From c1eecab36415bcba022aa088463ed138fc38b92b Mon Sep 17 00:00:00 2001 From: plegall Date: Fri, 28 Jun 2019 18:07:53 +0200 Subject: [PATCH] fixes #996 escape word "groups" in SQL queries, new reserved word with MySQL 8 --- admin/album_notification.php | 10 +++---- admin/cat_perm.php | 2 +- admin/group_list.php | 38 +++++++++++++----------- admin/include/functions.php | 4 +-- admin/intro.php | 2 +- admin/user_list.php | 2 +- admin/user_list_backend.php | 2 +- include/dblayer/functions_mysqli.inc.php | 24 +++++++++++++++ include/functions_user.inc.php | 2 +- include/ws_functions/pwg.groups.php | 16 +++++----- include/ws_functions/pwg.php | 2 +- include/ws_functions/pwg.users.php | 2 +- 12 files changed, 66 insertions(+), 40 deletions(-) diff --git a/admin/album_notification.php b/admin/album_notification.php index 0a4180954..da16ddafe 100644 --- a/admin/album_notification.php +++ b/admin/album_notification.php @@ -35,12 +35,12 @@ if (isset($_POST['submitEmail'])) { set_make_full_url(); + $img = array(); + /* TODO: if $category['representative_picture_id'] is empty find child representative_picture_id */ if (!empty($category['representative_picture_id'])) { - $img = array(); - $query = ' SELECT id, file, path, representative_ext FROM '.IMAGES_TABLE.' @@ -161,7 +161,7 @@ SELECT $query = ' SELECT name - FROM '.GROUPS_TABLE.' + FROM `'.GROUPS_TABLE.'` WHERE id = '.$_POST['group'].' ;'; list($group_name) = pwg_db_fetch_row(pwg_query($query)); @@ -210,7 +210,7 @@ if ($conf['auth_key_duration'] > 0) $query = ' SELECT id AS group_id - FROM '.GROUPS_TABLE.' + FROM `'.GROUPS_TABLE.'` ;'; $all_group_ids = array_from_query($query, 'group_id'); @@ -246,7 +246,7 @@ SELECT SELECT id, name - FROM '.GROUPS_TABLE.' + FROM `'.GROUPS_TABLE.'` WHERE id IN ('.implode(',', $group_ids).') ORDER BY name ASC ;'; diff --git a/admin/cat_perm.php b/admin/cat_perm.php index e97a6d82a..5fbf894f5 100644 --- a/admin/cat_perm.php +++ b/admin/cat_perm.php @@ -192,7 +192,7 @@ $groups = array(); $query = ' SELECT id, name - FROM '.GROUPS_TABLE.' + FROM `'.GROUPS_TABLE.'` ORDER BY name ASC ;'; $groups = simple_hash_from_query($query, 'id', 'name'); diff --git a/admin/group_list.php b/admin/group_list.php index acfede60b..b3fa225c8 100644 --- a/admin/group_list.php +++ b/admin/group_list.php @@ -50,7 +50,7 @@ if (isset($_POST['submit_add'])) // is the group not already existing ? $query = ' SELECT COUNT(*) - FROM '.GROUPS_TABLE.' + FROM `'.GROUPS_TABLE.'` WHERE name = \''.$_POST['groupname'].'\' ;'; list($count) = pwg_db_fetch_row(pwg_query($query)); @@ -63,7 +63,7 @@ SELECT COUNT(*) { // creating the group $query = ' -INSERT INTO '.GROUPS_TABLE.' +INSERT INTO `'.GROUPS_TABLE.'` (name) VALUES (\''.pwg_db_real_escape_string($_POST['groupname']).'\') @@ -101,20 +101,22 @@ if (isset($_POST['submit']) and isset($_POST['selectAction']) and isset($_POST[' // is the group not already existing ? $query = ' SELECT name - FROM '.GROUPS_TABLE.' + FROM `'.GROUPS_TABLE.'` ;'; $group_names = array_from_query($query, 'name'); foreach($groups as $group) { - if ( in_array($_POST['rename_'.$group.''], $group_names)) + $_POST['rename_'.$group] = stripslashes($_POST['rename_'.$group]); + + if (in_array($_POST['rename_'.$group], $group_names)) { - $page['errors'][] = $_POST['rename_'.$group.''].' | '.l10n('This name is already used by another group.'); + $page['errors'][] = $_POST['rename_'.$group].' | '.l10n('This name is already used by another group.'); } elseif ( !empty($_POST['rename_'.$group.''])) { $query = ' - UPDATE '.GROUPS_TABLE.' - SET name = \''.pwg_db_real_escape_string($_POST['rename_'.$group.'']).'\' + UPDATE `'.GROUPS_TABLE.'` + SET name = \''.pwg_db_real_escape_string($_POST['rename_'.$group]).'\' WHERE id = '.$group.' ;'; pwg_query($query); @@ -149,7 +151,7 @@ SELECT name $query = ' SELECT id, name - FROM '.GROUPS_TABLE.' + FROM `'.GROUPS_TABLE.'` WHERE id = '.$group.' ;'; @@ -160,7 +162,7 @@ SELECT name // destruction of the group $query = ' DELETE - FROM '.GROUPS_TABLE.' + FROM `'.GROUPS_TABLE.'` WHERE id = '.$group.' ;'; pwg_query($query); @@ -181,7 +183,7 @@ SELECT name // is the group not already existing ? $query = ' SELECT COUNT(*) - FROM '.GROUPS_TABLE.' + FROM `'.GROUPS_TABLE.'` WHERE name = \''.pwg_db_real_escape_string($_POST['merge']).'\' ;'; list($count) = pwg_db_fetch_row(pwg_query($query)); @@ -193,7 +195,7 @@ SELECT COUNT(*) { // creating the group $query = ' - INSERT INTO '.GROUPS_TABLE.' + INSERT INTO `'.GROUPS_TABLE.'` (name) VALUES (\''.pwg_db_real_escape_string($_POST['merge']).'\') @@ -201,7 +203,7 @@ SELECT COUNT(*) pwg_query($query); $query = ' SELECT id - FROM '.GROUPS_TABLE.' + FROM `'.GROUPS_TABLE.'` WHERE name = \''.pwg_db_real_escape_string($_POST['merge']).'\' ;'; list($groupid) = pwg_db_fetch_row(pwg_query($query)); @@ -268,7 +270,7 @@ SELECT COUNT(*) // is the group not already existing ? $query = ' SELECT COUNT(*) - FROM '.GROUPS_TABLE.' + FROM `'.GROUPS_TABLE.'` WHERE name = \''.pwg_db_real_escape_string($_POST['duplicate_'.$group.'']).'\' ;'; list($count) = pwg_db_fetch_row(pwg_query($query)); @@ -279,7 +281,7 @@ SELECT COUNT(*) } // creating the group $query = ' - INSERT INTO '.GROUPS_TABLE.' + INSERT INTO `'.GROUPS_TABLE.'` (name) VALUES (\''.pwg_db_real_escape_string($_POST['duplicate_'.$group.'']).'\') @@ -287,7 +289,7 @@ SELECT COUNT(*) pwg_query($query); $query = ' SELECT id - FROM '.GROUPS_TABLE.' + FROM `'.GROUPS_TABLE.'` WHERE name = \''.pwg_db_real_escape_string($_POST['duplicate_'.$group.'']).'\' ;'; @@ -340,14 +342,14 @@ SELECT COUNT(*) { $query = ' SELECT name, is_default - FROM '.GROUPS_TABLE.' + FROM `'.GROUPS_TABLE.'` WHERE id = '.$group.' ;'; list($groupname, $is_default) = pwg_db_fetch_row(pwg_query($query)); // update of the group $query = ' - UPDATE '.GROUPS_TABLE.' + UPDATE `'.GROUPS_TABLE.'` SET is_default = \''.boolean_to_string(!get_boolean($is_default)).'\' WHERE id = '.$group.' ;'; @@ -380,7 +382,7 @@ $template->assign( $query = ' SELECT id, name, is_default - FROM '.GROUPS_TABLE.' + FROM `'.GROUPS_TABLE.'` ORDER BY name ASC ;'; $result = pwg_query($query); diff --git a/admin/include/functions.php b/admin/include/functions.php index 9c077b505..5d6958afc 100644 --- a/admin/include/functions.php +++ b/admin/include/functions.php @@ -2438,7 +2438,7 @@ function get_groupname($group_id) { $query = ' SELECT name - FROM '.GROUPS_TABLE.' + FROM `'.GROUPS_TABLE.'` WHERE id = '.intval($group_id).' ;'; $result = pwg_query($query); @@ -3022,7 +3022,7 @@ SELECT CONCAT( "_", COUNT(*) ) - FROM '. $tables[$item] .' + FROM `'. $tables[$item] .'` ;'; list($keys[$item]) = pwg_db_fetch_row(pwg_query($query)); } diff --git a/admin/intro.php b/admin/intro.php index ffbf3f44c..09ec496b5 100644 --- a/admin/intro.php +++ b/admin/intro.php @@ -124,7 +124,7 @@ list($nb_users) = pwg_db_fetch_row(pwg_query($query)); $query = ' SELECT COUNT(*) - FROM '.GROUPS_TABLE.' + FROM `'.GROUPS_TABLE.'` ;'; list($nb_groups) = pwg_db_fetch_row(pwg_query($query)); diff --git a/admin/user_list.php b/admin/user_list.php index 2e54f4b90..1de17cabe 100644 --- a/admin/user_list.php +++ b/admin/user_list.php @@ -31,7 +31,7 @@ $groups = array(); $query = ' SELECT id, name - FROM '.GROUPS_TABLE.' + FROM `'.GROUPS_TABLE.'` ORDER BY name ASC ;'; $result = pwg_query($query); diff --git a/admin/user_list_backend.php b/admin/user_list_backend.php index 352e7d5ed..a1a0c01c7 100644 --- a/admin/user_list_backend.php +++ b/admin/user_list_backend.php @@ -203,7 +203,7 @@ SELECT user_id, GROUP_CONCAT(name ORDER BY name SEPARATOR ", ") AS groups FROM '.USER_GROUP_TABLE.' - JOIN '.GROUPS_TABLE.' ON id = group_id + JOIN `'.GROUPS_TABLE.'` ON id = group_id WHERE user_id IN ('.implode(',', $user_ids).') GROUP BY user_id ;'; diff --git a/include/dblayer/functions_mysqli.inc.php b/include/dblayer/functions_mysqli.inc.php index 2201afddd..030a01a3d 100644 --- a/include/dblayer/functions_mysqli.inc.php +++ b/include/dblayer/functions_mysqli.inc.php @@ -286,6 +286,12 @@ function mass_updates($tablename, $dbfields, $datas, $flags=0) { $is_first = true; + // escape a reserved word + if ('groups' == $tablename) + { + $tablename = '`'.$tablename.'`'; + } + $query = ' UPDATE '.$tablename.' SET '; @@ -428,6 +434,12 @@ function single_update($tablename, $datas, $where, $flags=0) $is_first = true; + // escape a reserved word + if ('groups' == $tablename) + { + $tablename = '`'.$tablename.'`'; + } + $query = ' UPDATE '.$tablename.' SET '; @@ -515,6 +527,12 @@ function mass_inserts($table_name, $dbfields, $datas, $options=array()) if ($first) { + // escape a reserved word + if ('groups' == $table_name) + { + $table_name = '`'.$table_name.'`'; + } + $query = ' INSERT '.$ignore.' INTO '.$table_name.' ('.implode(',', $dbfields).') @@ -561,6 +579,12 @@ function single_insert($table_name, $data) { if (count($data) != 0) { + // escape a reserved word + if ('groups' == $table_name) + { + $table_name = '`'.$table_name.'`'; + } + $query = ' INSERT INTO '.$table_name.' ('.implode(',', array_keys($data)).') diff --git a/include/functions_user.inc.php b/include/functions_user.inc.php index 4985e31a3..593d17aef 100644 --- a/include/functions_user.inc.php +++ b/include/functions_user.inc.php @@ -184,7 +184,7 @@ function register_user($login, $password, $mail_address, $notify_admin=true, &$e // Assign by default groups $query = ' SELECT id - FROM '.GROUPS_TABLE.' + FROM `'.GROUPS_TABLE.'` WHERE is_default = \''.boolean_to_string(true).'\' ORDER BY id ASC ;'; diff --git a/include/ws_functions/pwg.groups.php b/include/ws_functions/pwg.groups.php index 953bea1f2..a64c8df31 100644 --- a/include/ws_functions/pwg.groups.php +++ b/include/ws_functions/pwg.groups.php @@ -30,7 +30,7 @@ function ws_groups_getList($params, &$service) $query = ' SELECT g.*, COUNT(user_id) AS nb_users - FROM '. GROUPS_TABLE .' AS g + FROM `'. GROUPS_TABLE .'` AS g LEFT JOIN '. USER_GROUP_TABLE .' AS ug ON ug.group_id = g.id WHERE '. implode(' AND ', $where_clauses) .' @@ -66,7 +66,7 @@ function ws_groups_add($params, &$service) // is the name not already used ? $query = ' SELECT COUNT(*) - FROM '.GROUPS_TABLE.' + FROM `'.GROUPS_TABLE.'` WHERE name = \''.$params['name'].'\' ;'; list($count) = pwg_db_fetch_row(pwg_query($query)); @@ -124,7 +124,7 @@ DELETE $query = ' SELECT id, name - FROM '. GROUPS_TABLE .' + FROM `'. GROUPS_TABLE .'` WHERE id IN('. $group_id_string .') ;'; @@ -135,7 +135,7 @@ SELECT id, name // destruction of the group $query = ' DELETE - FROM '. GROUPS_TABLE .' + FROM `'. GROUPS_TABLE .'` WHERE id IN('. $group_id_string .') ;'; pwg_query($query); @@ -169,7 +169,7 @@ function ws_groups_setInfo($params, &$service) // does the group exist ? $query = ' SELECT COUNT(*) - FROM '. GROUPS_TABLE .' + FROM `'. GROUPS_TABLE .'` WHERE id = '. $params['group_id'] .' ;'; list($count) = pwg_db_fetch_row(pwg_query($query)); @@ -185,7 +185,7 @@ SELECT COUNT(*) // is the name not already used ? $query = ' SELECT COUNT(*) - FROM '. GROUPS_TABLE .' + FROM `'. GROUPS_TABLE .'` WHERE name = \''. $params['name'] .'\' ;'; list($count) = pwg_db_fetch_row(pwg_query($query)); @@ -230,7 +230,7 @@ function ws_groups_addUser($params, &$service) // does the group exist ? $query = ' SELECT COUNT(*) - FROM '. GROUPS_TABLE .' + FROM `'. GROUPS_TABLE .'` WHERE id = '. $params['group_id'] .' ;'; list($count) = pwg_db_fetch_row(pwg_query($query)); @@ -281,7 +281,7 @@ function ws_groups_deleteUser($params, &$service) // does the group exist ? $query = ' SELECT COUNT(*) - FROM '. GROUPS_TABLE .' + FROM `'. GROUPS_TABLE .'` WHERE id = '. $params['group_id'] .' ;'; list($count) = pwg_db_fetch_row(pwg_query($query)); diff --git a/include/ws_functions/pwg.php b/include/ws_functions/pwg.php index 7790183f3..6aeb36e60 100644 --- a/include/ws_functions/pwg.php +++ b/include/ws_functions/pwg.php @@ -160,7 +160,7 @@ function ws_getInfos($params, &$service) $query = 'SELECT COUNT(*) FROM '.USERS_TABLE.';'; list($infos['nb_users']) = pwg_db_fetch_row(pwg_query($query)); - $query = 'SELECT COUNT(*) FROM '.GROUPS_TABLE.';'; + $query = 'SELECT COUNT(*) FROM `'.GROUPS_TABLE.'`;'; list($infos['nb_groups']) = pwg_db_fetch_row(pwg_query($query)); $query = 'SELECT COUNT(*) FROM '.COMMENTS_TABLE.';'; diff --git a/include/ws_functions/pwg.users.php b/include/ws_functions/pwg.users.php index 3fecc5754..3881f3b65 100644 --- a/include/ws_functions/pwg.users.php +++ b/include/ws_functions/pwg.users.php @@ -598,7 +598,7 @@ DELETE $query = ' SELECT id - FROM '.GROUPS_TABLE.' + FROM `'.GROUPS_TABLE.'` WHERE id IN ('.implode(',', $params['group_id']).') ;'; $group_ids = array_from_query($query, 'id');