[ros-diffs] [frik85] 22199: Security update: Fix a new well known MySQL bug (http://dev.mysql.com/doc/refman/4.1/en/news-4-1-20.html).
frik85 at svn.reactos.org
frik85 at svn.reactos.org
Sat Jun 3 20:02:25 CEST 2006
Author: frik85
Date: Sat Jun 3 22:02:24 2006
New Revision: 22199
URL: http://svn.reactos.ru/svn/reactos?rev=22199&view=rev
Log:
Security update:
Fix a new well known MySQL bug (http://dev.mysql.com/doc/refman/4.1/en/news-4-1-20.html).
Modified:
trunk/web/reactos.org/htdocs/roscms/index.php
trunk/web/reactos.org/htdocs/support/index.php
trunk/web/reactos.org/htdocs/wiki/index.php
Modified: trunk/web/reactos.org/htdocs/roscms/index.php
URL: http://svn.reactos.ru/svn/reactos/trunk/web/reactos.org/htdocs/roscms/index.php?rev=22199&r1=22198&r2=22199&view=diff
==============================================================================
--- trunk/web/reactos.org/htdocs/roscms/index.php (original)
+++ trunk/web/reactos.org/htdocs/roscms/index.php Sat Jun 3 22:02:24 2006
@@ -32,12 +32,19 @@
//include("./inc/db/connect_db.inc.php");
include("connect.db.php");
+
+ // stop MySQL bug (http://dev.mysql.com/doc/refman/4.1/en/news-4-1-20.html):
+ $SQLinjectionprevention ="SET GLOBAL sql_mode='NO_BACKSLASH_ESCAPES';";
+ $SQLinjectionprevention_query=mysql_query($SQLinjectionprevention);
+
+
+
/*
* ReactOS CMS System - Version 2006-05-22
*
* (c) by Klemens Friedl <frik85>
*
- */
+ */
if ( !defined('ROSCMS_SYSTEM') ) {
define ("ROSCMS_SYSTEM", "Version 0.1"); // to prevent hacking activity
@@ -392,7 +399,7 @@
include("inc/body.php");
break;
- case "generate_fast": // Generate the static HTML pages (for direct link, e.g. http://www.reactos.org/roscms/?page=generate"); TODO check why this link doesn't work -> errors, etc.?
+ case "generate_fast_secret": // Generate the static HTML pages (for direct link, e.g. http://www.reactos.org/roscms/?page=generate"); TODO check why this link doesn't work -> errors, etc.?
//require("inc/login.php");
include("inc/generate_page.php"); // static page generator
break;
Modified: trunk/web/reactos.org/htdocs/support/index.php
URL: http://svn.reactos.ru/svn/reactos/trunk/web/reactos.org/htdocs/support/index.php?rev=22199&r1=22198&r2=22199&view=diff
==============================================================================
--- trunk/web/reactos.org/htdocs/support/index.php (original)
+++ trunk/web/reactos.org/htdocs/support/index.php Sat Jun 3 22:02:24 2006
@@ -1,29 +1,11 @@
<?php
- /*
- RSDB - ReactOS Support Database
- Copyright (C) 2005-2006 Klemens Friedl <frik85 at reactos.org>
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- */
/*
* ReactOS Support Database System - RSDB
*
* (c) by Klemens Friedl <frik85>
*
- * 2005 - 2006
+ * 11/2005, 12/2005, 01/2006, 02/2006
*/
error_reporting(E_ALL);
@@ -33,10 +15,19 @@
die("ERROR: Disable 'magic quotes' in php.ini (=Off)");
}
+
+
//global $HTTP_GET_VARS; // set the Get var global
require_once("connect.db.php");
+
+
+
+ // stop MySQL bug (http://dev.mysql.com/doc/refman/4.1/en/news-4-1-20.html):
+ $SQLinjectionprevention ="SET GLOBAL sql_mode='NO_BACKSLASH_ESCAPES';";
+ $SQLinjectionprevention_query=mysql_query($SQLinjectionprevention);
+
Modified: trunk/web/reactos.org/htdocs/wiki/index.php
URL: http://svn.reactos.ru/svn/reactos/trunk/web/reactos.org/htdocs/wiki/index.php?rev=22199&r1=22198&r2=22199&view=diff
==============================================================================
--- trunk/web/reactos.org/htdocs/wiki/index.php (original)
+++ trunk/web/reactos.org/htdocs/wiki/index.php Sat Jun 3 22:02:24 2006
@@ -61,6 +61,13 @@
require_once( './LocalSettings.php' );
require_once( 'includes/Setup.php' );
+
+
+ // stop MySQL bug (http://dev.mysql.com/doc/refman/4.1/en/news-4-1-20.html):
+ $SQLinjectionprevention ="SET GLOBAL sql_mode='NO_BACKSLASH_ESCAPES';";
+ $SQLinjectionprevention_query=mysql_query($SQLinjectionprevention);
+
+
wfProfileIn( 'main-misc-setup' );
OutputPage::setEncodings(); # Not really used yet
More information about the Ros-diffs
mailing list