Replaced all mysql_real_escape_string by db_escape_string

2025-01-22 18:10:34 +03:00 · 2011-11-09 18:59:07 +00:00 · 2011-11-09 18:59:07 +00:00 · 5a3af46203
commit 5a3af46203
parent a47e66a6a6
11 changed files with 56 additions and 56 deletions
--- a/src/messenger/webim/libs/chat.php
+++ b/src/messenger/webim/libs/chat.php
@ -70,8 +70,8 @@ function post_message_($threadid, $kind, $message, $link, $from = null, $utime =
 		"insert into ${mysqlprefix}chatmessage (threadid,ikind,tmessage,tname,agentId,dtmcreated) values (%s, %s,'%s',%s,%s,%s)",
 		$threadid,
 		$kind,
-		mysql_real_escape_string($message, $link),
-		$from ? "'" . mysql_real_escape_string($from, $link) . "'" : "null",
+		db_escape_string($message, $link),
+		$from ? "'" . db_escape_string($from, $link) . "'" : "null",
 		$opid ? $opid : "0",
 		$utime ? "FROM_UNIXTIME($utime)" : "CURRENT_TIMESTAMP");

@ -536,7 +536,7 @@ function rename_user($thread, $newname)
 	global $kind_events;

 	$link = connect();
-	commit_thread($thread['threadid'], array('userName' => "'" . mysql_real_escape_string($newname, $link) . "'"), $link);
+	commit_thread($thread['threadid'], array('userName' => "'" . db_escape_string($newname, $link) . "'"), $link);

 	if ($thread['userName'] != $newname) {
 		post_message_($thread['threadid'], $kind_events,
@ -573,7 +573,7 @@ function thread_by_id_($id, $link)
 function ban_for_addr_($addr, $link)
 {
 	global $mysqlprefix;
-	return select_one_row("select banid,comment from ${mysqlprefix}chatban where unix_timestamp(dtmtill) > unix_timestamp(CURRENT_TIMESTAMP) AND address = '" . mysql_real_escape_string($addr, $link) . "'", $link);
+	return select_one_row("select banid,comment from ${mysqlprefix}chatban where unix_timestamp(dtmtill) > unix_timestamp(CURRENT_TIMESTAMP) AND address = '" . db_escape_string($addr, $link) . "'", $link);
 }

 function thread_by_id($id)
@ -590,14 +590,14 @@ function create_thread($groupid, $username, $remoteHost, $referer, $lang, $useri
 	$query = sprintf(
 		"insert into ${mysqlprefix}chatthread (userName,userid,ltoken,remote,referer,lrevision,locale,userAgent,dtmcreated,dtmmodified,istate" . ($groupid ? ",groupid" : "") . ") values " .
 		"('%s','%s',%s,'%s','%s',%s,'%s','%s',CURRENT_TIMESTAMP,CURRENT_TIMESTAMP,$initialState" . ($groupid ? ",$groupid" : "") . ")",
-		mysql_real_escape_string($username, $link),
-		mysql_real_escape_string($userid, $link),
+		db_escape_string($username, $link),
+		db_escape_string($userid, $link),
 		next_token(),
-		mysql_real_escape_string($remoteHost, $link),
-		mysql_real_escape_string($referer, $link),
+		db_escape_string($remoteHost, $link),
+		db_escape_string($referer, $link),
 		next_revision($link),
-		mysql_real_escape_string($lang, $link),
-		mysql_real_escape_string($userbrowser, $link));
+		db_escape_string($lang, $link),
+		db_escape_string($userbrowser, $link));

 	perform_query($query, $link);
 	$id = mysql_insert_id($link);
@ -614,7 +614,7 @@ function do_take_thread($threadid, $operatorId, $operatorName)
 				  array("istate" => $state_chatting,
 					   "nextagent" => 0,
 					   "agentId" => $operatorId,
-					   "agentName" => "'" . mysql_real_escape_string($operatorName, $link) . "'"), $link);
+					   "agentName" => "'" . db_escape_string($operatorName, $link) . "'"), $link);
 	close_connection($link);
 }

@ -704,7 +704,7 @@ function check_connections_from_remote($remote, $link)
 	}
 	$result = select_one_row(
 		"select count(*) as opened from ${mysqlprefix}chatthread " .
-		"where remote = '" . mysql_real_escape_string($remote, $link) . "' AND istate <> $state_closed AND istate <> $state_left", $link);
+		"where remote = '" . db_escape_string($remote, $link) . "' AND istate <> $state_closed AND istate <> $state_left", $link);
 	if ($result && isset($result['opened'])) {
 		return $result['opened'] < $settings['max_connections_from_one_host'];
 	}
--- a/src/messenger/webim/libs/invitation.php
+++ b/src/messenger/webim/libs/invitation.php
@ -22,7 +22,7 @@
 function invitation_state($visitorid, $link)
 {
 	global $mysqlprefix;
-	$query = "select invited, threadid from ${mysqlprefix}chatsitevisitor where visitorid = '" . mysql_real_escape_string($visitorid) . "'";
+	$query = "select invited, threadid from ${mysqlprefix}chatsitevisitor where visitorid = '" . db_escape_string($visitorid) . "'";
 	$result = select_one_row($query, $link);
 	if (!$result) {
 	    $result['invited'] = 0;
@ -36,7 +36,7 @@ function invitation_invite($visitorid, $operatorid, $link)
 	global $mysqlprefix;

 	if (!invitation_check($visitorid, $link)) {
-	    $query = "update ${mysqlprefix}chatsitevisitor set invited = 1, invitedby = '" . mysql_real_escape_string($operatorid) . "', invitationtime = now(), invitations = invitations + 1 where visitorid = '" . mysql_real_escape_string($visitorid) . "'";
+	    $query = "update ${mysqlprefix}chatsitevisitor set invited = 1, invitedby = '" . db_escape_string($operatorid) . "', invitationtime = now(), invitations = invitations + 1 where visitorid = '" . db_escape_string($visitorid) . "'";
 	    perform_query($query, $link);
 	    return invitation_check($visitorid, $link);
 	}
@ -49,7 +49,7 @@ function invitation_check($visitorid, $link)
 {
 	global $mysqlprefix;

-	$query = "select invitedby from ${mysqlprefix}chatsitevisitor where invited and visitorid = '" . mysql_real_escape_string($visitorid) . "'" .
+	$query = "select invitedby from ${mysqlprefix}chatsitevisitor where invited and visitorid = '" . db_escape_string($visitorid) . "'" .
 		 " and lasttime < invitationtime and threadid is null";
 	$result = select_one_row($query, $link);

@ -60,10 +60,10 @@ function invitation_accept($visitorid, $threadid, $link)
 {
 	global $mysqlprefix;

-	$query = "update ${mysqlprefix}chatsitevisitor set threadid = " . $threadid . ", chats = chats + 1 where visitorid = '" . mysql_real_escape_string($visitorid) . "'";
+	$query = "update ${mysqlprefix}chatsitevisitor set threadid = " . $threadid . ", chats = chats + 1 where visitorid = '" . db_escape_string($visitorid) . "'";
 	perform_query($query, $link);

-	$query = "select invitedby from ${mysqlprefix}chatsitevisitor where visitorid = '" . mysql_real_escape_string($visitorid) . "'";
+	$query = "select invitedby from ${mysqlprefix}chatsitevisitor where visitorid = '" . db_escape_string($visitorid) . "'";
 	$result = select_one_row($query, $link);

 	if ($result && isset($result['invitedby']) && $result['invitedby']) {
--- a/src/messenger/webim/libs/operator.php
+++ b/src/messenger/webim/libs/operator.php
@ -38,7 +38,7 @@ function operator_by_login($login)
 	global $mysqlprefix;
 	$link = connect();
 	$operator = select_one_row(
-		"select * from ${mysqlprefix}chatoperator where vclogin = '" . mysql_real_escape_string($login) . "'", $link);
+		"select * from ${mysqlprefix}chatoperator where vclogin = '" . db_escape_string($login) . "'", $link);
 	close_connection($link);
 	return $operator;
 }
@ -48,7 +48,7 @@ function operator_by_email($mail)
 	global $mysqlprefix;
 	$link = connect();
 	$operator = select_one_row(
-		"select * from ${mysqlprefix}chatoperator where vcemail = '" . mysql_real_escape_string($mail) . "'", $link);
+		"select * from ${mysqlprefix}chatoperator where vcemail = '" . db_escape_string($mail) . "'", $link);
 	close_connection($link);
 	return $operator;
 }
@ -106,11 +106,11 @@ function update_operator($operatorid, $login, $email, $password, $localename, $c
 		"update ${mysqlprefix}chatoperator set vclogin = '%s',%s vclocalename = '%s', vccommonname = '%s'" .
 		", vcemail = '%s', vcjabbername= '%s'" .
 		" where operatorid = %s",
-		mysql_real_escape_string($login),
+		db_escape_string($login),
 		($password ? " vcpassword='" . md5($password) . "'," : ""),
-		mysql_real_escape_string($localename),
-		mysql_real_escape_string($commonname),
-		mysql_real_escape_string($email),
+		db_escape_string($localename),
+		db_escape_string($commonname),
+		db_escape_string($email),
 		'',
 		$operatorid);

@ -130,7 +130,7 @@ function update_operator_avatar($operatorid, $avatar)
 	$link = connect();
 	$query = sprintf(
 		"update ${mysqlprefix}chatoperator set vcavatar = '%s' where operatorid = %s",
-		mysql_real_escape_string($avatar), $operatorid);
+		db_escape_string($avatar), $operatorid);

 	perform_query($query, $link);
 	close_connection($link);
@ -141,12 +141,12 @@ function create_operator_($login, $email, $password, $localename, $commonname, $
 	global $mysqlprefix;
 	$query = sprintf(
 		"insert into ${mysqlprefix}chatoperator (vclogin,vcpassword,vclocalename,vccommonname,vcavatar,vcemail,vcjabbername) values ('%s','%s','%s','%s','%s','%s','%s')",
-		mysql_real_escape_string($login),
+		db_escape_string($login),
 		md5($password),
-		mysql_real_escape_string($localename),
-		mysql_real_escape_string($commonname),
-		mysql_real_escape_string($avatar),
-		mysql_real_escape_string($email), '');
+		db_escape_string($localename),
+		db_escape_string($commonname),
+		db_escape_string($avatar),
+		db_escape_string($email), '');

 	perform_query($query, $link);
 	$id = mysql_insert_id($link);
--- a/src/messenger/webim/libs/settings.php
+++ b/src/messenger/webim/libs/settings.php
@ -27,7 +27,7 @@ function update_settings()
 		if (!isset($settings_in_db[$key])) {
 			perform_query("insert into ${mysqlprefix}chatconfig (vckey) values ('$key')", $link);
 		}
-		$query = sprintf("update ${mysqlprefix}chatconfig set vcvalue='%s' where vckey='$key'", mysql_real_escape_string($value));
+		$query = sprintf("update ${mysqlprefix}chatconfig set vcvalue='%s' where vckey='$key'", db_escape_string($value));
 		perform_query($query, $link);
 	}

--- a/src/messenger/webim/libs/track.php
+++ b/src/messenger/webim/libs/track.php
@ -33,7 +33,7 @@ function track_visitor($visitorid, $entry, $referer, $link)
 	}
 	else {
 	    perform_query(sprintf("update ${mysqlprefix}chatsitevisitor set lasttime = CURRENT_TIMESTAMP, path = '%s' where visitorid=" . $visitor['visitorid'],
-		mysql_real_escape_string(track_build_path($referer, $visitor['path']))), $link);
+		db_escape_string(track_build_path($referer, $visitor['path']))), $link);
 	    return $visitor['visitorid'];
 	}
 }
@ -45,11 +45,11 @@ function track_visitor_start($entry, $referer, $link)
 	$visitor = visitor_from_request();

 	perform_query(sprintf("insert into ${mysqlprefix}chatsitevisitor (userid, username, firsttime, lasttime, entry, path, details) values ('%s', '%s', CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, '%s', '%s', '%s')",
-			mysql_real_escape_string($visitor['id']),
-			mysql_real_escape_string($visitor['name']),
-			mysql_real_escape_string($entry),
-			mysql_real_escape_string(track_build_path($referer, '')),
-			mysql_real_escape_string(track_build_details())), $link);
+			db_escape_string($visitor['id']),
+			db_escape_string($visitor['name']),
+			db_escape_string($entry),
+			db_escape_string(track_build_path($referer, '')),
+			db_escape_string(track_build_details())), $link);

 	$id = mysql_insert_id($link);
 	return $id ? $id : 0;
--- a/src/messenger/webim/operator/ban.php
+++ b/src/messenger/webim/operator/ban.php
@ -66,15 +66,15 @@ if (isset($_POST['address'])) {
 			$query = sprintf(
 				"insert into ${mysqlprefix}chatban (dtmcreated,dtmtill,address,comment) values (CURRENT_TIMESTAMP,%s,'%s','%s')",
 				"FROM_UNIXTIME($utime)",
-				mysql_real_escape_string($address, $link),
-				mysql_real_escape_string($comment, $link));
+				db_escape_string($address, $link),
+				db_escape_string($comment, $link));
 			perform_query($query, $link);
 		} else {
 			$query = sprintf(
 				"update ${mysqlprefix}chatban set dtmtill = %s,address = '%s',comment = '%s' where banid = $banId",
 				"FROM_UNIXTIME($utime)",
-				mysql_real_escape_string($address, $link),
-				mysql_real_escape_string($comment, $link));
+				db_escape_string($address, $link),
+				db_escape_string($comment, $link));
 			perform_query($query, $link);
 		}
 		close_connection($link);
--- a/src/messenger/webim/operator/canned.php
+++ b/src/messenger/webim/operator/canned.php
@ -55,7 +55,7 @@ function load_canned_messages($locale, $groupid)
 				if ($i > 0) {
 					$updatequery .= ", ";
 				}
-				$updatequery .= "('" . mysql_real_escape_string($result[$i]['vcvalue'], $link) . "','$locale', NULL)";
+				$updatequery .= "('" . db_escape_string($result[$i]['vcvalue'], $link) . "','$locale', NULL)";
 			}
 			perform_query($updatequery, $link);
 			$result = select_multi_assoc($query, $link);
--- a/src/messenger/webim/operator/cannededit.php
+++ b/src/messenger/webim/operator/cannededit.php
@ -36,7 +36,7 @@ function save_message($key, $message)
 {
 	global $mysqlprefix;
 	$link = connect();
-	perform_query("update ${mysqlprefix}chatresponses set vcvalue = '" . mysql_real_escape_string($message, $link) . "' " .
+	perform_query("update ${mysqlprefix}chatresponses set vcvalue = '" . db_escape_string($message, $link) . "' " .
 				  "where id = $key", $link);
 	close_connection($link);
 }
@ -47,7 +47,7 @@ function add_message($locale, $groupid, $message)
 	$link = connect();
 	perform_query("insert into ${mysqlprefix}chatresponses (locale,groupid,vcvalue) values ('$locale'," .
 				  ($groupid ? "$groupid, " : "null, ") .
-				  "'" . mysql_real_escape_string($message, $link) . "')", $link);
+				  "'" . db_escape_string($message, $link) . "')", $link);
 	close_connection($link);
 }

--- a/src/messenger/webim/operator/group.php
+++ b/src/messenger/webim/operator/group.php
@ -34,7 +34,7 @@ function group_by_name($name)
 	global $mysqlprefix;
 	$link = connect();
 	$group = select_one_row(
-		"select * from ${mysqlprefix}chatgroup where vclocalname = '" . mysql_real_escape_string($name) . "'", $link);
+		"select * from ${mysqlprefix}chatgroup where vclocalname = '" . db_escape_string($name) . "'", $link);
 	close_connection($link);
 	return $group;
 }
@ -45,11 +45,11 @@ function create_group($name, $descr, $commonname, $commondescr, $email)
 	$link = connect();
 	$query = sprintf(
 		"insert into ${mysqlprefix}chatgroup (vclocalname,vclocaldescription,vccommonname,vccommondescription,vcemail) values ('%s','%s','%s','%s','%s')",
-		mysql_real_escape_string($name),
-		mysql_real_escape_string($descr),
-		mysql_real_escape_string($commonname),
-		mysql_real_escape_string($commondescr),
-		mysql_real_escape_string($email));
+		db_escape_string($name),
+		db_escape_string($descr),
+		db_escape_string($commonname),
+		db_escape_string($commondescr),
+		db_escape_string($email));

 	perform_query($query, $link);
 	$id = mysql_insert_id($link);
@ -65,11 +65,11 @@ function update_group($groupid, $name, $descr, $commonname, $commondescr, $email
 	$link = connect();
 	$query = sprintf(
 		"update ${mysqlprefix}chatgroup set vclocalname = '%s', vclocaldescription = '%s', vccommonname = '%s', vccommondescription = '%s', vcemail = '%s' where groupid = %s",
-		mysql_real_escape_string($name),
-		mysql_real_escape_string($descr),
-		mysql_real_escape_string($commonname),
-		mysql_real_escape_string($commondescr),
-		mysql_real_escape_string($email),
+		db_escape_string($name),
+		db_escape_string($descr),
+		db_escape_string($commonname),
+		db_escape_string($commondescr),
+		db_escape_string($email),
 		$groupid);

 	perform_query($query, $link);
--- a/src/messenger/webim/operator/history.php
+++ b/src/messenger/webim/operator/history.php
@ -47,7 +47,7 @@ if ($query !== false) {
 	mysql_free_result($result);
 	$page['groupName'] = $groupName;

-	$escapedQuery = mysql_real_escape_string($query, $link);
+	$escapedQuery = db_escape_string($query, $link);
 	select_with_pagintation("DISTINCT unix_timestamp(${mysqlprefix}chatthread.dtmcreated) as created, " .
 							"unix_timestamp(${mysqlprefix}chatthread.dtmmodified) as modified, ${mysqlprefix}chatthread.threadid, " .
 							"${mysqlprefix}chatthread.remote, ${mysqlprefix}chatthread.agentName, ${mysqlprefix}chatthread.userName, groupid, " .