[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Phpgroupware-cvs] phpgwapi/inc class.historylog.inc.php, 1.12 class.pre
|
From: |
fipsfuchs |
|
Subject: |
[Phpgroupware-cvs] phpgwapi/inc class.historylog.inc.php, 1.12 class.preferences.inc.php, 1.57 class.config.inc.php, 1.11 class.contacts_ldap.inc.php, 1.18 |
|
Date: |
Mon, 2 May 2005 18:38:00 +0200 |
Update of phpgwapi/inc
Modified Files:
Branch: MAIN
class.historylog.inc.php lines: +2 -2
class.preferences.inc.php lines: +4 -4
class.config.inc.php lines: +3 -3
class.contacts_ldap.inc.php lines: +8 -8
Log Message:
patch 3489
db_addslashes added
====================================================
Index: phpgwapi/inc/class.historylog.inc.php
diff -u phpgwapi/inc/class.historylog.inc.php:1.11
phpgwapi/inc/class.historylog.inc.php:1.12
--- phpgwapi/inc/class.historylog.inc.php:1.11 Thu Dec 30 06:47:30 2004
+++ phpgwapi/inc/class.historylog.inc.php Mon May 2 16:38:57 2005
@@ -53,7 +53,7 @@
.
"history_appname,history_owner,history_status,history_new_value,history_old_value,history_timestamp)
"
. "values ('".intval($record_id)."','"
. $this->appname . "','"
.
$GLOBALS['phpgw_info']['user']['account_id'] . "','$status','"
- . addslashes($new_value) . "','" .
addslashes($old_value) . "','" . $this->db->to_timestamp(time())
+ . $this->db->db_addslashes($new_value)
. "','" . $this->db->db_addslashes($old_value) . "','" .
$this->db->to_timestamp(time())
. "')",__LINE__,__FILE__);
}
}
====================================================
Index: phpgwapi/inc/class.preferences.inc.php
diff -u phpgwapi/inc/class.preferences.inc.php:1.56
phpgwapi/inc/class.preferences.inc.php:1.57
--- phpgwapi/inc/class.preferences.inc.php:1.56 Thu Dec 30 06:47:31 2004
+++ phpgwapi/inc/class.preferences.inc.php Mon May 2 16:38:57 2005
@@ -464,7 +464,7 @@
{
if (!is_array($arr))
{
- $arr = addslashes($arr);
+ $arr = $this->db->db_addslashes($arr);
return;
}
foreach($arr as $key => $value)
@@ -475,7 +475,7 @@
}
else
{
- $arr[$key] = addslashes($value);
+ $arr[$key] =
$this->db->db_addslashes($value);
}
}
}
@@ -517,7 +517,7 @@
{
if (!is_array($value)) continue;
$this->quote($value);
- $value = addslashes(serialize($value));
// this addslashes is for the database
+ $value =
$this->db->db_addslashes(serialize($value)); // this addslashes is for the
database
$app = $this->db->db_addslashes($app);
$this->db->query($sql = "INSERT INTO
phpgw_preferences".
====================================================
Index: phpgwapi/inc/class.config.inc.php
diff -u phpgwapi/inc/class.config.inc.php:1.10
phpgwapi/inc/class.config.inc.php:1.11
--- phpgwapi/inc/class.config.inc.php:1.10 Thu Dec 30 06:47:30 2004
+++ phpgwapi/inc/class.config.inc.php Mon May 2 16:38:57 2005
@@ -67,8 +67,8 @@
{
$value = serialize($value);
}
- $name = addslashes($name);
- $value = addslashes($value);
+ $name =
$this->db->db_addslashes($name);
+ $value =
$this->db->db_addslashes($value);
$this->db->query("delete from
phpgw_config where config_name='" . $name . "'",__LINE__,__FILE__);
$query = "insert into phpgw_config
(config_app,config_name,config_value) "
. "values ('" . $this->appname
. "','" . $name . "','" . $value . "')";
====================================================
Index: phpgwapi/inc/class.contacts_ldap.inc.php
diff -u phpgwapi/inc/class.contacts_ldap.inc.php:1.17
phpgwapi/inc/class.contacts_ldap.inc.php:1.18
--- phpgwapi/inc/class.contacts_ldap.inc.php:1.17 Thu Dec 30 06:47:30 2004
+++ phpgwapi/inc/class.contacts_ldap.inc.php Mon May 2 16:38:57 2005
@@ -649,7 +649,7 @@
while (list($name,$value) = each($extra_fields))
{
$this->db->query("INSERT INTO
$this->ext_table VALUES ('".$this->nextid."','" . $this->account_id . "','"
- . addslashes($name) . "','" .
addslashes($value) . "')",__LINE__,__FILE__);
+ .
$this->db->db_addslashes($name) . "','" . $this->db->db_addslashes($value) .
"')",__LINE__,__FILE__);
}
}
return $this->nextid;
@@ -658,21 +658,21 @@
function field_exists($id,$field_name)
{
$this->db->query("select count(*) from $this->ext_table
where contact_id='$id' and contact_name='"
- . addslashes($field_name) . "'",__LINE__,__FILE__);
+ . $this->db->db_addslashes($field_name) .
"'",__LINE__,__FILE__);
$this->db->next_record();
return $this->db->f(0);
}
function
add_single_extra_field($id,$owner,$field_name,$field_value)
{
- $this->db->query("insert into $this->ext_table values
($id,'$owner','" . addslashes($field_name)
- . "','" . addslashes($field_value) .
"')",__LINE__,__FILE__);
+ $this->db->query("insert into $this->ext_table values
($id,'$owner','" . $this->db->db_addslashes($field_name)
+ . "','" . $this->db->db_addslashes($field_value) .
"')",__LINE__,__FILE__);
}
function delete_single_extra_field($id,$field_name)
{
$this->db->query("delete from $this->ext_table where
contact_id='$id' and contact_name='"
- . addslashes($field_name) . "'",__LINE__,__FILE__);
+ . $this->db->db_addslashes($field_name) .
"'",__LINE__,__FILE__);
}
function
update($id,$owner,$fields,$access='private',$cat_id='0',$tid='n')
@@ -824,8 +824,8 @@
}
else
{
-
$this->db->query("UPDATE $this->ext_table SET contact_value='" .
addslashes($x_value)
- .
"',contact_owner='$owner' WHERE contact_name='" . addslashes($x_name)
+
$this->db->query("UPDATE $this->ext_table SET contact_value='" .
$this->db->db_addslashes($x_value)
+ .
"',contact_owner='$owner' WHERE contact_name='" .
$this->db->db_addslashes($x_name)
. "' AND
contact_id='$id'",__LINE__,__FILE__);
}
}
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Phpgroupware-cvs] phpgwapi/inc class.historylog.inc.php, 1.12 class.preferences.inc.php, 1.57 class.config.inc.php, 1.11 class.contacts_ldap.inc.php, 1.18,
fipsfuchs <=