comments} c INNER JOIN {users} u ON u.uid = c.uid WHERE c.status = '. check_query($status); + $sql = 'SELECT c.subject, c.nid, c.cid, c.comment, c.timestamp, c.status, c.name, c.homepage, u.name AS registered_name, u.uid FROM {comments} c INNER JOIN {users} u ON u.uid = c.uid WHERE c.status = '. db_escape_string($status); $sql .= tablesort_sql($header); $result = pager_query($sql, 50); @@ -1276,10 +1276,10 @@ function comment_moderate() { } function comment_save_settings() { - $mode = check_query($_POST['mode']); - $order = check_query($_POST['order']); - $threshold = check_query($_POST['threshold']); - $comments_per_page = check_query($_POST['comments_per_page']); + $mode = db_escape_string($_POST['mode']); + $order = db_escape_string($_POST['order']); + $threshold = db_escape_string($_POST['threshold']); + $comments_per_page = db_escape_string($_POST['comments_per_page']); global $user; $edit = $_POST['edit']; --- ../drupal-orig/./modules/forum.module 2004-11-15 12:16:39.000000000 +0100 +++ ./modules/forum.module 2004-11-20 19:17:33.000000000 +0100 @@ -422,7 +422,7 @@ function forum_get_topics($tid, $sortby, } $term = taxonomy_get_term($tid); - $check_tid = $tid ? "'". check_query($tid) ."'" : 'NULL'; + $check_tid = $tid ? "'". db_escape_string($tid) ."'" : 'NULL'; $sql = "SELECT DISTINCT(n.nid), f.tid, n.title, n.sticky, u.name, u.uid, n.created AS timestamp, n.comment AS comment_mode, l.last_comment_timestamp, IF(l.last_comment_uid, cu.name, l.last_comment_name) as last_comment_name, l.last_comment_uid, l.comment_count AS num_comments FROM {node} n ". node_access_join_sql() .", {node_comment_statistics} l, {users} cu, {term_node} r, {users} u, {forum} f WHERE n.status = 1 AND l.last_comment_uid = cu.uid AND n.nid = l.nid AND n.nid = r.nid AND r.tid = $check_tid AND n.uid = u.uid AND n.nid = f.nid AND ". node_access_where_sql(); $sql .= tablesort_sql($forum_topic_list_header, 'n.sticky DESC,'); --- ../drupal-orig/./modules/locale.module 2004-10-26 19:20:58.000000000 +0200 +++ ./modules/locale.module 2004-11-20 19:17:33.000000000 +0100 @@ -428,11 +428,11 @@ function locale_admin_string() { switch ($op) { case 'delete': - $output .= _locale_string_delete(check_query(arg(4))); + $output .= _locale_string_delete(db_escape_string(arg(4))); $output .= _locale_string_seek(); break; case 'edit': - $output .= _locale_string_edit(check_query(arg(4))); + $output .= _locale_string_edit(db_escape_string(arg(4))); $output .= _locale_string_seek(); break; case t('Search'): @@ -441,7 +441,7 @@ function locale_admin_string() { $output .= _locale_string_seek_form(); break; case t('Save translations'): - $output .= _locale_string_save(check_query(arg(4))); + $output .= _locale_string_save(db_escape_string(arg(4))); drupal_goto('admin/locale/string/search'); break; default: --- ../drupal-orig/./modules/node.module 2004-11-19 20:18:52.000000000 +0100 +++ ./modules/node.module 2004-11-20 19:17:33.000000000 +0100 @@ -386,7 +386,7 @@ function node_load($conditions, $revisio // Turn the conditions into a query. foreach ($conditions as $key => $value) { - $cond[] = 'n.'. check_query($key) ." = '". check_query($value) ."'"; + $cond[] = 'n.'. db_escape_string($key) ." = '". db_escape_string($value) ."'"; } // Retrieve the node. @@ -452,7 +452,7 @@ function node_save($node) { // Prepare the query: foreach ($node as $key => $value) { if (in_array($key, $fields)) { - $k[] = check_query($key); + $k[] = db_escape_string($key); $v[] = $value; $s[] = "'%s'"; } @@ -478,7 +478,7 @@ function node_save($node) { // Prepare the query: foreach ($node as $key => $value) { if (in_array($key, $fields)) { - $q[] = check_query($key) ." = '%s'"; + $q[] = db_escape_string($key) ." = '%s'"; $v[] = $value; } } --- ../drupal-orig/./modules/profile.module 2004-10-16 18:59:59.000000000 +0200 +++ ./modules/profile.module 2004-11-20 19:17:33.000000000 +0100 @@ -86,10 +86,10 @@ function profile_browse() { $query = 'v.value = 1'; break; case 'selection': - $query = "v.value = '". check_query($value) ."'"; + $query = "v.value = '". db_escape_string($value) ."'"; break; case 'list': - $query = "v.value LIKE '%%". check_query($value) ."%%'"; + $query = "v.value LIKE '%%". db_escape_string($value) ."%%'"; break; default: drupal_not_found(); --- ../drupal-orig/./modules/statistics.module 2004-11-15 12:16:39.000000000 +0100 +++ ./modules/statistics.module 2004-11-20 19:17:33.000000000 +0100 @@ -207,7 +207,7 @@ function statistics_admin_displaylog($ty // retrieve recent access logs for specific user $id $user = user_load(array('uid' => $id)); $page_title = t('Recent hits for "%username"', array('%username' => $user->name)); - $sql = 'SELECT title, path, url, hostname, uid, timestamp FROM {accesslog} WHERE uid = \''. check_query($id) ."'"; + $sql = 'SELECT title, path, url, hostname, uid, timestamp FROM {accesslog} WHERE uid = \''. db_escape_string($id) ."'"; } else { // retrieve recent access logs for all users (not guests) @@ -218,12 +218,12 @@ function statistics_admin_displaylog($ty case 'page': // retrieve recent access logs for title $id $page_title = t('Recent hits for "%title"', array('%title' => $id)); - $sql = 'SELECT title, path, url, hostname, uid, timestamp FROM {accesslog} WHERE title = \''. check_query($id) ."'"; + $sql = 'SELECT title, path, url, hostname, uid, timestamp FROM {accesslog} WHERE title = \''. db_escape_string($id) ."'"; break; case 'host': // retrieve recent access logs for hostname $id $page_title = t('Recent hits for "%hostname"', array('%hostname' => $id)); - $sql = 'SELECT title, path, url, hostname, uid, timestamp, title FROM {accesslog} WHERE hostname = \''. check_query($id) ."'"; + $sql = 'SELECT title, path, url, hostname, uid, timestamp, title FROM {accesslog} WHERE hostname = \''. db_escape_string($id) ."'"; break; case 'all': default: @@ -380,14 +380,14 @@ function statistics_top_referrers($view $describe = t('Top referrers in the past %interval'); } elseif ($view == 'internal') { - $query = "SELECT url, MAX(timestamp) AS last_hit, COUNT(url) AS hits FROM {accesslog} WHERE url LIKE '%". check_query($_SERVER['HTTP_HOST']) ."%' GROUP BY url"; - $query_cnt = "SELECT COUNT(DISTINCT(url)) FROM {accesslog} WHERE url <> '' AND url LIKE '%". check_query($_SERVER['HTTP_HOST']) ."%'"; + $query = "SELECT url, MAX(timestamp) AS last_hit, COUNT(url) AS hits FROM {accesslog} WHERE url LIKE '%". db_escape_string($_SERVER['HTTP_HOST']) ."%' GROUP BY url"; + $query_cnt = "SELECT COUNT(DISTINCT(url)) FROM {accesslog} WHERE url <> '' AND url LIKE '%". db_escape_string($_SERVER['HTTP_HOST']) ."%'"; $describe = t('Top internal referrers in the past %interval'); } else { /* default to external */ - $query = "SELECT url, MAX(timestamp) AS last_hit, COUNT(url) AS hits FROM {accesslog} WHERE url NOT LIKE '%". check_query($_SERVER['HTTP_HOST']) ."%' AND url <> '' GROUP BY url"; - $query_cnt = "SELECT COUNT(DISTINCT(url)) FROM {accesslog} WHERE url <> '' AND url NOT LIKE '%". check_query($_SERVER['HTTP_HOST']) ."%'"; + $query = "SELECT url, MAX(timestamp) AS last_hit, COUNT(url) AS hits FROM {accesslog} WHERE url NOT LIKE '%". db_escape_string($_SERVER['HTTP_HOST']) ."%' AND url <> '' GROUP BY url"; + $query_cnt = "SELECT COUNT(DISTINCT(url)) FROM {accesslog} WHERE url <> '' AND url NOT LIKE '%". db_escape_string($_SERVER['HTTP_HOST']) ."%'"; $describe = t('Top external referrers in the past %interval'); } --- ../drupal-orig/./modules/taxonomy.module 2004-11-15 12:16:39.000000000 +0100 +++ ./modules/taxonomy.module 2004-11-20 19:17:33.000000000 +0100 @@ -773,7 +773,7 @@ function _taxonomy_depth($depth, $graphi function _taxonomy_prepare_update($data) { foreach ($data as $key => $value) { - $q[] = "$key = '". str_replace('%', '%%', check_query($value)) ."'"; + $q[] = "$key = '". str_replace('%', '%%', db_escape_string($value)) ."'"; } $result = implode(', ', $q); return $result; @@ -785,7 +785,7 @@ function _taxonomy_prepare_insert($data, } else { foreach (array_values($data) as $value) { - $q[] = "'". str_replace('%', '%%', check_query($value)) ."'"; + $q[] = "'". str_replace('%', '%%', db_escape_string($value)) ."'"; } $result = implode(', ', $q); } --- ../drupal-orig/./modules/user.module 2004-11-15 12:16:39.000000000 +0100 +++ ./modules/user.module 2004-11-20 19:17:33.000000000 +0100 @@ -152,13 +152,13 @@ function user_save($account, $array = ar // because we don't have a fully initialized user object yet. foreach ($array as $key => $value) { if ($key == 'pass') { - $fields[] = check_query($key); + $fields[] = db_escape_string($key); $values[] = md5($value); $s[] = "'%s'"; } else if (substr($key, 0, 4) !== 'auth') { if (in_array($key, $user_fields)) { - $fields[] = check_query($key); + $fields[] = db_escape_string($key); $values[] = $value; $s[] = "'%s'"; } --- ../drupal-orig/./modules/watchdog.module 2004-11-15 22:17:25.000000000 +0100 +++ ./modules/watchdog.module 2004-11-20 19:17:33.000000000 +0100 @@ -83,7 +83,7 @@ function watchdog_cron() { */ function watchdog_overview($type = '') { foreach (_watchdog_get_message_types() as $key) { - $query[$key] = "WHERE type = '". check_query($key) ."'"; + $query[$key] = "WHERE type = '". db_escape_string($key) ."'"; } $header = array(