Changeset 4737

Timestamp:

12/05/07 17:12:54 (12 months ago)

Author:

inureyes

Message:

#711

• [4734] 반영
  

Location:

trunk

Files:

• components/Needlworks.Cache.PageCache.php (modified) (3 diffs)
• components/Needlworks.Database.php (modified) (2 diffs)
• components/Textcube.Control.Auth.php (modified) (3 diffs)
• components/Textcube.Data.Category.php (modified) (1 diff)
• components/Textcube.Data.Filter.php (modified) (1 diff)
• components/Textcube.Data.Link.php (modified) (1 diff)
• components/Textcube.Data.PluginSetting.php (modified) (1 diff)
• components/Textcube.Data.Post.php (modified) (2 diffs)
• components/Textcube.Data.Tag.php (modified) (3 diffs)
• components/Textcube.Function.misc.php (modified) (10 diffs)
• components/Textcube.Model.Statistics.php (modified) (1 diff)
• plugins/CL_OpenID/index.php (modified) (2 diffs)
• plugins/CL_OpenID/openid_session.php (modified) (1 diff)
• plugins/EAS/index.php (modified) (3 diffs)
• plugins/PN_Subscription_Default/index.php (modified) (1 diff)
• plugins/ST_TeamBlogSettings/index.php (modified) (1 diff)

trunk/components/Needlworks.Cache.PageCache.php

@@ -135 +135 @@
         $result = DBQuery::queryCell("SELECT value FROM {$database['prefix']}PageCacheLog 
             WHERE blogid = ".getBlogId()."
-            AND name = '".tc_escape_string($this->realName)."'");
+            AND name = '".DBQuery::escapeString($this->realName)."'");
         if($result !== null) {
             $this->_dbContents = unserialize($result);
@@ -151 +151 @@
         else $this->_dbContents['user'] = $this->dbContents;
         return DBQuery::execute("REPLACE INTO {$database['prefix']}PageCacheLog 
-            VALUES(".getBlogId().", '".tc_escape_string($this->realName)."', '".tc_escape_string(serialize($this->_dbContents))."')");
+            VALUES(".getBlogId().", '".DBQuery::escapeString($this->realName)."', '".tc_escape_string(serialize($this->_dbContents))."')");
     }
 
@@ -158 +158 @@
         return DBQuery::execute("DELETE FROM {$database['prefix']}PageCacheLog 
             WHERE blogid = ".getBlogId()."
-            AND name = '".tc_escape_string($this->realName)."'"); 
+            AND name = '".DBQuery::escapeString($this->realName)."'"); 
     }
 

trunk/components/Needlworks.Database.php

@@ -51 +51 @@
             $this->_attributes[$name] = 'NULL';
         else
-            $this->_attributes[$name] = ($escape === null ? $value : ($escape ? '\'' . tc_escape_string($value) . '\'' : "'" . $value . "'"));
+            $this->_attributes[$name] = ($escape === null ? $value : ($escape ? '\'' . DBQuery::escapeString($value) . '\'' : "'" . $value . "'"));
     }
     
@@ -78 +78 @@
             $this->_qualifiers[$name] = 'NULL';
         else
-            $this->_qualifiers[$name] = ($escape === null ? $value : ($escape ? '\'' . tc_escape_string($value) . '\'' : "'" . $value . "'"));
+            $this->_qualifiers[$name] = ($escape === null ? $value : ($escape ? '\'' . DBQuery::escapeString($value) . '\'' : "'" . $value . "'"));
     }
     

trunk/components/Textcube.Control.Auth.php

@@ -344 +344 @@
 
         Acl::clearAcl();
-        $loginid = tc_escape_string($loginid);
+        $loginid = DBQuery::escapeString($loginid);
 
         $blogApiPassword = getBlogSetting("blogApiPassword", "");
@@ -352 +352 @@
             $authtoken = DBQuery::queryCell("SELECT value FROM {$database['prefix']}UserSettings WHERE userid = '$userid' AND name = 'AuthToken' LIMIT 1");
             if (!empty($authtoken)) {
-                $password = tc_escape_string($password);
+                $password = DBQuery::escapeString($password);
                 $secret = '(`password` = \'' . md5($password) . '\' OR \'' . $password . '\' = \'' . $authtoken . '\')';
             }
@@ -359 +359 @@
             }
         } else if( $blogapi && !empty($blogApiPassword) ) {
-            $password = tc_escape_string($password);
+            $password = DBQuery::escapeString($password);
             $secret = '(`password` = \'' . md5($password) . '\' OR \'' . $password . '\' = \'' . $blogApiPassword . '\')';
         } else {

trunk/components/Textcube.Data.Category.php

@@ -157 +157 @@
         if (empty($label))
             return null;
-        return DBQuery::queryCell("SELECT id FROM {$database['prefix']}Categories WHERE blogid = ".getBlogId()." AND label = '" . tc_escape_string($label) . "'");
+        return DBQuery::queryCell("SELECT id FROM {$database['prefix']}Categories WHERE blogid = ".getBlogId()." AND label = '" . DBQuery::escapeString($label) . "'");
     }
     

trunk/components/Textcube.Data.Filter.php

@@ -104 +104 @@
     function isFiltered($type, $value) {
         global $database;
-        $type = tc_escape_string($type);
-        $value = tc_escape_string($value);
+        $type = DBQuery::escapeString($type);
+        $value = DBQuery::escapeString($value);
         return DBQuery::queryExistence("SELECT * FROM {$database['prefix']}Filters WHERE blogid = ".getBlogId()." AND type = '$type' AND '$value' LIKE CONCAT('%', pattern, '%')");
     }

trunk/components/Textcube.Data.Link.php

@@ -105 +105 @@
         if (empty($url))
             return null;
-        return DBQuery::queryCell("SELECT id FROM {$database['prefix']}Links WHERE blogid = ".getBlogId()." AND url = '" . tc_escape_string($url) . "'");
+        return DBQuery::queryCell("SELECT id FROM {$database['prefix']}Links WHERE blogid = ".getBlogId()." AND url = '" . DBQuery::escapeString($url) . "'");
     }
     

trunk/components/Textcube.Data.PluginSetting.php

@@ -80 +80 @@
         $query = new TableQuery($database['prefix'] . 'Plugins');
         $query->setQualifier('blogid', getBlogId());
-        $query->setQualifier('name', tc_escape_string(UTF8::lessenAsEncoding($this->name, 255)), true);
+        $query->setQualifier('name', DBQuery::escapeString(UTF8::lessenAsEncoding($this->name, 255)), true);
         if (isset($this->setting))
-            $query->setAttribute('settings', tc_escape_string($this->setting), true);
+            $query->setAttribute('settings', DBQuery::escapeString($this->setting), true);
         return $query;
     }

trunk/components/Textcube.Data.Post.php

@@ -286 +286 @@
 
         for ($i = 1; $i < 1000; $i++) {
-            $checkSlogan = tc_escape_string($this->slogan);
+            $checkSlogan = DBQuery::escapeString($this->slogan);
             $query->setAttribute('slogan', $checkSlogan, false);
             if (!DBQuery::queryExistence(
@@ -591 +591 @@
                 $oldtag = DBQuery::queryRow("SELECT id, name FROM {$database['prefix']}Tags WHERE id = {$target['tag']}");
                 if ($oldtag != null) {      
-                    $tagid = DBQuery::queryCell("SELECT id FROM {$database['prefix']}Tags WHERE name = '" . tc_escape_string($oldtag['name']) . "' LIMIT 1 ");
+                    $tagid = DBQuery::queryCell("SELECT id FROM {$database['prefix']}Tags WHERE name = '" . DBQuery::escapeString($oldtag['name']) . "' LIMIT 1 ");
                     if ($tagid == null) { 
                         DBQuery::execute("DELETE FROM {$database['prefix']}TagRelations WHERE blogid = {$target['blogid']} AND tag = {$target['tag']} AND entry = {$target['entry']}");

trunk/components/Textcube.Data.Tag.php

@@ -25 +25 @@
         $taglist = array();
         foreach($tmptaglist as $tag) {
-            $tag = tc_escape_string(UTF8::lessenAsEncoding(trim($tag), 255));
+            $tag = DBQuery::escapeString(UTF8::lessenAsEncoding(trim($tag), 255));
             array_push($taglist, $tag);
         }
@@ -71 +71 @@
         $taglist = array();
         foreach($tmptaglist as $tag) {
-            $tag = tc_escape_string(trim($tag));
+            $tag = DBQuery::escapeString(trim($tag));
             array_push($taglist, $tag);
         }
@@ -86 +86 @@
         $oldtaglist = array();
         foreach($tmpoldtaglist as $tag) {
-            $tag = tc_escape_string(UTF8::lessenAsEncoding(trim($tag), 255));
+            $tag = DBQuery::escapeString(UTF8::lessenAsEncoding(trim($tag), 255));
             array_push($oldtaglist, $tag);
         }

trunk/components/Textcube.Function.misc.php

@@ -277 +277 @@
         }
         
-        $escape_name = tc_escape_string($name);
-        $escape_value = tc_escape_string($value);
+        $escape_name = DBQuery::escapeString($name);
+        $escape_value = DBQuery::escapeString($value);
         
         if (array_key_exists($name, $__gCacheBlogSettings[$blogid])) {
@@ -306 +306 @@
         }
         
-        $escape_name = tc_escape_string($name);
+        $escape_name = DBQuery::escapeString($name);
         
         if (array_key_exists($name, $__gCacheBlogSettings[$blogid])) {
@@ -346 +346 @@
         global $database;
         $name = 'plugin_' . $name;
-        $value = DBQuery::queryCell("SELECT value FROM {$database['prefix']}UserSettings WHERE userid = ".getUserId()." AND name = '".tc_escape_string($name)."'");
+        $value = DBQuery::queryCell("SELECT value FROM {$database['prefix']}UserSettings WHERE userid = ".getUserId()." AND name = '".DBQuery::escapeString($name)."'");
         return ($value === null) ? $default : $value;
     }
@@ -352 +352 @@
     function getUserSettingGlobal($name, $default = null) {
         global $database;
-        $value = DBQuery::queryCell("SELECT value FROM {$database['prefix']}UserSettings WHERE userid = ".getUserId()." AND name = '".tc_escape_string($name)."'");
+        $value = DBQuery::queryCell("SELECT value FROM {$database['prefix']}UserSettings WHERE userid = ".getUserId()." AND name = '".DBQuery::escapeString($name)."'");
         return ($value === null) ? $default : $value;
     }
@@ -359 +359 @@
         global $database;
         $name = 'plugin_' . $name;
-        $name = tc_escape_string($name);
-        $value = tc_escape_string($value);
+        $name = DBQuery::escapeString($name);
+        $value = DBQuery::escapeString($value);
         return DBQuery::execute("REPLACE INTO {$database['prefix']}UserSettings VALUES(".getUserId().", '$name', '$value')");
     }
@@ -367 +367 @@
         global $database;
         $name = 'plugin_' . $name;
-        return DBQuery::execute("DELETE FROM {$database['prefix']}UserSettings WHERE userid = ".getUserId()." AND name = '".tc_escape_string($name)."'");
+        return DBQuery::execute("DELETE FROM {$database['prefix']}UserSettings WHERE userid = ".getUserId()." AND name = '".DBQuery::escapeString($name)."'");
     }
 
@@ -373 +373 @@
         global $database;
         $name = 'plugin_' . $name;
-        $value = DBQuery::queryCell("SELECT value FROM {$database['prefix']}ServiceSettings WHERE name = '".tc_escape_string($name)."'");
+        $value = DBQuery::queryCell("SELECT value FROM {$database['prefix']}ServiceSettings WHERE name = '".DBQuery::escapeString($name)."'");
         return ($value === null) ? $default : $value;
     }
@@ -380 +380 @@
         global $database;
         $name = 'plugin_' . $name;
-        $name = tc_escape_string(UTF8::lessenAsEncoding($name, 32));
-        $value = tc_escape_string(UTF8::lessenAsEncoding($value, 255));
+        $name = DBQuery::escapeString(UTF8::lessenAsEncoding($name, 32));
+        $value = DBQuery::escapeString(UTF8::lessenAsEncoding($value, 255));
         return DBQuery::execute("REPLACE INTO {$database['prefix']}ServiceSettings VALUES('$name', '$value')");
     }
@@ -388 +388 @@
         global $database;
         $name = 'plugin_' . $name;
-        return DBQuery::execute("DELETE FROM {$database['prefix']}ServiceSettings WHERE name = '".tc_escape_string($name)."'");
+        return DBQuery::execute("DELETE FROM {$database['prefix']}ServiceSettings WHERE name = '".DBQuery::escapeString($name)."'");
     }
     
@@ -399 +399 @@
     function setBlogSettingRowsPerPage($value) {
         global $database, $blogid;
-        $value = tc_escape_string($value);
+        $value = DBQuery::escapeString($value);
         return DBQuery::execute("REPLACE INTO {$database['prefix']}BlogSettings VALUES($blogid, 'rowsPerPage', '$value')");
     }

trunk/components/Textcube.Model.Statistics.php

@@ -91 +91 @@
                     if (!fireEvent('AddingRefererLog', true, array('host' => $referer['host'], 'url' => $_SERVER['HTTP_REFERER'])))
                         return;
-                    $host = tc_escape_string(UTF8::lessenAsEncoding($referer['host'], 64));
-                    $url = tc_escape_string(UTF8::lessenAsEncoding($_SERVER['HTTP_REFERER'], 255));
+                    $host = DBQuery::escapeString(UTF8::lessenAsEncoding($referer['host'], 64));
+                    $url = DBQuery::escapeString(UTF8::lessenAsEncoding($_SERVER['HTTP_REFERER'], 255));
                     mysql_query("insert into {$database['prefix']}RefererLogs values($blogid, '$host', '$url', UNIX_TIMESTAMP())");
                     mysql_query("delete from {$database['prefix']}RefererLogs where referred < UNIX_TIMESTAMP() - 604800");

trunk/plugins/CL_OpenID/index.php

@@ -166 +166 @@
     global $database, $blogid;
     global $openid_session;
-    $openid = tc_escape_string($openid);
-    $delegatedid = tc_escape_string($delegatedid);
+    $openid = DBQuery::escapeString($openid);
+    $delegatedid = DBQuery::escapeString($delegatedid);
 
     $query = "SELECT data FROM {$database['prefix']}OpenIDUsers WHERE openid='{$openid}'";
@@ -205 +205 @@
 {
     global $database, $blogid;
-    $openid = tc_escape_string($openid);
+    $openid = DBQuery::escapeString($openid);
 
     $query = "SELECT openid FROM {$database['prefix']}OpenIDUsers WHERE blogid={$blogid} and openid='{$openid}'";

trunk/plugins/CL_OpenID/openid_session.php

@@ -89 +89 @@
 
     $data = serialize( $openid_session );
-    $server = tc_escape_string($_SERVER['HTTP_HOST']);
-    $request = tc_escape_string($_SERVER['REQUEST_URI']);
-    $referer = isset($_SERVER['HTTP_REFERER']) ? tc_escape_string($_SERVER['HTTP_REFERER']) : '';
+    $server = DBQuery::escapeString($_SERVER['HTTP_HOST']);
+    $request = DBQuery::escapeString($_SERVER['REQUEST_URI']);
+    $referer = isset($_SERVER['HTTP_REFERER']) ? DBQuery::escapeString($_SERVER['HTTP_REFERER']) : '';
     $timer = getMicrotimeAsFloat() - $sessionMicrotime;
     $result = DBQuery::query("UPDATE {$database['prefix']}Sessions SET data = '$data', server = '$server', request = '$request', referer = '$referer', timer = $timer, updated = UNIX_TIMESTAMP() WHERE id = '$openid_session_id' AND address = '" . _openid_ip_address() . "'");

trunk/plugins/EAS/index.php

@@ -22 +22 @@
         {
             $sql = 'SELECT COUNT(id) as cc FROM ' . $database['prefix'] . 'Trackbacks WHERE';
-            $sql .= ' url = \'' . tc_escape_string($url) . '\'';
+            $sql .= ' url = \'' . DBQuery::escapeString($url) . '\'';
             $sql .= ' AND isFiltered > 0';
             
@@ -34 +34 @@
 
             $sql = 'SELECT COUNT(id) as cc FROM ' . $database['prefix'] . 'Comments WHERE';
-            $sql .= ' comment = \'' . tc_escape_string($content) . '\'';
-            $sql .= ' AND homepage = \'' . tc_escape_string($url) . '\'';
-            $sql .= ' AND name = \'' . tc_escape_string($name) . '\'';
+            $sql .= ' comment = \'' . DBQuery::escapeString($content) . '\'';
+            $sql .= ' AND homepage = \'' . DBQuery::escapeString($url) . '\'';
+            $sql .= ' AND name = \'' . DBQuery::escapeString($name) . '\'';
             $sql .= ' AND isFiltered > 0';
             
@@ -47 +47 @@
         // Check IP
         $sql = 'SELECT COUNT(id) as cc FROM ' . $tableName . ' WHERE';
-        $sql .= ' ip = \'' . tc_escape_string($_SERVER['REMOTE_ADDR']) . '\'';
+        $sql .= ' ip = \'' . DBQuery::escapeString($_SERVER['REMOTE_ADDR']) . '\'';
         $sql .= ' AND isFiltered > 0';
 

trunk/plugins/PN_Subscription_Default/index.php

@@ -304 +304 @@
     if (Filter::isFiltered('ip', $_SERVER['REMOTE_ADDR']))
         return;
-    $ip = tc_escape_string($_SERVER['REMOTE_ADDR']);
-    $host = tc_escape_string(isset($_SERVER['REMOTE_HOST']) ? $_SERVER['REMOTE_HOST'] : '');
-    $useragent = tc_escape_string(isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : '');
+    $ip = DBQuery::escapeString($_SERVER['REMOTE_ADDR']);
+    $host = DBQuery::escapeString(isset($_SERVER['REMOTE_HOST']) ? $_SERVER['REMOTE_HOST'] : '');
+    $useragent = DBQuery::escapeString(isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : '');
     mysql_query("insert into {$database['prefix']}SubscriptionLogs values($blogid, '$ip', '$host', '$useragent', UNIX_TIMESTAMP())");
     mysql_query("delete from {$database['prefix']}SubscriptionLogs where referred < UNIX_TIMESTAMP() - 604800");

trunk/plugins/ST_TeamBlogSettings/index.php

@@ -265 +265 @@
             }
         }else if($flag == "profile"){
-            $profile = tc_escape_string(UTF8::lessenAsEncoding($profile, 65535));
+            $profile = DBQuery::escapeString(UTF8::lessenAsEncoding($profile, 65535));
             if(DBQuery::execute("UPDATE {$database['prefix']}TeamUserSettings SET profile=\"{$profile}\", updated=UNIX_TIMESTAMP() WHERE blogid=".getBlogId()." and userid=".getUserId())){
                 respondResultPage(0);