www/adiumxtras.com 38:89f7b7aef605: Blah blah blah. More injecti...

commits at adium.im commits at adium.im
Mon Dec 5 03:13:58 UTC 2011 

details:	http://hg.adium.im/www/adiumxtras.com/rev/89f7b7aef605
revision:	38:89f7b7aef605
branch:		adiumxtras.com
author:		Zachary West <zacw at adium.im>
date:		Sun Dec 04 22:13:53 2011 -0500

Blah blah blah. More injection, and bugfix. This code needs a onceover.. or two.

diffs (27 lines):

diff -r d74a5ed7d5bd -r 89f7b7aef605 manage.php
--- a/manage.php	Fri Dec 02 13:27:40 2011 -0500
+++ b/manage.php	Sun Dec 04 22:13:53 2011 -0500
@@ -16,7 +16,7 @@
 				if (array_search(userLevel($currentUserID), array("Admin", "Moderator", "Developer")) !== FALSE) {					
 					$commentsToDelete = commentsWithParent(intval($_GET['comment_id']));
 					if (count($commentsToDelete) > 0)
-						$sql->query("DELETE FROM comments WHERE comment_id IN (%s)", implode(",", $commentsToDelete));
+						$sql->query("DELETE FROM comments WHERE comment_id IN (%s)", mysql_escape_string(implode(",", $commentsToDelete)));
 
 					header(sprintf("Location: %s", $_SERVER['HTTP_REFERER']));
 				} else {
@@ -316,12 +316,12 @@
 				}
 				
 				if ($_POST['delete']) {
-					$sql->query("SELECT imgfile, thumbfile FROM images WHERE xtra_id='%d' AND image_id IN (%s)", $_POST['xtra_id'], implode(",", mysql_escape_string($_POST['delete'])));
+					$sql->query("SELECT imgfile, thumbfile FROM images WHERE xtra_id='%d' AND image_id IN (%s)", intval($_POST['xtra_id']), mysql_escape_string(implode(",", $_POST['delete'])));
 					while (list($imgfile, $thumbfile) = $sql->fetch_row()) {
 						checkAndDelete(sprintf("%s%s", "/home/adiumx/public_html/images/pictures/", $imgfile));
 						checkAndDelete(sprintf("%s%s", "/home/adiumx/public_html/images/pictures/", $thumbfile));						
 					}
-					$sql->query("DELETE FROM images WHERE xtra_id='%d' AND image_id IN (%s)", intval($_POST['xtra_id']), implode(",", mysql_escape_string($_POST['delete'])));
+					$sql->query("DELETE FROM images WHERE xtra_id='%d' AND image_id IN (%s)", intval($_POST['xtra_id']), mysql_escape_string(implode(",", $_POST['delete'])));
 				}
 				
 				$smarty->assign("title", "Xtra Saved");

More information about the commits mailing list