From 4d66b5fbf9e45f7ec0108812925c752af5032f9d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?S=C3=A9bastien=20Luttringer?= <seblu@seblu.net>
Date: Mon, 8 Mar 2010 02:28:49 +0000
Subject: [PATCH] securting sql function by escaping fix year "avant" video
 link use year 2000. Now it use as identifier

---
 include/functions_sql.php | 135 ++++++++++++++++++++------------------
 include/videos.php        |  36 +++++-----
 2 files changed, 90 insertions(+), 81 deletions(-)

diff --git a/include/functions_sql.php b/include/functions_sql.php
index 45fdf76..c8dca83 100644
--- a/include/functions_sql.php
+++ b/include/functions_sql.php
@@ -4,177 +4,184 @@
 ##########   SQL NEWS   ########
 ################################
 
-function getOneNews($news_id){
+function getOneNews($news_id) {
+  $news_id = mysql_real_escape_string($news_id);
   $query = "select * from $DB.news_db WHERE news_id = '$news_id'";
-  return $result = mysql_query($query);
-  }
-
+  return mysql_query($query);
+}
 
-function getLastNews($tendu){
+function getLastNews($tendu) {
+  $tendu = mysql_real_escape_string($tendu);
   $query = "SELECT * FROM $DB.news_db WHERE news_tendu<='$tendu' ORDER BY news_date desc, news_time desc";
-  return $result = mysql_query($query);
+  return mysql_query($query);
 }
 
-
 ################################
 ##########  SQL EDITO   ########
 ################################
 
-function getOneEdito($edito_id){
+function getOneEdito($edito_id) {
+  $edito_id = mysql_real_escape_string($edito_id);
   $query = "select * from $DB.editos_db WHERE edito_id = '$edito_id'";
-  return $result = mysql_query($query);
+  return mysql_query($query);
 }
 
-
-function getLastEdito(){
+function getLastEdito() {
   $query = "select * from $DB.editos_db ORDER BY edito_date DESC";
-  return $result = mysql_query($query);
+  return mysql_query($query);
 }
 
-function getAllEdito(){
+function getAllEdito() {
   $query = "select * from $DB.editos_db ORDER BY edito_date DESC";
-  return $result = mysql_query($query);
+  return mysql_query($query);
 }
 
 ################################
 ##########  SQL VIDEOS  ########
 ################################
 
-
 function getOneVideo($vid_id){
   $vid_id = mysql_real_escape_string($vid_id);
   $query = "select * from $DB.videos_db WHERE video_id = '$vid_id'";
   return mysql_query($query);
 }
 
-
 function getAllVideos() {
   $query = "select * from $DB.videos_db ORDER BY video_date desc, video_time desc";
-  return $result = mysql_query($query);
+  return mysql_query($query);
 }
 
-
-function getLastVideos(){
+function getLastVideos() {
   $query = "select * from $DB.videos_db ORDER BY video_id desc";
-  return $result = mysql_query($query);
+  return mysql_query($query);
 }
 
-function getVideosByType( $type){
+function getVideosByType($type) {
+  $type = mysql_real_escape_string($type);
   $query = "select * from $DB.videos_db WHERE video_type='$type' ORDER BY video_date desc";
-  return $result = mysql_query($query);
+  return mysql_query($query);
 }
 
-function getVideosByYearAndTypeAndTendu($year, $type, $tendu){
-  if ($year == 2000)
+function getVideosByYearAndTypeAndTendu($year, $type, $tendu) {
+  $year = mysql_real_escape_string($year);
+  $type = mysql_real_escape_string($type);
+  $tendu = mysql_real_escape_string($tendu);
+  if ($year == 0)
     $query = "select * from $DB.videos_db
-	      WHERE video_type='$type' AND video_tendu<='$tendu' AND YEAR(video_date)<='$year'
+	      WHERE video_type='$type' AND video_tendu<='$tendu' AND YEAR(video_date)<='2000'
 	      ORDER BY video_date desc";
   else
     $query = "select * from $DB.videos_db
 	      WHERE video_type='$type' AND video_tendu<='$tendu' AND YEAR(video_date)='$year'
 	      ORDER BY video_date desc";
-  return $result = mysql_query($query);
+  return mysql_query($query);
 }
 
-function getLastVideosByTendu($tendu){
+function getLastVideosByTendu($tendu) {
+  $tendu = mysql_real_escape_string($tendu);
   $query = "select * from $DB.videos_db WHERE video_tendu<='$tendu' ORDER BY video_id desc";
-  return $result = mysql_query($query);
+  return mysql_query($query);
 }
 
 ##################################
 ##########  SQL CONTACTS  ########
 ##################################
 
-function getAssoInfos(){
+function getAssoInfos() {
   $query = "select * from $DB.asso_db";
-  return $result = mysql_query($query);
+  return mysql_query($query);
 }
 
-function getOneLinkById($ID){
-  $query = "select * from $DB.links_db WHERE link_id='$ID'";
-  return $result = mysql_query($query);
+function getOneLinkById($id) {
+  $id = mysql_real_escape_string($id);
+  $query = "select * from $DB.links_db WHERE link_id='$id'";
+  return mysql_query($query);
 }
 
-function getAllLinks(){
+function getAllLinks() {
   $query = "select * from $DB.links_db";
-  return $result = mysql_query($query);
+  return mysql_query($query);
 }
 
-
 ###############################
 ##########  SQL USERS  ########
 ###############################
 
 
-function getOneUserByName($login){
+function getOneUserByName($login) {
+  $login = mysql_real_escape_string($login);
   $query = "select * from $DB.users_db WHERE user_login='$login'";
-  return $result = mysql_query($query);
+  return mysql_query($query);
 }
 
-function getOneUserByPseudo($pseudo){
+function getOneUserByPseudo($pseudo) {
+  $pseudo = mysql_real_escape_string($pseudo);
   $query = "select * from $DB.users_db WHERE user_pseudo='$pseudo'";
-  return $result = mysql_query($query);
+  return mysql_query($query);
 }
 
-
-function getOneUserById($ID){
-  $query = "select * from $DB.users_db WHERE user_id='$ID'";
-  return $result = mysql_query($query);
+function getOneUserById($id) {
+  $id = mysql_real_escape_string($id);
+  $query = "select * from $DB.users_db WHERE user_id='$id'";
+  return mysql_query($query);
 }
 
-
-function getAllUsers(){
+function getAllUsers() {
   $query = "select * from $DB.users_db WHERE user_right < 7 ORDER BY user_right desc";
-  return $result = mysql_query($query);
+  return mysql_query($query);
 }
 
-function getUsersByStatut($statut){
+function getUsersByStatut($statut) {
+  $statut = mysql_real_escape_string($statut);
   $query = "SELECT * FROM $DB.users_db WHERE user_statut='$statut' ORDER BY user_right desc";
-  return $result = mysql_query($query);
+  return mysql_query($query);
 }
 
 ################################
 ##########  SQL MEMBERS  ########
 ################################
 
-function getAllMembers(){
+function getAllMembers() {
   $query = "select * from $DB.users_db WHERE user_right >= 7";
-  return $result = mysql_query($query);
+  return mysql_query($query);
 }
 
-function getAnExistingStatut($statut){
+function getAnExistingStatut($statut) {
+  $statut = mysql_real_escape_string($statut);
   $query = "select * from $DB.users_db WHERE user_statut = '$statut'";
-  return $result = mysql_query($query);
+  return mysql_query($query);
 }
 
 ####################################
 ##########   SQL Blacklist  ########
 ####################################
 
-function getOneBlacklistById($id){
+function getOneBlacklistById($id) {
+  $id = mysql_real_escape_string($id);
   $query = "select * from $DB.blacklist_db WHERE blacklist_id='$id'";
-  return $result = mysql_query($query);
+  return mysql_query($query);
 }
 
-function getOneBlacklistByLogin($login){
+function getOneBlacklistByLogin($login) {
+  $login = mysql_real_escape_string($login);
   $query = "select * from $DB.blacklist_db WHERE blacklist_login='$login'";
-  return $result = mysql_query($query);
+  return mysql_query($query);
 }
 
-
-function getAllBlacklist(){
+function getAllBlacklist() {
   $query = "select * from $DB.blacklist_db";
-  return $result = mysql_query($query);
+  return mysql_query($query);
 }
 
-function getAllBlacksite(){
+function getAllBlacksite() {
   $query = "select * from $DB.blacksites_db";
-  return $result = mysql_query($query);
+  return mysql_query($query);
 }
 
-function getOneBlacksiteById($id){
+function getOneBlacksiteById($id) {
+  $id = mysql_real_escape_string($id);
   $query = "select * from $DB.blacksites_db WHERE blacksite_id='$id'";
-  return $result = mysql_query($query);
+  return mysql_query($query);
 }
 
 ?>
\ No newline at end of file
diff --git a/include/videos.php b/include/videos.php
index 94552b0..f0c11fb 100644
--- a/include/videos.php
+++ b/include/videos.php
@@ -4,19 +4,23 @@ define('DEFAULT_YEAR', '2010');
 
 function dispVideos() {
 
-(isset($_GET['year_page'])) ? ($curyear = " ".$_GET['year_page']) : ($curyear = " ".DEFAULT_YEAR);
+  if (!isset($_GET['year_page']))
+    $yeartitle = DEFAULT_YEAR;
+  elseif ($_GET['year_page'] == 0)
+    $yeartitle = "2000 et avant";
+  else
+    $yeartitle = $_GET['year_page'];
 
-$str = '
-	<!-- main body -->
-    <div id="main_body">
+  $str = '
+  <div id="main_body">
     	<div id="left_side">
             <div id="newsbox">
-                <h1><img alt="" src="images/puce.png" /> <strong>Videos'. $curyear .'</strong></h1>
+                <h1><img alt="" src="images/puce.png" /> <strong>Videos de '. $yeartitle .'</strong></h1>
                 <ul>';
 
-	$str .= dispVideosYear();
+  $str .= dispVideosYear();
 
-	$str .= '
+  $str .= '
             </ul></div>
 	    </div>
 
@@ -25,17 +29,15 @@ $str = '
                 <h1><img alt="" src="images/puce.png" /> <strong>Ann&eacute;es</strong></h1>
                 ';
 
-	$str .= dispVideosMenu();
+  $str .= dispVideosMenu();
 
-	$str .= '
+  $str .= '
             </div>
         </div>
         <div class="clr">&nbsp;</div>
-    </div>
-';
+    </div>';
 
-
-echo $str;
+  echo $str;
 }
 
 function dispVideosMenu(){
@@ -50,19 +52,19 @@ function dispVideosMenu(){
   $str .= '<li><a href="index.php?section=Videos&year_page=2003" class="texte_link">2003</a></li>';
   $str .= '<li><a href="index.php?section=Videos&year_page=2002" class="texte_link">2002</a></li>';
   $str .= '<li><a href="index.php?section=Videos&year_page=2001" class="texte_link">2001</a></li>';
-  $str .= '<li><a href="index.php?section=Videos&year_page=2000" class="texte_link">avant</a></li>';
+  $str .= '<li><a href="index.php?section=Videos&year_page=0" class="texte_link">2000 et avant</a></li>';
   $str .= '</ul>';
   return $str;
 }
 
 
 function dispVideosYear(){
-  if ($_GET['year_page'])
+  if (isset($_GET['year_page']))
     $year_page = $_GET['year_page'];
   else
     $year_page = DEFAULT_YEAR;
 
-  $str = '';//'<B>'.$year_page.'</B>';
+  $str = '';
 
   if ($_SESSION["user_right"] >= $GLOBALS["PRIV_GUEST"] ) {
     $result_prod = getVideosByYearAndTypeAndTendu($year_page, "eptvprod", 2);
@@ -87,7 +89,7 @@ function dispVideosYear(){
   if (mysql_num_rows($result_adm))
     $str .= dispVideosByType($result_adm, "&nbsp;e p t v . a d m");
 
-  return ($str);
+  return $str;
 }
 
 
-- 
GitLab