Escape all login and username characters in database

Display correctly usernames

(I hope not to have made mistakes)

git-svn-id: http://piwigo.org/svn/trunk@4304 68402e56-0260-453c-a942-63ccdbb3a9ee

admin/comments.php

@@ -160,7 +160,7 @@ while ($row = mysql_fetch_assoc($result))
   }
   else
   {
-    $author_name = $row['username'];
+    $author_name = stripslashes($row['username']);
   }
   $template->append(
     'comments',

admin/history.php

@@ -259,7 +259,7 @@ SELECT '.$conf['user_fields']['id'].' AS id
     $username_of = array();
     while ($row = mysql_fetch_assoc($result))
     {
-      $username_of[$row['id']] = $row['username'];
+      $username_of[$row['id']] = stripslashes($row['username']);
     }
   }
 

admin/include/c13y_internal.class.php

@@ -195,7 +195,7 @@ class c13y_internal
             $inserts = array(
               array(
                 'id'       => $id,
-                'username' => $name,
+                'username' => addslashes($name),
                 'password' => $password
                 ),
               );

admin/include/functions.php

@@ -2112,7 +2112,7 @@ SELECT '.$conf['user_fields']['username'].'
     return false;
   }
 
-  return $username;
+  return stripslashes($username);
 }
 
 function get_newsletter_subscribe_base_url($language) {

admin/include/functions_notification_by_mail.inc.php

@@ -288,7 +288,7 @@ function inc_mail_sent_success($nbm_user)
   global $page, $env_nbm;
 
   $env_nbm['sent_mail_count'] += 1;
-  array_push($page['infos'], sprintf($env_nbm['msg_info'], $nbm_user['username'], $nbm_user['mail_address']));
+  array_push($page['infos'], sprintf($env_nbm['msg_info'], stripslashes($nbm_user['username']), $nbm_user['mail_address']));
 }
 
 /*
@@ -301,7 +301,7 @@ function inc_mail_sent_failed($nbm_user)
   global $page, $env_nbm;
 
   $env_nbm['error_on_mail_count'] += 1;
-  array_push($page['errors'], sprintf($env_nbm['msg_error'], $nbm_user['username'], $nbm_user['mail_address']));
+  array_push($page['errors'], sprintf($env_nbm['msg_error'], stripslashes($nbm_user['username']), $nbm_user['mail_address']));
 }
 
 /*
@@ -338,7 +338,7 @@ function assign_vars_nbm_mail_content($nbm_user)
   (
     array
     (
-      'USERNAME' => $nbm_user['username'],
+      'USERNAME' => stripslashes($nbm_user['username']),
 
       'SEND_AS_NAME' => $env_nbm['send_as_name'],
 
@@ -427,7 +427,7 @@ function do_subscribe_unsubscribe_notification_by_mail($is_admin_request, $is_su
 
         if (pwg_mail
             (
-              format_email($nbm_user['username'], $nbm_user['mail_address']),
+              format_email(stripslashes($nbm_user['username']), $nbm_user['mail_address']),
               array
               (
                 'from' => $env_nbm['send_as_mail_formated'],
@@ -465,12 +465,12 @@ function do_subscribe_unsubscribe_notification_by_mail($is_admin_request, $is_su
           )
         );
         $updated_data_count += 1;
-        array_push($page['infos'], sprintf($msg_info, $nbm_user['username'], $nbm_user['mail_address']));
+        array_push($page['infos'], sprintf($msg_info, stripslashes($nbm_user['username']), $nbm_user['mail_address']));
       }
       else
       {
         $error_on_updated_data_count += 1;
-        array_push($page['errors'], sprintf($msg_error, $nbm_user['username'], $nbm_user['mail_address']));
+        array_push($page['errors'], sprintf($msg_error, stripslashes($nbm_user['username']), $nbm_user['mail_address']));
       }
 
     }

admin/notification_by_mail.php

@@ -175,7 +175,7 @@ order by
         $page['infos'],
         sprintf(
           l10n('nbm_user_x_added'),
-          $nbm_user['username'],
+          stripslashes($nbm_user['username']),
           get_email_address_as_display_text($nbm_user['mail_address'])
         )
       );
@@ -388,7 +388,7 @@ function do_action_send_mail_notification($action = 'list_to_send', $check_key_l
 
               if (pwg_mail
                   (
-                    format_email($nbm_user['username'], $nbm_user['mail_address']),
+                    format_email(stripslashes($nbm_user['username']), $nbm_user['mail_address']),
                     array
                     (
                       'from' => $env_nbm['send_as_mail_formated'],
@@ -665,7 +665,7 @@ switch ($page['mode'])
     {
       if (get_boolean($nbm_user['enabled']))
       {
-        $opt_true[ $nbm_user['check_key'] ] = $nbm_user['username'].'['.get_email_address_as_display_text($nbm_user['mail_address']).']';
+        $opt_true[ $nbm_user['check_key'] ] = stripslashes($nbm_user['username']).'['.get_email_address_as_display_text($nbm_user['mail_address']).']';
         if ((isset($_POST['falsify']) and isset($_POST['cat_true']) and in_array($nbm_user['check_key'], $_POST['cat_true'])))
         {
           $opt_true_selected[] = $nbm_user['check_key'];
@@ -673,7 +673,7 @@ switch ($page['mode'])
       }
       else
       {
-        $opt_false[ $nbm_user['check_key'] ] = $nbm_user['username'].'['.get_email_address_as_display_text($nbm_user['mail_address']).']';
+        $opt_false[ $nbm_user['check_key'] ] = stripslashes($nbm_user['username']).'['.get_email_address_as_display_text($nbm_user['mail_address']).']';
         if (isset($_POST['trueify']) and isset($_POST['cat_false']) and in_array($nbm_user['check_key'], $_POST['cat_false']))
         {
           $opt_false_selected[] = $nbm_user['check_key'];
@@ -718,7 +718,7 @@ switch ($page['mode'])
                               isset($_POST['send_selection']) and // not init
                               !in_array($nbm_user['check_key'], $_POST['send_selection']) // not selected
                             )   ? '' : 'checked="checked"',
-              'USERNAME'=> $nbm_user['username'],
+              'USERNAME'=> stripslashes($nbm_user['username']),
               'EMAIL' => get_email_address_as_display_text($nbm_user['mail_address']),
               'LAST_SEND'=> $nbm_user['last_send']
               );

admin/rating.php

@@ -96,7 +96,7 @@ SELECT '.$conf['user_fields']['username'].' as username, '.$conf['user_fields'][
 $result = pwg_query($query);
 while ($row = mysql_fetch_assoc($result))
 {
-  $users[$row['id']]=$row['username'];
+  $users[$row['id']]=stripslashes($row['username']);
 }
 
 

admin/upload.php

@@ -177,7 +177,7 @@ while ( $row = mysql_fetch_assoc( $result ) )
           (substr($row['file'], 0, 10)).'...' : $row['file'],
       'PREVIEW_URL_IMG'=>$preview_url,
       'UPLOAD_EMAIL'=>get_email_address_as_display_text($row['mail_address']),
-      'UPLOAD_USERNAME'=>$row['username']
+      'UPLOAD_USERNAME'=>stripslashes($row['username'])
     );
 
   // is there an existing associated thumnail ?

admin/user_list.php

@@ -702,7 +702,7 @@ foreach ($visible_user_list as $local_user)
       'CHECKED' => $checked,
       'U_PROFILE' => $profile_url.$local_user['id'],
       'U_PERM' => $perm_url.$local_user['id'],
-      'USERNAME' => $local_user['username']
+      'USERNAME' => stripslashes($local_user['username'])
         .($local_user['id'] == $conf['guest_id']
           ? '<br>['.l10n('is_the_guest').']' : '')
         .($local_user['id'] == $conf['default_user_id']

feed.php

@@ -106,7 +106,7 @@ set_make_full_url();
 $rss = new UniversalFeedCreator();
 $rss->encoding=get_pwg_charset();
 $rss->title = $conf['gallery_title'];
-$rss->title.= ' (as '.$user['username'].')';
+$rss->title.= ' (as '.stripslashes($user['username']).')';
 
 $rss->link = $conf['gallery_url'];
 

include/functions_comment.inc.php

@@ -99,7 +99,7 @@ function insert_user_comment( &$comm, $key, &$infos )
       $query = '
 SELECT COUNT(*) AS user_exists
   FROM '.USERS_TABLE.'
-  WHERE '.$conf['user_fields']['username']." = '".$comm['author']."'";
+  WHERE '.$conf['user_fields']['username']." = '".addslashes($comm['author'])."'";
       $row = mysql_fetch_assoc( pwg_query( $query ) );
       if ( $row['user_exists'] == 1 )
       {

include/functions_mail.inc.php

@@ -364,7 +364,7 @@ order by
   {
     $keyargs_content_admin_info = array
     (
-      get_l10n_args('Connected user: %s', $user['username']),
+      get_l10n_args('Connected user: %s', stripslashes($user['username'])),
       get_l10n_args('IP: %s', $_SERVER['REMOTE_ADDR']),
       get_l10n_args('Browser: %s', $_SERVER['HTTP_USER_AGENT'])
     );
@@ -483,7 +483,7 @@ WHERE
         {
           if (!empty($row['mail_address']))
           {
-            array_push($Bcc, format_email($row['username'], $row['mail_address']));
+            array_push($Bcc, format_email(stripslashes($row['username']), $row['mail_address']));
           }
         }
 
@@ -794,7 +794,7 @@ function pwg_send_mail($result, $to, $subject, $content, $headers)
     $dir = $conf['local_data_dir'].'/tmp';
     if ( mkgetdir( $dir,  MKGETDIR_DEFAULT&~MKGETDIR_DIE_ON_ERROR) )
     {
-      $filename = $dir.'/mail.'.$user['username'].'.'.$lang_info['code'].'.'.$args['template'].'.'.$args['theme'];
+      $filename = $dir.'/mail.'.stripslashes($user['username']).'.'.$lang_info['code'].'.'.$args['template'].'.'.$args['theme'];
       if ($args['content_format'] == 'text/plain')
       {
         $filename .= '.txt';

include/functions_user.inc.php

@@ -170,7 +170,7 @@ SELECT id
 
       $keyargs_content = array
       (
-        get_l10n_args('User: %s', $login),
+        get_l10n_args('User: %s', stripslashes($login)),
         get_l10n_args('Email: %s', $_POST['mail_address']),
         get_l10n_args('', ''),
         get_l10n_args('Admin: %s', $admin_url)
@@ -178,7 +178,7 @@ SELECT id
 
       pwg_mail_notification_admins
       (
-        get_l10n_args('Registration of %s', $login),
+        get_l10n_args('Registration of %s', stripslashes($login)),
         $keyargs_content
       );
     }
@@ -933,8 +933,8 @@ WHERE '.$conf['user_fields']['id'].' = '.$user_id;
   if (mysql_num_rows($result) > 0)
   {
     $row = mysql_fetch_assoc($result);
-    $username = $row['username'];
-    $data = $time.$row['username'].$row['password'];
+    $username = stripslashes($row['username']);
+    $data = $time.stripslashes($row['username']).$row['password'];
     $key = base64_encode(
       pack('H*', sha1($data))
       .hash_hmac('md5', $data, $conf['secret_key'],true)
@@ -1018,7 +1018,7 @@ function auto_login() {
       if ($key!==false and $key===$cookie[2])
       {
         log_user($cookie[0], true);
-        trigger_action('login_success', $username);
+        trigger_action('login_success', stripslashes($username));
         return true;
       }
     }
@@ -1039,16 +1039,16 @@ function try_log_user($username, $password, $remember_me)
 SELECT '.$conf['user_fields']['id'].' AS id,
        '.$conf['user_fields']['password'].' AS password
   FROM '.USERS_TABLE.'
-  WHERE '.$conf['user_fields']['username'].' = \''.$username.'\'
+  WHERE '.$conf['user_fields']['username'].' = \''.mysql_real_escape_string($username).'\'
 ;';
   $row = mysql_fetch_assoc(pwg_query($query));
   if ($row['password'] == $conf['pass_convert']($password))
   {
     log_user($row['id'], $remember_me);
-    trigger_action('login_success', $username);
+    trigger_action('login_success', stripslashes($username));
     return true;
   }
-  trigger_action('login_failure', $username);
+  trigger_action('login_failure', stripslashes($username));
   return false;
 }
 

include/menubar.inc.php

@@ -281,7 +281,7 @@ function initialize_menu()
   }
   else
   {
-    $template->assign('USERNAME', $user['username']);
+    $template->assign('USERNAME', stripslashes($user['username']));
     if (is_autorize_status(ACCESS_CLASSIC))
     {
       $template->assign('U_PROFILE', get_root_url().'profile.php');

include/picture_comment.inc.php

@@ -46,8 +46,8 @@ if ( $page['show_comments'] and isset( $_POST['content'] ) )
   }
 
   $comm = array(
-    'author' => trim(@$_POST['author']),
-    'content' => trim($_POST['content']),
+    'author' => trim( stripslashes(@$_POST['author']) ),
+    'content' => trim( stripslashes($_POST['content']) ),
     'image_id' => $page['image_id'],
    );
 
@@ -152,7 +152,7 @@ $validated_clause.'
       }
       else
       {
-	$author = $row['username'];
+	$author = stripslashes($row['username']);
       }
 
       $tpl_comment =

include/ws_functions.inc.php

@@ -523,8 +523,8 @@ SELECT DISTINCT image_id
   }
 
   $comm = array(
-    'author' => trim($params['author']),
-    'content' => trim($params['content']),
+    'author' => trim( stripslashes($params['author']) ),
+    'content' => trim( stripslashes($params['content']) ),
     'image_id' => $params['image_id'],
    );
 
@@ -700,7 +700,7 @@ SELECT id, date, author, content
       )
       )
   {
-    $comment_post_data['author'] = $user['username'];
+    $comment_post_data['author'] = stripslashes($user['username']);
     $comment_post_data['key'] = get_comment_post_key($params['image_id']);
   }
 
@@ -1254,7 +1254,7 @@ function ws_session_getStatus($params, &$service)
 {
   global $user;
   $res = array();
-  $res['username'] = is_a_guest() ? 'guest' : $user['username'];
+  $res['username'] = is_a_guest() ? 'guest' : stripslashes($user['username']);
   foreach ( array('status', 'template', 'theme', 'language') as $k )
   {
     $res[$k] = $user[$k];

password.php

@@ -84,7 +84,7 @@ WHERE '
         $new_password = generate_key(6);
 
         $infos =
-          l10n('Username').': '.$row['username']
+          l10n('Username').': '.stripslashes($row['username'])
           ."\n".l10n('Password').': '.$new_password
           ;
 

profile.php

@@ -243,7 +243,7 @@ function load_profile_in_template($url_action, $url_redirect, $userdata)
 
   $template->assign(
     array(
-      'USERNAME'=>$userdata['username'],
+      'USERNAME'=>stripslashes($userdata['username']),
       'EMAIL'=>get_email_address_as_display_text(@$userdata['email']),
       'NB_IMAGE_LINE'=>$userdata['nb_image_line'],
       'NB_ROW_PAGE'=>$userdata['nb_line_page'],

upload.php

@@ -360,10 +360,10 @@ else
 $template->assign(
   array(
     'ADVISE_TITLE' => $advise_title,
-    'NAME' => $username,
+    'NAME' => stripslashes($username),
     'EMAIL' => $mail_address,
     'NAME_IMG' => $name,
-    'AUTHOR_IMG' => $author,
+    'AUTHOR_IMG' => stripslashes($author),
     'DATE_IMG' => $date_creation,
     'COMMENT_IMG' => $comment,