From ce34e89c899a3fca6d647e99742c39b8b7a4f3e0 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Tue, 15 May 2012 09:50:57 -0700 Subject: Different approach to resolving #1865, this replaces 6a6b3f90f36293a40cba091c3ac387abb64f3c1a which was rolled back. --- modules/gallery/libraries/MY_ORM.php | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'modules/gallery/libraries') diff --git a/modules/gallery/libraries/MY_ORM.php b/modules/gallery/libraries/MY_ORM.php index d4cdedb8..ac61e75b 100644 --- a/modules/gallery/libraries/MY_ORM.php +++ b/modules/gallery/libraries/MY_ORM.php @@ -18,6 +18,17 @@ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. */ class ORM extends ORM_Core { + + /** + * Make sure that we're only using integer ids. + */ + static function factory($model, $id=null) { + if ($id && !is_int($id)) { + throw new Exception("@todo ORM::factory requires integer ids"); + } + return ORM_Core::factory($model, $id); + } + public function save() { model_cache::clear(); return parent::save(); -- cgit v1.2.3 From 3d03ea697f18d6e779ac88024f5e6a12bff6788f Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Tue, 15 May 2012 10:50:21 -0700 Subject: Follow-on to ce34e89c899a3fca6d647e99742c39b8b7a4f3e0 for #1865 - allow strings and coerce them to integers. It might be easier to just cast whatever comes in, but I'm worried that we'll accidentally cast an array to an int(1) without realizing it. --- modules/gallery/libraries/MY_ORM.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'modules/gallery/libraries') diff --git a/modules/gallery/libraries/MY_ORM.php b/modules/gallery/libraries/MY_ORM.php index ac61e75b..4194162b 100644 --- a/modules/gallery/libraries/MY_ORM.php +++ b/modules/gallery/libraries/MY_ORM.php @@ -23,10 +23,10 @@ class ORM extends ORM_Core { * Make sure that we're only using integer ids. */ static function factory($model, $id=null) { - if ($id && !is_int($id)) { + if ($id && !is_int($id) && !is_string($id)) { throw new Exception("@todo ORM::factory requires integer ids"); } - return ORM_Core::factory($model, $id); + return ORM_Core::factory($model, (int) $id); } public function save() { -- cgit v1.2.3 From 3caf3cc323cd25b002aa8e44d871d4677da7a029 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Tue, 15 May 2012 10:54:18 -0700 Subject: Harden installer against bad characters in the database name or prefix. Fixes #1866. --- installer/database_config.php | 2 +- installer/installer.php | 2 +- installer/web.php | 7 +++++++ modules/gallery/libraries/MY_Database.php | 4 ++-- 4 files changed, 11 insertions(+), 4 deletions(-) (limited to 'modules/gallery/libraries') diff --git a/installer/database_config.php b/installer/database_config.php index a5dc8865..fb7dd112 100644 --- a/installer/database_config.php +++ b/installer/database_config.php @@ -31,7 +31,7 @@ $config['default'] = array( 'connection' => array( 'type' => '', 'user' => '', - 'pass' => '', + 'pass' => '', 'host' => '', 'port' => '' false, 'socket' => false, diff --git a/installer/installer.php b/installer/installer.php index decc5629..339a02fd 100644 --- a/installer/installer.php +++ b/installer/installer.php @@ -183,7 +183,7 @@ class installer { } static function prepend_prefix($prefix, $sql) { - return preg_replace("#{([a-zA-Z0-9_]+)}#", "{$prefix}$1", $sql); + return preg_replace("#{([a-zA-Z0-9_]+)}#", "`{$prefix}$1`", $sql); } static function check_environment() { diff --git a/installer/web.php b/installer/web.php index 6102f0e0..12f42d02 100644 --- a/installer/web.php +++ b/installer/web.php @@ -39,6 +39,13 @@ if (installer::already_installed()) { "prefix" => $_POST["prefix"], "type" => function_exists("mysqli_set_charset") ? "mysqli" : "mysql"); list ($config["host"], $config["port"]) = explode(":", $config["host"] . ":"); + foreach ($config as $k => $v) { + if ($k == "password") { + $config[$k] = str_replace("'", "\\'", $v); + } else { + $config[$k] = strtr($v, "'`", "__"); + } + } if (!installer::connect($config)) { $content = render("invalid_db_info.html.php"); diff --git a/modules/gallery/libraries/MY_Database.php b/modules/gallery/libraries/MY_Database.php index f3cace4d..fb54bfcd 100644 --- a/modules/gallery/libraries/MY_Database.php +++ b/modules/gallery/libraries/MY_Database.php @@ -65,14 +65,14 @@ abstract class Database extends Database_Core { $open_brace = strpos($sql, "TO {") + 4; $close_brace = strpos($sql, "}", $open_brace); $name = substr($sql, $open_brace, $close_brace - $open_brace); - $this->_table_names["{{$name}}"] = "{$prefix}$name"; + $this->_table_names["{{$name}}"] = "`{$prefix}$name`"; } if (!isset($this->_table_names)) { // This should only run once on the first query $this->_table_names = array(); foreach($this->list_tables() as $table_name) { - $this->_table_names["{{$table_name}}"] = $prefix . $table_name; + $this->_table_names["{{$table_name}}"] = "`{$prefix}{$table_name}`"; } } -- cgit v1.2.3 From 1c5c2e7de42f9e59932c81fb26c8416b2fef3fda Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Wed, 16 May 2012 11:32:28 -0700 Subject: Convert any UTF-7 to UTF-8 so that fragment pages (like AJAX replies) won't be mistakenly interpreted as UTF-7. Fixes #1869. --- modules/gallery/libraries/SafeString.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules/gallery/libraries') diff --git a/modules/gallery/libraries/SafeString.php b/modules/gallery/libraries/SafeString.php index 997abd2e..52ed48f2 100644 --- a/modules/gallery/libraries/SafeString.php +++ b/modules/gallery/libraries/SafeString.php @@ -31,7 +31,7 @@ class SafeString_Core { $this->_is_safe_html = $string->_is_safe_html; $string = $string->unescaped(); } - $this->_raw_string = (string) $string; + $this->_raw_string = mb_convert_encoding((string) $string, 'UTF-8', 'UTF-7'); } /** -- cgit v1.2.3 From 355679fa55bfa21e8475f52fb26efa0ff2a1bf0d Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Wed, 16 May 2012 12:01:41 -0700 Subject: Revert "Convert any UTF-7 to UTF-8 so that fragment pages (like AJAX replies)" This will break many legal UTF-8 strings. This reverts commit 1c5c2e7de42f9e59932c81fb26c8416b2fef3fda. --- modules/gallery/libraries/SafeString.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules/gallery/libraries') diff --git a/modules/gallery/libraries/SafeString.php b/modules/gallery/libraries/SafeString.php index 52ed48f2..997abd2e 100644 --- a/modules/gallery/libraries/SafeString.php +++ b/modules/gallery/libraries/SafeString.php @@ -31,7 +31,7 @@ class SafeString_Core { $this->_is_safe_html = $string->_is_safe_html; $string = $string->unescaped(); } - $this->_raw_string = mb_convert_encoding((string) $string, 'UTF-8', 'UTF-7'); + $this->_raw_string = (string) $string; } /** -- cgit v1.2.3