diff --git a/admin/AJAX_check_id.php b/admin/AJAX_check_id.php index 21c8627f..d78028ee 100755 --- a/admin/AJAX_check_id.php +++ b/admin/AJAX_check_id.php @@ -18,7 +18,7 @@ if (isset($_POST['id']) AND !empty($_POST['id'])) { $id = $dbs->escape_string(trim($_POST['id'])); } else { - die('' . __('No ID Supplied!') . ''); + die('' . __('No ID Supplied!') . ''); } // sql string diff --git a/admin/admin_template/default-dz/function.php b/admin/admin_template/default-dz/function.php index 9d96598b..39345a8a 100644 --- a/admin/admin_template/default-dz/function.php +++ b/admin/admin_template/default-dz/function.php @@ -112,7 +112,7 @@ function get_shortcuts_menu() { global $dbs; $shortcuts = array(); - $shortcuts_q = $dbs->query('SELECT * FROM setting WHERE setting_name LIKE \'shortcuts_'.$_SESSION['uid'].'\''); + $shortcuts_q = $dbs->query('SELECT * FROM setting WHERE setting_name LIKE \'shortcuts_'.$dbs->escape_string($_SESSION['uid']).'\''); $shortcuts_d = $shortcuts_q->fetch_assoc(); if ($shortcuts_q->num_rows > 0) { $shortcuts = unserialize($shortcuts_d['setting_value']); diff --git a/admin/admin_template/default/function.php b/admin/admin_template/default/function.php index fecc30d4..c9136f7e 100644 --- a/admin/admin_template/default/function.php +++ b/admin/admin_template/default/function.php @@ -117,7 +117,7 @@ function get_shortcuts_menu() { global $dbs; $shortcuts = array(); - $shortcuts_q = $dbs->query('SELECT * FROM setting WHERE setting_name LIKE \'shortcuts_'.$_SESSION['uid'].'\''); + $shortcuts_q = $dbs->query('SELECT * FROM setting WHERE setting_name LIKE \'shortcuts_'.$dbs->escape_string($_SESSION['uid']).'\''); $shortcuts_d = $shortcuts_q->fetch_assoc(); if ($shortcuts_q->num_rows > 0) { $shortcuts = unserialize($shortcuts_d['setting_value']); diff --git a/admin/modules/bibliography/biblio.inc.php b/admin/modules/bibliography/biblio.inc.php index 9af8ea61..a7553914 100644 --- a/admin/modules/bibliography/biblio.inc.php +++ b/admin/modules/bibliography/biblio.inc.php @@ -209,6 +209,7 @@ public function marc_export($input_id = 0, $offset = 0, $total = 10000, $format if ($total < 1) { $total = 1000000; } + $input_id = $dbs->escape_string($input_id); if ($input_id == 'BATCH') { $records = $this->getRecords(null, $offset, $total); } else { diff --git a/admin/modules/bibliography/biblio_utils.inc.php b/admin/modules/bibliography/biblio_utils.inc.php index 998af5eb..d8730863 100755 --- a/admin/modules/bibliography/biblio_utils.inc.php +++ b/admin/modules/bibliography/biblio_utils.inc.php @@ -25,6 +25,7 @@ function getAuthorID($str_author_name, $str_author_type, &$arr_cache = false) { global $dbs; $str_value = trim($str_author_name); + $str_author_type = $dbs->escape_string($str_author_type); if ($arr_cache) { if (isset($arr_cache[$str_value])) { return $arr_cache[$str_value]; diff --git a/admin/modules/bibliography/index.php b/admin/modules/bibliography/index.php index 659c196d..85ed120a 100755 --- a/admin/modules/bibliography/index.php +++ b/admin/modules/bibliography/index.php @@ -81,7 +81,9 @@ function getimagesizefromstring($string_data) $_delete = $dbs->query(sprintf('UPDATE biblio SET image=NULL WHERE biblio_id=%d', $_POST['bimg'])); $_delete2 = $dbs->query(sprintf('UPDATE search_biblio SET image=NULL WHERE biblio_id=%d', $_POST['bimg'])); if ($_delete) { - @unlink(sprintf(IMGBS.'docs/%s',$_POST['img'])); + $postImage = stripslashes($_POST['img']); + $postImage = str_replace('/', '', $postImage); + @unlink(sprintf(IMGBS.'docs/%s',$postImage)); exit(''); } exit(); diff --git a/lib/contents/member.inc.php b/lib/contents/member.inc.php index 6f2cd53b..e85f7cce 100755 --- a/lib/contents/member.inc.php +++ b/lib/contents/member.inc.php @@ -101,15 +101,15 @@ header('Location: index.php?p=member'); exit(); } else { - // md5 password - $md5_password = MD5($password); - // query password - $_pass_q = $dbs->query('SELECT mpasswd FROM member WHERE member_id = \''.$username.'\''); - $_pass_d = $_pass_q->fetch_row(); - if ($_pass_d[0] === $md5_password) { + $_member_sql = sprintf('SELECT member_name FROM member + WHERE mpasswd=MD5(\'%s\') AND member_id=\'%s\'', + $dbs->escape_string(trim($password)), $dbs->escape_string(trim($username))); + $_member_q = $dbs->query($_member_sql); + if ($_member_q->num_rows > 0) { + $_member_d = $_member_q->fetch_row(); $msg = ''; $msg .= '
'; - $msg .= '
'.__('Please update your password!').'
'; + $msg .= '
Hi, '. $_member_d[0] .'! '.__('Please update your password!').'
'; $msg .= '
'; $msg .= '
'; $msg .= '
'; diff --git a/lib/member_logon.inc.php b/lib/member_logon.inc.php index fdf9e986..16ce5ad7 100755 --- a/lib/member_logon.inc.php +++ b/lib/member_logon.inc.php @@ -239,7 +239,7 @@ public function valid($obj_db) { // update the last login time $obj_db->query("UPDATE member SET last_login='".date("Y-m-d H:i:s")."', last_login_ip='".$_SERVER['REMOTE_ADDR']."' - WHERE member_id='".$this->user_info['member_id']."'"); + WHERE member_id='".$obj_db->escape_string($this->user_info['member_id'])."'"); return true; } diff --git a/template/classic-dz/biblio_list_template.php b/template/classic-dz/biblio_list_template.php index 082de852..8d20af02 100644 --- a/template/classic-dz/biblio_list_template.php +++ b/template/classic-dz/biblio_list_template.php @@ -57,7 +57,7 @@ function biblio_list_format($dbs, $biblio_detail, $n, $settings = array(), &$ret if (!isset($label_cache[$label[0]]['name'])) { $label_q = $dbs->query('SELECT label_name, label_desc, label_image FROM mst_label AS lb - WHERE lb.label_name=\''.$label[0].'\''); + WHERE lb.label_name=\''.$dbs->escape_string($label[0]).'\''); $label_d = $label_q->fetch_row(); $label_cache[$label[0]] = array( 'name' => $label_d[0], 'desc' => $label_d[1], diff --git a/template/classic/biblio_list_template.php b/template/classic/biblio_list_template.php index 082de852..8d20af02 100644 --- a/template/classic/biblio_list_template.php +++ b/template/classic/biblio_list_template.php @@ -57,7 +57,7 @@ function biblio_list_format($dbs, $biblio_detail, $n, $settings = array(), &$ret if (!isset($label_cache[$label[0]]['name'])) { $label_q = $dbs->query('SELECT label_name, label_desc, label_image FROM mst_label AS lb - WHERE lb.label_name=\''.$label[0].'\''); + WHERE lb.label_name=\''.$dbs->escape_string($label[0]).'\''); $label_d = $label_q->fetch_row(); $label_cache[$label[0]] = array( 'name' => $label_d[0], 'desc' => $label_d[1], diff --git a/template/default-dz/biblio_list_template.php b/template/default-dz/biblio_list_template.php index 9203f5d2..759ef8c9 100644 --- a/template/default-dz/biblio_list_template.php +++ b/template/default-dz/biblio_list_template.php @@ -57,7 +57,7 @@ function biblio_list_format($dbs, $biblio_detail, $n, $settings = array(), &$ret if (!isset($label_cache[$label[0]]['name'])) { $label_q = $dbs->query('SELECT label_name, label_desc, label_image FROM mst_label AS lb - WHERE lb.label_name=\''.$label[0].'\''); + WHERE lb.label_name=\''.$dbs->escape_string($label[0]).'\''); $label_d = $label_q->fetch_row(); $label_cache[$label[0]] = array( 'name' => $label_d[0], 'desc' => $label_d[1], diff --git a/template/default/biblio_list_template.php b/template/default/biblio_list_template.php index 9203f5d2..759ef8c9 100644 --- a/template/default/biblio_list_template.php +++ b/template/default/biblio_list_template.php @@ -57,7 +57,7 @@ function biblio_list_format($dbs, $biblio_detail, $n, $settings = array(), &$ret if (!isset($label_cache[$label[0]]['name'])) { $label_q = $dbs->query('SELECT label_name, label_desc, label_image FROM mst_label AS lb - WHERE lb.label_name=\''.$label[0].'\''); + WHERE lb.label_name=\''.$dbs->escape_string($label[0]).'\''); $label_d = $label_q->fetch_row(); $label_cache[$label[0]] = array( 'name' => $label_d[0], 'desc' => $label_d[1], diff --git a/template/lightweight/biblio_list_template.php b/template/lightweight/biblio_list_template.php index 9203f5d2..759ef8c9 100644 --- a/template/lightweight/biblio_list_template.php +++ b/template/lightweight/biblio_list_template.php @@ -57,7 +57,7 @@ function biblio_list_format($dbs, $biblio_detail, $n, $settings = array(), &$ret if (!isset($label_cache[$label[0]]['name'])) { $label_q = $dbs->query('SELECT label_name, label_desc, label_image FROM mst_label AS lb - WHERE lb.label_name=\''.$label[0].'\''); + WHERE lb.label_name=\''.$dbs->escape_string($label[0]).'\''); $label_d = $label_q->fetch_row(); $label_cache[$label[0]] = array( 'name' => $label_d[0], 'desc' => $label_d[1],