[X2Go-Commits] x2goserver.git - build-baikal (branch) updated: 3.0.99-2-4-g4c34844
X2Go dev team
git-admin at x2go.org
Fri Jan 3 18:03:52 CET 2014
The branch, build-baikal has been updated
via 4c3484419eb32f645709352a52523df57c0e813f (commit)
from 17f0a8f6d633ba495a2f22f9fbe0d99ceff212a4 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 4c3484419eb32f645709352a52523df57c0e813f
Author: Alexander Wuerstlein <arw at arw.name>
Date: Tue Feb 15 14:08:02 2011 +0100
Use prepared statements, fix sql injections
-----------------------------------------------------------------------
Summary of changes:
x2gosqlitewrapper | 58 ++++++++++++++++++++++++++---------------------------
1 file changed, 29 insertions(+), 29 deletions(-)
The diff of changes is:
diff --git a/x2gosqlitewrapper b/x2gosqlitewrapper
index b6a7156..55b8e43 100755
--- a/x2gosqlitewrapper
+++ b/x2gosqlitewrapper
@@ -24,8 +24,8 @@ if($cmd eq "rmsessionsroot")
{
checkroot();
my $sid=shift or die "argument \"session_id\" missed";
- my $sth=$dbh->prepare("delete from sessions where session_id='$sid'");
- $sth->execute()or die;
+ my $sth=$dbh->prepare("delete from sessions where session_id=?");
+ $sth->execute($id)or die;
$sth->finish();
}
@@ -40,8 +40,8 @@ elsif($cmd eq "listsessionsroot")
substr(strftime('%d.%m.%Y*%H:%M:%S',last_time),0,6)||substr(strftime('%d.%m.%Y*%H:%M:%S',last_time),9,11),
uname,
strftime('%s','now','localtime') - strftime('%s',init_time),fs_port from sessions
- where server='$server' order by status desc");
- $sth->execute() or die;
+ where server=? order by status desc");
+ $sth->execute($server) or die;
fetchrow_printall_array($sth);
}
@@ -64,8 +64,8 @@ elsif($cmd eq "getmounts")
{
my $sid=shift or die "argument \"session_id\" missed";
my @strings;
- my $sth=$dbh->prepare("select client, path from mounts where session_id='$sid'");
- $sth->execute()or die;
+ my $sth=$dbh->prepare("select client, path from mounts where session_id=?");
+ $sth->execute($sid)or die;
fetchrow_printall_array($sth);
}
@@ -73,8 +73,8 @@ elsif($cmd eq "deletemount")
{
my $sid=shift or die "argument \"session_id\" missed";
my $path=shift or die "argument \"path\" missed";
- my $sth=$dbh->prepare("delete from mounts where session_id='$sid' and path='$path'");
- $sth->execute();
+ my $sth=$dbh->prepare("delete from mounts where session_id=? and path=?");
+ $sth->execute($sid, $path);
$sth->finish();
}
@@ -83,8 +83,8 @@ elsif($cmd eq "insertmount")
my $sid=shift or die "argument \"session_id\" missed";
my $path=shift or die "argument \"path\" missed";
my $client=shift or die "argument \"client\" missed";
- my $sth=$dbh->prepare("insert into mounts (session_id,path,client) values ('$sid','$path','$client')");
- $sth->execute();
+ my $sth=$dbh->prepare("insert into mounts (session_id,path,client) values (?, ?, ?)");
+ $sth->execute($sid, $path, $client);
if(!$sth->err())
{
print "ok";
@@ -98,8 +98,8 @@ elsif($cmd eq "insertsession")
my $server=shift or die "argument \"server\" missed";
my $sid=shift or die "argument \"session_id\" missed";
my $sth=$dbh->prepare("insert into sessions (display,server,uname,session_id, init_time, last_time) values
- ('$display','$server','$realuser','$sid', datetime('now','localtime'), datetime('now','localtime'))");
- $sth->execute()or die $_;
+ (?, ?, ?, ?, datetime('now','localtime'), datetime('now','localtime'))");
+ $sth->execute($display, $server, $realuser, $sid) or die $_;
$sth->finish();
print "ok";
}
@@ -113,9 +113,9 @@ elsif($cmd eq "createsession")
my $snd_port=shift or die"argument \"snd_port\" missed";
my $fs_port=shift or die"argument \"fs_port\" missed";
my $sid=shift or die "argument \"session_id\" missed";
- my $sth=$dbh->prepare("update sessions set status='R',last_time=datetime('now','localtime'),cookie='$cookie',agent_pid='$pid',
- client='$client',gr_port='$gr_port',sound_port='$snd_port',fs_port='$fs_port' where session_id='$sid' and uname='$realuser'");
- $sth->execute()or die;
+ my $sth=$dbh->prepare("update sessions set status='R',last_time=datetime('now','localtime'),cookie=?,agent_pid=?,
+ client=?,gr_port=?,sound_port=?,fs_port=? where session_id=? and uname=?");
+ $sth->execute($cookie, $pid, $client, $gr_port, $snd_port, $fs_port, $sid, $realuid)or die;
$sth->finish();
print "ok";
}
@@ -125,8 +125,8 @@ elsif($cmd eq "insertport")
my $server=shift or die "argument \"server\" missed";
my $sid=shift or die "argument \"session_id\" missed";
my $sshport=shift or die "argument \"port\" missed";
- my $sth=$dbh->prepare("insert into used_ports (server,session_id,port) values ('$server','$sid','$sshport')");
- $sth->execute()or die;
+ my $sth=$dbh->prepare("insert into used_ports (server,session_id,port) values (?, ?, ?)");
+ $sth->execute($server, $sid, $sshport) or die;
$sth->finish();
}
@@ -135,8 +135,8 @@ elsif($cmd eq "resume")
my $client=shift or die "argument \"client\" missed";
my $sid=shift or die "argument \"session_id\" missed";
my $sth=$dbh->prepare("update sessions set last_time=datetime('now','localtime'),status='R',
- client='$client' where session_id = '$sid' and uname='$realuser'");
- $sth->execute()or die;
+ client=? where session_id = ? and uname=?");
+ $sth->execute($client, $sid, $realuser) or die;
$sth->finish();
}
@@ -145,8 +145,8 @@ elsif($cmd eq "changestatus")
my $status=shift or die "argument \"status\" missed";
my $sid=shift or die "argument \"session_id\" missed";
my $sth=$dbh->prepare("update sessions set last_time=datetime('now','localtime'),
- status='$status' where session_id = '$sid' and uname='$realuser'");
- $sth->execute()or die;
+ status=? where session_id = ? and uname=?");
+ $sth->execute($status, $sid, $realuser)or die;
$sth->finish();
}
@@ -205,8 +205,8 @@ elsif($cmd eq "getagent")
my $sid=shift or die "argument \"session_id\" missed";
my $agent;
my $sth=$dbh->prepare("select agent_pid from sessions
- where session_id ='$sid'");
- $sth->execute()or die;
+ where session_id=?");
+ $sth->execute($sid)or die;
my @data;
my $i=0;
if(@data = $sth->fetchrow_array)
@@ -222,8 +222,8 @@ elsif($cmd eq "getdisplay")
my $sid=shift or die "argument \"session_id\" missed";
my $display;
my $sth=$dbh->prepare("select display from sessions
- where session_id ='$sid'");
- $sth->execute()or die;
+ where session_id =?");
+ $sth->execute($sid)or die;
my @data;
my $i=0;
if(@data = $sth->fetchrow_array)
@@ -244,9 +244,9 @@ elsif($cmd eq "listsessions")
substr(strftime('%d.%m.%Y*%H:%M:%S',last_time),0,6)||substr(strftime('%d.%m.%Y*%H:%M:%S',last_time),9,11),
uname,
strftime('%s','now','localtime') - strftime('%s',init_time),fs_port from sessions
- where status !='F' and server='$server' and uname='$realuser'
+ where status !='F' and server=? and uname=?
and ( session_id not like '%XSHAD%') order by status desc");
- $sth->execute()or die;
+ $sth->execute($server, $realuser)or die;
fetchrow_printall_array($sth);
}
@@ -259,8 +259,8 @@ elsif($cmd eq "listsessions_all")
substr(strftime('%d.%m.%Y*%H:%M:%S',last_time),0,6)||substr(strftime('%d.%m.%Y*%H:%M:%S',last_time),9,11),
uname,
strftime('%s','now','localtime') - strftime('%s',init_time),fs_port from sessions
- where status !='F' and uname='$realuser' and ( session_id not like '%XSHAD%') order by status desc");
- $sth->execute()or die;
+ where status !='F' and uname=? and ( session_id not like '%XSHAD%') order by status desc");
+ $sth->execute($realuser)or die;
fetchrow_printall_array($sth);
}
else
hooks/post-receive
--
x2goserver.git (X2Go Server)
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "x2goserver.git" (X2Go Server).
More information about the x2go-commits
mailing list