[X2Go-Commits] x2goserver.git - build-baikal (branch) updated: 3.0.99-2-4-g4c34844

X2Go dev team git-admin at x2go.org
Fri Jan 3 20:50:28 CET 2014


The branch, build-baikal has been updated
       via  4c3484419eb32f645709352a52523df57c0e813f (commit)
      from  17f0a8f6d633ba495a2f22f9fbe0d99ceff212a4 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 4c3484419eb32f645709352a52523df57c0e813f
Author: Alexander Wuerstlein <arw at arw.name>
Date:   Tue Feb 15 14:08:02 2011 +0100

    Use prepared statements, fix sql injections

-----------------------------------------------------------------------

Summary of changes:
 x2gosqlitewrapper |   58 ++++++++++++++++++++++++++---------------------------
 1 file changed, 29 insertions(+), 29 deletions(-)

The diff of changes is:
diff --git a/x2gosqlitewrapper b/x2gosqlitewrapper
index b6a7156..55b8e43 100755
--- a/x2gosqlitewrapper
+++ b/x2gosqlitewrapper
@@ -24,8 +24,8 @@ if($cmd eq  "rmsessionsroot")
 {
 	checkroot();
 	my $sid=shift or die "argument \"session_id\" missed";
-	my $sth=$dbh->prepare("delete from sessions  where session_id='$sid'");
-	$sth->execute()or die;
+	my $sth=$dbh->prepare("delete from sessions  where session_id=?");
+	$sth->execute($id)or die;
 	$sth->finish();
 }
 
@@ -40,8 +40,8 @@ elsif($cmd eq  "listsessionsroot")
 	                       substr(strftime('%d.%m.%Y*%H:%M:%S',last_time),0,6)||substr(strftime('%d.%m.%Y*%H:%M:%S',last_time),9,11),
 	                       uname,
 	                       strftime('%s','now','localtime') - strftime('%s',init_time),fs_port from  sessions
-	                       where server='$server'  order by status desc");
-	$sth->execute() or die;
+	                       where server=?  order by status desc");
+	$sth->execute($server) or die;
 	fetchrow_printall_array($sth);
 }
 
@@ -64,8 +64,8 @@ elsif($cmd eq  "getmounts")
 {
 	my $sid=shift or die "argument \"session_id\" missed";
 	my @strings;
-	my $sth=$dbh->prepare("select client, path from mounts where session_id='$sid'");
-	$sth->execute()or die;
+	my $sth=$dbh->prepare("select client, path from mounts where session_id=?");
+	$sth->execute($sid)or die;
 	fetchrow_printall_array($sth);
 }
 
@@ -73,8 +73,8 @@ elsif($cmd eq  "deletemount")
 {
 	my $sid=shift or die "argument \"session_id\" missed";
 	my $path=shift or die "argument \"path\" missed";
-	my $sth=$dbh->prepare("delete from mounts where session_id='$sid' and path='$path'");
-	$sth->execute();
+	my $sth=$dbh->prepare("delete from mounts where session_id=? and path=?");
+	$sth->execute($sid, $path);
 	$sth->finish();
 }
 
@@ -83,8 +83,8 @@ elsif($cmd eq  "insertmount")
 	my $sid=shift or die "argument \"session_id\" missed";
 	my $path=shift or die "argument \"path\" missed";
 	my $client=shift or die "argument \"client\" missed";
-	my $sth=$dbh->prepare("insert into mounts (session_id,path,client) values  ('$sid','$path','$client')");
-	$sth->execute();
+	my $sth=$dbh->prepare("insert into mounts (session_id,path,client) values  (?, ?, ?)");
+	$sth->execute($sid, $path, $client);
 	if(!$sth->err())
 	{
 		print "ok";
@@ -98,8 +98,8 @@ elsif($cmd eq  "insertsession")
 	my $server=shift or die "argument \"server\" missed";
 	my $sid=shift or die "argument \"session_id\" missed";
 	my $sth=$dbh->prepare("insert into sessions (display,server,uname,session_id, init_time, last_time) values
-	                       ('$display','$server','$realuser','$sid', datetime('now','localtime'), datetime('now','localtime'))");
-	$sth->execute()or die $_;
+	                       (?, ?, ?, ?, datetime('now','localtime'), datetime('now','localtime'))");
+	$sth->execute($display, $server, $realuser, $sid) or die $_;
 	$sth->finish();
 	print "ok";
 }
@@ -113,9 +113,9 @@ elsif($cmd eq  "createsession")
 	my $snd_port=shift or die"argument \"snd_port\" missed";
 	my $fs_port=shift or die"argument \"fs_port\" missed";
 	my $sid=shift or die "argument \"session_id\" missed";
-	my $sth=$dbh->prepare("update sessions set status='R',last_time=datetime('now','localtime'),cookie='$cookie',agent_pid='$pid',
-	                       client='$client',gr_port='$gr_port',sound_port='$snd_port',fs_port='$fs_port' where session_id='$sid' and uname='$realuser'");
-	$sth->execute()or die;
+	my $sth=$dbh->prepare("update sessions set status='R',last_time=datetime('now','localtime'),cookie=?,agent_pid=?,
+	                       client=?,gr_port=?,sound_port=?,fs_port=? where session_id=? and uname=?");
+	$sth->execute($cookie, $pid, $client, $gr_port, $snd_port, $fs_port, $sid, $realuid)or die;
 	$sth->finish();
 	print "ok";
 }
@@ -125,8 +125,8 @@ elsif($cmd eq  "insertport")
 	my $server=shift or die "argument \"server\" missed";
 	my $sid=shift or die "argument \"session_id\" missed";
 	my $sshport=shift or die "argument \"port\" missed";
-	my $sth=$dbh->prepare("insert into used_ports (server,session_id,port) values  ('$server','$sid','$sshport')");
-	$sth->execute()or die;
+	my $sth=$dbh->prepare("insert into used_ports (server,session_id,port) values  (?, ?, ?)");
+	$sth->execute($server, $sid, $sshport) or die;
 	$sth->finish();
 }
 
@@ -135,8 +135,8 @@ elsif($cmd eq  "resume")
 	my $client=shift or die "argument \"client\" missed";
 	my $sid=shift or die "argument \"session_id\" missed";
 	my $sth=$dbh->prepare("update sessions set last_time=datetime('now','localtime'),status='R',
-	                       client='$client' where session_id = '$sid' and uname='$realuser'");
-	$sth->execute()or die;
+	                       client=? where session_id = ? and uname=?");
+	$sth->execute($client, $sid, $realuser) or die;
 	$sth->finish();
 }
 
@@ -145,8 +145,8 @@ elsif($cmd eq  "changestatus")
 	my $status=shift or die "argument \"status\" missed";
 	my $sid=shift or die "argument \"session_id\" missed";
 	my $sth=$dbh->prepare("update sessions set last_time=datetime('now','localtime'),
-	                       status='$status' where session_id = '$sid' and uname='$realuser'");
-	$sth->execute()or die;
+	                       status=? where session_id = ? and uname=?");
+	$sth->execute($status, $sid, $realuser)or die;
 	$sth->finish();
 }
 
@@ -205,8 +205,8 @@ elsif($cmd eq  "getagent")
 	my $sid=shift or die "argument \"session_id\" missed";
 	my $agent;
 	my $sth=$dbh->prepare("select agent_pid from sessions
-	                       where session_id ='$sid'");
-	$sth->execute()or die;
+	                       where session_id=?");
+	$sth->execute($sid)or die;
 	my @data;
 	my $i=0;
 	if(@data = $sth->fetchrow_array)
@@ -222,8 +222,8 @@ elsif($cmd eq  "getdisplay")
 	my $sid=shift or die "argument \"session_id\" missed";
 	my $display;
 	my $sth=$dbh->prepare("select display from sessions
-	                       where session_id ='$sid'");
-	$sth->execute()or die;
+	                       where session_id =?");
+	$sth->execute($sid)or die;
 	my @data;
 	my $i=0;
 	if(@data = $sth->fetchrow_array)
@@ -244,9 +244,9 @@ elsif($cmd eq  "listsessions")
 	                       substr(strftime('%d.%m.%Y*%H:%M:%S',last_time),0,6)||substr(strftime('%d.%m.%Y*%H:%M:%S',last_time),9,11),
 	                       uname,
 	                       strftime('%s','now','localtime') - strftime('%s',init_time),fs_port from  sessions
-	                       where status !='F' and server='$server' and uname='$realuser'
+	                       where status !='F' and server=? and uname=?
 	                       and  (  session_id not like '%XSHAD%')  order by status desc");
-	$sth->execute()or die;
+	$sth->execute($server, $realuser)or die;
 	fetchrow_printall_array($sth);
 }
 
@@ -259,8 +259,8 @@ elsif($cmd eq  "listsessions_all")
 	                       substr(strftime('%d.%m.%Y*%H:%M:%S',last_time),0,6)||substr(strftime('%d.%m.%Y*%H:%M:%S',last_time),9,11),
 	                       uname,
 	                       strftime('%s','now','localtime') - strftime('%s',init_time),fs_port from  sessions 
-	                       where status !='F' and uname='$realuser' and  (  session_id not like '%XSHAD%')  order by status desc");
-	$sth->execute()or die;
+	                       where status !='F' and uname=? and  (  session_id not like '%XSHAD%')  order by status desc");
+	$sth->execute($realuser)or die;
 	fetchrow_printall_array($sth);
 }
 else


hooks/post-receive
-- 
x2goserver.git (X2Go Server)

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "x2goserver.git" (X2Go Server).




More information about the x2go-commits mailing list