From 3972bf598195efba3e73ae1fef3faceabeb50308 Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <fox@fakecake.org>
Date: Fri, 22 Mar 2013 09:14:55 +0400
Subject: db_escape_string: specify link parameter for consistency; sessions:
 do not force-close db connection in _close()

---
 plugins/auth_internal/init.php  |  8 ++++----
 plugins/auth_remote/init.php    | 12 ++++++------
 plugins/digest/init.php         |  8 ++++----
 plugins/embed_original/init.php |  2 +-
 plugins/example/init.php        |  2 +-
 plugins/googleplus/init.php     |  2 +-
 plugins/identica/init.php       |  2 +-
 plugins/import_export/init.php  |  8 ++++----
 plugins/instances/init.php      | 28 ++++++++++++++--------------
 plugins/mail/init.php           |  6 +++---
 plugins/mailto/init.php         |  2 +-
 plugins/note/init.php           |  6 +++---
 plugins/nsfw/init.php           |  2 +-
 plugins/owncloud/init.php       |  4 ++--
 plugins/pinterest/init.php      |  2 +-
 plugins/pocket/init.php         |  2 +-
 plugins/share/init.php          |  4 ++--
 plugins/tweet/init.php          |  2 +-
 18 files changed, 51 insertions(+), 51 deletions(-)

(limited to 'plugins')

diff --git a/plugins/auth_internal/init.php b/plugins/auth_internal/init.php
index cf6c13780..e910e52aa 100644
--- a/plugins/auth_internal/init.php
+++ b/plugins/auth_internal/init.php
@@ -22,8 +22,8 @@ class Auth_Internal extends Plugin implements IAuthModule {
 
 		$pwd_hash1 = encrypt_password($password);
 		$pwd_hash2 = encrypt_password($password, $login);
-		$login = db_escape_string($login);
-		$otp = db_escape_string($_REQUEST["otp"]);
+		$login = db_escape_string($this->link, $login);
+		$otp = db_escape_string($this->link, $_REQUEST["otp"]);
 
 		if (get_schema_version($this->link) > 96) {
 			if (!defined('AUTH_DISABLE_OTP') || !AUTH_DISABLE_OTP) {
@@ -140,7 +140,7 @@ class Auth_Internal extends Plugin implements IAuthModule {
 	}
 
 	function check_password($owner_uid, $password) {
-		$owner_uid = db_escape_string($owner_uid);
+		$owner_uid = db_escape_string($this->link, $owner_uid);
 
 		$result = db_query($this->link, "SELECT salt,login FROM ttrss_users WHERE
 			id = '$owner_uid'");
@@ -169,7 +169,7 @@ class Auth_Internal extends Plugin implements IAuthModule {
 	}
 
 	function change_password($owner_uid, $old_password, $new_password) {
-		$owner_uid = db_escape_string($owner_uid);
+		$owner_uid = db_escape_string($this->link, $owner_uid);
 
 		if ($this->check_password($owner_uid, $old_password)) {
 
diff --git a/plugins/auth_remote/init.php b/plugins/auth_remote/init.php
index 7c8d835f8..7e4638fb2 100644
--- a/plugins/auth_remote/init.php
+++ b/plugins/auth_remote/init.php
@@ -21,7 +21,7 @@ class Auth_Remote extends Plugin implements IAuthModule {
 	}
 
 	function get_login_by_ssl_certificate() {
-		$cert_serial = db_escape_string(get_ssl_certificate_id());
+		$cert_serial = db_escape_string($this->link, get_ssl_certificate_id());
 
 		if ($cert_serial) {
 			$result = db_query($this->link, "SELECT login FROM ttrss_user_prefs, ttrss_users
@@ -29,7 +29,7 @@ class Auth_Remote extends Plugin implements IAuthModule {
 				owner_uid = ttrss_users.id");
 
 			if (db_num_rows($result) != 0) {
-				return db_escape_string(db_fetch_result($result, 0, "login"));
+				return db_escape_string($this->link, db_fetch_result($result, 0, "login"));
 			}
 		}
 
@@ -38,10 +38,10 @@ class Auth_Remote extends Plugin implements IAuthModule {
 
 
 	function authenticate($login, $password) {
-		$try_login = db_escape_string($_SERVER["REMOTE_USER"]);
+		$try_login = db_escape_string($this->link, $_SERVER["REMOTE_USER"]);
 
 		// php-cgi
-		if (!$try_login) $try_login = db_escape_string($_SERVER["REDIRECT_REMOTE_USER"]);
+		if (!$try_login) $try_login = db_escape_string($this->link, $_SERVER["REDIRECT_REMOTE_USER"]);
 
 		if (!$try_login) $try_login = $this->get_login_by_ssl_certificate();
 #	  	if (!$try_login) $try_login = "test_qqq";
@@ -60,14 +60,14 @@ class Auth_Remote extends Plugin implements IAuthModule {
 					// update user name
 					$fullname = $_SERVER['HTTP_USER_NAME'] ? $_SERVER['HTTP_USER_NAME'] : $_SERVER['AUTHENTICATE_CN'];
 					if ($fullname){
-						$fullname = db_escape_string($fullname);
+						$fullname = db_escape_string($this->link, $fullname);
 						db_query($this->link, "UPDATE ttrss_users SET full_name = '$fullname' WHERE id = " .
 							$user_id);
 					}
 					// update user mail
 					$email = $_SERVER['HTTP_USER_MAIL'] ? $_SERVER['HTTP_USER_MAIL'] : $_SERVER['AUTHENTICATE_MAIL'];
 					if ($email){
-						$email = db_escape_string($email);
+						$email = db_escape_string($this->link, $email);
 						db_query($this->link, "UPDATE ttrss_users SET email = '$email' WHERE id = " .
 							$user_id);
 					}
diff --git a/plugins/digest/init.php b/plugins/digest/init.php
index 2feabe3b4..2fc98b0ec 100644
--- a/plugins/digest/init.php
+++ b/plugins/digest/init.php
@@ -47,7 +47,7 @@ class Digest extends Plugin implements IHandler {
 	}
 
 	function digestgetcontents() {
-		$article_id = db_escape_string($_REQUEST['article_id']);
+		$article_id = db_escape_string($this->link, $_REQUEST['article_id']);
 
 		$result = db_query($this->link, "SELECT content,title,link,marked,published
 			FROM ttrss_entries, ttrss_user_entries
@@ -67,9 +67,9 @@ class Digest extends Plugin implements IHandler {
 	}
 
 	function digestupdate() {
-		$feed_id = db_escape_string($_REQUEST['feed_id']);
-		$offset = db_escape_string($_REQUEST['offset']);
-		$seq = db_escape_string($_REQUEST['seq']);
+		$feed_id = db_escape_string($this->link, $_REQUEST['feed_id']);
+		$offset = db_escape_string($this->link, $_REQUEST['offset']);
+		$seq = db_escape_string($this->link, $_REQUEST['seq']);
 
 		if (!$feed_id) $feed_id = -4;
 		if (!$offset) $offset = 0;
diff --git a/plugins/embed_original/init.php b/plugins/embed_original/init.php
index b28b2f8ee..0e0eb9603 100644
--- a/plugins/embed_original/init.php
+++ b/plugins/embed_original/init.php
@@ -36,7 +36,7 @@ class Embed_Original extends Plugin {
 	}
 
 	function getUrl() {
-		$id = db_escape_string($_REQUEST['id']);
+		$id = db_escape_string($this->link, $_REQUEST['id']);
 
 		$result = db_query($this->link, "SELECT link
 				FROM ttrss_entries, ttrss_user_entries
diff --git a/plugins/example/init.php b/plugins/example/init.php
index f3788ae8c..926a57da8 100644
--- a/plugins/example/init.php
+++ b/plugins/example/init.php
@@ -21,7 +21,7 @@ class Example extends Plugin {
 	}
 
 	function save() {
-		$example_value = db_escape_string($_POST["example_value"]);
+		$example_value = db_escape_string($this->link, $_POST["example_value"]);
 
 		$this->host->set($this, "example", $example_value);
 
diff --git a/plugins/googleplus/init.php b/plugins/googleplus/init.php
index 7ae6d1456..6045d2df6 100644
--- a/plugins/googleplus/init.php
+++ b/plugins/googleplus/init.php
@@ -32,7 +32,7 @@ class GooglePlus extends Plugin {
 	}
 
 	function getInfo() {
-		$id = db_escape_string($_REQUEST['id']);
+		$id = db_escape_string($this->link, $_REQUEST['id']);
 
 		$result = db_query($this->link, "SELECT title, link
 				FROM ttrss_entries, ttrss_user_entries
diff --git a/plugins/identica/init.php b/plugins/identica/init.php
index c9aa4118e..8e0ad4b9a 100644
--- a/plugins/identica/init.php
+++ b/plugins/identica/init.php
@@ -32,7 +32,7 @@ class Identica extends Plugin {
 	}
 
 	function getInfo() {
-		$id = db_escape_string($_REQUEST['id']);
+		$id = db_escape_string($this->link, $_REQUEST['id']);
 
 		$result = db_query($this->link, "SELECT title, link
 				FROM ttrss_entries, ttrss_user_entries
diff --git a/plugins/import_export/init.php b/plugins/import_export/init.php
index de21dbf32..61b9a439f 100644
--- a/plugins/import_export/init.php
+++ b/plugins/import_export/init.php
@@ -49,7 +49,7 @@ class Import_Export extends Plugin implements IHandler {
 	}
 
 	function save() {
-		$example_value = db_escape_string($_POST["example_value"]);
+		$example_value = db_escape_string($this->link, $_POST["example_value"]);
 
 		echo "Value set to $example_value (not really)";
 	}
@@ -122,7 +122,7 @@ class Import_Export extends Plugin implements IHandler {
 	}
 
 	function exportrun() {
-		$offset = (int) db_escape_string($_REQUEST['offset']);
+		$offset = (int) db_escape_string($this->link, $_REQUEST['offset']);
 		$exported = 0;
 		$limit = 250;
 
@@ -238,7 +238,7 @@ class Import_Export extends Plugin implements IHandler {
 
 					foreach ($article_node->childNodes as $child) {
 						if ($child->nodeName != 'label_cache')
-							$article[$child->nodeName] = db_escape_string($child->nodeValue);
+							$article[$child->nodeName] = db_escape_string($this->link, $child->nodeValue);
 						else
 							$article[$child->nodeName] = $child->nodeValue;
 					}
@@ -346,7 +346,7 @@ class Import_Export extends Plugin implements IHandler {
 								$score = (int) $article['score'];
 
 								$tag_cache = $article['tag_cache'];
-								$label_cache = db_escape_string($article['label_cache']);
+								$label_cache = db_escape_string($this->link, $article['label_cache']);
 								$note = $article['note'];
 
 								//print "Importing " . $article['title'] . "<br/>";
diff --git a/plugins/instances/init.php b/plugins/instances/init.php
index 6c0f89e1c..6e8d43e9b 100644
--- a/plugins/instances/init.php
+++ b/plugins/instances/init.php
@@ -92,10 +92,10 @@ class Instances extends Plugin implements IHandler {
 								WHERE instance_id = '$id'");
 
 							foreach ($feeds['feeds'] as $feed) {
-								$feed_url = db_escape_string($feed['feed_url']);
-								$title = db_escape_string($feed['title']);
-								$subscribers = db_escape_string($feed['subscribers']);
-								$site_url = db_escape_string($feed['site_url']);
+								$feed_url = db_escape_string($this->link, $feed['feed_url']);
+								$title = db_escape_string($this->link, $feed['title']);
+								$subscribers = db_escape_string($this->link, $feed['subscribers']);
+								$site_url = db_escape_string($this->link, $feed['site_url']);
 
 								db_query($link, "INSERT INTO ttrss_linked_feeds
 									(feed_url, site_url, title, subscribers, instance_id, created, updated)
@@ -167,16 +167,16 @@ class Instances extends Plugin implements IHandler {
 	}
 
 	function remove() {
-		$ids = db_escape_string($_REQUEST['ids']);
+		$ids = db_escape_string($this->link, $_REQUEST['ids']);
 
 		db_query($this->link, "DELETE FROM ttrss_linked_instances WHERE
 			id IN ($ids)");
 	}
 
 	function add() {
-		$id = db_escape_string($_REQUEST["id"]);
-		$access_url = db_escape_string($_REQUEST["access_url"]);
-		$access_key = db_escape_string($_REQUEST["access_key"]);
+		$id = db_escape_string($this->link, $_REQUEST["id"]);
+		$access_url = db_escape_string($this->link, $_REQUEST["access_url"]);
+		$access_key = db_escape_string($this->link, $_REQUEST["access_key"]);
 
 		db_query($this->link, "BEGIN");
 
@@ -195,7 +195,7 @@ class Instances extends Plugin implements IHandler {
 	}
 
 	function edit() {
-		$id = db_escape_string($_REQUEST["id"]);
+		$id = db_escape_string($this->link, $_REQUEST["id"]);
 
 		$result = db_query($this->link, "SELECT * FROM ttrss_linked_instances WHERE
 			id = '$id'");
@@ -253,9 +253,9 @@ class Instances extends Plugin implements IHandler {
 	}
 
 	function editSave() {
-		$id = db_escape_string($_REQUEST["id"]);
-		$access_url = db_escape_string($_REQUEST["access_url"]);
-		$access_key = db_escape_string($_REQUEST["access_key"]);
+		$id = db_escape_string($this->link, $_REQUEST["id"]);
+		$access_url = db_escape_string($this->link, $_REQUEST["access_url"]);
+		$access_key = db_escape_string($this->link, $_REQUEST["access_key"]);
 
 		db_query($this->link, "UPDATE ttrss_linked_instances SET
 			access_key = '$access_key', access_url = '$access_url',
@@ -277,7 +277,7 @@ class Instances extends Plugin implements IHandler {
 
 		print "<div id=\"pref-instance-toolbar\" dojoType=\"dijit.Toolbar\">";
 
-		$sort = db_escape_string($_REQUEST["sort"]);
+		$sort = db_escape_string($this->link, $_REQUEST["sort"]);
 
 		if (!$sort || $sort == "undefined") {
 			$sort = "access_url";
@@ -364,7 +364,7 @@ class Instances extends Plugin implements IHandler {
 
 	function fbexport() {
 
-		$access_key = db_escape_string($_POST["key"]);
+		$access_key = db_escape_string($this->link, $_POST["key"]);
 
 		// TODO: rate limit checking using last_connected
 		$result = db_query($this->link, "SELECT id FROM ttrss_linked_instances
diff --git a/plugins/mail/init.php b/plugins/mail/init.php
index 30a417a1b..a4817a15d 100644
--- a/plugins/mail/init.php
+++ b/plugins/mail/init.php
@@ -30,7 +30,7 @@ class Mail extends Plugin {
 
 	function emailArticle() {
 
-		$param = db_escape_string($_REQUEST['param']);
+		$param = db_escape_string($this->link, $_REQUEST['param']);
 
 		$secretkey = sha1(uniqid(rand(), true));
 
@@ -181,7 +181,7 @@ class Mail extends Plugin {
 			if (!$rc) {
 				$reply['error'] =  $mail->ErrorInfo;
 			} else {
-				save_email_address($this->link, db_escape_string($destination));
+				save_email_address($this->link, db_escape_string($this->link, $destination));
 				$reply['message'] = "UPDATE_COUNTERS";
 			}
 
@@ -193,7 +193,7 @@ class Mail extends Plugin {
 	}
 
 	function completeEmails() {
-		$search = db_escape_string($_REQUEST["search"]);
+		$search = db_escape_string($this->link, $_REQUEST["search"]);
 
 		print "<ul>";
 
diff --git a/plugins/mailto/init.php b/plugins/mailto/init.php
index 8d175ae1c..e140bbea7 100644
--- a/plugins/mailto/init.php
+++ b/plugins/mailto/init.php
@@ -30,7 +30,7 @@ class MailTo extends Plugin {
 
 	function emailArticle() {
 
-		$param = db_escape_string($_REQUEST['param']);
+		$param = db_escape_string($this->link, $_REQUEST['param']);
 
 		require_once "lib/MiniTemplator.class.php";
 
diff --git a/plugins/note/init.php b/plugins/note/init.php
index 83db94248..7e8cfb57f 100644
--- a/plugins/note/init.php
+++ b/plugins/note/init.php
@@ -29,7 +29,7 @@ class Note extends Plugin {
 	}
 
 	function edit() {
-		$param = db_escape_string($_REQUEST['param']);
+		$param = db_escape_string($this->link, $_REQUEST['param']);
 
 		$result = db_query($this->link, "SELECT note FROM ttrss_user_entries WHERE
 			ref_id = '$param' AND owner_uid = " . $_SESSION['uid']);
@@ -58,8 +58,8 @@ class Note extends Plugin {
 	}
 
 	function setNote() {
-		$id = db_escape_string($_REQUEST["id"]);
-		$note = trim(strip_tags(db_escape_string($_REQUEST["note"])));
+		$id = db_escape_string($this->link, $_REQUEST["id"]);
+		$note = trim(strip_tags(db_escape_string($this->link, $_REQUEST["note"])));
 
 		db_query($this->link, "UPDATE ttrss_user_entries SET note = '$note'
 			WHERE ref_id = '$id' AND owner_uid = " . $_SESSION["uid"]);
diff --git a/plugins/nsfw/init.php b/plugins/nsfw/init.php
index 9aadde4dd..247d56a1e 100644
--- a/plugins/nsfw/init.php
+++ b/plugins/nsfw/init.php
@@ -91,7 +91,7 @@ class NSFW extends Plugin {
 	}
 
 	function save() {
-		$tags = explode(",", db_escape_string($_POST["tags"]));
+		$tags = explode(",", db_escape_string($this->link, $_POST["tags"]));
 		$tags = array_map("trim", $tags);
 		$tags = array_map("mb_strtolower", $tags);
 		$tags = join(", ", $tags);
diff --git a/plugins/owncloud/init.php b/plugins/owncloud/init.php
index 48377e9d9..5d215b386 100644
--- a/plugins/owncloud/init.php
+++ b/plugins/owncloud/init.php
@@ -20,7 +20,7 @@ class OwnCloud extends Plugin {
   }
 
   function save() {
-    $owncloud_url = db_escape_string($_POST["owncloud_url"]);
+    $owncloud_url = db_escape_string($this->link, $_POST["owncloud_url"]);
     $this->host->set($this, "owncloud", $owncloud_url);
     echo "Value set to $owncloud_url";
   }
@@ -75,7 +75,7 @@ class OwnCloud extends Plugin {
   }
 
   function getOwnCloud() {
-    $id = db_escape_string($_REQUEST['id']);
+    $id = db_escape_string($this->link, $_REQUEST['id']);
 
     $result = db_query($this->link, "SELECT title, link
 		      FROM ttrss_entries, ttrss_user_entries
diff --git a/plugins/pinterest/init.php b/plugins/pinterest/init.php
index 96c730e84..11fe64eb5 100644
--- a/plugins/pinterest/init.php
+++ b/plugins/pinterest/init.php
@@ -32,7 +32,7 @@ class Pinterest extends Plugin {
 	}
 
 	function getInfo() {
-		$id = db_escape_string($_REQUEST['id']);
+		$id = db_escape_string($this->link, $_REQUEST['id']);
 
 		$result = db_query($this->link, "SELECT title, link
 				FROM ttrss_entries, ttrss_user_entries
diff --git a/plugins/pocket/init.php b/plugins/pocket/init.php
index 688a6258d..e96d08001 100644
--- a/plugins/pocket/init.php
+++ b/plugins/pocket/init.php
@@ -33,7 +33,7 @@ class Pocket extends Plugin {
 	}
 
 	function getInfo() {
-		$id = db_escape_string($_REQUEST['id']);
+		$id = db_escape_string($this->link, $_REQUEST['id']);
 
 		$result = db_query($this->link, "SELECT title, link
 				FROM ttrss_entries, ttrss_user_entries
diff --git a/plugins/share/init.php b/plugins/share/init.php
index f52d2a4fa..a3dc35224 100644
--- a/plugins/share/init.php
+++ b/plugins/share/init.php
@@ -28,7 +28,7 @@ class Share extends Plugin {
 	}
 
 	function shareArticle() {
-		$param = db_escape_string($_REQUEST['param']);
+		$param = db_escape_string($this->link, $_REQUEST['param']);
 
 		$result = db_query($this->link, "SELECT uuid, ref_id FROM ttrss_user_entries WHERE int_id = '$param'
 			AND owner_uid = " . $_SESSION['uid']);
@@ -41,7 +41,7 @@ class Share extends Plugin {
 			$ref_id = db_fetch_result($result, 0, "ref_id");
 
 			if (!$uuid) {
-				$uuid = db_escape_string(sha1(uniqid(rand(), true)));
+				$uuid = db_escape_string($this->link, sha1(uniqid(rand(), true)));
 				db_query($this->link, "UPDATE ttrss_user_entries SET uuid = '$uuid' WHERE int_id = '$param'
 					AND owner_uid = " . $_SESSION['uid']);
 			}
diff --git a/plugins/tweet/init.php b/plugins/tweet/init.php
index 2d20c7187..bbcf7836c 100644
--- a/plugins/tweet/init.php
+++ b/plugins/tweet/init.php
@@ -32,7 +32,7 @@ class Tweet extends Plugin {
 	}
 
 	function getInfo() {
-		$id = db_escape_string($_REQUEST['id']);
+		$id = db_escape_string($this->link, $_REQUEST['id']);
 
 		$result = db_query($this->link, "SELECT title, link
 				FROM ttrss_entries, ttrss_user_entries
-- 
cgit v1.2.3