diff --git a/actions/listpages.php b/actions/listpages.php
index 0daa4abf1..42f8b8ad3 100755
--- a/actions/listpages.php
+++ b/actions/listpages.php
@@ -115,7 +115,7 @@
$links[$tree] = array();
} // switch
if ($sort != 'tag') {
- $sql .= ' WHERE a.tag = "' . AddSlashes($tree) . '" AND a.latest = "Y" LIMIT 1';
+ $sql .= ' WHERE a.tag = "' . $this->services->get(\YesWiki\Core\Service\DbService::class)->escape($tree) . '" AND a.latest = "Y" LIMIT 1';
if (!$rootData = $this->LoadSingle($sql)) {
echo '
'._t('ERROR').' '._t('ACTION').' ListPages : '._('THE_PAGE').' ' . htmlspecialchars($tree, ENT_COMPAT, YW_CHARSET) . ' '._t('DOESNT_EXIST').' !
';
return;
@@ -132,8 +132,8 @@
// to avoid many loops and computing several time the lists needed for the request,
// we store them into variables
- $from = '"' . AddSlashes($tree) . '"';
- $exclude[] = AddSlashes($tree);
+ $from = '"' . $this->services->get(\YesWiki\Core\Service\DbService::class)->escape($tree) . '"';
+ $exclude[] = $this->services->get(\YesWiki\Core\Service\DbService::class)->escape($tree);
$exclude_str = '"' . implode('", "', $exclude) . '"';
for ($i = 1; $i <= $levels; $i++) {
if ($from) {
@@ -151,7 +151,7 @@
$sql .= ' WHERE from_tag IN (' . $from . ')'
. ' AND to_tag NOT IN (' . $from . ')'
. ' AND to_tag = a.tag'
- . ' AND a.owner = "' . AddSlashes($owner) . '"'
+ . ' AND a.owner = "' . $this->services->get(\YesWiki\Core\Service\DbService::class)->escape($owner) . '"'
. ' AND a.latest = "Y"';
} else {
$sql = 'SELECT from_tag, to_tag, a.tag IS NOT NULL page_exists';
@@ -208,7 +208,7 @@
$from = '';
$newworkingon = array();
foreach ($pages as $page) {
- $to_tag = '"' . AddSlashes($page['to_tag']) . '"';
+ $to_tag = '"' . $this->services->get(\YesWiki\Core\Service\DbService::class)->escape($page['to_tag']) . '"';
$workingon[$page['from_tag']][$page['to_tag']] = array('page_exists' => $page['page_exists'], 'haslinksto' => array());
if ($sort != 'tag') {
$workingon[$page['from_tag']][$page['to_tag']][$sort] = $page[$sort];
@@ -316,9 +316,9 @@ function ShowPageTree($tree, &$wiki, $show = 'tag', $indent = 0)
LEFT JOIN ' . $prefix . 'users ON b.user = name
LEFT JOIN ' . $prefix . 'pages user_page ON name = user_page.tag AND user_page.latest = "Y"'
. ($owner ? '' : ' LEFT JOIN ' . $prefix . 'pages owner_page ON b.owner = owner_page.tag AND owner_page.latest = "Y"')
- . ' WHERE a.user = "' . AddSlashes($user) . '"'
+ . ' WHERE a.user = "' . $this->services->get(\YesWiki\Core\Service\DbService::class)->escape($user) . '"'
. ' AND a.tag = b.tag AND b.latest = "Y"'
- . ($owner ? ' AND b.owner = "' . AddSlashes($owner) . '"' : '');
+ . ($owner ? ' AND b.owner = "' . $this->services->get(\YesWiki\Core\Service\DbService::class)->escape($owner) . '"' : '');
} elseif ($owner) {
if ($sort == 'user') {
$sql = 'SELECT a.tag, a.time,
@@ -329,7 +329,7 @@ function ShowPageTree($tree, &$wiki, $show = 'tag', $indent = 0)
} else {
$sql = 'SELECT tag, time FROM ' . $prefix . 'pages a';
}
- $sql .= ' WHERE a.owner = "' . AddSlashes($owner) . '" AND a.latest = "Y"';
+ $sql .= ' WHERE a.owner = "' . $this->services->get(\YesWiki\Core\Service\DbService::class)->escape($owner) . '" AND a.latest = "Y"';
} else {
if ($sort == 'user') {
$sql = 'SELECT a.tag, a.owner,
diff --git a/actions/newtextsearch.php b/actions/newtextsearch.php
index 1ebd29081..82199e916 100644
--- a/actions/newtextsearch.php
+++ b/actions/newtextsearch.php
@@ -148,7 +148,7 @@ function displayNewSearchResult($string, $phrase, $needles = [])
// Modification de caractère spéciaux
$phraseFormatted= str_replace(array('*', '?'), array('%', '_'), $phrase);
- $phraseFormatted = addslashes($phraseFormatted);
+ $phraseFormatted = $this->services->get(\YesWiki\Core\Service\DbService::class)->escape($phraseFormatted);
// Blablabla SQL
$requestfull = 'SELECT body, tag FROM '.$prefixe.'pages
diff --git a/includes/User.class.php b/includes/User.class.php
index f81597e47..97374fb3b 100644
--- a/includes/User.class.php
+++ b/includes/User.class.php
@@ -1000,7 +1000,7 @@ protected function emailExistsInDB($email)
{
/* Build sql query*/
$sql = 'SELECT * FROM '.$this->usersTable;
- $sql .= ' WHERE email = "'.$email.'";';
+ $sql .= ' WHERE email = "'.mysqli_real_escape_string($this->wiki->dblink,$email).'";';
/* Execute query */
$results = $this->wiki->loadAll($sql);
return $results; // If the password does not already exist in DB, $result is an empty table => false
diff --git a/tools/bazar/services/FormManager.php b/tools/bazar/services/FormManager.php
index 137100603..2332c9f5e 100644
--- a/tools/bazar/services/FormManager.php
+++ b/tools/bazar/services/FormManager.php
@@ -46,7 +46,7 @@ public function getOne($formId): ?array
return $this->cachedForms[$formId];
}
- $form = $this->dbService->loadSingle('SELECT * FROM ' . $this->dbService->prefixTable('nature') . 'WHERE bn_id_nature=\'' . $formId . '\'');
+ $form = $this->dbService->loadSingle('SELECT * FROM ' . $this->dbService->prefixTable('nature') . 'WHERE bn_id_nature=\'' . $this->dbService->escape($formId) . '\'');
if (!$form) {
return null;
@@ -105,13 +105,13 @@ public function create($data)
return $this->dbService->query('INSERT INTO ' . $this->dbService->prefixTable('nature')
. '(`bn_id_nature` ,`bn_ce_i18n` ,`bn_label_nature` ,`bn_template` ,`bn_description` ,`bn_sem_context` ,`bn_sem_type` ,`bn_sem_use_template` ,`bn_condition`)'
. ' VALUES (' . $data['bn_id_nature'] . ', "fr-FR", "'
- . addslashes(_convert($data['bn_label_nature'], YW_CHARSET, true)) . '","'
- . addslashes(_convert($data['bn_template'], YW_CHARSET, true)) . '", "'
- . addslashes(_convert($data['bn_description'], YW_CHARSET, true)) . '", "'
- . addslashes(_convert($data['bn_sem_context'], YW_CHARSET, true)) . '", "'
- . addslashes(_convert($data['bn_sem_type'], YW_CHARSET, true)) . '", '
+ . $this->dbService->escape(_convert($data['bn_label_nature'], YW_CHARSET, true)) . '","'
+ . $this->dbService->escape(_convert($data['bn_template'], YW_CHARSET, true)) . '", "'
+ . $this->dbService->escape(_convert($data['bn_description'], YW_CHARSET, true)) . '", "'
+ . $this->dbService->escape(_convert($data['bn_sem_context'], YW_CHARSET, true)) . '", "'
+ . $this->dbService->escape(_convert($data['bn_sem_type'], YW_CHARSET, true)) . '", '
. (isset($data['bn_sem_use_template']) ? '1' : '0') . ', "'
- . addslashes(_convert($data['bn_condition'], YW_CHARSET, true)) . '")');
+ . $this->dbService->escape(_convert($data['bn_condition'], YW_CHARSET, true)) . '")');
}
public function update($data)
@@ -120,14 +120,14 @@ public function update($data)
throw new \Exception(_t('WIKI_IN_HIBERNATION'));
}
return $this->dbService->query('UPDATE' . $this->dbService->prefixTable('nature') . 'SET '
- . '`bn_label_nature`="' . addslashes(_convert($data['bn_label_nature'], YW_CHARSET, true)) . '" ,'
- . '`bn_template`="' . addslashes(_convert($data['bn_template'], YW_CHARSET, true)) . '" ,'
- . '`bn_description`="' . addslashes(_convert($data['bn_description'], YW_CHARSET, true)) . '" ,'
- . '`bn_sem_context`="' . addslashes(_convert($data['bn_sem_context'], YW_CHARSET, true)) . '" ,'
- . '`bn_sem_type`="' . addslashes(_convert($data['bn_sem_type'], YW_CHARSET, true)) . '" ,'
+ . '`bn_label_nature`="' . $this->dbService->escape(_convert($data['bn_label_nature'], YW_CHARSET, true)) . '" ,'
+ . '`bn_template`="' . $this->dbService->escape(_convert($data['bn_template'], YW_CHARSET, true)) . '" ,'
+ . '`bn_description`="' . $this->dbService->escape(_convert($data['bn_description'], YW_CHARSET, true)) . '" ,'
+ . '`bn_sem_context`="' . $this->dbService->escape(_convert($data['bn_sem_context'], YW_CHARSET, true)) . '" ,'
+ . '`bn_sem_type`="' . $this->dbService->escape(_convert($data['bn_sem_type'], YW_CHARSET, true)) . '" ,'
. '`bn_sem_use_template`=' . (isset($data['bn_sem_use_template']) ? '1' : '0') . ' ,'
- . '`bn_condition`="' . addslashes(_convert($data['bn_condition'], YW_CHARSET, true)) . '"'
- . ' WHERE `bn_id_nature`=' . $data['bn_id_nature']);
+ . '`bn_condition`="' . $this->dbService->escape(_convert($data['bn_condition'], YW_CHARSET, true)) . '"'
+ . ' WHERE `bn_id_nature`=' . $this->dbService->escape($data['bn_id_nature']));
}
public function clone($id)
@@ -155,7 +155,7 @@ public function delete($id)
}
$this->clear($id);
- return $this->dbService->query('DELETE FROM ' . $this->dbService->prefixTable('nature') . 'WHERE bn_id_nature=' . $id);
+ return $this->dbService->query('DELETE FROM ' . $this->dbService->prefixTable('nature') . 'WHERE bn_id_nature=' . $this->dbService->escape($id));
}
public function clear($id)
@@ -167,14 +167,14 @@ public function clear($id)
'DELETE FROM' . $this->dbService->prefixTable('acls') .
'WHERE page_tag IN (SELECT tag FROM ' . $this->dbService->prefixTable('pages') .
'WHERE tag IN (SELECT resource FROM ' . $this->dbService->prefixTable('triples') .
- 'WHERE property="http://outils-reseaux.org/_vocabulary/type" AND value="fiche_bazar") AND body LIKE \'%"id_typeannonce":"' . $id . '"%\' );'
+ 'WHERE property="http://outils-reseaux.org/_vocabulary/type" AND value="fiche_bazar") AND body LIKE \'%"id_typeannonce":"' . $this->dbService->escape($id) . '"%\' );'
);
// TODO use PageManager
$this->dbService->query(
'DELETE FROM' . $this->dbService->prefixTable('pages') .
'WHERE tag IN (SELECT resource FROM ' . $this->dbService->prefixTable('triples') .
- 'WHERE property="http://outils-reseaux.org/_vocabulary/type" AND value="fiche_bazar") AND body LIKE \'%"id_typeannonce":"' . $id . '"%\';'
+ 'WHERE property="http://outils-reseaux.org/_vocabulary/type" AND value="fiche_bazar") AND body LIKE \'%"id_typeannonce":"' . $this->dbService->escape($id) . '"%\';'
);
// TODO use TripleStore
diff --git a/tools/security/actions/despam.php b/tools/security/actions/despam.php
index 62194fa4f..60260851f 100755
--- a/tools/security/actions/despam.php
+++ b/tools/security/actions/despam.php
@@ -62,7 +62,7 @@
"select *
from ".$this->config["table_prefix"]."pages
where
- time > date_sub(now(), interval " . addslashes($_POST['from']) . " hour)
+ time > date_sub(now(), interval " . $this->services->get(\YesWiki\Core\Service\DbService::class)->escape($_POST['from']) . " hour)
and latest = 'Y'
order by `time` desc";
$title =