diff options
| author | Meik Sievertsen <acydburn@phpbb.com> | 2006-07-14 12:59:55 +0000 |
|---|---|---|
| committer | Meik Sievertsen <acydburn@phpbb.com> | 2006-07-14 12:59:55 +0000 |
| commit | d10e5bfc1acc671b1028bfaa16b1dee24295a222 (patch) | |
| tree | 2c40fa3dc36eb1937d8999482d5ba7c8eb2c45c2 | |
| parent | c4f2430645dbc8cba38c1ea3f08366034bba7127 (diff) | |
| download | forums-d10e5bfc1acc671b1028bfaa16b1dee24295a222.tar forums-d10e5bfc1acc671b1028bfaa16b1dee24295a222.tar.gz forums-d10e5bfc1acc671b1028bfaa16b1dee24295a222.tar.bz2 forums-d10e5bfc1acc671b1028bfaa16b1dee24295a222.tar.xz forums-d10e5bfc1acc671b1028bfaa16b1dee24295a222.zip | |
add not applied sql_escape in memberlist
git-svn-id: file:///svn/phpbb/trunk@6178 89ea8834-ac86-4346-8a33-228a782c2dd0
| -rw-r--r-- | phpBB/includes/functions.php | 1 | ||||
| -rw-r--r-- | phpBB/includes/functions_admin.php | 19 | ||||
| -rw-r--r-- | phpBB/install/schemas/schema_data.sql | 4 | ||||
| -rw-r--r-- | phpBB/memberlist.php | 61 |
4 files changed, 46 insertions, 39 deletions
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 13558acccf..e357435fcc 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -2834,7 +2834,6 @@ function page_footer() else if (time() - $config['database_gc'] > $config['database_last_gc']) { // Tidy the database - // This includes recalculation binary trees, ... $cron_type = 'tidy_database'; } else if (time() - $config['search_gc'] > $config['search_last_gc']) diff --git a/phpBB/includes/functions_admin.php b/phpBB/includes/functions_admin.php index 4fca718e06..52447ba6de 100644 --- a/phpBB/includes/functions_admin.php +++ b/phpBB/includes/functions_admin.php @@ -2488,26 +2488,7 @@ function tidy_database() { global $db; - // Disabling recalculating the binary tree for the moment - // It might be the source of some severe problems with broken trees - /* Recalculate binary tree for forums - recalc_btree('forum_id', FORUMS_TABLE); - - // Recalculate binary tree for modules - $sql = 'SELECT module_class - FROM ' . MODULES_TABLE . ' - GROUP BY module_class'; - $result = $db->sql_query($sql); - - while ($row = $db->sql_fetchrow($result)) - { - recalc_btree('module_id', MODULES_TABLE, $row['module_class']); - } - $db->sql_freeresult($result); - - // remove cache files. -*/ set_config('database_last_gc', time(), true); } diff --git a/phpBB/install/schemas/schema_data.sql b/phpBB/install/schemas/schema_data.sql index 9c5511321f..25a595f663 100644 --- a/phpBB/install/schemas/schema_data.sql +++ b/phpBB/install/schemas/schema_data.sql @@ -417,7 +417,7 @@ INSERT INTO phpbb_user_group (group_id, user_id, user_pending, group_leader) VAL INSERT INTO phpbb_user_group (group_id, user_id, user_pending, group_leader) VALUES (7, 2, 0, 1); # -- Ranks -INSERT INTO phpbb_ranks (rank_title, rank_min, rank_special, rank_image) VALUES ('Site Admin', -1, 1, NULL); +INSERT INTO phpbb_ranks (rank_title, rank_min, rank_special, rank_image) VALUES ('Site Admin', -1, 1, ''); # -- Roles data @@ -544,7 +544,7 @@ INSERT INTO phpbb_acl_groups (group_id, forum_id, auth_option_id, auth_role_id, INSERT INTO phpbb_topics (topic_title, topic_poster, topic_time, topic_views, topic_replies, topic_replies_real, forum_id, topic_status, topic_type, topic_first_post_id, topic_first_poster_name, topic_last_post_id, topic_last_poster_id, topic_last_poster_name, topic_last_post_time, topic_last_view_time, poll_title) VALUES ('Welcome to phpBB 3', 2, 972086460, 0, 0, 0, 2, 0, 0, 1, 'Admin', 1, 2, 'Admin', 972086460, 972086460, ''); # -- Demo Post -INSERT INTO phpbb_posts (topic_id, forum_id, poster_id, icon_id, post_time, post_username, poster_ip, post_subject, post_text, post_checksum, bbcode_uid) VALUES (1, 2, 2, 1, 972086460, NULL, '127.0.0.1', 'Welcome to phpBB 3', 'This is an example post in your phpBB 3.0 installation. You may delete this post, this topic and even this forum if you like since everything seems to be working!', '5dd683b17f641daf84c040bfefc58ce9', ''); +INSERT INTO phpbb_posts (topic_id, forum_id, poster_id, icon_id, post_time, post_username, poster_ip, post_subject, post_text, post_checksum, bbcode_uid) VALUES (1, 2, 2, 1, 972086460, '', '127.0.0.1', 'Welcome to phpBB 3', 'This is an example post in your phpBB 3.0 installation. You may delete this post, this topic and even this forum if you like since everything seems to be working!', '5dd683b17f641daf84c040bfefc58ce9', ''); # -- Admin posted to the demo topic INSERT INTO phpbb_topics_posted (user_id, topic_id, topic_posted) VALUES (2, 1, 1); diff --git a/phpBB/memberlist.php b/phpBB/memberlist.php index 7806f0678e..b74f265032 100644 --- a/phpBB/memberlist.php +++ b/phpBB/memberlist.php @@ -839,32 +839,59 @@ switch ($mode) if ($ipdomain && $auth->acl_getf_global('m_info')) { - $ips = (preg_match('#[a-z]#', $ipdomain)) ? implode(', ', preg_replace('#([0-9]{1,3}\.[0-9]{1,3}[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})#', "'\\1'", gethostbynamel($ipdomain))) : "'" . str_replace('*', '%', $ipdomain) . "'"; - - $ip_forums = array_keys($auth->acl_getf('m_info', true)); - $sql = 'SELECT DISTINCT poster_id - FROM ' . POSTS_TABLE . ' - WHERE poster_ip ' . ((preg_match('#%#', $ips)) ? 'LIKE' : 'IN') . " ($ips) - AND forum_id IN (0, " . implode(',', $ip_forums) . ')'; - $result = $db->sql_query($sql); - - if ($row = $db->sql_fetchrow($result)) + if (preg_match('#[a-z]#', $ipdomain)) { - $ip_sql = array(); - do + $hostnames = gethostbynamel($ipdomain); + + if ($hostnames !== false) { - $ip_sql[] = $row['poster_id']; + $ips = "'" . implode('\', \'', array_map(array($db, 'sql_escape'), preg_replace('#([0-9]{1,3}\.[0-9]{1,3}[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})#', "\\1", gethostbynamel($ipdomain)))) . "'"; + } + else + { + $ips = false; } - while ($row = $db->sql_fetchrow($result)); - - $sql_where .= ' AND u.user_id IN (' . implode(', ', $ip_sql) . ')'; } else { + $ips = "'" . str_replace('*', '%', $db->sql_escape($ipdomain)) . "'"; + } + + if ($ips === false) + { // A minor fudge but it does the job :D $sql_where .= " AND u.user_id IN ('-1')"; } - unset($ip_forums); + else + { + $ip_forums = array_keys($auth->acl_getf('m_info', true)); + + $sql = 'SELECT DISTINCT poster_id + FROM ' . POSTS_TABLE . ' + WHERE poster_ip ' . ((preg_match('#%#', $ips)) ? 'LIKE' : 'IN') . " ($ips) + AND forum_id IN (0, " . implode(', ', $ip_forums) . ')'; + $result = $db->sql_query($sql); + + if ($row = $db->sql_fetchrow($result)) + { + $ip_sql = array(); + do + { + $ip_sql[] = $row['poster_id']; + } + while ($row = $db->sql_fetchrow($result)); + + $sql_where .= ' AND u.user_id IN (' . implode(', ', $ip_sql) . ')'; + } + else + { + // A minor fudge but it does the job :D + $sql_where .= " AND u.user_id IN ('-1')"; + } + unset($ip_forums); + + $db->sql_freeresult($result); + } } } |