[pLog-svn] r5572 - plog/branches/lifetype-1.2/class/gallery/dao

oscar at devel.lifetype.net oscar at devel.lifetype.net
Sat Jun 23 12:01:20 EDT 2007


Author: oscar
Date: 2007-06-23 12:01:20 -0400 (Sat, 23 Jun 2007)
New Revision: 5572

Modified:
   plog/branches/lifetype-1.2/class/gallery/dao/galleryresources.class.php
Log:
Fixed issue http://bugs.lifetype.net/view.php?id=1346 -- file names with the character ' in their filename are now working. This was also a potential SQL injection vulnerability, btw, as file names were not being escaped when inserting them in the database.


Modified: plog/branches/lifetype-1.2/class/gallery/dao/galleryresources.class.php
===================================================================
--- plog/branches/lifetype-1.2/class/gallery/dao/galleryresources.class.php	2007-06-23 07:16:07 UTC (rev 5571)
+++ plog/branches/lifetype-1.2/class/gallery/dao/galleryresources.class.php	2007-06-23 16:01:20 UTC (rev 5572)
@@ -322,7 +322,7 @@
 						  file_path, file_name, file_size, metadata, thumbnail_format, normalized_description, properties) 
 						  VALUES (
 						  $ownerId, $albumId, '".Db::qstr($description)."', $flags, $resourceType,
-						  '$filePath', '$fileName', '$fileSize', '$serMetadata', '$thumbnailFormat',
+						  '$filePath', '".Db::qstr($fileName)."', '$fileSize', '$serMetadata', '$thumbnailFormat',
 				  '".Db::qstr($normalizedDescription)."', '$properties');";
 						  
 			$result = $this->Execute( $query );
@@ -834,7 +834,7 @@
         function isDuplicatedFilename( $fileName )
         {
         	$query = "SELECT COUNT(id) AS total FROM ".$this->getPrefix()."gallery_resources
-                      WHERE file_name = '$fileName'";
+                      WHERE file_name = '".Db::qstr($fileName)."'";
 
             $result = $this->Execute( $query );
 



More information about the pLog-svn mailing list