From c61529029e480bb2ead67041c0bd2ea4f3c165f8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lo=C3=AFc=20Chapeaux?= Date: Fri, 31 Aug 2001 18:24:34 +0000 Subject: [PATCH] patch #455752 - Check forbidden words thanks to Dell'Aiera Pol & Olivier Blin --- badwords.txt | 232 ++++++++++++++++++++++++++++++++++++++++++++++ db_create.php3 | 11 +++ lib.inc.php3 | 38 ++++++++ tbl_addfield.php3 | 7 ++ tbl_alter.php3 | 4 + tbl_create.php3 | 32 ++++++- 6 files changed, 321 insertions(+), 3 deletions(-) create mode 100644 badwords.txt diff --git a/badwords.txt b/badwords.txt new file mode 100644 index 000000000..480c0423d --- /dev/null +++ b/badwords.txt @@ -0,0 +1,232 @@ +action +add +aggregate +all +alter +after +and +as +asc +avg +avg_row_length +auto_increment +between +bigint +bit +binary +blob +bool +both +by +cascade +case +char +character +change +check +checksum +column +columns +comment +constraint +create +cross +current_date +current_time +current_timestamp +data +database +databases +date +datetime +day +day_hour +day_minute +day_second +dayofmonth +dayofweek +dayofyear +dec +decimal +default +delayed +delay_key_write +delete +desc +describe +distinct +distinctrow +double +drop +end +else +escape +escaped +enclosed +enum +explain +exists +fields +file +first +float +float4 +float8 +flush +foreign +from +for +full +function +global +grant +grants +group +having +heap +high_priority +hour +hour_minute +hour_second +hosts +identified +ignore +in +index +infile +inner +insert +insert_id +int +integer +interval +int1 +int2 +int3 +int4 +int8 +into +if +is +isam +join +key +keys +kill +last_insert_id +leading +left +length +like +lines +limit +load +local +lock +logs +long +longblob +longtext +low_priority +max +max_rows +match +mediumblob +mediumtext +mediumint +middleint +min_rows +minute +minute_second +modify +month +monthname +myisam +natural +numeric +no +not +null +on +optimize +option +optionally +or +order +outer +outfile +pack_keys +partial +pasword +precision +primary +procedure +process +processlist +privileges +read +real +references +reload +regexp +rename +replace +restrict +returns +revoke +rlike +row +rows +second +select +set +show +shutdown +smallint +soname +sql_big_tables +sql_big_selects +sql_low_priority_updates +sql_log_off +sql_log_update +sql_select_limit +sql_small_result +sql_big_result +sql_warnings +straight_join +starting +status +string +table +tables +temporary +terminated +text +then +time +timestamp +tinyblob +tinytext +tinyint +trailing +to +type +use +using +unique +unlock +unsigned +update +usage +values +varchar +variables +varying +varbinary +with +write +when +where +year +year_month +zerofill diff --git a/db_create.php3 b/db_create.php3 index 774cec0d5..99ed47991 100755 --- a/db_create.php3 +++ b/db_create.php3 @@ -9,6 +9,17 @@ require('./grab_globals.inc.php3'); require('./header.inc.php3'); +/** + * Ensures the db name is valid + */ +if (get_magic_quotes_gpc()) { + $db = stripslashes($db); +} +if (MYSQL_INT_VERSION < 32306) { + check_reserved_words($db); +} + + /** * Executes the db creation sql query */ diff --git a/lib.inc.php3 b/lib.inc.php3 index d3dcfdd42..3a3817826 100755 --- a/lib.inc.php3 +++ b/lib.inc.php3 @@ -704,6 +704,44 @@ window.parent.frames['nav'].location.replace(''); } // end of the 'format_byte_down' function + /** + * Ensures a database/table/field's name is not a reserved word (for MySQL + * releases < 3.23.6) + * + * @param string the name to check + * + * @return boolean true if the name is valid (no return else) + * + * @author Dell'Aiera Pol; Olivier Blin + */ + function check_reserved_words($the_name) + { + // The name contains caracters <> a-z, A-Z and "_" -> not a reserved + // word + if (!ereg('^[a-zA-Z_]+$', $the_name)) { + return true; + } + + // Else do the work + $filename = 'badwords.txt'; + if (file_exists($filename)) { + // Builds the reserved words array + $fd = fopen($filename, 'r'); + $contents = fread($fd, filesize($filename) - 1); + fclose ($fd); + $word_list = explode("\n", $contents); + + // Do the checking + $word_cnt = count($word_list); + for ($i = 0; $i < $word_cnt; $i++) { + if (strtolower($the_name) == $word_list[$i]) { + mysql_die(sprintf($GLOBALS['strInvalidName'], $the_name), '', FALSE, TRUE); + } // end if + } // end for + } // end if + } // end of the 'check_reserved_words' function + + /* ----- Functions used to display records returned by a sql query ----- */ diff --git a/tbl_addfield.php3 b/tbl_addfield.php3 index 7f70e7240..7cbac09d8 100755 --- a/tbl_addfield.php3 +++ b/tbl_addfield.php3 @@ -17,6 +17,13 @@ if (isset($submit)) { // Builds the field creation statement and alters the table for ($i = 0; $i < count($field_name); ++$i) { + if (get_magic_quotes_gpc()) { + $field_name[$i] = stripslashes($field_name[$i]); + } + if (MYSQL_INT_VERSION < 32306) { + check_reserved_words($field_name[$i]); + } + $query .= backquote($field_name[$i]) . ' ' . $field_type[$i]; if ($field_length[$i] != '' && !eregi('^(DATE|DATETIME|TIME|TINYBLOB|TINYTEXT|BLOB|TEXT|MEDIUMBLOB|MEDIUMTEXT|LONGBLOB|LONGTEXT)$', $field_type[$i])) { diff --git a/tbl_alter.php3 b/tbl_alter.php3 index f1f9c3114..71e35ad28 100755 --- a/tbl_alter.php3 +++ b/tbl_alter.php3 @@ -19,6 +19,10 @@ if (isset($submit)) { $field_length[0] = stripslashes($field_length[0]); } + if (MYSQL_INT_VERSION < 32306) { + check_reserved_words($field_name[0]); + } + // Some fields have been urlencoded or double quotes have been translated // to """ in tbl_properties.php3 $field_orig[0] = urldecode($field_orig[0]); diff --git a/tbl_create.php3 b/tbl_create.php3 index a40541029..0afc81ef6 100755 --- a/tbl_create.php3 +++ b/tbl_create.php3 @@ -28,6 +28,12 @@ if (isset($submit)) { if (empty($field_name[$i])) { continue; } + if (get_magic_quotes_gpc()) { + $field_name[$i] = stripslashes($field_name[$i]); + } + if (MYSQL_INT_VERSION < 32306) { + check_reserved_words($field_name[$i]); + } $query .= backquote($field_name[$i]) . ' ' . $field_type[$i]; if ($field_length[$i] != '') { if (get_magic_quotes_gpc()) { @@ -69,6 +75,9 @@ if (isset($submit)) { for ($i = 0; $i < count($field_primary); $i++) { $j = $field_primary[$i]; if (!empty($field_name[$j])) { + if (get_magic_quotes_gpc()) { + $field_name[$j] = stripslashes($field_name[$j]); + } $primary .= backquote($field_name[$j]) . ', '; } } // end for @@ -87,6 +96,9 @@ if (isset($submit)) { for ($i = 0;$i < count($field_index); $i++) { $j = $field_index[$i]; if (!empty($field_name[$j])) { + if (get_magic_quotes_gpc()) { + $field_name[$j] = stripslashes($field_name[$j]); + } $index .= backquote($field_name[$j]) . ', '; } } // end for @@ -105,6 +117,9 @@ if (isset($submit)) { for ($i = 0; $i < count($field_unique); $i++) { $j = $field_unique[$i]; if (!empty($field_name[$j])) { + if (get_magic_quotes_gpc()) { + $field_name[$j] = stripslashes($field_name[$j]); + } $unique .= backquote($field_name[$j]) . ', '; } } // end for @@ -124,6 +139,9 @@ if (isset($submit)) { $sql_query .= ' TYPE = ' . $tbl_type; } if (MYSQL_INT_VERSION >= 32300 && !empty($comment)) { + if (get_magic_quotes_gpc()) { + $comment = stripslashes($comment); + } $sql_query .= ' comment = \'' . sql_addslashes($comment) . '\''; } @@ -152,11 +170,19 @@ else { } // Table name and number of fields are valid -> show the form else { + // Ensures the table name is valid + if (get_magic_quotes_gpc()) { + $table = stripslashes($table); + } + if (MYSQL_INT_VERSION < 32306) { + check_reserved_words($table); + } + $action = 'tbl_create.php3'; include('./tbl_properties.inc.php3'); - // Diplays the footer - echo "\n"; - include('./footer.inc.php3'); + // Diplays the footer + echo "\n"; + include('./footer.inc.php3'); } }