diff --git a/src/messenger/webim/libs/chat.php b/src/messenger/webim/libs/chat.php index 827063a0..b11be855 100644 --- a/src/messenger/webim/libs/chat.php +++ b/src/messenger/webim/libs/chat.php @@ -60,13 +60,13 @@ function post_message_($threadid, $kind, $message, $link, $from = null, $utime = { global $mysqlprefix; $query = sprintf( - "insert into ${mysqlprefix}chatmessage (threadid,ikind,tmessage,tname,agentId,dtmcreated) values (%s, %s,'%s',%s,%s,%s)", - $threadid, - $kind, + "insert into ${mysqlprefix}chatmessage (threadid,ikind,tmessage,tname,agentId,dtmcreated) values (%s,%s,'%s',%s,%s,%s)", + intval($threadid), + intval($kind), mysql_real_escape_string($message, $link), $from ? "'" . mysql_real_escape_string($from, $link) . "'" : "null", - $opid ? $opid : "0", - $utime ? "FROM_UNIXTIME($utime)" : "CURRENT_TIMESTAMP"); + $opid ? intval($opid) : "0", + $utime ? "FROM_UNIXTIME(" . intval($utime) . ")" : "CURRENT_TIMESTAMP"); perform_query($query, $link); return mysql_insert_id($link); @@ -125,7 +125,7 @@ function get_messages($threadid, $meth, $isuser, &$lastid) $query = sprintf( "select messageid,ikind,unix_timestamp(dtmcreated) as created,tname,tmessage from ${mysqlprefix}chatmessage " . "where threadid = %s and messageid > %s %s order by messageid", - $threadid, $lastid, $isuser ? "and ikind <> $kind_for_agent" : ""); + intval($threadid), intval($lastid), $isuser ? "and ikind <> " . intval($kind_for_agent) : ""); $messages = array(); $msgs = select_multi_assoc($query, $link); @@ -392,7 +392,7 @@ function load_canned_messages($locale, $groupid) global $mysqlprefix; $link = connect(); $result = select_multi_assoc( - "select vcvalue from ${mysqlprefix}chatresponses where locale = '$locale' " . + "select vcvalue from ${mysqlprefix}chatresponses where locale = '" . mysql_real_escape_string($locale, $link) . "' " . "AND (groupid is NULL OR groupid = 0) order by vcvalue", $link); if (count($result) == 0) { foreach (explode("\n", getstring_('chat.predefined_answers', $locale)) as $answer) { @@ -401,8 +401,8 @@ function load_canned_messages($locale, $groupid) } if ($groupid) { $result2 = select_multi_assoc( - "select vcvalue from ${mysqlprefix}chatresponses where locale = '$locale' " . - "AND groupid = $groupid order by vcvalue", $link); + "select vcvalue from ${mysqlprefix}chatresponses where locale = '" . mysql_real_escape_string($locale, $link) . "' " . + "AND groupid = " . intval($groupid) . " order by vcvalue", $link); foreach ($result as $r) { $result2[] = $r; } @@ -461,11 +461,11 @@ function update_thread_access($threadid, $params, $link) foreach ($params as $k => $v) { if (strlen($clause) > 0) $clause .= ", "; - $clause .= $k . "=" . $v; + $clause .= "`" . mysql_real_escape_string($k, $link) . "`='" . mysql_real_escape_string($v, $link) . "'"; } perform_query( "update ${mysqlprefix}chatthread set $clause " . - "where threadid = $threadid", $link); + "where threadid = " . intval($threadid), $link); } function ping_thread($thread, $isuser, $istyping) @@ -509,11 +509,11 @@ function ping_thread($thread, $isuser, $istyping) function commit_thread($threadid, $params, $link) { global $mysqlprefix; - $query = "update ${mysqlprefix}chatthread t set lrevision = " . next_revision($link) . ", dtmmodified = CURRENT_TIMESTAMP"; + $query = "update ${mysqlprefix}chatthread t set lrevision = " . intval(next_revision($link)) . ", dtmmodified = CURRENT_TIMESTAMP"; foreach ($params as $k => $v) { - $query .= ", " . $k . "=" . $v; + $query .= ", `" . mysql_real_escape_string($k, $link) . "`='" . mysql_real_escape_string($v, $link) . "'"; } - $query .= " where threadid = $threadid"; + $query .= " where threadid = " . intval($threadid); perform_query($query, $link); } @@ -555,10 +555,16 @@ function close_old_threads($link) return; } $next_revision = next_revision($link); - $query = "update ${mysqlprefix}chatthread set lrevision = $next_revision, dtmmodified = CURRENT_TIMESTAMP, istate = $state_closed " . - "where istate <> $state_closed and istate <> $state_left and lastpingagent <> 0 and lastpinguser <> 0 and " . - "(ABS(UNIX_TIMESTAMP(CURRENT_TIMESTAMP) - UNIX_TIMESTAMP(lastpinguser)) > " . $settings['thread_lifetime'] . " and " . - "ABS(UNIX_TIMESTAMP(CURRENT_TIMESTAMP) - UNIX_TIMESTAMP(lastpingagent)) > " . $settings['thread_lifetime'] . ")"; + $query = sprintf("update ${mysqlprefix}chatthread set lrevision = %s, dtmmodified = CURRENT_TIMESTAMP, istate = %s " . + "where istate <> %s and istate <> %s and lastpingagent <> 0 and lastpinguser <> 0 and " . + "(ABS(UNIX_TIMESTAMP(CURRENT_TIMESTAMP) - UNIX_TIMESTAMP(lastpinguser)) > %s and " . + "ABS(UNIX_TIMESTAMP(CURRENT_TIMESTAMP) - UNIX_TIMESTAMP(lastpingagent)) > %s)", + intval($next_revision), + intval($state_closed), + intval($state_closed), + intval($state_left), + intval($settings['thread_lifetime']), + intval($settings['thread_lifetime'])); perform_query($query, $link); } @@ -569,7 +575,7 @@ function thread_by_id_($id, $link) return select_one_row("select threadid,userName,agentName,agentId,lrevision,istate,ltoken,userTyping,agentTyping" . ",unix_timestamp(dtmmodified) as modified, unix_timestamp(dtmcreated) as created" . ",remote,referer,locale,unix_timestamp(lastpinguser) as lpuser,unix_timestamp(lastpingagent) as lpagent, unix_timestamp(CURRENT_TIMESTAMP) as current,nextagent,shownmessageid,userid,userAgent,groupid" . - " from ${mysqlprefix}chatthread where threadid = " . $id, $link); + " from ${mysqlprefix}chatthread where threadid = " . intval($id), $link); } function ban_for_addr_($addr, $link) @@ -591,15 +597,16 @@ function create_thread($groupid, $username, $remoteHost, $referer, $lang, $useri global $mysqlprefix; $query = sprintf( "insert into ${mysqlprefix}chatthread (userName,userid,ltoken,remote,referer,lrevision,locale,userAgent,dtmcreated,dtmmodified,istate" . ($groupid ? ",groupid" : "") . ") values " . - "('%s','%s',%s,'%s','%s',%s,'%s','%s',CURRENT_TIMESTAMP,CURRENT_TIMESTAMP,$initialState" . ($groupid ? ",$groupid" : "") . ")", + "('%s',%s,%s,'%s','%s',%s,'%s','%s',CURRENT_TIMESTAMP,CURRENT_TIMESTAMP,%s" . ($groupid ? "," . intval($groupid) : "") . ")", mysql_real_escape_string($username, $link), - mysql_real_escape_string($userid, $link), - next_token(), + intval($userid), + intval(next_token()), mysql_real_escape_string($remoteHost, $link), mysql_real_escape_string($referer, $link), - next_revision($link), + intval(next_revision($link)), mysql_real_escape_string($lang, $link), - mysql_real_escape_string($userbrowser, $link)); + mysql_real_escape_string($userbrowser, $link), + intval($initialState)); perform_query($query, $link); $id = mysql_insert_id($link); @@ -710,7 +717,7 @@ function notify_operators($thread, $firstmessage, $link) $groupid = $thread['groupid']; $query = "select ${mysqlprefix}chatoperator.operatorid as opid, inotify, vcjabbername, vcemail, (unix_timestamp(CURRENT_TIMESTAMP)-unix_timestamp(dtmlastvisited)) as time from ${mysqlprefix}chatoperator"; if ($groupid) { - $query .= ", ${mysqlprefix}chatgroupoperator where groupid = $groupid and ${mysqlprefix}chatoperator.operatorid = ${mysqlprefix}chatgroupoperator.operatorid and istatus = 0"; + $query .= ", ${mysqlprefix}chatgroupoperator where groupid = " . intval($groupid) . " and ${mysqlprefix}chatoperator.operatorid = ${mysqlprefix}chatgroupoperator.operatorid and istatus = 0"; } else { $query .= " where istatus = 0"; } @@ -739,7 +746,7 @@ function check_connections_from_remote($remote, $link) } $result = select_one_row( "select count(*) as opened from ${mysqlprefix}chatthread " . - "where remote = '" . mysql_real_escape_string($remote, $link) . "' AND istate <> $state_closed AND istate <> $state_left", $link); + "where remote = '" . mysql_real_escape_string($remote, $link) . "' AND istate <> " . intval($state_closed) . " AND istate <> " . intval($state_left), $link); if ($result && isset($result['opened'])) { return $result['opened'] < $settings['max_connections_from_one_host']; } diff --git a/src/messenger/webim/libs/common.php b/src/messenger/webim/libs/common.php index c1d60f2c..7122a0c4 100644 --- a/src/messenger/webim/libs/common.php +++ b/src/messenger/webim/libs/common.php @@ -352,7 +352,7 @@ function connect() or die('Could not connect: ' . mysql_error()); mysql_select_db($mysqldb, $link) or die('Could not select database'); if ($force_charset_in_connection) { - mysql_query("SET NAMES '$dbencoding'", $link); + mysql_query("SET NAMES '" . mysql_real_escape_string($dbencoding, $link) . "'", $link); } return $link; } diff --git a/src/messenger/webim/libs/groups.php b/src/messenger/webim/libs/groups.php index 14d8aeba..791e58e1 100644 --- a/src/messenger/webim/libs/groups.php +++ b/src/messenger/webim/libs/groups.php @@ -20,7 +20,7 @@ function group_by_id($id) global $mysqlprefix; $link = connect(); $group = select_one_row( - "select * from ${mysqlprefix}chatgroup where groupid = $id", $link); + "select * from ${mysqlprefix}chatgroup where groupid = " . intval($id), $link); mysql_close($link); return $group; } @@ -53,7 +53,7 @@ function get_operator_groupslist($operatorid, $link) global $settings, $mysqlprefix; if ($settings['enablegroups'] == '1') { $groupids = array(0); - $allgroups = select_multi_assoc("select groupid from ${mysqlprefix}chatgroupoperator where operatorid = $operatorid order by groupid", $link); + $allgroups = select_multi_assoc("select groupid from ${mysqlprefix}chatgroupoperator where operatorid = " . intval($operatorid) . " order by groupid", $link); foreach ($allgroups as $g) { $groupids[] = $g['groupid']; } diff --git a/src/messenger/webim/libs/notify.php b/src/messenger/webim/libs/notify.php index fe70fcab..e404b5b8 100644 --- a/src/messenger/webim/libs/notify.php +++ b/src/messenger/webim/libs/notify.php @@ -20,12 +20,12 @@ function log_notification($locale, $kind, $to, $subj, $text, $refop, $link) global $mysqlprefix; $query = sprintf( "insert into ${mysqlprefix}chatnotification (locale,vckind,vcto,vcsubject,tmessage,refoperator,dtmcreated) values ('%s','%s','%s','%s','%s',%s,%s)", - $locale, - $kind, + mysql_real_escape_string($locale, $link), + mysql_real_escape_string($kind, $link), mysql_real_escape_string($to, $link), mysql_real_escape_string($subj, $link), mysql_real_escape_string($text, $link), - $refop ? $refop : "0", + $refop ? intval($refop) : "0", "CURRENT_TIMESTAMP"); perform_query($query, $link); diff --git a/src/messenger/webim/libs/operator.php b/src/messenger/webim/libs/operator.php index 1b38c824..c685f7f5 100755 --- a/src/messenger/webim/libs/operator.php +++ b/src/messenger/webim/libs/operator.php @@ -53,7 +53,7 @@ function operator_by_id_($id, $link) { global $mysqlprefix; return select_one_row( - "select * from ${mysqlprefix}chatoperator where operatorid = $id", $link); + "select * from ${mysqlprefix}chatoperator where operatorid = " . intval($id), $link); } function operator_by_id($id) @@ -102,14 +102,14 @@ function update_operator($operatorid, $login, $email, $jabber, $password, $local "update ${mysqlprefix}chatoperator set vclogin = '%s',%s vclocalename = '%s', vccommonname = '%s'" . ", vcemail = '%s', vcjabbername= '%s', inotify = %s" . " where operatorid = %s", - mysql_real_escape_string($login), + mysql_real_escape_string($login, $link), ($password ? " vcpassword='" . md5($password) . "'," : ""), - mysql_real_escape_string($localename), - mysql_real_escape_string($commonname), - mysql_real_escape_string($email), - mysql_real_escape_string($jabber), - $notify, - $operatorid); + mysql_real_escape_string($localename, $link), + mysql_real_escape_string($commonname, $link), + mysql_real_escape_string($email, $link), + mysql_real_escape_string($jabber, $link), + intval($notify), + intval($operatorid)); perform_query($query, $link); mysql_close($link); @@ -121,7 +121,7 @@ function update_operator_avatar($operatorid, $avatar) $link = connect(); $query = sprintf( "update ${mysqlprefix}chatoperator set vcavatar = '%s' where operatorid = %s", - mysql_real_escape_string($avatar), $operatorid); + mysql_real_escape_string($avatar, $link), intval($operatorid)); perform_query($query, $link); mysql_close($link); @@ -132,19 +132,19 @@ function create_operator_($login, $email, $jabber, $password, $localename, $comm global $mysqlprefix; $query = sprintf( "insert into ${mysqlprefix}chatoperator (vclogin,vcpassword,vclocalename,vccommonname,vcavatar,vcemail,vcjabbername,inotify) values ('%s','%s','%s','%s','%s','%s','%s',%s)", - mysql_real_escape_string($login), + mysql_real_escape_string($login, $link), md5($password), - mysql_real_escape_string($localename), - mysql_real_escape_string($commonname), - mysql_real_escape_string($avatar), - mysql_real_escape_string($email), - mysql_real_escape_string($jabber), - $notify); + mysql_real_escape_string($localename, $link), + mysql_real_escape_string($commonname, $link), + mysql_real_escape_string($avatar, $link), + mysql_real_escape_string($email, $link), + mysql_real_escape_string($jabber, $link), + intval($notify)); perform_query($query, $link); $id = mysql_insert_id($link); - return select_one_row("select * from ${mysqlprefix}chatoperator where operatorid = $id", $link); + return select_one_row("select * from ${mysqlprefix}chatoperator where operatorid = " . intval($id), $link); } function create_operator($login, $email, $jabber, $password, $localename, $commonname, $notify, $avatar) @@ -159,7 +159,7 @@ function notify_operator_alive($operatorid, $istatus) { global $mysqlprefix; $link = connect(); - perform_query("update ${mysqlprefix}chatoperator set istatus = $istatus, dtmlastvisited = CURRENT_TIMESTAMP where operatorid = $operatorid", $link); + perform_query(sprintf("update ${mysqlprefix}chatoperator set istatus = %s, dtmlastvisited = CURRENT_TIMESTAMP where operatorid = %s", intval($istatus), intval($operatorid)), $link); mysql_close($link); } @@ -170,7 +170,7 @@ function has_online_operators($groupid = "") $link = connect(); $query = "select count(*) as total, min(unix_timestamp(CURRENT_TIMESTAMP)-unix_timestamp(dtmlastvisited)) as time from ${mysqlprefix}chatoperator"; if ($groupid) { - $query .= ", ${mysqlprefix}chatgroupoperator where groupid = $groupid and ${mysqlprefix}chatoperator.operatorid = " . + $query .= ", ${mysqlprefix}chatgroupoperator where groupid = " . intval($groupid) . " and ${mysqlprefix}chatoperator.operatorid = " . "${mysqlprefix}chatgroupoperator.operatorid and istatus = 0"; } else { $query .= " where istatus = 0"; @@ -185,7 +185,7 @@ function is_operator_online($operatorid, $link) global $settings, $mysqlprefix; loadsettings_($link); $query = "select count(*) as total, min(unix_timestamp(CURRENT_TIMESTAMP)-unix_timestamp(dtmlastvisited)) as time " . - "from ${mysqlprefix}chatoperator where operatorid = $operatorid"; + "from ${mysqlprefix}chatoperator where operatorid = " . intval($operatorid); $row = select_one_row($query, $link); return $row['time'] < $settings['online_timeout'] && $row['total'] == 1; } @@ -289,7 +289,7 @@ function setup_redirect_links($threadid, $token) $operators = select_multi_assoc(db_build_select( "operatorid, vclogin, vclocalename, vccommonname, istatus, (unix_timestamp(CURRENT_TIMESTAMP)-unix_timestamp(dtmlastvisited)) as time", - "${mysqlprefix}chatoperator", array(), "order by vclogin $limit"), $link); + "${mysqlprefix}chatoperator", array(), "order by vclogin " . $limit), $link); $groups = array_slice($groups, $p['start'], $p['end'] - $p['start']); mysql_close($link); @@ -398,7 +398,7 @@ function get_operator_groupids($operatorid) { global $mysqlprefix; $link = connect(); - $query = "select groupid from ${mysqlprefix}chatgroupoperator where operatorid = $operatorid"; + $query = "select groupid from ${mysqlprefix}chatgroupoperator where operatorid = " . intval($operatorid); $result = select_multi_assoc($query, $link); mysql_close($link); return $result; diff --git a/src/messenger/webim/libs/pagination.php b/src/messenger/webim/libs/pagination.php index d2164863..da3a27aa 100644 --- a/src/messenger/webim/libs/pagination.php +++ b/src/messenger/webim/libs/pagination.php @@ -36,13 +36,15 @@ function prepare_pagination($items_count, $default_items_per_page = 15) { global $page; + $items_count = intval($items_count); + if ($items_count) { - $items_per_page = verifyparam("items", "/^\d{1,3}$/", $default_items_per_page); + $items_per_page = intval(verifyparam("items", "/^\d{1,3}$/", $default_items_per_page)); if ($items_per_page < 2) $items_per_page = 2; $total_pages = div($items_count + $items_per_page - 1, $items_per_page); - $curr_page = verifyparam("page", "/^\d{1,6}$/", 1); + $curr_page = intval(verifyparam("page", "/^\d{1,6}$/", 1)); if ($curr_page < 1) $curr_page = 1; diff --git a/src/messenger/webim/libs/settings.php b/src/messenger/webim/libs/settings.php index bce894b6..ea3caf23 100644 --- a/src/messenger/webim/libs/settings.php +++ b/src/messenger/webim/libs/settings.php @@ -21,9 +21,9 @@ function update_settings() $link = connect(); foreach ($settings as $key => $value) { if (!isset($settings_in_db[$key])) { - perform_query("insert into ${mysqlprefix}chatconfig (vckey) values ('$key')", $link); + perform_query("insert into ${mysqlprefix}chatconfig (vckey) values ('" . mysql_real_escape_string($key, $link) . "')", $link); } - $query = sprintf("update ${mysqlprefix}chatconfig set vcvalue='%s' where vckey='$key'", mysql_real_escape_string($value)); + $query = sprintf("update ${mysqlprefix}chatconfig set vcvalue='%s' where vckey='%s'", mysql_real_escape_string($value, $link), mysql_real_escape_string($key, $link)); perform_query($query, $link); } diff --git a/src/messenger/webim/operator/ban.php b/src/messenger/webim/operator/ban.php index cb9a05d3..68c2efef 100644 --- a/src/messenger/webim/operator/ban.php +++ b/src/messenger/webim/operator/ban.php @@ -63,16 +63,17 @@ if (isset($_POST['address'])) { if (!$banId) { $query = sprintf( "insert into ${mysqlprefix}chatban (dtmcreated,dtmtill,address,comment) values (CURRENT_TIMESTAMP,%s,'%s','%s')", - "FROM_UNIXTIME($utime)", + "FROM_UNIXTIME(" . intval($utime) . ")", mysql_real_escape_string($address, $link), mysql_real_escape_string($comment, $link)); perform_query($query, $link); } else { $query = sprintf( - "update ${mysqlprefix}chatban set dtmtill = %s,address = '%s',comment = '%s' where banid = $banId", - "FROM_UNIXTIME($utime)", + "update ${mysqlprefix}chatban set dtmtill = %s,address = '%s',comment = '%s' where banid = %s", + "FROM_UNIXTIME(" . intval($utime) . ")", mysql_real_escape_string($address, $link), - mysql_real_escape_string($comment, $link)); + mysql_real_escape_string($comment, $link), + intval($banId)); perform_query($query, $link); } mysql_close($link); @@ -94,7 +95,7 @@ if (isset($_POST['address'])) { } else if (isset($_GET['id'])) { $banId = verifyparam('id', "/^\d{1,9}$/"); $link = connect(); - $ban = select_one_row("select banid,(unix_timestamp(dtmtill)-unix_timestamp(CURRENT_TIMESTAMP)) as days,address,comment from ${mysqlprefix}chatban where banid = $banId", $link); + $ban = select_one_row("select banid,(unix_timestamp(dtmtill)-unix_timestamp(CURRENT_TIMESTAMP)) as days,address,comment from ${mysqlprefix}chatban where banid = " . intval($banId), $link); mysql_close($link); if ($ban) { diff --git a/src/messenger/webim/operator/blocked.php b/src/messenger/webim/operator/blocked.php index 3a768c28..6aaf6418 100644 --- a/src/messenger/webim/operator/blocked.php +++ b/src/messenger/webim/operator/blocked.php @@ -38,7 +38,7 @@ if (isset($_GET['act']) && $_GET['act'] == 'del') { } if (count($errors) == 0) { - perform_query("delete from ${mysqlprefix}chatban where banid = $banId", $link); + perform_query("delete from ${mysqlprefix}chatban where banid = " . intval($banId), $link); header("Location: $webimroot/operator/blocked.php"); exit; } diff --git a/src/messenger/webim/operator/canned.php b/src/messenger/webim/operator/canned.php index 2829b85d..36703d2c 100644 --- a/src/messenger/webim/operator/canned.php +++ b/src/messenger/webim/operator/canned.php @@ -33,9 +33,9 @@ function load_canned_messages($locale, $groupid) global $mysqlprefix; $link = connect(); $query = "select id, vcvalue from ${mysqlprefix}chatresponses " . - "where locale = '" . $locale . "' AND (" . + "where locale = '" . mysql_real_escape_string($locale, $link) . "' AND (" . ($groupid - ? "groupid = $groupid" + ? "groupid = " . intval($groupid) : "groupid is NULL OR groupid = 0") . ") order by vcvalue"; @@ -50,7 +50,7 @@ function load_canned_messages($locale, $groupid) if ($i > 0) { $updatequery .= ", "; } - $updatequery .= "('" . mysql_real_escape_string($result[$i]['vcvalue'], $link) . "','$locale', NULL)"; + $updatequery .= "('" . mysql_real_escape_string($result[$i]['vcvalue'], $link) . "','". mysql_real_escape_string($locale, $link) . "', NULL)"; } perform_query($updatequery, $link); $result = select_multi_assoc($query, $link); @@ -108,7 +108,7 @@ if (isset($_GET['act']) && $_GET['act'] == 'delete') { if (count($errors) == 0) { $link = connect(); - perform_query("delete from ${mysqlprefix}chatresponses where id = $key", $link); + perform_query("delete from ${mysqlprefix}chatresponses where id = " . intval($key), $link); mysql_close($link); header("Location: $webimroot/operator/canned.php?lang=$lang&group=$groupid"); exit; diff --git a/src/messenger/webim/operator/cannededit.php b/src/messenger/webim/operator/cannededit.php index 37372065..697eb3f4 100644 --- a/src/messenger/webim/operator/cannededit.php +++ b/src/messenger/webim/operator/cannededit.php @@ -23,7 +23,7 @@ function load_message($key) { global $mysqlprefix; $link = connect(); - $result = select_one_row("select vcvalue from ${mysqlprefix}chatresponses where id = $key", $link); + $result = select_one_row("select vcvalue from ${mysqlprefix}chatresponses where id = " . intval($key), $link); mysql_close($link); return $result ? $result['vcvalue'] : null; } @@ -33,7 +33,7 @@ function save_message($key, $message) global $mysqlprefix; $link = connect(); perform_query("update ${mysqlprefix}chatresponses set vcvalue = '" . mysql_real_escape_string($message, $link) . "' " . - "where id = $key", $link); + "where id = " . intval($key), $link); mysql_close($link); } @@ -41,8 +41,8 @@ function add_message($locale, $groupid, $message) { global $mysqlprefix; $link = connect(); - perform_query("insert into ${mysqlprefix}chatresponses (locale,groupid,vcvalue) values ('$locale'," . - ($groupid ? "$groupid, " : "null, ") . + perform_query("insert into ${mysqlprefix}chatresponses (locale,groupid,vcvalue) values ('" . mysql_real_escape_string($locale, $link) . "'," . + ($groupid ? intval($groupid) . ", " : "null, ") . "'" . mysql_real_escape_string($message, $link) . "')", $link); mysql_close($link); } diff --git a/src/messenger/webim/operator/group.php b/src/messenger/webim/operator/group.php index 2114734a..c02b673b 100644 --- a/src/messenger/webim/operator/group.php +++ b/src/messenger/webim/operator/group.php @@ -41,16 +41,16 @@ function create_group($name, $descr, $commonname, $commondescr, $email) $link = connect(); $query = sprintf( "insert into ${mysqlprefix}chatgroup (vclocalname,vclocaldescription,vccommonname,vccommondescription,vcemail) values ('%s','%s','%s','%s','%s')", - mysql_real_escape_string($name), - mysql_real_escape_string($descr), - mysql_real_escape_string($commonname), - mysql_real_escape_string($commondescr), - mysql_real_escape_string($email)); + mysql_real_escape_string($name, $link), + mysql_real_escape_string($descr, $link), + mysql_real_escape_string($commonname, $link), + mysql_real_escape_string($commondescr, $link), + mysql_real_escape_string($email, $link)); perform_query($query, $link); $id = mysql_insert_id($link); - $newdep = select_one_row("select * from ${mysqlprefix}chatgroup where groupid = $id", $link); + $newdep = select_one_row("select * from ${mysqlprefix}chatgroup where groupid = " . intval($id), $link); mysql_close($link); return $newdep; } @@ -61,12 +61,12 @@ function update_group($groupid, $name, $descr, $commonname, $commondescr, $email $link = connect(); $query = sprintf( "update ${mysqlprefix}chatgroup set vclocalname = '%s', vclocaldescription = '%s', vccommonname = '%s', vccommondescription = '%s', vcemail = '%s' where groupid = %s", - mysql_real_escape_string($name), - mysql_real_escape_string($descr), - mysql_real_escape_string($commonname), - mysql_real_escape_string($commondescr), - mysql_real_escape_string($email), - $groupid); + mysql_real_escape_string($name, $link), + mysql_real_escape_string($descr, $link), + mysql_real_escape_string($commonname, $link), + mysql_real_escape_string($commondescr, $link), + mysql_real_escape_string($email, $link), + intval($groupid)); perform_query($query, $link); mysql_close($link); diff --git a/src/messenger/webim/operator/groupmembers.php b/src/messenger/webim/operator/groupmembers.php index 4f8e7bff..9f32fe72 100644 --- a/src/messenger/webim/operator/groupmembers.php +++ b/src/messenger/webim/operator/groupmembers.php @@ -26,7 +26,7 @@ function get_group_members($groupid) { global $mysqlprefix; $link = connect(); - $query = "select operatorid from ${mysqlprefix}chatgroupoperator where groupid = $groupid"; + $query = "select operatorid from ${mysqlprefix}chatgroupoperator where groupid = " . intval($groupid); $result = select_multi_assoc($query, $link); mysql_close($link); return $result; @@ -36,9 +36,9 @@ function update_group_members($groupid, $newvalue) { global $mysqlprefix; $link = connect(); - perform_query("delete from ${mysqlprefix}chatgroupoperator where groupid = $groupid", $link); + perform_query("delete from ${mysqlprefix}chatgroupoperator where groupid = " . intval($groupid), $link); foreach ($newvalue as $opid) { - perform_query("insert into ${mysqlprefix}chatgroupoperator (groupid, operatorid) values ($groupid,$opid)", $link); + perform_query(sprintf("insert into ${mysqlprefix}chatgroupoperator (groupid, operatorid) values (%s, %s)", intval($groupid), intval($opid)), $link); } mysql_close($link); } diff --git a/src/messenger/webim/operator/groups.php b/src/messenger/webim/operator/groups.php index e2cde72d..4181a8e0 100644 --- a/src/messenger/webim/operator/groups.php +++ b/src/messenger/webim/operator/groups.php @@ -35,9 +35,9 @@ if (isset($_GET['act']) && $_GET['act'] == 'del') { if (count($errors) == 0) { $link = connect(); - perform_query("delete from ${mysqlprefix}chatgroup where groupid = $groupid", $link); - perform_query("delete from ${mysqlprefix}chatgroupoperator where groupid = $groupid", $link); - perform_query("update ${mysqlprefix}chatthread set groupid = 0 where groupid = $groupid", $link); + perform_query("delete from ${mysqlprefix}chatgroup where groupid = " . intval($groupid), $link); + perform_query("delete from ${mysqlprefix}chatgroupoperator where groupid = " . intval($groupid), $link); + perform_query("update ${mysqlprefix}chatthread set groupid = 0 where groupid = " . intval($groupid), $link); mysql_close($link); header("Location: $webimroot/operator/groups.php"); exit; diff --git a/src/messenger/webim/operator/notification.php b/src/messenger/webim/operator/notification.php index 6c50bf7e..da7588a2 100644 --- a/src/messenger/webim/operator/notification.php +++ b/src/messenger/webim/operator/notification.php @@ -31,7 +31,7 @@ function notification_info($id) $link = connect(); $notification = select_one_row(db_build_select( "id, locale, vckind, vcto, unix_timestamp(dtmcreated) as created, vcsubject, tmessage, refoperator", "${mysqlprefix}chatnotification", - array("id = $id"), ""), $link); + array("id = " . intval($id)), ""), $link); mysql_close($link); return $notification; } diff --git a/src/messenger/webim/operator/notifications.php b/src/messenger/webim/operator/notifications.php index fa66c3f7..24b49093 100644 --- a/src/messenger/webim/operator/notifications.php +++ b/src/messenger/webim/operator/notifications.php @@ -54,10 +54,10 @@ $page['allkinds'] = array('', 'mail', 'xmpp'); $conditions = array(); if ($kind) { - $conditions[] = "vckind = '$kind'"; + $conditions[] = "vckind = '" . mysql_real_escape_string($kind, $link) . "'"; } if ($lang) { - $conditions[] = "locale = '$lang'"; + $conditions[] = "locale = '" . mysql_real_escape_string($lang, $link) . "'"; } $link = connect(); diff --git a/src/messenger/webim/operator/operators.php b/src/messenger/webim/operator/operators.php index 5d33a05f..d97bb873 100644 --- a/src/messenger/webim/operator/operators.php +++ b/src/messenger/webim/operator/operators.php @@ -47,8 +47,8 @@ if (isset($_GET['act']) && $_GET['act'] == 'del') { if (count($errors) == 0) { $link = connect(); - perform_query("delete from ${mysqlprefix}chatgroupoperator where operatorid = $operatorid", $link); - perform_query("delete from ${mysqlprefix}chatoperator where operatorid = $operatorid", $link); + perform_query("delete from ${mysqlprefix}chatgroupoperator where operatorid = " . intval($operatorid), $link); + perform_query("delete from ${mysqlprefix}chatoperator where operatorid = " . intval($operatorid), $link); mysql_close($link); header("Location: $webimroot/operator/operators.php"); diff --git a/src/messenger/webim/operator/opgroups.php b/src/messenger/webim/operator/opgroups.php index 5bf29038..d24debd1 100644 --- a/src/messenger/webim/operator/opgroups.php +++ b/src/messenger/webim/operator/opgroups.php @@ -26,9 +26,9 @@ function update_operator_groups($operatorid, $newvalue) { global $mysqlprefix; $link = connect(); - perform_query("delete from ${mysqlprefix}chatgroupoperator where operatorid = $operatorid", $link); + perform_query("delete from ${mysqlprefix}chatgroupoperator where operatorid = " . intval($operatorid), $link); foreach ($newvalue as $groupid) { - perform_query("insert into ${mysqlprefix}chatgroupoperator (groupid, operatorid) values ($groupid,$operatorid)", $link); + perform_query(sprintf("insert into ${mysqlprefix}chatgroupoperator (groupid, operatorid) values (%s,%s)", intval($groupid), intval($operatorid)), $link); } mysql_close($link); } diff --git a/src/messenger/webim/operator/permissions.php b/src/messenger/webim/operator/permissions.php index 84add338..57c9d444 100755 --- a/src/messenger/webim/operator/permissions.php +++ b/src/messenger/webim/operator/permissions.php @@ -26,8 +26,7 @@ function update_operator_permissions($operatorid, $newvalue) { global $mysqlprefix; $link = connect(); - $query = "update ${mysqlprefix}chatoperator set iperm = $newvalue where operatorid = $operatorid"; - + $query = sprintf("update ${mysqlprefix}chatoperator set iperm = %s where operatorid = %s", intval($newvalue), intval($operatorid)); perform_query($query, $link); mysql_close($link); } diff --git a/src/messenger/webim/operator/redirect.php b/src/messenger/webim/operator/redirect.php index d4807b03..4df09a07 100644 --- a/src/messenger/webim/operator/redirect.php +++ b/src/messenger/webim/operator/redirect.php @@ -65,7 +65,7 @@ if (isset($_GET['nextGroup'])) { $link = connect(); $threadupdate = array("istate" => $state_waiting, "nextagent" => $nextid, "agentId" => 0); if ($thread['groupid'] != 0) { - if (FALSE === select_one_row("select groupid from ${mysqlprefix}chatgroupoperator where operatorid = $nextid and groupid = " . $thread['groupid'], $link)) { + if (FALSE === select_one_row("select groupid from ${mysqlprefix}chatgroupoperator where operatorid = " . intval($nextid) . " and groupid = " . intval($thread['groupid']), $link)) { $threadupdate['groupid'] = 0; } } diff --git a/src/messenger/webim/operator/resetpwd.php b/src/messenger/webim/operator/resetpwd.php index eabe3b80..9232639a 100644 --- a/src/messenger/webim/operator/resetpwd.php +++ b/src/messenger/webim/operator/resetpwd.php @@ -49,7 +49,7 @@ if (count($errors) == 0 && isset($_POST['password'])) { $page['isdone'] = true; $link = connect(); - $query = "update ${mysqlprefix}chatoperator set vcpassword = '" . md5($password) . "', vcrestoretoken = '' where operatorid = " . $opId; + $query = "update ${mysqlprefix}chatoperator set vcpassword = '" . md5($password) . "', vcrestoretoken = '' where operatorid = " . intval($opId); perform_query($query, $link); mysql_close($link); diff --git a/src/messenger/webim/operator/restore.php b/src/messenger/webim/operator/restore.php index ed22327c..01be3df8 100644 --- a/src/messenger/webim/operator/restore.php +++ b/src/messenger/webim/operator/restore.php @@ -41,7 +41,7 @@ if (isset($_POST['loginoremail'])) { $token = md5((time() + microtime()) . rand(0, 99999999)); $link = connect(); - $query = "update ${mysqlprefix}chatoperator set dtmrestore = CURRENT_TIMESTAMP, vcrestoretoken = '$token' where operatorid = " . $torestore['operatorid']; + $query = sprintf("update ${mysqlprefix}chatoperator set dtmrestore = CURRENT_TIMESTAMP, vcrestoretoken = '%s' where operatorid = %s", mysql_real_escape_string($token, $link), intval($torestore['operatorid'])); perform_query($query, $link); $href = get_app_location(true, false) . "/operator/resetpwd.php?id=" . $torestore['operatorid'] . "&token=$token"; diff --git a/src/messenger/webim/operator/statistics.php b/src/messenger/webim/operator/statistics.php index 03227f34..dd723d68 100644 --- a/src/messenger/webim/operator/statistics.php +++ b/src/messenger/webim/operator/statistics.php @@ -65,15 +65,15 @@ if ($start > $end) { $link = connect(); -$page['reportByDate'] = select_multi_assoc("select DATE(dtmcreated) as date, COUNT(distinct threadid) as threads, SUM(${mysqlprefix}chatmessage.ikind = $kind_agent) as agents, SUM(${mysqlprefix}chatmessage.ikind = $kind_user) as users " . - "from ${mysqlprefix}chatmessage where unix_timestamp(dtmcreated) >= $start AND unix_timestamp(dtmcreated) < $end group by DATE(dtmcreated) order by dtmcreated desc", $link); +$page['reportByDate'] = select_multi_assoc("select DATE(dtmcreated) as date, COUNT(distinct threadid) as threads, SUM(${mysqlprefix}chatmessage.ikind = " . intval($kind_agent) . ") as agents, SUM(${mysqlprefix}chatmessage.ikind = " . intval($kind_user) . ") as users " . + "from ${mysqlprefix}chatmessage where unix_timestamp(dtmcreated) >= " . intval($start) . " AND unix_timestamp(dtmcreated) < " . intval($end) . " group by DATE(dtmcreated) order by dtmcreated desc", $link); -$page['reportByDateTotal'] = select_one_row("select COUNT(distinct threadid) as threads, SUM(${mysqlprefix}chatmessage.ikind = $kind_agent) as agents, SUM(${mysqlprefix}chatmessage.ikind = $kind_user) as users " . - "from ${mysqlprefix}chatmessage where unix_timestamp(dtmcreated) >= $start AND unix_timestamp(dtmcreated) < $end", $link); +$page['reportByDateTotal'] = select_one_row("select COUNT(distinct threadid) as threads, SUM(${mysqlprefix}chatmessage.ikind = " . intval($kind_agent) . ") as agents, SUM(${mysqlprefix}chatmessage.ikind = " . intval($kind_user) . ") as users " . + "from ${mysqlprefix}chatmessage where unix_timestamp(dtmcreated) >= " . intval($start) . " AND unix_timestamp(dtmcreated) < " . intval($end), $link); -$page['reportByAgent'] = select_multi_assoc("select vclocalename as name, COUNT(distinct threadid) as threads, SUM(ikind = $kind_agent) as msgs, AVG(CHAR_LENGTH(tmessage)) as avglen " . +$page['reportByAgent'] = select_multi_assoc("select vclocalename as name, COUNT(distinct threadid) as threads, SUM(ikind = " . intval($kind_agent) . ") as msgs, AVG(CHAR_LENGTH(tmessage)) as avglen " . "from ${mysqlprefix}chatmessage, ${mysqlprefix}chatoperator " . - "where agentId = operatorid AND unix_timestamp(dtmcreated) >= $start AND unix_timestamp(dtmcreated) < $end group by operatorid", $link); + "where agentId = operatorid AND unix_timestamp(dtmcreated) >= " . intval($start) . " AND unix_timestamp(dtmcreated) < " . intval($end) . " group by operatorid", $link); $page['showresults'] = count($errors) == 0; diff --git a/src/messenger/webim/operator/threadprocessor.php b/src/messenger/webim/operator/threadprocessor.php index 6b5aaea0..b512d2fc 100644 --- a/src/messenger/webim/operator/threadprocessor.php +++ b/src/messenger/webim/operator/threadprocessor.php @@ -35,7 +35,7 @@ function thread_info($id) "unix_timestamp(dtmmodified) as modified, unix_timestamp(dtmcreated) as created," . "vclocalname as groupName " . "from ${mysqlprefix}chatthread left join ${mysqlprefix}chatgroup on ${mysqlprefix}chatthread.groupid = ${mysqlprefix}chatgroup.groupid " . - "where threadid = " . $id, $link); + "where threadid = " . intval($id), $link); mysql_close($link); return $thread; } diff --git a/src/messenger/webim/operator/update.php b/src/messenger/webim/operator/update.php index c604212f..9e6bfaf9 100644 --- a/src/messenger/webim/operator/update.php +++ b/src/messenger/webim/operator/update.php @@ -98,7 +98,7 @@ $can_viewthreads, $can_takeover, $mysqlprefix; $userAgent = get_useragent_version($thread['userAgent']); $result .= "" . safe_htmlspecialchars(safe_htmlspecialchars($userAgent)) . ""; if ($thread["shownmessageid"] != 0) { - $query = "select tmessage from ${mysqlprefix}chatmessage where messageid = " . $thread["shownmessageid"]; + $query = "select tmessage from ${mysqlprefix}chatmessage where messageid = " . intval($thread["shownmessageid"]); $line = select_one_row($query, $link); if ($line) { $message = preg_replace("/[\r\n\t]+/", " ", $line["tmessage"]); @@ -116,19 +116,22 @@ function print_pending_threads($groupids, $since) $revision = $since; $output = array(); + + $groupids = join(",", array_map("intval", preg_split('/,/', $groupids))); + $query = "select threadid, userName, agentName, unix_timestamp(dtmcreated), userTyping, " . "unix_timestamp(dtmmodified), lrevision, istate, remote, nextagent, agentId, userid, shownmessageid, userAgent, (select vclocalname from ${mysqlprefix}chatgroup where ${mysqlprefix}chatgroup.groupid = ${mysqlprefix}chatthread.groupid) as groupname " . - "from ${mysqlprefix}chatthread where lrevision > $since " . + "from ${mysqlprefix}chatthread where lrevision > " . intval($since) . ($since <= 0 - ? "AND istate <> $state_closed AND istate <> $state_left " + ? " AND istate <> " . intval($state_closed) . " AND istate <> " . intval($state_left) : "") . ($settings['enablegroups'] == '1' - ? "AND (groupid is NULL" . ($groupids + ? " AND (groupid is NULL" . ($groupids ? " OR groupid IN ($groupids)" : "") . - ") " + ")" : "") . - "ORDER BY threadid"; + " ORDER BY threadid"; $rows = select_multi_assoc($query, $link); foreach ($rows as $row) { $thread = thread_to_xml($row, $link); diff --git a/src/messenger/webim/operator/userhistory.php b/src/messenger/webim/operator/userhistory.php index 27d2387e..27c2fe05 100644 --- a/src/messenger/webim/operator/userhistory.php +++ b/src/messenger/webim/operator/userhistory.php @@ -44,7 +44,7 @@ function threads_by_userid($userid) $query = sprintf("select unix_timestamp(dtmcreated) as created, unix_timestamp(dtmmodified) as modified, " . " threadid, remote, agentName, userName " . "from ${mysqlprefix}chatthread " . - "where userid=\"$userid\" order by created DESC", $userid); + "where userid=%s order by created DESC", intval($userid)); $result = mysql_query($query, $link) or die(' Query failed: ' . mysql_error($link));