BUILD : 1.7.16 (1175) BUGS : 612 NOTES : Fixed a number of MySQL/RDB-related functions which did not correctly escape their arguments

git-svn-id: svn://svn.anope.org/anope/trunk@1175 31f1291d-b8d6-0310-a050-a5561fc1590b git-svn-id: http://anope.svn.sourceforge.net/svnroot/anope/trunk@896 5417fbe8-f217-4b02-8779-1006273d7864
author: geniusdex geniusdex@31f1291d-b8d6-0310-a050-a5561fc1590b <geniusdex geniusdex@31f1291d-b8d6-0310-a050-a5561fc1590b@5417fbe8-f217-4b02-8779-1006273d7864> 2006-10-16 15:05:00 +0000
committer: geniusdex geniusdex@31f1291d-b8d6-0310-a050-a5561fc1590b <geniusdex geniusdex@31f1291d-b8d6-0310-a050-a5561fc1590b@5417fbe8-f217-4b02-8779-1006273d7864> 2006-10-16 15:05:00 +0000
commit: 2db88fcaf25e6cfb37aa33fb7478676c3d30889f (patch)
tree: 59c5f60d11b2a43e273625d3b1a7e36b19af578d /src
parent: 6e77a5d94d554398b2d6965597da9d94bdb3a8f5 (diff)
3 files changed, 77 insertions, 26 deletions
diff --git a/src/hostserv.c b/src/hostserv.c
index d089f5e73..d8c8af96b 100644
--- a/src/hostserv.c
+++ b/src/hostserv.c
@@ -318,6 +318,7 @@ void delHostCore(char *nick)
 {
 #ifdef USE_RDB
     static char clause[128];
+    char *q_nick;
 #endif
     HostCore *tmp;
     boolean found = false;
@@ -328,10 +329,11 @@ void delHostCore(char *nick)
 #ifdef USE_RDB
         /* Reflect this change in the database right away. */
         if (rdb_open()) {
-
-            snprintf(clause, sizeof(clause), "nick='%s'", nick);
+            q_nick = rdb_quote(nick);
+            snprintf(clause, sizeof(clause), "nick='%s'", q_nick);
             rdb_scrub_table("anope_hs_core", clause);
             rdb_close();
+            free(q_nick);
         }
 #endif
 
diff --git a/src/nickserv.c b/src/nickserv.c
index 1c46a76c6..cb51c47b8 100644
--- a/src/nickserv.c
+++ b/src/nickserv.c
@@ -1406,6 +1406,7 @@ static int delcore(NickCore * nc)
     int i;
 #ifdef USE_RDB
     static char clause[128];
+    char *q_display;
 #endif
     /* (Hopefully complete) cleanup */
     cs_remove_nick(nc);
@@ -1425,17 +1426,18 @@ static int delcore(NickCore * nc)
 #ifdef USE_RDB
     /* Reflect this change in the database right away. */
     if (rdb_open()) {
-
-        snprintf(clause, sizeof(clause), "display='%s'", nc->display);
+        q_display = rdb_quote(nc->display);
+        snprintf(clause, sizeof(clause), "display='%s'", q_display);
         rdb_scrub_table("anope_ns_access", clause);
         rdb_scrub_table("anope_ns_core", clause);
         rdb_scrub_table("anope_cs_access", clause);
         /* I'm unsure how to clean up the OS ADMIN/OPER list on the db */
         /* I wish the "display" primary key would be the same on all tables */
         snprintf(clause, sizeof(clause), "receiver='%s' AND serv='NICK'",
-                 nc->display);
+                 q_display);
         rdb_scrub_table("anope_ms_info", clause);
         rdb_close();
+        free(q_display);
     }
 #endif
 
@@ -1509,6 +1511,7 @@ int delnick(NickAlias * na)
 {
 #ifdef USE_RDB
     static char clause[128];
+    char *q_nick;
 #endif
     /* First thing to do: remove any timeout belonging to the nick we're deleting */
     clean_ns_timeouts(na);
@@ -1552,10 +1555,11 @@ int delnick(NickAlias * na)
 #ifdef USE_RDB
     /* Reflect this change in the database right away. */
     if (rdb_open()) {
-
-        snprintf(clause, sizeof(clause), "nick='%s'", na->nick);
+        q_nick = rdb_quote(na->nick);
+        snprintf(clause, sizeof(clause), "nick='%s'", q_nick);
         rdb_scrub_table("anope_ns_alias", clause);
         rdb_close();
+        free(q_nick);
     }
 #endif
 
diff --git a/src/rdb.c b/src/rdb.c
index a6e17e9c1..f83ada5d8 100644
--- a/src/rdb.c
+++ b/src/rdb.c
@@ -48,6 +48,15 @@ int rdb_close()
 
 /*************************************************************************/
 
+char *rdb_quote(char *str)
+{
+#ifdef USE_MYSQL
+    return db_mysql_quote(str);
+#endif
+}
+
+/*************************************************************************/
+
 int rdb_tag_table(char *table)
 {
     static char buf[1024];
@@ -114,48 +123,56 @@ int rdb_direct_query(char *query)
 int rdb_ns_set_display(char *newnick, char *oldnick)
 {
     static char buf[1024];
+    char *q_newnick;
+    char *q_oldnick;
+
+    q_newnick = rdb_quote(newnick);
+    q_oldnick = rdb_quote(oldnick);
 
 #ifdef USE_MYSQL
     /* Change the display on NS_CORE */
     snprintf(buf, sizeof(buf),
              "UPDATE anope_ns_core SET display='%s' WHERE display='%s'",
-             newnick, oldnick);
+             q_newnick, q_oldnick);
     db_mysql_query(buf);
 
     /* Change the display on NS_ALIAS for all grouped nicks */
     snprintf(buf, sizeof(buf),
              "UPDATE anope_ns_alias SET display='%s' WHERE display='%s'",
-             newnick, oldnick);
+             q_newnick, q_oldnick);
     db_mysql_query(buf);
 
     /* Change the display on ChanServ ACCESS list */
     snprintf(buf, sizeof(buf),
              "UPDATE anope_cs_access SET display='%s' WHERE display='%s'",
-             newnick, oldnick);
+             q_newnick, q_oldnick);
     db_mysql_query(buf);
 
     /* Change the display on ChanServ AKICK list */
     snprintf(buf, sizeof(buf),
              "UPDATE anope_cs_akicks SET creator='%s' WHERE creator='%s'",
-             newnick, oldnick);
+             q_newnick, q_oldnick);
     db_mysql_query(buf);
 
     /* Change the display on MemoServ sent memos */
     snprintf(buf, sizeof(buf),
              "UPDATE anope_ms_info SET sender='%s' WHERE sender='%s'",
-             newnick, oldnick);
+             q_newnick, q_oldnick);
     db_mysql_query(buf);
 
     /* Change the display on MemoServ received memos */
     snprintf(buf, sizeof(buf),
              "UPDATE anope_ms_info SET receiver='%s' WHERE receiver='%s'",
-             newnick, oldnick);
+             q_newnick, q_oldnick);
     db_mysql_query(buf);
 
     /* Need to do bwords and akills */
 
 #endif
 
+    free(q_newnick);
+    free(q_oldnick);
+
     return 0;
 }
 
@@ -164,21 +181,28 @@ int rdb_ns_set_display(char *newnick, char *oldnick)
 int rdb_cs_deluser(char *nick)
 {
     static char buf[1024];
+    char *q_nick;
+
+    q_nick = rdb_quote(nick);
 
 #ifdef USE_MYSQL
     snprintf(buf, sizeof(buf),
              "UPDATE anope_cs_info SET successor=NULL WHERE successor='%s'",
-             nick);
+             q_nick);
     db_mysql_query(buf);
 
-    snprintf(buf, sizeof(buf), "display='%s'", nick);
+    snprintf(buf, sizeof(buf), "display='%s'", q_nick);
     rdb_scrub_table("anope_cs_access", buf);
-    snprintf(buf, sizeof(buf), "creator='%s'", nick);
+    snprintf(buf, sizeof(buf), "creator='%s'", q_nick);
     rdb_scrub_table("anope_cs_akicks", buf);
 
+    free(q_nick);
+
     return 1;
 #endif
 
+    free(q_nick);
+
     return 0;
 }
 
@@ -187,19 +211,23 @@ int rdb_cs_deluser(char *nick)
 int rdb_cs_delchan(ChannelInfo * ci)
 {
     static char buf[1024];
-    char *channel = ci->name;
+    char *q_channel;
+    char *q_founder;
+
+    q_channel = rdb_quote(ci->name);
+    q_founder = rdb_quote(ci->founder->display);
 
 #ifdef USE_MYSQL
     snprintf(buf, sizeof(buf),
              "UPDATE anope_cs_info SET successor=NULL WHERE name='%s'",
-             channel);
+             q_channel);
     db_mysql_query(buf);
 
-    snprintf(buf, sizeof(buf), "name='%s'", channel);
+    snprintf(buf, sizeof(buf), "name='%s'", q_channel);
     rdb_scrub_table("anope_cs_info", buf);
-    snprintf(buf, sizeof(buf), "receiver='%s' AND serv='CHAN'", channel);
+    snprintf(buf, sizeof(buf), "receiver='%s' AND serv='CHAN'", q_channel);
     rdb_scrub_table("anope_ms_info", buf);
-    snprintf(buf, sizeof(buf), "channel='%s'", channel);
+    snprintf(buf, sizeof(buf), "channel='%s'", q_channel);
     rdb_scrub_table("anope_cs_access", buf);
     rdb_scrub_table("anope_cs_akicks", buf);
     rdb_scrub_table("anope_cs_levels", buf);
@@ -207,13 +235,19 @@ int rdb_cs_delchan(ChannelInfo * ci)
     if (ci->founder) {
         snprintf(buf, sizeof(buf),
                  "update anope_ns_core set channelcount=channelcount-1 where display='%s'",
-                 ci->founder->display);
+                 q_founder);
         db_mysql_query(buf);
     }
 
+    free(q_channel);
+    free(q_founder);
+
     return 1;
 #endif
 
+    free(q_channel);
+    free(q_founder);
+
     return 0;
 }
 
@@ -222,26 +256,37 @@ int rdb_cs_delchan(ChannelInfo * ci)
 int rdb_cs_set_founder(char *channel, char *founder)
 {
     static char buf[1024];
+    char *q_channel;
+    char *q_founder;
+
+    q_channel = rdb_quote(channel);
+    q_founder = rdb_quote(founder);
 
 #ifdef USE_MYSQL
     snprintf(buf, sizeof(buf),
              "UPDATE anope_cs_info SET founder='%s', successor=NULL WHERE name='%s'",
-             founder, channel);
+             q_founder, q_channel);
     db_mysql_query(buf);
 
     snprintf(buf, sizeof(buf),
              "UPDATE anope_ns_core SET channelcount=channelcount+1 WHERE display='%s'",
-             founder);
+             q_founder);
     db_mysql_query(buf);
 
     /* Do i need to scrub the access list for this channel ? */
-    snprintf(buf, sizeof(buf), "display='%s' AND channel='%s'", founder,
-             channel);
+    snprintf(buf, sizeof(buf), "display='%s' AND channel='%s'", q_founder,
+             q_channel);
     rdb_scrub_table("anope_cs_access", buf);
 
+    free(q_channel);
+    free(q_founder);
+
     return 1;
 #endif
 
+    free(q_channel);
+    free(q_founder);
+
     return 0;
 }
author	geniusdex geniusdex@31f1291d-b8d6-0310-a050-a5561fc1590b <geniusdex geniusdex@31f1291d-b8d6-0310-a050-a5561fc1590b@5417fbe8-f217-4b02-8779-1006273d7864>	2006-10-16 15:05:00 +0000
committer	geniusdex geniusdex@31f1291d-b8d6-0310-a050-a5561fc1590b <geniusdex geniusdex@31f1291d-b8d6-0310-a050-a5561fc1590b@5417fbe8-f217-4b02-8779-1006273d7864>	2006-10-16 15:05:00 +0000
commit	2db88fcaf25e6cfb37aa33fb7478676c3d30889f (patch)
tree	59c5f60d11b2a43e273625d3b1a7e36b19af578d /src
parent	6e77a5d94d554398b2d6965597da9d94bdb3a8f5 (diff)