diff options
Diffstat (limited to 'phpBB/includes')
| -rw-r--r-- | phpBB/includes/acp/acp_users.php | 5 | ||||
| -rw-r--r-- | phpBB/includes/functions.php | 2 | ||||
| -rw-r--r-- | phpBB/includes/functions_admin.php | 2 |
3 files changed, 5 insertions, 4 deletions
diff --git a/phpBB/includes/acp/acp_users.php b/phpBB/includes/acp/acp_users.php index a3ae85cf3b..122d1d9e35 100644 --- a/phpBB/includes/acp/acp_users.php +++ b/phpBB/includes/acp/acp_users.php @@ -1831,7 +1831,7 @@ class acp_users // Select auth options $sql = 'SELECT auth_option, is_local, is_global FROM ' . ACL_OPTIONS_TABLE . " - WHERE auth_option LIKE '%\_'"; + WHERE auth_option LIKE '%" . $db->sql_escape('\_') . "'"; if ($db->sql_layer == 'mssql' || $db->sql_layer == 'mssql_odbc') { @@ -1843,6 +1843,7 @@ class acp_users $result = $db->sql_query($sql); $hold_ary = array(); + while ($row = $db->sql_fetchrow($result)) { $hold_ary = $auth_admin->get_mask('view', $user_id, false, false, $row['auth_option'], 'global', ACL_NEVER); @@ -1856,7 +1857,7 @@ class acp_users { $sql = 'SELECT auth_option, is_local, is_global FROM ' . ACL_OPTIONS_TABLE . " - WHERE auth_option LIKE '%\_'"; + WHERE auth_option LIKE '%" . $db->sql_escape('\_') . "'"; if ($db->sql_layer == 'mssql' || $db->sql_layer == 'mssql_odbc') { diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index fbdd236c7b..ba9ec8dad2 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -3878,7 +3878,7 @@ function page_header($page_title = '', $display_online_list = true) $f = request_var('f', 0); // Do not change this (it is defined as _f_={forum_id}x within session.php) - $reading_sql = " AND s.session_page LIKE '%\_f\_={$f}x%'"; + $reading_sql = " AND s.session_page LIKE '%" . $db->sql_escape("\_f\_={$f}x") . "%'"; // Specify escape character for MSSQL if ($db->sql_layer == 'mssql' || $db->sql_layer == 'mssql_odbc') diff --git a/phpBB/includes/functions_admin.php b/phpBB/includes/functions_admin.php index f522670e5d..d734b67706 100644 --- a/phpBB/includes/functions_admin.php +++ b/phpBB/includes/functions_admin.php @@ -2206,7 +2206,7 @@ function cache_moderators() AND a.group_id = ug.group_id AND ' . $db->sql_in_set('ug.user_id', $ug_id_ary) . " AND ug.user_pending = 0 - AND o.auth_option LIKE 'm\_%'" . + AND o.auth_option LIKE '" . $db->sql_escape('m\_') . "%'" . (($db->sql_layer == 'mssql' || $db->sql_layer == 'mssql_odbc') ? " ESCAPE '\\'" : ''), )); $result = $db->sql_query($sql); |