[ros-diffs] [frik85] 22199: Security update: Fix a new well known MySQL bug (http://dev.mysql.com/doc/refman/4.1/en/news-4-1-20.html).

frik85 at svn.reactos.org frik85 at svn.reactos.org
Sat Jun 3 20:02:25 CEST 2006 

Author: frik85
Date: Sat Jun  3 22:02:24 2006
New Revision: 22199

URL: http://svn.reactos.ru/svn/reactos?rev=22199&view=rev
Log:
Security update:

Fix a new well known MySQL bug (http://dev.mysql.com/doc/refman/4.1/en/news-4-1-20.html).

Modified:
    trunk/web/reactos.org/htdocs/roscms/index.php
    trunk/web/reactos.org/htdocs/support/index.php
    trunk/web/reactos.org/htdocs/wiki/index.php

Modified: trunk/web/reactos.org/htdocs/roscms/index.php
URL: http://svn.reactos.ru/svn/reactos/trunk/web/reactos.org/htdocs/roscms/index.php?rev=22199&r1=22198&r2=22199&view=diff
==============================================================================
--- trunk/web/reactos.org/htdocs/roscms/index.php (original)
+++ trunk/web/reactos.org/htdocs/roscms/index.php Sat Jun  3 22:02:24 2006
@@ -32,12 +32,19 @@
 	//include("./inc/db/connect_db.inc.php");
 	include("connect.db.php");
 
+
+	// stop MySQL bug (http://dev.mysql.com/doc/refman/4.1/en/news-4-1-20.html):
+	$SQLinjectionprevention ="SET GLOBAL sql_mode='NO_BACKSLASH_ESCAPES';";
+	$SQLinjectionprevention_query=mysql_query($SQLinjectionprevention);
+
+
+
 /*
  *	ReactOS CMS System - Version 2006-05-22
  *	
  *	(c) by Klemens Friedl <frik85>
  *	
- */ 
+ */
 
 	if ( !defined('ROSCMS_SYSTEM') ) {
 		define ("ROSCMS_SYSTEM", "Version 0.1"); // to prevent hacking activity
@@ -392,7 +399,7 @@
 			include("inc/body.php");
 			break;
 
-		case "generate_fast": // Generate the static HTML pages (for direct link, e.g. http://www.reactos.org/roscms/?page=generate"); TODO check why this link doesn't work -> errors, etc.?
+		case "generate_fast_secret": // Generate the static HTML pages (for direct link, e.g. http://www.reactos.org/roscms/?page=generate"); TODO check why this link doesn't work -> errors, etc.?
 			//require("inc/login.php");
 			include("inc/generate_page.php"); // static page generator
 			break;

Modified: trunk/web/reactos.org/htdocs/support/index.php
URL: http://svn.reactos.ru/svn/reactos/trunk/web/reactos.org/htdocs/support/index.php?rev=22199&r1=22198&r2=22199&view=diff
==============================================================================
--- trunk/web/reactos.org/htdocs/support/index.php (original)
+++ trunk/web/reactos.org/htdocs/support/index.php Sat Jun  3 22:02:24 2006
@@ -1,29 +1,11 @@
 <?php
-    /*
-    RSDB - ReactOS Support Database
-    Copyright (C) 2005-2006  Klemens Friedl <frik85 at reactos.org>
-
-    This program is free software; you can redistribute it and/or modify
-    it under the terms of the GNU General Public License as published by
-    the Free Software Foundation; either version 2 of the License, or
-    (at your option) any later version.
-
-    This program is distributed in the hope that it will be useful,
-    but WITHOUT ANY WARRANTY; without even the implied warranty of
-    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-    GNU General Public License for more details.
-
-    You should have received a copy of the GNU General Public License
-    along with this program; if not, write to the Free Software
-    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-    */
 
 /*
  *	ReactOS Support Database System - RSDB
  *	
  *	(c) by Klemens Friedl <frik85>
  *	
- *	2005 - 2006 
+ *  11/2005, 12/2005, 01/2006, 02/2006
  */
 
 error_reporting(E_ALL);
@@ -33,10 +15,19 @@
 	die("ERROR: Disable 'magic quotes' in php.ini (=Off)");
 }
 
+
+
 //global $HTTP_GET_VARS; // set the Get var global
 
 
 	require_once("connect.db.php");
+
+
+
+	// stop MySQL bug (http://dev.mysql.com/doc/refman/4.1/en/news-4-1-20.html):
+	$SQLinjectionprevention ="SET GLOBAL sql_mode='NO_BACKSLASH_ESCAPES';";
+	$SQLinjectionprevention_query=mysql_query($SQLinjectionprevention);
+
 
 
 

Modified: trunk/web/reactos.org/htdocs/wiki/index.php
URL: http://svn.reactos.ru/svn/reactos/trunk/web/reactos.org/htdocs/wiki/index.php?rev=22199&r1=22198&r2=22199&view=diff
==============================================================================
--- trunk/web/reactos.org/htdocs/wiki/index.php (original)
+++ trunk/web/reactos.org/htdocs/wiki/index.php Sat Jun  3 22:02:24 2006
@@ -61,6 +61,13 @@
 
 require_once( './LocalSettings.php' );
 require_once( 'includes/Setup.php' );
+
+
+	// stop MySQL bug (http://dev.mysql.com/doc/refman/4.1/en/news-4-1-20.html):
+	$SQLinjectionprevention ="SET GLOBAL sql_mode='NO_BACKSLASH_ESCAPES';";
+	$SQLinjectionprevention_query=mysql_query($SQLinjectionprevention);
+
+
 
 wfProfileIn( 'main-misc-setup' );
 OutputPage::setEncodings(); # Not really used yet

More information about the Ros-diffs mailing list