From 29c974a320078c3169cade013235b6ad1a26302e Mon Sep 17 00:00:00 2001
From: nveid <nveid@ispconfig3>
Date: Wed, 07 Dec 2011 03:53:55 -0500
Subject: [PATCH] Updated some escape string methods outside of db_mysql_inc.php to use the standardize app->db->quote method already established.
---
interface/lib/classes/form.inc.php | 8 ++++----
interface/lib/classes/remoting_lib.inc.php | 8 ++++----
interface/lib/classes/listform.inc.php | 7 ++++---
interface/lib/classes/searchform.inc.php | 9 +++++----
4 files changed, 17 insertions(+), 15 deletions(-)
diff --git a/interface/lib/classes/form.inc.php b/interface/lib/classes/form.inc.php
index 99f6cfb..2b2504a 100644
--- a/interface/lib/classes/form.inc.php
+++ b/interface/lib/classes/form.inc.php
@@ -286,7 +286,7 @@
* @return record
*/
function encode($record) {
-
+ global $app;
$this->errorMessage = '';
if(is_array($record)) {
@@ -294,7 +294,7 @@
switch ($this->tableDef[$key]['datatype']) {
case 'VARCHAR':
if(!is_array($val)) {
- $new_record[$key] = mysql_real_escape_string($val);
+ $new_record[$key] = $app->db->quote($val);
} else {
$new_record[$key] = implode($this->tableDef[$key]['separator'],$val);
}
@@ -309,7 +309,7 @@
$new_record[$key] = intval($val);
break;
case 'DOUBLE':
- $new_record[$key] = mysql_real_escape_string($val);
+ $new_record[$key] = $app->db->quote($val);
break;
case 'CURRENCY':
$new_record[$key] = str_replace(",",".",$val);
@@ -472,4 +472,4 @@
}
-?>
\ No newline at end of file
+?>
diff --git a/interface/lib/classes/listform.inc.php b/interface/lib/classes/listform.inc.php
index d4b1390..4f03c68 100644
--- a/interface/lib/classes/listform.inc.php
+++ b/interface/lib/classes/listform.inc.php
@@ -347,6 +347,7 @@
public function encode($record)
{
+ global $app;
if(is_array($record)) {
foreach($this->listDef['item'] as $field){
$key = $field['field'];
@@ -355,7 +356,7 @@
case 'VARCHAR':
case 'TEXT':
if(!is_array($record[$key])) {
- $record[$key] = mysql_real_escape_string($record[$key]);
+ $record[$key] = $app->db->quote($record[$key]);
} else {
$record[$key] = implode($this->tableDef[$key]['separator'],$record[$key]);
}
@@ -384,7 +385,7 @@
break;
case 'DOUBLE':
- $record[$key] = mysql_real_escape_string($record[$key]);
+ $record[$key] = $app->db->quote($record[$key]);
break;
case 'CURRENCY':
@@ -422,4 +423,4 @@
}
-?>
\ No newline at end of file
+?>
diff --git a/interface/lib/classes/remoting_lib.inc.php b/interface/lib/classes/remoting_lib.inc.php
index 8f001cd..a9dd870 100644
--- a/interface/lib/classes/remoting_lib.inc.php
+++ b/interface/lib/classes/remoting_lib.inc.php
@@ -294,7 +294,7 @@
* @return record
*/
function encode($record) {
-
+ global $app;
if(is_array($record)) {
foreach($this->formDef['fields'] as $key => $field) {
@@ -303,14 +303,14 @@
switch ($field['datatype']) {
case 'VARCHAR':
if(!@is_array($record[$key])) {
- $new_record[$key] = (isset($record[$key]))?mysql_real_escape_string($record[$key]):'';
+ $new_record[$key] = (isset($record[$key]))?$app->db->quote($record[$key]):'';
} else {
$new_record[$key] = implode($field['separator'],$record[$key]);
}
break;
case 'TEXT':
if(!is_array($record[$key])) {
- $new_record[$key] = mysql_real_escape_string($record[$key]);
+ $new_record[$key] = $app->db->quote($record[$key]);
} else {
$new_record[$key] = implode($field['separator'],$record[$key]);
}
@@ -347,7 +347,7 @@
//if($key == 'refresh') die($record[$key]);
break;
case 'DOUBLE':
- $new_record[$key] = mysql_real_escape_string($record[$key]);
+ $new_record[$key] = $app->db->quote($record[$key]);
break;
case 'CURRENCY':
$new_record[$key] = str_replace(",",".",$record[$key]);
diff --git a/interface/lib/classes/searchform.inc.php b/interface/lib/classes/searchform.inc.php
index 9c0c0dd..035b744 100644
--- a/interface/lib/classes/searchform.inc.php
+++ b/interface/lib/classes/searchform.inc.php
@@ -244,7 +244,7 @@
$list_name = $this->listDef['name'];
$settings = $_SESSION['search'][$list_name];
unset($settings['page']);
- $data = mysql_real_escape_string(serialize($settings));
+ $data = $app->db->quote(serialize($settings));
$userid = $_SESSION['s']['user']['userid'];
$groupid = $_SESSION['s']['user']['default_group'];
@@ -301,6 +301,7 @@
public function encode($record)
{
+ global $app;
if(is_array($record)) {
foreach($this->listDef['item'] as $field) {
$key = $field['field'];
@@ -309,7 +310,7 @@
case 'VARCHAR':
case 'TEXT':
if(!is_array($record[$key])) {
- $record[$key] = mysql_real_escape_string($record[$key]);
+ $record[$key] = $app->db->quote($record[$key]);
} else {
$record[$key] = implode($this->tableDef[$key]['separator'],$record[$key]);
}
@@ -327,7 +328,7 @@
break;
case 'DOUBLE':
- $record[$key] = mysql_real_escape_string($record[$key]);
+ $record[$key] = $app->db->quote($record[$key]);
break;
case 'CURRENCY':
@@ -340,4 +341,4 @@
}
}
-?>
\ No newline at end of file
+?>
--
Gitblit v1.9.1