diff -ruN ipplan.orig/admin/changepassword.php ipplan/admin/changepassword.php
--- ipplan.orig/admin/changepassword.php 2009-08-17 23:44:07.000000000 +0200
+++ ipplan/admin/changepassword.php 2011-02-12 12:15:22.107373824 +0200
@@ -67,8 +67,8 @@
$ds->DbfTransactionStart();
$result=&$ds->ds->Execute("UPDATE users
- SET password=".$ds->ds->qstr($password)."
- WHERE userid=".$ds->ds->qstr($userid));
+ SET password=".$ds->ds->QMagic($password)."
+ WHERE userid=".$ds->ds->QMagic($userid));
$ds->AuditLog(sprintf(my_("User %s changed password"), $userid));
if ($result) {
diff -ruN ipplan.orig/admin/deletebounds.php ipplan/admin/deletebounds.php
--- ipplan.orig/admin/deletebounds.php 2009-08-17 23:44:07.000000000 +0200
+++ ipplan/admin/deletebounds.php 2011-02-12 12:15:22.107373824 +0200
@@ -54,7 +54,7 @@
$ds->DbfTransactionStart();
$result=&$ds->ds->Execute("DELETE FROM bounds
- WHERE grp=".$ds->ds->qstr($grp)." AND boundsaddr=$boundsaddr");
+ WHERE grp=".$ds->ds->QMagic($grp)." AND boundsaddr=$boundsaddr");
if ($result) {
$ds->DbfTransactionEnd();
diff -ruN ipplan.orig/admin/displayboundsform.php ipplan/admin/displayboundsform.php
--- ipplan.orig/admin/displayboundsform.php 2009-08-17 23:44:07.000000000 +0200
+++ ipplan/admin/displayboundsform.php 2011-02-12 12:15:22.108373766 +0200
@@ -51,7 +51,7 @@
$where="";
if ($grp) {
- $where="WHERE grp=".$ds->ds->qstr($grp);
+ $where="WHERE grp=".$ds->ds->QMagic($grp);
}
$result=&$ds->ds->Execute("SELECT boundsaddr, boundssize, grp
diff -ruN ipplan.orig/admin/importbase.php ipplan/admin/importbase.php
--- ipplan.orig/admin/importbase.php 2009-08-17 23:44:07.000000000 +0200
+++ ipplan/admin/importbase.php 2011-02-12 12:15:22.109373710 +0200
@@ -206,10 +206,10 @@
insert($w,block("<b>".sprintf(my_("Row is duplicate - updating with [ %s, %s ]"), $ipaddr, $descrip)."</b>"));
$result=&$ds->ds->Execute("UPDATE base
- SET descrip=".$ds->ds->qstr($descrip).",
+ SET descrip=".$ds->ds->QMagic($descrip).",
lastmod=".$ds->ds->DBTimeStamp(time()).",
- userid=".$ds->ds->qstr(getAuthUsername()).",
- admingrp=".$ds->ds->qstr($admingrp)."
+ userid=".$ds->ds->QMagic(getAuthUsername()).",
+ admingrp=".$ds->ds->QMagic($admingrp)."
WHERE customer=$cust AND
baseaddr=$base");
@@ -225,12 +225,12 @@
$result = &$ds->ds->Execute("INSERT INTO baseadd
(info, baseindex)
VALUES
- (".$ds->ds->qstr($info).",
+ (".$ds->ds->QMagic($info).",
$baseindex)");
// Second, try to update.
if ( $result == FALSE ) {
$result=&$ds->ds->Execute("UPDATE baseadd
- SET info=".$ds->ds->qstr($info)."
+ SET info=".$ds->ds->QMagic($info)."
WHERE baseindex=$baseindex");
if ( $result == FALSE ) {
@@ -267,12 +267,12 @@
$result = &$ds->ds->Execute("INSERT INTO baseadd
(info, baseindex)
VALUES
- (".$ds->ds->qstr($info).",
+ (".$ds->ds->QMagic($info).",
$baseindex)");
// Second, try to update.
if ( $result == FALSE ) {
$result=&$ds->ds->Execute("UPDATE baseadd
- SET info=".$ds->ds->qstr($info)."
+ SET info=".$ds->ds->QMagic($info)."
WHERE baseindex=$baseindex");
if ( $result == FALSE ) {
diff -ruN ipplan.orig/admin/usermanager.php ipplan/admin/usermanager.php
--- ipplan.orig/admin/usermanager.php 2009-08-17 23:44:07.000000000 +0200
+++ ipplan/admin/usermanager.php 2011-02-12 12:15:22.113373505 +0200
@@ -97,8 +97,8 @@
if ($usersearch != "") {
$result=&$ds->ds->Execute("SELECT userid, userdescrip
FROM users
- WHERE userid LIKE ".$ds->ds->qstr("%".$usersearch."%")
- ." OR userdescrip LIKE ".$ds->ds->qstr("%".$usersearch."%"));
+ WHERE userid LIKE ".$ds->ds->QMagic("%".$usersearch."%")
+ ." OR userdescrip LIKE ".$ds->ds->QMagic("%".$usersearch."%"));
$MENU=".|".my_("Search Result")."\n";
$count=0;
@@ -295,7 +295,7 @@
list($ipaddr, $userid, $grp, $grpdescrip, $createcust, $grpview) = myRegister("S:ipaddr S:userid S:grp S:grpdescrip S:createcust S:grpview");
$grp=trim($grp);
$grpdescrip=trim($grpdescrip);
- $result=&$ds->ds->Execute("SELECT * FROM users WHERE userid=".$ds->ds->qstr($userid));
+ $result=&$ds->ds->Execute("SELECT * FROM users WHERE userid=".$ds->ds->QMagic($userid));
if ($result) {
$row=$result->FetchRow();
}
@@ -386,7 +386,7 @@
// in a table and allow the user to delete them.
insert($con, generic("br"));
- $result=&$ds->ds->Execute("SELECT * FROM usergrp WHERE userid=".$ds->ds->qstr($userid));
+ $result=&$ds->ds->Execute("SELECT * FROM usergrp WHERE userid=".$ds->ds->QMagic($userid));
$lst=array();
while($row = $result->FetchRow()) {
@@ -423,7 +423,7 @@
list($ipaddr, $size, $grp) = myRegister("S:ipaddr S:size S:grp");
- $result=&$ds->ds->Execute("SELECT * FROM grp WHERE grp=".$ds->ds->qstr($grp));
+ $result=&$ds->ds->Execute("SELECT * FROM grp WHERE grp=".$ds->ds->QMagic($grp));
$row=$result->FetchRow();
$grpdescrip=$row["grpdescrip"];
$createcust=$row["createcust"];
@@ -501,7 +501,7 @@
insert($f2,submit(array("value"=>my_("Add User"))));
// Edit users assigned to the group.
- $result=&$ds->ds->Execute("SELECT * FROM usergrp WHERE grp=".$ds->ds->qstr($grp));
+ $result=&$ds->ds->Execute("SELECT * FROM usergrp WHERE grp=".$ds->ds->QMagic($grp));
$lst=array();
while($row = $result->FetchRow()) {
@@ -595,7 +595,7 @@
$result=&$ds->ds->Execute("SELECT boundsaddr, boundssize, grp
FROM bounds
- WHERE grp=".$ds->ds->qstr($grp)."
+ WHERE grp=".$ds->ds->QMagic($grp)."
ORDER BY boundsaddr");
// logic here is:
@@ -733,25 +733,25 @@
$ds->DbfTransactionStart();
// emulates mysql REPLACE
$result=&$ds->ds->Execute("DELETE FROM users
- WHERE userid=".$ds->ds->qstr($userid));
+ WHERE userid=".$ds->ds->QMagic($userid));
$result=&$ds->ds->Execute("INSERT INTO users
(userid, userdescrip, useremail, password)
VALUES
- (".$ds->ds->qstr($userid).",
- ".$ds->ds->qstr($userdescrip).",
- ".$ds->ds->qstr($useremail).",
- ".$ds->ds->qstr($password).")");
+ (".$ds->ds->QMagic($userid).",
+ ".$ds->ds->QMagic($userdescrip).",
+ ".$ds->ds->QMagic($useremail).",
+ ".$ds->ds->QMagic($password).")");
// add group if user selected a group other than "No group"
if (!empty($grp)) {
$result=&$ds->ds->Execute("DELETE FROM usergrp
- WHERE userid=".$ds->ds->qstr($userid)." AND
- grp=".$ds->ds->qstr($grp));
+ WHERE userid=".$ds->ds->QMagic($userid)." AND
+ grp=".$ds->ds->QMagic($grp));
$result=&$ds->ds->Execute("INSERT INTO usergrp
(userid, grp)
VALUES
- (".$ds->ds->qstr($userid).",
- ".$ds->ds->qstr($grp).")");
+ (".$ds->ds->QMagic($userid).",
+ ".$ds->ds->QMagic($grp).")");
}
if ($result) {
$ds->DbfTransactionEnd();
@@ -806,9 +806,9 @@
$result=&$ds->ds->Execute("INSERT INTO grp
(grp, createcust, grpdescrip, grpopt, resaddr)
VALUES
- (".$ds->ds->qstr($grp).",
- ".$ds->ds->qstr($createcust).",
- ".$ds->ds->qstr($grpdescrip).",
+ (".$ds->ds->QMagic($grp).",
+ ".$ds->ds->QMagic($createcust).",
+ ".$ds->ds->QMagic($grpdescrip).",
".$grpbit.", $resaddr)");
if ($result) {
@@ -830,8 +830,8 @@
$ds->DbfTransactionStart();
$result=&$ds->ds->Execute("DELETE FROM usergrp
- WHERE userid=".$ds->ds->qstr($userid)." AND
- grp=".$ds->ds->qstr($grp));
+ WHERE userid=".$ds->ds->QMagic($userid)." AND
+ grp=".$ds->ds->QMagic($grp));
if ($result) {
$ds->DbfTransactionEnd();
insert($w,text(my_("User deleted from group")));
@@ -862,9 +862,9 @@
if ($userid) {
$ds->DbfTransactionStart();
$result=&$ds->ds->Execute("DELETE FROM users
- WHERE userid=".$ds->ds->qstr($userid)) and
+ WHERE userid=".$ds->ds->QMagic($userid)) and
$result=&$ds->ds->Execute("DELETE FROM usergrp
- WHERE userid=".$ds->ds->qstr($userid));
+ WHERE userid=".$ds->ds->QMagic($userid));
if ($result) {
$ds->DbfTransactionEnd();
@@ -880,8 +880,8 @@
$userid=$usergrp;
$ds->DbfTransactionStart();
$result=&$ds->ds->Execute("DELETE FROM usergrp
- WHERE userid=".$ds->ds->qstr($userid)." AND
- grp=".$ds->ds->qstr($grp));
+ WHERE userid=".$ds->ds->QMagic($userid)." AND
+ grp=".$ds->ds->QMagic($grp));
if ($result) {
$ds->DbfTransactionEnd();
@@ -901,7 +901,7 @@
// check if grp has customers
$result=&$ds->ds->Execute("SELECT custdescrip
FROM customer
- WHERE admingrp=".$ds->ds->qstr($grp));
+ WHERE admingrp=".$ds->ds->QMagic($grp));
if ($row=$result->FetchRow()) {
$formerror .=my_("Cannot delete group because the following customers are assigned to the group:");
do {
@@ -913,7 +913,7 @@
// check if grp has subnets
$result=&$ds->ds->Execute("SELECT baseaddr, descrip
FROM base
- WHERE admingrp=".$ds->ds->qstr($grp)."
+ WHERE admingrp=".$ds->ds->QMagic($grp)."
ORDER BY baseaddr");
if ($row=$result->FetchRow()) {
$formerror .= my_("Cannot delete group because the following subnets are assigned to the group:");
@@ -925,11 +925,11 @@
$ds->DbfTransactionStart();
$result=&$ds->ds->Execute("DELETE FROM grp
- WHERE grp=".$ds->ds->qstr($grp)) and
+ WHERE grp=".$ds->ds->QMagic($grp)) and
$result=&$ds->ds->Execute("DELETE FROM usergrp
- WHERE grp=".$ds->ds->qstr($grp)) and
+ WHERE grp=".$ds->ds->QMagic($grp)) and
$result=&$ds->ds->Execute("DELETE FROM bounds
- WHERE grp=".$ds->ds->qstr($grp));
+ WHERE grp=".$ds->ds->QMagic($grp));
if ($result) {
$ds->DbfTransactionEnd();
@@ -955,9 +955,9 @@
if ($formerror == "" ) {
$ds->DbfTransactionStart();
$result=&$ds->ds->Execute("UPDATE users
- SET userdescrip=".$ds->ds->qstr($userdescrip).",
- useremail=".$ds->ds->qstr($useremail)."
- WHERE userid=".$ds->ds->qstr($userid));
+ SET userdescrip=".$ds->ds->QMagic($userdescrip).",
+ useremail=".$ds->ds->QMagic($useremail)."
+ WHERE userid=".$ds->ds->QMagic($userid));
$ds->AuditLog(sprintf(my_("User %s modified"), $userid));
if ($result) {
@@ -991,8 +991,8 @@
$ds->DbfTransactionStart();
$result=&$ds->ds->Execute("UPDATE users
- SET password=".$ds->ds->qstr($password)."
- WHERE userid=".$ds->ds->qstr($userid));
+ SET password=".$ds->ds->QMagic($password)."
+ WHERE userid=".$ds->ds->QMagic($userid));
$ds->AuditLog(sprintf(my_("User %s changed password"), $userid));
if ($result) {
@@ -1018,13 +1018,13 @@
$ds->DbfTransactionStart();
// emulate mysql REPLACE
$result=&$ds->ds->Execute("DELETE FROM usergrp
- WHERE userid=".$ds->ds->qstr($userid)." AND
- grp=".$ds->ds->qstr($grp));
+ WHERE userid=".$ds->ds->QMagic($userid)." AND
+ grp=".$ds->ds->QMagic($grp));
$result=&$ds->ds->Execute("INSERT INTO usergrp
(userid, grp)
VALUES
- (".$ds->ds->qstr($userid).",
- ".$ds->ds->qstr($grp).")");
+ (".$ds->ds->QMagic($userid).",
+ ".$ds->ds->QMagic($grp).")");
if ($result) {
$ds->DbfTransactionEnd();
@@ -1064,11 +1064,11 @@
}
$result=&$ds->ds->Execute("UPDATE grp
- SET grpdescrip=".$ds->ds->qstr($grpdescrip).",
- createcust=".$ds->ds->qstr($createcust).",
+ SET grpdescrip=".$ds->ds->QMagic($grpdescrip).",
+ createcust=".$ds->ds->QMagic($createcust).",
grpopt=".$grpbit.",
resaddr=".$resaddr."
- WHERE grp=".$ds->ds->qstr($grp));
+ WHERE grp=".$ds->ds->QMagic($grp));
if ($result) {
$ds->DbfTransactionEnd();
@@ -1094,7 +1094,7 @@
// creating readonly group?
if ($base == 0 and $size == 0) {
- if ($ds->ds->GetOne("SELECT count(*) AS cnt FROM bounds WHERE grp=".$ds->ds->qstr($grp))) {
+ if ($ds->ds->GetOne("SELECT count(*) AS cnt FROM bounds WHERE grp=".$ds->ds->QMagic($grp))) {
$formerror .= my_("Boundary cannot be created - overlaps with existing boundary")."\n";
}
}
@@ -1122,7 +1122,7 @@
$result=&$ds->ds->Execute("INSERT INTO bounds
(boundsaddr, boundssize, grp)
VALUES
- ($base, $size, ".$ds->ds->qstr($grp).")");
+ ($base, $size, ".$ds->ds->QMagic($grp).")");
if ($result) {
$ds->DbfTransactionEnd();
@@ -1147,7 +1147,7 @@
($boundsaddr < boundsaddr AND
$boundsaddr+$boundssize >
boundsaddr + boundssize - 1)) AND
- grp=".$ds->ds->qstr($grp));
+ grp=".$ds->ds->QMagic($grp));
if ($result->FetchRow()) {
return 1;
}
@@ -1158,7 +1158,7 @@
list($grp, $boundsaddr) = myRegister("S:grp S:boundsaddr");
$result=&$ds->ds->Execute("DELETE FROM bounds
- WHERE grp=".$ds->ds->qstr($grp)." AND boundsaddr=$boundsaddr");
+ WHERE grp=".$ds->ds->QMagic($grp)." AND boundsaddr=$boundsaddr");
if ($result) {
$ds->DbfTransactionEnd();
diff -ruN ipplan.orig/auth.php ipplan/auth.php
--- ipplan.orig/auth.php 2009-08-17 23:43:43.000000000 +0200
+++ ipplan/auth.php 2011-02-12 12:15:02.887364589 +0200
@@ -192,14 +192,14 @@
$passwd=crypt($passwd, 'xq');
$result=$ds->Execute("SELECT usergrp.grp AS grp
FROM users, usergrp
- WHERE users.userid=".$ds->qstr($user)." AND
- users.password=".$ds->qstr($passwd)." AND
+ WHERE users.userid=".$ds->QMagic($user)." AND
+ users.password=".$ds->QMagic($passwd)." AND
users.userid=usergrp.userid");
}
else {
$result=$ds->Execute("SELECT usergrp.grp AS grp
FROM users, usergrp
- WHERE users.userid=".$ds->qstr($user)." AND
+ WHERE users.userid=".$ds->QMagic($user)." AND
users.userid=usergrp.userid");
}
diff -ruN ipplan.orig/class.dbflib.php ipplan/class.dbflib.php
--- ipplan.orig/class.dbflib.php 2009-08-17 23:43:43.000000000 +0200
+++ ipplan/class.dbflib.php 2011-02-12 12:15:02.889364823 +0200
@@ -143,14 +143,14 @@
WHERE baseindex=$baseindex AND
ipaddr=$ipaddr")) { // should have FOR UPDATE here!
$result = &$this->ds->Execute("UPDATE ipaddr
- SET userinf=".$this->ds->qstr($user).",
- location=".$this->ds->qstr($location).",
- telno=".$this->ds->qstr($telno).",
- macaddr=".$this->ds->qstr($macaddr).",
- descrip=".$this->ds->qstr($descrip).",
- hname=".$this->ds->qstr($hname).",
+ SET userinf=".$this->ds->QMagic($user).",
+ location=".$this->ds->QMagic($location).",
+ telno=".$this->ds->QMagic($telno).",
+ macaddr=".$this->ds->QMagic($macaddr).",
+ descrip=".$this->ds->QMagic($descrip).",
+ hname=".$this->ds->QMagic($hname).",
lastmod=".$this->ds->DBTimeStamp(time()).",
- userid=".$this->ds->qstr($userid)."
+ userid=".$this->ds->QMagic($userid)."
WHERE baseindex=$baseindex AND
ipaddr=$ipaddr");
}
@@ -159,16 +159,16 @@
(userinf, location, telno, macaddr, descrip, hname,
baseindex, ipaddr, lastmod, userid)
VALUES
- (".$this->ds->qstr($user).",
- ".$this->ds->qstr($location).",
- ".$this->ds->qstr($telno).",
- ".$this->ds->qstr($macaddr).",
- ".$this->ds->qstr($descrip).",
- ".$this->ds->qstr($hname).",
+ (".$this->ds->QMagic($user).",
+ ".$this->ds->QMagic($location).",
+ ".$this->ds->QMagic($telno).",
+ ".$this->ds->QMagic($macaddr).",
+ ".$this->ds->QMagic($descrip).",
+ ".$this->ds->QMagic($hname).",
$baseindex,
$ipaddr,
".$this->ds->DBTimeStamp(time()).",
- ".$this->ds->qstr($userid).")");
+ ".$this->ds->QMagic($userid).")");
}
// always try to update record - record could not exist, which
@@ -183,7 +183,7 @@
WHERE baseindex=$baseindex AND
ipaddr=$ipaddr")) { // should have FOR UPDATE here!
$result = &$this->ds->Execute("UPDATE ipaddradd
- SET info=".$this->ds->qstr($info)."
+ SET info=".$this->ds->QMagic($info)."
WHERE baseindex=$baseindex AND
ipaddr=$ipaddr");
// this generates a "duplicate key" error if no update
@@ -195,7 +195,7 @@
$result = &$this->ds->Execute("INSERT INTO ipaddradd
(info, baseindex, ipaddr)
VALUES
- (".$this->ds->qstr($info).",
+ (".$this->ds->QMagic($info).",
$baseindex,
$ipaddr)");
}
@@ -208,9 +208,9 @@
$userid = getAuthUsername();
$result = &$this->ds->Execute("UPDATE ipaddr
- SET $field=".$this->ds->qstr($value).",
+ SET $field=".$this->ds->QMagic($value).",
lastmod=".$this->ds->DBTimeStamp(time()).",
- userid=".$this->ds->qstr($userid)."
+ userid=".$this->ds->QMagic($userid)."
WHERE baseindex=$baseindex AND ipaddr=$ipaddr");
// record does not exist, error
@@ -331,11 +331,11 @@
baseopt, customer, userid, lastmod)
VALUES
($baseaddr, $subnetsize,
- ".$this->ds->qstr($descrip).",
- ".$this->ds->qstr($grp).",
+ ".$this->ds->QMagic($descrip).",
+ ".$this->ds->QMagic($grp).",
$dhcp,
$cust,
- ".$this->ds->qstr($userid).",
+ ".$this->ds->QMagic($userid).",
".$this->ds->DBTimeStamp(time()).")");
if (DBF_TYPE == "mysql" or DBF_TYPE == "maxsql") {
@@ -360,7 +360,7 @@
WHERE base.baseindex=$baseindex AND
base.customer=customer.customer AND
customer.admingrp=usergrp.grp AND
- usergrp.userid=".$this->ds->qstr($userid));
+ usergrp.userid=".$this->ds->QMagic($userid));
if ($row = $result->FetchRow()) {
return $row["admingrp"];
@@ -376,9 +376,9 @@
// could use GetRow here
$result = &$this->ds->Execute("SELECT usergrp.grp
FROM usergrp, grp
- WHERE usergrp.userid=".$this->ds->qstr($userid)." AND
+ WHERE usergrp.userid=".$this->ds->QMagic($userid)." AND
usergrp.grp=grp.grp AND
- grp.createcust=".$this->ds->qstr('Y'));
+ grp.createcust=".$this->ds->QMagic('Y'));
if ($row = $result->FetchRow()) {
return $row["grp"];
@@ -425,7 +425,7 @@
$string = " IN (";
foreach($grps as $value) {
- $string .= $this->ds->qstr($value).",";
+ $string .= $this->ds->QMagic($value).",";
}
return substr($string, 0, -1).")";
}
@@ -457,7 +457,7 @@
$result = &$this->ds->Execute("SELECT count(*) AS cnt
FROM bounds
- WHERE grp=".$this->ds->qstr($grp));
+ WHERE grp=".$this->ds->QMagic($grp));
$row = $result->FetchRow();
// no bounds, group can do anything
if ($row["cnt"] == 0) {
@@ -470,7 +470,7 @@
boundsaddr + boundssize - 1) AND
($boundsaddr+$boundssize-1 BETWEEN boundsaddr AND
boundsaddr + boundssize - 1)) AND
- grp=".$this->ds->qstr($grp));
+ grp=".$this->ds->QMagic($grp));
if ($result->FetchRow()) {
return 1;
@@ -719,16 +719,16 @@
(userinf, location, telno, descrip, hname,
baseindex, ipaddr, lastmod, lastpol, userid)
VALUES
- (".$this->ds->qstr("").",
- ".$this->ds->qstr("").",
- ".$this->ds->qstr("").",
- ".$this->ds->qstr("Unknown - added by IPplan poller").",
- ".$this->ds->qstr("").",
+ (".$this->ds->QMagic("").",
+ ".$this->ds->QMagic("").",
+ ".$this->ds->QMagic("").",
+ ".$this->ds->QMagic("Unknown - added by IPplan poller").",
+ ".$this->ds->QMagic("").",
$baseindex,
$ipaddr,
".$this->ds->DBTimeStamp(time()).",
".$this->ds->DBTimeStamp(time()).",
- ".$this->ds->qstr("POLLER").")");
+ ".$this->ds->QMagic("POLLER").")");
}
}
@@ -942,8 +942,8 @@
$this->ds->Execute("INSERT INTO auditlog
(action, userid, dt)
VALUES
- (".$this->ds->qstr(substr($message,0,254)).",
- ".$this->ds->qstr(getAuthUsername()).",
+ (".$this->ds->QMagic(substr($message,0,254)).",
+ ".$this->ds->QMagic(getAuthUsername()).",
".$this->ds->DBTimeStamp(time()).")");
}
else if (is_array($message)) {
@@ -960,8 +960,8 @@
$this->ds->Execute("INSERT INTO auditlog
(action, userid, dt)
VALUES
- (".$this->ds->qstr(substr($value,0,254)).",
- ".$this->ds->qstr(getAuthUsername()).",
+ (".$this->ds->QMagic(substr($value,0,254)).",
+ ".$this->ds->QMagic(getAuthUsername()).",
".$this->ds->DBTimeStamp(time()).")");
}
@@ -983,10 +983,10 @@
if (!empty($search)) {
switch ($expr) {
case "NLIKE":
- $sql="$var NOT LIKE ".$this->ds->qstr("%$search%");
+ $sql="$var NOT LIKE ".$this->ds->QMagic("%$search%");
break;
case "EXACT":
- $sql="$var = ".$this->ds->qstr("$search");
+ $sql="$var = ".$this->ds->QMagic("$search");
break;
case "RLIKE":
// default is RLIKE, need to protect for DBF's without RLIKE
@@ -994,11 +994,11 @@
return "";
}
if (DBF_TYPE=="mysql" or DBF_TYPE=="maxsql") {
- $sql="$var RLIKE ".$this->ds->qstr("$search");
+ $sql="$var RLIKE ".$this->ds->QMagic("$search");
break;
}
if (DBF_TYPE=="postgres7") {
- $sql="$var ~ ".$this->ds->qstr("$search");
+ $sql="$var ~ ".$this->ds->QMagic("$search");
break;
}
case "NRLIKE":
@@ -1006,22 +1006,22 @@
return "";
}
if (DBF_TYPE=="mysql" or DBF_TYPE=="maxsql") {
- $sql="$var NOT RLIKE ".$this->ds->qstr("$search");
+ $sql="$var NOT RLIKE ".$this->ds->QMagic("$search");
break;
}
if (DBF_TYPE=="postgres7") {
- $sql="$var NOT ~ ".$this->ds->qstr("$search");
+ $sql="$var NOT ~ ".$this->ds->QMagic("$search");
break;
}
case "LIKE":
- $sql="$var LIKE ".$this->ds->qstr("%$search%");
+ $sql="$var LIKE ".$this->ds->QMagic("%$search%");
break;
case "END":
- $sql="$var LIKE ".$this->ds->qstr("%$search");
+ $sql="$var LIKE ".$this->ds->QMagic("%$search");
break;
// default is START search
default:
- $sql="$var LIKE ".$this->ds->qstr("$search%");
+ $sql="$var LIKE ".$this->ds->QMagic("$search%");
}
// should there be an AND?
if ($addand) {
diff -ruN ipplan.orig/class.dnslib.php ipplan/class.dnslib.php
--- ipplan.orig/class.dnslib.php 2009-08-17 23:43:43.000000000 +0200
+++ ipplan/class.dnslib.php 2011-02-12 12:15:02.890364937 +0200
@@ -262,10 +262,10 @@
recordtype, userid, ip_hostname) ".
"VALUES ($this->cust, $dataid, ". $i.",".
$this->ds->DBTimeStamp(time()).",".
- $this->ds->qstr($host).",".
- $this->ds->qstr($recordtype).",".
- $this->ds->qstr(getAuthUsername()).",".
- $this->ds->qstr($iphostname).")" );
+ $this->ds->QMagic($host).",".
+ $this->ds->QMagic($recordtype).",".
+ $this->ds->QMagic(getAuthUsername()).",".
+ $this->ds->QMagic($iphostname).")" );
if (!$result) {
return FALSE;
}
@@ -288,7 +288,7 @@
(id, hname, horder)
VALUES
($dataid,
- ".$this->ds->qstr($hnametemp).",
+ ".$this->ds->QMagic($hnametemp).",
$i)");
if (!$result) {
return FALSE;
@@ -340,23 +340,23 @@
// Updated DB here.
$result = $this->ds->Execute("UPDATE fwdzone ".
- "set serialdate=".$this->ds->qstr($this->serialdate).
+ "set serialdate=".$this->ds->QMagic($this->serialdate).
", serialnum=$this->serialnum".
",ttl=".$this->ttl.
",refresh=".$this->refresh.
",retry=".$this->retry.
",expire=".$this->expire.
",minimum=".$this->minimum.
- ",error_message=".$this->ds->qstr("E").
- ",responsiblemail=".$this->ds->qstr($this->responsiblemail).
- ",userid=".$this->ds->qstr(getAuthUsername()).
- ",zonefilepath1=".$this->ds->qstr($this->zonepath).
- ",zonefilepath2=".$this->ds->qstr($this->seczonepath).
+ ",error_message=".$this->ds->QMagic("E").
+ ",responsiblemail=".$this->ds->QMagic($this->responsiblemail).
+ ",userid=".$this->ds->QMagic(getAuthUsername()).
+ ",zonefilepath1=".$this->ds->QMagic($this->zonepath).
+ ",zonefilepath2=".$this->ds->QMagic($this->seczonepath).
",createmod=".$this->ds->DBDate($this->createmod).
",lastmod=".$this->ds->DBTimeStamp(time()).
",expiremod=".$this->ds->DBDate($this->expiremod).
",regmod=".$this->ds->DBDate($this->regmod).
- ",slaveonly=".$this->ds->qstr($this->slaveonly).
+ ",slaveonly=".$this->ds->QMagic($this->slaveonly).
" WHERE customer=$cust AND data_id=".$dataid );
if($this->ds->GetRow("SELECT info
@@ -364,7 +364,7 @@
WHERE customer=$cust AND
data_id=$dataid")) { // should have FOR UPDATE here!
$result = $this->ds->Execute("UPDATE fwdzoneadd ".
- "set info=".$this->ds->qstr($this->info).
+ "set info=".$this->ds->QMagic($this->info).
" WHERE customer=$cust AND data_id=".$dataid );
}
else { // no record, insert
@@ -372,7 +372,7 @@
$result = $this->ds->Execute("INSERT into fwdzoneadd (customer, data_id, info) ".
"VALUES ($this->cust,".
$dataid.",".
- $this->ds->qstr($this->info).")" );
+ $this->ds->QMagic($this->info).")" );
}
}
@@ -398,23 +398,23 @@
createmod, lastmod, expiremod, regmod, serialdate, serialnum, ttl, refresh, retry,
expire, minimum, responsiblemail, userid, zonefilepath1, zonefilepath2, slaveonly) ".
"VALUES ($this->cust,".
- $this->ds->qstr($this->domain).",".
- $this->ds->qstr("E").",".
+ $this->ds->QMagic($this->domain).",".
+ $this->ds->QMagic("E").",".
$this->ds->DBDate($this->createmod).",".
$this->ds->DBTimeStamp(time()).",".
$this->ds->DBDate($this->expiremod).",".
$this->ds->DBDate($this->regmod).",".
- $this->ds->qstr($this->serialdate).", $this->serialnum,".
+ $this->ds->QMagic($this->serialdate).", $this->serialnum,".
$this->ttl.",".
$this->refresh.",".
$this->retry.",".
$this->expire.",".
$this->minimum.",".
- $this->ds->qstr($this->responsiblemail).",".
- $this->ds->qstr(getAuthUsername()).",".
- $this->ds->qstr($this->zonepath).",".
- $this->ds->qstr($this->seczonepath).",".
- $this->ds->qstr($this->slaveonly).")" );
+ $this->ds->QMagic($this->responsiblemail).",".
+ $this->ds->QMagic(getAuthUsername()).",".
+ $this->ds->QMagic($this->zonepath).",".
+ $this->ds->QMagic($this->seczonepath).",".
+ $this->ds->QMagic($this->slaveonly).")" );
// did not fail due to key error?
// should not fail as we checked this already!
@@ -427,7 +427,7 @@
$result=$this->ds->Execute("SELECT data_id
FROM fwdzone
WHERE customer=$this->cust AND
- domain=".$this->ds->qstr($this->domain));
+ domain=".$this->ds->QMagic($this->domain));
$temprow = $result->FetchRow();
$dataid=$temprow["data_id"];
}
@@ -436,7 +436,7 @@
$result = $this->ds->Execute("INSERT into fwdzoneadd (customer, data_id, info) ".
"VALUES ($this->cust,".
$dataid.",".
- $this->ds->qstr($this->info).")" );
+ $this->ds->QMagic($this->info).")" );
}
return $dataid;
@@ -465,7 +465,7 @@
// could use unique key on database to do check, but requires extra key
// just to add a new record
$restemp=$this->ds->Execute("SELECT domain FROM fwdzone
- WHERE customer=$cust AND domain = ".$this->ds->qstr($this->domain));
+ WHERE customer=$cust AND domain = ".$this->ds->QMagic($this->domain));
if ($restemp->FetchRow()) {
// domain already exists, fail transaction
@@ -499,11 +499,11 @@
(data_id, host, recordtype, ip_hostname, sortorder, customer, userid, lastmod)
SELECT $dataid AS data_id, fwdzonerec.host, fwdzonerec.recordtype,
fwdzonerec.ip_hostname, fwdzonerec.sortorder, fwdzonerec.customer,
- ".$this->ds->qstr(getAuthUsername())." AS userid,
+ ".$this->ds->QMagic(getAuthUsername())." AS userid,
".$this->ds->DBTimeStamp(time())." AS lastmod
FROM fwdzonerec, fwdzone
WHERE fwdzonerec.data_id=fwdzone.data_id AND
- fwdzone.domain=".$this->ds->qstr("template.com"));
+ fwdzone.domain=".$this->ds->QMagic("template.com"));
}
$this->err = 0;
@@ -526,9 +526,9 @@
// Update DNS Database Serial Count. Update Serial Count only when we export.
$result = $this->ds->Execute("UPDATE fwdzone ".
- "set serialdate=".$this->ds->qstr($this->serialdate).
- ", userid=".$this->ds->qstr(getAuthUsername()).
- ", error_message=".$this->ds->qstr("").
+ "set serialdate=".$this->ds->QMagic($this->serialdate).
+ ", userid=".$this->ds->QMagic(getAuthUsername()).
+ ", error_message=".$this->ds->QMagic("").
", lastexp=".$this->ds->DBTimeStamp(time()).
", serialnum=$this->serialnum".
" WHERE customer=$cust AND data_id=".$dataid);
@@ -798,7 +798,7 @@
(id, hname, horder)
VALUES
($zoneid,
- ".$this->ds->qstr($hnametemp).",
+ ".$this->ds->QMagic($hnametemp).",
$i)");
if (!$result) {
@@ -854,22 +854,22 @@
// Updated DB here.
$result = $this->ds->Execute("UPDATE zones SET zoneip=$zoneip".
- ",zone=".$this->ds->qstr($this->zone).
+ ",zone=".$this->ds->QMagic($this->zone).
",zonesize=$size".
- ",serialdate=".$this->ds->qstr($this->serialdate).
+ ",serialdate=".$this->ds->QMagic($this->serialdate).
",serialnum=$this->serialnum".
",ttl=".$this->ttl.
",refresh=".$this->refresh.
",retry=".$this->retry.
",expire=".$this->expire.
",minimum=".$this->minimum.
- ",error_message=".$this->ds->qstr("E").
- ",responsiblemail=".$this->ds->qstr($this->responsiblemail).
- ",userid=".$this->ds->qstr(getAuthUsername()).
- ",zonefilepath1=".$this->ds->qstr($this->zonepath).
- ",zonefilepath2=".$this->ds->qstr($this->seczonepath).
+ ",error_message=".$this->ds->QMagic("E").
+ ",responsiblemail=".$this->ds->QMagic($this->responsiblemail).
+ ",userid=".$this->ds->QMagic(getAuthUsername()).
+ ",zonefilepath1=".$this->ds->QMagic($this->zonepath).
+ ",zonefilepath2=".$this->ds->QMagic($this->seczonepath).
",lastmod=".$this->ds->DBTimeStamp(time()).
- ",slaveonly=".$this->ds->qstr($this->slaveonly).
+ ",slaveonly=".$this->ds->QMagic($this->slaveonly).
" WHERE customer=$cust AND id=".$zoneid );
// delete all the DNS records first to preserve correct order
@@ -896,20 +896,20 @@
lastmod, responsiblemail, userid, zonefilepath1,
zonefilepath2, slaveonly) ".
"VALUES ($this->cust, $this->zoneip,".
- $this->ds->qstr($this->zone).", $this->size,".
- $this->ds->qstr($this->serialdate).", $this->serialnum,".
- $this->ds->qstr("E").",".
+ $this->ds->QMagic($this->zone).", $this->size,".
+ $this->ds->QMagic($this->serialdate).", $this->serialnum,".
+ $this->ds->QMagic("E").",".
$this->ttl.",".
$this->refresh.",".
$this->retry.",".
$this->expire.",".
$this->minimum.",".
$this->ds->DBTimeStamp(time()).",".
- $this->ds->qstr($this->responsiblemail).",".
- $this->ds->qstr(getAuthUsername()).",".
- $this->ds->qstr($this->zonepath).",".
- $this->ds->qstr($this->seczonepath).",".
- $this->ds->qstr($this->slaveonly).")" );
+ $this->ds->QMagic($this->responsiblemail).",".
+ $this->ds->QMagic(getAuthUsername()).",".
+ $this->ds->QMagic($this->zonepath).",".
+ $this->ds->QMagic($this->seczonepath).",".
+ $this->ds->QMagic($this->slaveonly).")" );
// did not fail due to key error?
// should not fail as we checked this already!
@@ -953,7 +953,7 @@
// could use unique key on database to do check, but requires extra key
// just to add a new record
$restemp=$this->ds->Execute("SELECT zone FROM zones
- WHERE customer=$cust AND zone = ".$this->ds->qstr($this->zone));
+ WHERE customer=$cust AND zone = ".$this->ds->QMagic($this->zone));
if ($restemp->FetchRow()) {
// domain already exists, fail transaction
@@ -999,10 +999,10 @@
$this->Serial();
$result = $this->ds->Execute("UPDATE zones ".
- "set serialdate=".$this->ds->qstr($this->serialdate).
- ", userid=".$this->ds->qstr(getAuthUsername()).
+ "set serialdate=".$this->ds->QMagic($this->serialdate).
+ ", userid=".$this->ds->QMagic(getAuthUsername()).
", lastexp=".$this->ds->DBTimeStamp(time()).
- ", error_message=".$this->ds->qstr("").
+ ", error_message=".$this->ds->QMagic("").
", serialnum=$this->serialnum ".
" WHERE customer=$cust AND id=$zoneid");
@@ -1155,8 +1155,8 @@
// Update DNS Database Serial Count. Update Serial Count only when we export.
$result = $this->ds->Execute("UPDATE fwdzone ".
- "set serialdate=".$this->ds->qstr($this->serialdate).
- ", userid=".$this->ds->qstr(getAuthUsername()).
+ "set serialdate=".$this->ds->QMagic($this->serialdate).
+ ", userid=".$this->ds->QMagic(getAuthUsername()).
", serialnum=$this->serialnum".
" WHERE customer=$cust AND data_id=".$zoneid);
diff -ruN ipplan.orig/contrib/ipplan-poller.php ipplan/contrib/ipplan-poller.php
--- ipplan.orig/contrib/ipplan-poller.php 2009-02-22 23:44:50.000000000 +0200
+++ ipplan/contrib/ipplan-poller.php 2011-02-12 12:15:22.114373458 +0200
@@ -242,7 +242,7 @@
if ($hostnames) {
$result = $ds->Execute("UPDATE ipaddr
- SET lastpol=".$ds->DBTimeStamp(time()).", hname=".$ds->qstr($hname)."
+ SET lastpol=".$ds->DBTimeStamp(time()).", hname=".$ds->QMagic($hname)."
WHERE baseindex=$baseindex AND
ipaddr=$ipaddr");
}
@@ -258,23 +258,23 @@
(userinf, location, telno, descrip, hname,
baseindex, ipaddr, lastmod, lastpol, userid)
VALUES
- (".$ds->qstr("").",
- ".$ds->qstr("").",
- ".$ds->qstr("").",
- ".$ds->qstr("Unknown - added by IPplan command line poller").",
- ".$ds->qstr($hname).",
+ (".$ds->QMagic("").",
+ ".$ds->QMagic("").",
+ ".$ds->QMagic("").",
+ ".$ds->QMagic("Unknown - added by IPplan command line poller").",
+ ".$ds->QMagic($hname).",
$baseindex,
$ipaddr,
".$ds->DBTimeStamp(time()).",
".$ds->DBTimeStamp(time()).",
- ".$ds->qstr("POLLER").")");
+ ".$ds->QMagic("POLLER").")");
if ($audit) {
$ds->Execute("INSERT INTO auditlog
(action, userid, dt)
VALUES
- (".$ds->qstr(sprintf("User POLLER added ip record %s customer %u index %u", $key, $cust, $baseindex)).",
- ".$ds->qstr("POLLER").",
+ (".$ds->QMagic(sprintf("User POLLER added ip record %s customer %u index %u", $key, $cust, $baseindex)).",
+ ".$ds->QMagic("POLLER").",
".$ds->DBTimeStamp(time()).")");
}
}
diff -ruN ipplan.orig/user/createarea.php ipplan/user/createarea.php
--- ipplan.orig/user/createarea.php 2009-08-17 23:43:59.000000000 +0200
+++ ipplan/user/createarea.php 2011-02-12 12:15:22.118373284 +0200
@@ -84,7 +84,7 @@
$ds->DbfTransactionStart();
if ($action=="modify") {
$result=&$ds->ds->Execute("UPDATE area SET areaaddr=$base,
- descrip=".$ds->ds->qstr($descrip)." WHERE areaindex=$areaindex") and
+ descrip=".$ds->ds->QMagic($descrip)." WHERE areaindex=$areaindex") and
$ds->AuditLog(array("event"=>151, "action"=>"modify area",
"descrip"=>$descrip, "user"=>getAuthUsername(), "area"=>$ipaddr,
"cust"=>$cust));
@@ -93,7 +93,7 @@
$result=&$ds->ds->Execute("INSERT INTO area
(areaaddr, descrip, customer)
VALUES
- ($base, ".$ds->ds->qstr($descrip).", $cust)") and
+ ($base, ".$ds->ds->QMagic($descrip).", $cust)") and
$ds->AuditLog(array("event"=>150, "action"=>"create area",
"descrip"=>$descrip, "user"=>getAuthUsername(), "area"=>$ipaddr,
"cust"=>$cust));
diff -ruN ipplan.orig/user/createrange.php ipplan/user/createrange.php
--- ipplan.orig/user/createrange.php 2009-08-17 23:43:59.000000000 +0200
+++ ipplan/user/createrange.php 2011-02-12 12:15:22.118373284 +0200
@@ -166,7 +166,7 @@
if ($action=="modify") {
$result=&$ds->ds->Execute("UPDATE netrange SET areaindex=$areaindex,
- descrip=".$ds->ds->qstr($descrip).",
+ descrip=".$ds->ds->QMagic($descrip).",
rangeaddr=$base, rangesize=$size
WHERE rangeindex=$rangeindex") and
$ds->AuditLog(array("event"=>161, "action"=>"modify range",
@@ -179,7 +179,7 @@
customer)
VALUES
($base, $size, $areaindex,
- ".$ds->ds->qstr($descrip).",
+ ".$ds->ds->QMagic($descrip).",
$cust)") and
$ds->AuditLog(array("event"=>160, "action"=>"create range",
"descrip"=>$descrip, "user"=>getAuthUsername(), "areaindex"=>$areaindex,
diff -ruN ipplan.orig/user/createsubnet.php ipplan/user/createsubnet.php
--- ipplan.orig/user/createsubnet.php 2009-08-17 23:43:59.000000000 +0200
+++ ipplan/user/createsubnet.php 2011-02-12 12:15:22.118373284 +0200
@@ -219,7 +219,7 @@
$result = &$ds->ds->Execute("INSERT INTO baseadd
(info, baseindex)
VALUES
- (".$ds->ds->qstr($info).", $id)");
+ (".$ds->ds->QMagic($info).", $id)");
}
$ds->DbfTransactionEnd();
diff -ruN ipplan.orig/user/displaysubnet.php ipplan/user/displaysubnet.php
--- ipplan.orig/user/displaysubnet.php 2009-08-17 23:43:59.000000000 +0200
+++ ipplan/user/displaysubnet.php 2011-02-12 12:15:22.121373166 +0200
@@ -221,7 +221,7 @@
WHERE base.customer=$cust AND
base.baseindex=ipaddr.baseindex AND
ipaddr.ipaddr!=$ip AND
- ipaddr.macaddr=".$ds->ds->qstr($macaddr))) {
+ ipaddr.macaddr=".$ds->ds->QMagic($macaddr))) {
$formerror .= sprintf(my_("Duplicate MAC address: %s"), $oldmacaddr)."\n";
insert($w,anchor("searchall.php?cust=".$cust."&field=macaddr&search=".$macaddr,
my_("Show duplicate MAC addresses")));
@@ -302,7 +302,7 @@
WHERE requestindex=$request");
$gw=$ds->ds->GetOne("SELECT ipaddr FROM ipaddr
WHERE baseindex=$baseindex AND
- descrip LIKE ".$ds->ds->qstr("GW%"));
+ descrip LIKE ".$ds->ds->QMagic("GW%"));
$body="?Subject=IP address request actioned&body=";
$body2="The request details submitted: $requestdesc\n\n";
@@ -931,15 +931,15 @@
FROM fwdzone, fwdzonerec
WHERE fwdzone.data_id=fwdzonerec.data_id AND
fwdzone.customer=$cust AND
- fwdzonerec.recordtype=".$ds->ds->qstr("A")." AND
- fwdzonerec.error_message=".$ds->ds->qstr("A")." AND
- fwdzonerec.ip_hostname=".$ds->ds->qstr(inet_ntoa($ip)));
+ fwdzonerec.recordtype=".$ds->ds->QMagic("A")." AND
+ fwdzonerec.error_message=".$ds->ds->QMagic("A")." AND
+ fwdzonerec.ip_hostname=".$ds->ds->QMagic(inet_ntoa($ip)));
$recs=$result->PO_RecordCount("fwdzone, fwdzonerec",
"fwdzone.data_id=fwdzonerec.data_id AND fwdzone.customer=$cust AND
- fwdzonerec.recordtype=".$ds->ds->qstr("A")." AND
- fwdzonerec.error_message=".$ds->ds->qstr("A")." AND
- fwdzonerec.ip_hostname=".$ds->ds->qstr(inet_ntoa($ip)));
+ fwdzonerec.recordtype=".$ds->ds->QMagic("A")." AND
+ fwdzonerec.error_message=".$ds->ds->QMagic("A")." AND
+ fwdzonerec.ip_hostname=".$ds->ds->QMagic(inet_ntoa($ip)));
// must be exactly one A record on one domain else cannot delete
if($recs == 1) {
$row=$result->FetchRow();
@@ -950,7 +950,7 @@
$result = &$ds->ds->Execute("DELETE FROM fwdzonerec
WHERE customer=$cust AND recidx=$recidx") and
- $ds->ds->Execute("UPDATE fwdzone SET error_message=".$ds->ds->qstr("E").
+ $ds->ds->Execute("UPDATE fwdzone SET error_message=".$ds->ds->QMagic("E").
" WHERE customer=$cust AND data_id=".$dom_id) and
$ds->AuditLog(array("event"=>120, "action"=>"delete zone record", "cust"=>$cust,
"user"=>getAuthUsername(), "id"=>$recidx));
@@ -985,13 +985,13 @@
FROM fwdzone, fwdzonerec
WHERE fwdzone.data_id=fwdzonerec.data_id AND
fwdzone.customer=$cust AND
- fwdzonerec.recordtype=".$ds->ds->qstr("A")." AND
- fwdzonerec.ip_hostname=".$ds->ds->qstr(inet_ntoa($ip)));
+ fwdzonerec.recordtype=".$ds->ds->QMagic("A")." AND
+ fwdzonerec.ip_hostname=".$ds->ds->QMagic(inet_ntoa($ip)));
$recs=$result->PO_RecordCount("fwdzone, fwdzonerec",
"fwdzone.data_id=fwdzonerec.data_id AND fwdzone.customer=$cust AND
- fwdzonerec.recordtype=".$ds->ds->qstr("A")." AND
- fwdzonerec.ip_hostname=".$ds->ds->qstr(inet_ntoa($ip)));
+ fwdzonerec.recordtype=".$ds->ds->QMagic("A")." AND
+ fwdzonerec.ip_hostname=".$ds->ds->QMagic(inet_ntoa($ip)));
// must be exactly one A record on one domain else cannot update
if($recs == 1) {
// does domain name of record match ip records hostname?
@@ -1011,13 +1011,13 @@
}
insert($w,textbr(my_("IP hostname field in DNS forward zone modified")));
- $ds->ds->Execute("UPDATE fwdzonerec SET host=".$ds->ds->qstr($hnametmp).",
+ $ds->ds->Execute("UPDATE fwdzonerec SET host=".$ds->ds->QMagic($hnametmp).",
lastmod=".$ds->ds->DBTimeStamp(time()).",
- userid=".$ds->ds->qstr(getAuthUsername())."
+ userid=".$ds->ds->QMagic(getAuthUsername())."
WHERE customer=$cust AND
- recordtype=".$ds->ds->qstr("A")." AND
- ip_hostname=".$ds->ds->qstr(inet_ntoa($ip))) and
- $ds->ds->Execute("UPDATE fwdzone SET error_message=".$ds->ds->qstr("E").
+ recordtype=".$ds->ds->QMagic("A")." AND
+ ip_hostname=".$ds->ds->QMagic(inet_ntoa($ip))) and
+ $ds->ds->Execute("UPDATE fwdzone SET error_message=".$ds->ds->QMagic("E").
" WHERE customer=$cust AND data_id=".$dataid) and
$ds->AuditLog(array("event"=>122, "action"=>"modified zone record", "cust"=>$cust,
"user"=>getAuthUsername(), "domain"=>$domain, "host"=>$hnametmp,
@@ -1048,12 +1048,12 @@
$result = &$ds->ds->Execute("SELECT length(domain) AS domainlen, data_id, domain
FROM fwdzone
WHERE customer=$cust AND
- ".$ds->ds->qstr($hname."$")." $regex domain
+ ".$ds->ds->QMagic($hname."$")." $regex domain
ORDER BY domainlen DESC");
$recs=$result->PO_RecordCount("fwdzone",
"customer=$cust AND
- ".$ds->ds->qstr($hname."$")." $regex domain");
+ ".$ds->ds->QMagic($hname."$")." $regex domain");
// must be exactly one matching zone only, or more than one zone
// sorted DESC. If second case, use first record for longest match
@@ -1069,12 +1069,12 @@
recordtype, error_message, userid, ip_hostname) ".
"VALUES ($cust, $dataid, 9999,".
$ds->ds->DBTimeStamp(time()).",".
- $ds->ds->qstr($hnametmp).",".
- $ds->ds->qstr("A").",".
- $ds->ds->qstr("A").",".
- $ds->ds->qstr(getAuthUsername()).",".
- $ds->ds->qstr(inet_ntoa($ip)).")" ) and
- $ds->ds->Execute("UPDATE fwdzone SET error_message=".$ds->ds->qstr("E").
+ $ds->ds->QMagic($hnametmp).",".
+ $ds->ds->QMagic("A").",".
+ $ds->ds->QMagic("A").",".
+ $ds->ds->QMagic(getAuthUsername()).",".
+ $ds->ds->QMagic(inet_ntoa($ip)).")" ) and
+ $ds->ds->Execute("UPDATE fwdzone SET error_message=".$ds->ds->QMagic("E").
" WHERE customer=$cust AND data_id=".$dataid) and
$ds->AuditLog(array("event"=>121, "action"=>"add zone record", "cust"=>$cust,
"user"=>getAuthUsername(), "domain"=>$domain, "host"=>$hnametmp,
diff -ruN ipplan.orig/user/exportdhcp.php ipplan/user/exportdhcp.php
--- ipplan.orig/user/exportdhcp.php 2009-08-17 23:43:59.000000000 +0200
+++ ipplan/user/exportdhcp.php 2011-02-12 12:15:22.122373129 +0200
@@ -150,7 +150,7 @@
$result_ip=&$ds->ds->Execute("SELECT ipaddr, macaddr, hname
FROM ipaddr
WHERE baseindex=$baseindex AND
- userinf LIKE ".$ds->ds->qstr("%".DHCPRESERVED."%")."
+ userinf LIKE ".$ds->ds->QMagic("%".DHCPRESERVED."%")."
ORDER BY ipaddr");
$iprange_dynamicIPs=array();
diff -ruN ipplan.orig/user/modifybase.php ipplan/user/modifybase.php
--- ipplan.orig/user/modifybase.php 2009-08-17 23:43:59.000000000 +0200
+++ ipplan/user/modifybase.php 2011-02-12 12:15:22.124373058 +0200
@@ -224,7 +224,7 @@
$result=&$ds->ds->Execute("UPDATE base
SET subnetsize=$size*2,
lastmod=".$ds->ds->DBTimeStamp(time()).",
- userid=".$ds->ds->qstr(getAuthUsername())."
+ userid=".$ds->ds->QMagic(getAuthUsername())."
WHERE baseindex=$baseindex");
$ds->AuditLog(array("event"=>173, "action"=>"join subnet",
@@ -240,7 +240,7 @@
$result=&$ds->ds->Execute("UPDATE base
SET subnetsize=$size/2,
lastmod=".$ds->ds->DBTimeStamp(time()).",
- userid=".$ds->ds->qstr(getAuthUsername())."
+ userid=".$ds->ds->QMagic(getAuthUsername())."
WHERE baseindex=$baseindex");
// ... and create new subnet
$timetmp=time();
diff -ruN ipplan.orig/user/modifycustomer.php ipplan/user/modifycustomer.php
--- ipplan.orig/user/modifycustomer.php 2009-08-17 23:43:59.000000000 +0200
+++ ipplan/user/modifycustomer.php 2011-02-12 12:15:22.124373058 +0200
@@ -126,9 +126,9 @@
$result=&$ds->ds->Execute("INSERT INTO customer
(custdescrip, crm, admingrp)
VALUES
- (".$ds->ds->qstr($custdescrip).",
- ".$ds->ds->qstr($crm).",
- ".$ds->ds->qstr($grp).")");
+ (".$ds->ds->QMagic($custdescrip).",
+ ".$ds->ds->QMagic($crm).",
+ ".$ds->ds->QMagic($grp).")");
// did not fail due to key error?
if ($result) {
@@ -139,7 +139,7 @@
// emulate getting the last insert_id
$result=&$ds->ds->Execute("SELECT customer
FROM customer
- WHERE custdescrip=".$ds->ds->qstr($custdescrip));
+ WHERE custdescrip=".$ds->ds->QMagic($custdescrip));
$temprow = $result->FetchRow();
$cust=$temprow["customer"];
}
@@ -160,9 +160,9 @@
}
$result=&$ds->ds->Execute("UPDATE customer
- SET custdescrip=".$ds->ds->qstr($custdescrip).",
- crm=".$ds->ds->qstr($crm).",
- admingrp=".$ds->ds->qstr($grp)."
+ SET custdescrip=".$ds->ds->QMagic($custdescrip).",
+ crm=".$ds->ds->QMagic($crm).",
+ admingrp=".$ds->ds->QMagic($grp)."
WHERE customer=$cust");
// did not fail due to key error?
@@ -176,7 +176,7 @@
// test for CRM duplicates - this is not a unique key and cannot be
if (!empty($crm)) {
$recs=$ds->ds->GetOne("SELECT count(*) AS cnt FROM customer
- WHERE crm=".$ds->ds->qstr($crm));
+ WHERE crm=".$ds->ds->QMagic($crm));
if ($recs > 1) { //duplicate ?
insert($w,text(my_("The CRM field has already been used for another customer"), array("color"=>"#FF0000")));
insert($w,textbr());
@@ -200,25 +200,25 @@
phne, mbox)
VALUES
($cust,
- ".$ds->ds->qstr("").",
- ".$ds->ds->qstr($org).",
- ".$ds->ds->qstr($street).",
- ".$ds->ds->qstr($city).",
- ".$ds->ds->qstr($state).",
- ".$ds->ds->qstr($zipcode).",
- ".$ds->ds->qstr($cntry).",
- ".$ds->ds->qstr($nichandl).",
- ".$ds->ds->qstr($lname).",
- ".$ds->ds->qstr($fname).",
- ".$ds->ds->qstr($mname).",
- ".$ds->ds->qstr($torg).",
- ".$ds->ds->qstr($tstreet).",
- ".$ds->ds->qstr($tcity).",
- ".$ds->ds->qstr($tstate).",
- ".$ds->ds->qstr($tzipcode).",
- ".$ds->ds->qstr($tcntry).",
- ".$ds->ds->qstr($phne).",
- ".$ds->ds->qstr($mbox).")");
+ ".$ds->ds->QMagic("").",
+ ".$ds->ds->QMagic($org).",
+ ".$ds->ds->QMagic($street).",
+ ".$ds->ds->QMagic($city).",
+ ".$ds->ds->QMagic($state).",
+ ".$ds->ds->QMagic($zipcode).",
+ ".$ds->ds->QMagic($cntry).",
+ ".$ds->ds->QMagic($nichandl).",
+ ".$ds->ds->QMagic($lname).",
+ ".$ds->ds->QMagic($fname).",
+ ".$ds->ds->QMagic($mname).",
+ ".$ds->ds->QMagic($torg).",
+ ".$ds->ds->QMagic($tstreet).",
+ ".$ds->ds->QMagic($tcity).",
+ ".$ds->ds->QMagic($tstate).",
+ ".$ds->ds->QMagic($tzipcode).",
+ ".$ds->ds->QMagic($tcntry).",
+ ".$ds->ds->QMagic($phne).",
+ ".$ds->ds->QMagic($mbox).")");
// delete all the DNS records first to preserve correct order
$result=&$ds->ds->Execute("DELETE FROM revdns
@@ -235,8 +235,8 @@
(customer, hname, ipaddr, horder)
VALUES
($cust,
- ".$ds->ds->qstr($hnametemp).",
- ".$ds->ds->qstr($ipaddrtemp).",
+ ".$ds->ds->QMagic($hnametemp).",
+ ".$ds->ds->QMagic($ipaddrtemp).",
$i)");
}
}
@@ -245,7 +245,7 @@
FROM custadd
WHERE customer=$cust")) { // should have FOR UPDATE here!
$result = &$ds->ds->Execute("UPDATE custadd
- SET info=".$ds->ds->qstr($info)."
+ SET info=".$ds->ds->QMagic($info)."
WHERE customer=$cust");
// this generates a "duplicate key" error if no update
// should be OK under normal circumstances, but generates error under
@@ -256,7 +256,7 @@
$result = &$ds->ds->Execute("INSERT INTO custadd
(info, customer)
VALUES
- (".$ds->ds->qstr($info).", $cust)");
+ (".$ds->ds->QMagic($info).", $cust)");
}
}
diff -ruN ipplan.orig/user/modifydns.php ipplan/user/modifydns.php
--- ipplan.orig/user/modifydns.php 2009-08-17 23:43:59.000000000 +0200
+++ ipplan/user/modifydns.php 2011-02-12 12:15:22.125373029 +0200
@@ -245,10 +245,10 @@
recordtype, userid, ip_hostname) ".
"VALUES ($cust, $ds->dataid, 9999,".
$ds->ds->DBTimeStamp(time()).",".
- $ds->ds->qstr($host).",". // myhost or myhost.mydomain.com.
- $ds->ds->qstr($recordtype).",". // A, MX, NS
- $ds->ds->qstr(getAuthUsername()).",".
- $ds->ds->qstr($iphostname).")" ); // ip address for A, or 10 myhost for MX
+ $ds->ds->QMagic($host).",". // myhost or myhost.mydomain.com.
+ $ds->ds->QMagic($recordtype).",". // A, MX, NS
+ $ds->ds->QMagic(getAuthUsername()).",".
+ $ds->ds->QMagic($iphostname).")" ); // ip address for A, or 10 myhost for MX
*/
$ds->AuditLog(array("event"=>111, "action"=>"add forward zone", "cust"=>$cust,
@@ -316,7 +316,7 @@
if ($dataid==0) {
$dataid = &$ds->ds->GetCol("SELECT data_id
FROM fwdzone
- WHERE customer=$cust AND error_message=".$ds->ds->qstr("E")."
+ WHERE customer=$cust AND error_message=".$ds->ds->QMagic("E")."
ORDER BY domain ");
}
diff -ruN ipplan.orig/user/modifydnsrecord.php ipplan/user/modifydnsrecord.php
--- ipplan.orig/user/modifydnsrecord.php 2009-08-17 23:43:59.000000000 +0200
+++ ipplan/user/modifydnsrecord.php 2011-02-12 12:15:22.126372966 +0200
@@ -81,7 +81,7 @@
if ($action=="delete") {
if (!$dom_id=$ds->ds->GetOne("SELECT data_id
FROM fwdzone
- WHERE customer=$cust AND domain=".$ds->ds->qstr($domain))) {
+ WHERE customer=$cust AND domain=".$ds->ds->QMagic($domain))) {
myError($w,$p, my_("Could not find the zone - possibly deleted by another user"));
}
@@ -110,7 +110,7 @@
$baseindex=$row1["baseindex"];
$ds->ds->Execute("UPDATE ipaddr
- SET hname=".$ds->ds->qstr($row["host"])."
+ SET hname=".$ds->ds->QMagic($row["host"])."
WHERE baseindex=$baseindex AND ipaddr=".inet_aton($row["ip_hostname"]));
insert($w,textbr(sprintf(my_("IP record %s updated in subnet '%s' due to deletion of auto created A record"), $row["ip_hostname"], $row1["descrip"])));
}
@@ -118,7 +118,7 @@
$result = &$ds->ds->Execute("DELETE FROM fwdzonerec
WHERE customer=$cust AND recidx=$value") and
$ds->ds->Execute("UPDATE fwdzone
- SET error_message=".$ds->ds->qstr("E").",
+ SET error_message=".$ds->ds->QMagic("E").",
lastmod=".$ds->ds->DBTimeStamp(time()).
" WHERE customer=$cust AND data_id=".$dom_id) and
$ds->AuditLog(array("event"=>120, "action"=>"delete zone record", "cust"=>$cust,
@@ -161,7 +161,7 @@
$result = &$ds->ds->Execute("SELECT fwdzonerec.recidx, fwdzonerec.sortorder
FROM fwdzone, fwdzonerec
WHERE fwdzone.customer=$cust AND
- fwdzone.domain=".$ds->ds->qstr($domain)." AND
+ fwdzone.domain=".$ds->ds->QMagic($domain)." AND
fwdzone.data_id=fwdzonerec.data_id
ORDER by fwdzonerec.sortorder");
@@ -297,14 +297,14 @@
$result = &$ds->ds->Execute("SELECT customer
FROM fwdzonerec
WHERE customer=$cust AND data_id=$zoneid AND
- host=".$ds->ds->qstr($host)." AND
- recordtype=".$ds->ds->qstr($recordtype)." AND
- ip_hostname=".$ds->ds->qstr($iphostname));
+ host=".$ds->ds->QMagic($host)." AND
+ recordtype=".$ds->ds->QMagic($recordtype)." AND
+ ip_hostname=".$ds->ds->QMagic($iphostname));
$recs=$result->PO_RecordCount("fwdzonerec", "customer=$cust AND data_id=$zoneid AND
- host=".$ds->ds->qstr($host)." AND
- recordtype=".$ds->ds->qstr($recordtype)." AND
- ip_hostname=".$ds->ds->qstr($iphostname));
+ host=".$ds->ds->QMagic($host)." AND
+ recordtype=".$ds->ds->QMagic($recordtype)." AND
+ ip_hostname=".$ds->ds->QMagic($iphostname));
if($recs > 0) {
myError($w,$p, my_("Cannot create duplicate records"));
}
@@ -317,12 +317,12 @@
$result = &$ds->ds->Execute("SELECT ip_hostname
FROM fwdzonerec
WHERE customer=$cust AND
- recordtype=".$ds->ds->qstr("A")." AND
- ip_hostname=".$ds->ds->qstr($iphostname));
+ recordtype=".$ds->ds->QMagic("A")." AND
+ ip_hostname=".$ds->ds->QMagic($iphostname));
$recs=$result->PO_RecordCount("fwdzonerec", "customer=$cust AND
- recordtype=".$ds->ds->qstr("A")." AND
- ip_hostname=".$ds->ds->qstr($iphostname));
+ recordtype=".$ds->ds->QMagic("A")." AND
+ ip_hostname=".$ds->ds->QMagic($iphostname));
if($recs == 1) {
$updateiprec=1;
}
@@ -361,12 +361,12 @@
recordtype, userid, ip_hostname) ".
"VALUES ($cust, $zoneid, ". $sortorder.",".
$ds->ds->DBTimeStamp(time()).",".
- $ds->ds->qstr($host).",".
- $ds->ds->qstr($recordtype).",".
- $ds->ds->qstr(getAuthUsername()).",".
- $ds->ds->qstr($iphostname).")" ) and
+ $ds->ds->QMagic($host).",".
+ $ds->ds->QMagic($recordtype).",".
+ $ds->ds->QMagic(getAuthUsername()).",".
+ $ds->ds->QMagic($iphostname).")" ) and
$ds->ds->Execute("UPDATE fwdzone
- SET error_message=".$ds->ds->qstr("E").",
+ SET error_message=".$ds->ds->QMagic("E").",
lastmod=".$ds->ds->DBTimeStamp(time()).
" WHERE customer=$cust AND data_id=".$dom_id) and
$ds->AuditLog(array("event"=>121, "action"=>"add zone record", "cust"=>$cust,
@@ -392,7 +392,7 @@
}
$dom_id=$ds->ds->GetOne("SELECT data_id
FROM fwdzone
- WHERE customer=$cust AND domain=".$ds->ds->qstr($domain));
+ WHERE customer=$cust AND domain=".$ds->ds->QMagic($domain));
// Updated DB here.
// Log the Transaction.
@@ -411,14 +411,14 @@
}
$result = &$ds->ds->Execute("UPDATE fwdzonerec SET sortorder=".$sortorder.
- ", host=".$ds->ds->qstr($host).
+ ", host=".$ds->ds->QMagic($host).
", lastmod=".$ds->ds->DBTimeStamp(time()).
- ", recordtype=".$ds->ds->qstr($recordtype).
- ", userid=".$ds->ds->qstr(getAuthUsername()).
- ", ip_hostname=".$ds->ds->qstr($iphostname).
+ ", recordtype=".$ds->ds->QMagic($recordtype).
+ ", userid=".$ds->ds->QMagic(getAuthUsername()).
+ ", ip_hostname=".$ds->ds->QMagic($iphostname).
" WHERE customer=$cust AND recidx=".$dataid ) and
$ds->ds->Execute("UPDATE fwdzone
- SET error_message=".$ds->ds->qstr("E").",
+ SET error_message=".$ds->ds->QMagic("E").",
lastmod=".$ds->ds->DBTimeStamp(time()).
" WHERE customer=$cust AND data_id=".$dom_id) and
$ds->AuditLog(array("event"=>122, "action"=>"modified zone record", "cust"=>$cust,
@@ -458,7 +458,7 @@
$result = &$ds->ds->Execute("SELECT domain, data_id FROM fwdzone
WHERE customer=$cust AND
- slaveonly=".$ds->ds->qstr("N")."
+ slaveonly=".$ds->ds->QMagic("N")."
ORDER BY domain");
if (!$result) {
myError($w,$p, my_("No domains found. Create some domains and try again."));
diff -ruN ipplan.orig/user/modifyipform.php ipplan/user/modifyipform.php
--- ipplan.orig/user/modifyipform.php 2009-08-17 23:43:59.000000000 +0200
+++ ipplan/user/modifyipform.php 2011-02-12 12:15:22.127372904 +0200
@@ -192,7 +192,7 @@
// add serialized info from file upload
$ds->ds->Execute("UPDATE ipaddradd
- SET infobin=".$ds->ds->qstr(serialize($files))."
+ SET infobin=".$ds->ds->QMagic(serialize($files))."
WHERE baseindex=$baseindex AND
ipaddr=$ip");
// this generates a "duplicate key" error if no update
@@ -202,7 +202,7 @@
$ds->ds->Execute("INSERT INTO ipaddradd
(infobin, baseindex, ipaddr)
VALUES
- (".$ds->ds->qstr(serialize($files)).",
+ (".$ds->ds->QMagic(serialize($files)).",
$baseindex,
$ip)");
}
@@ -235,7 +235,7 @@
// add serialized info after file deteled
$ds->ds->Execute("UPDATE ipaddradd
- SET infobin=".$ds->ds->qstr(empty($files) ? "" : serialize($files))."
+ SET infobin=".$ds->ds->QMagic(empty($files) ? "" : serialize($files))."
WHERE baseindex=$baseindex AND
ipaddr=$ip") and
$ds->AuditLog(array("event"=>141, "action"=>"delete file",
diff -ruN ipplan.orig/user/modifysubnet.php ipplan/user/modifysubnet.php
--- ipplan.orig/user/modifysubnet.php 2009-08-17 23:43:59.000000000 +0200
+++ ipplan/user/modifysubnet.php 2011-02-12 12:15:22.127372904 +0200
@@ -129,11 +129,11 @@
// between base and baseadd is baseindex column
if ($duplicatesubnet==0) {
$result=&$ds->ds->Execute("UPDATE base
- SET descrip=".$ds->ds->qstr($descrip).",
- admingrp=".$ds->ds->qstr($grp).",
+ SET descrip=".$ds->ds->QMagic($descrip).",
+ admingrp=".$ds->ds->QMagic($grp).",
customer=$cust,
lastmod=".$ds->ds->DBTimeStamp(time()).",
- userid=".$ds->ds->qstr($userid)."
+ userid=".$ds->ds->QMagic($userid)."
WHERE baseindex=$baseindex");
$ds->AuditLog(array("event"=>174, "action"=>"move subnet",
@@ -163,13 +163,13 @@
(ipaddr, userinf, location, telno,
descrip, lastmod, userid, baseindex)
VALUES
- (".$ds->ds->qstr($tempipaddr).",
- ".$ds->ds->qstr($tempuser).",
- ".$ds->ds->qstr($templocation).",
- ".$ds->ds->qstr($temptelno).",
- ".$ds->ds->qstr($tempdescrip).",
+ (".$ds->ds->QMagic($tempipaddr).",
+ ".$ds->ds->QMagic($tempuser).",
+ ".$ds->ds->QMagic($templocation).",
+ ".$ds->ds->QMagic($temptelno).",
+ ".$ds->ds->QMagic($tempdescrip).",
$templastmod,
- ".$ds->ds->qstr($tempuserid).",
+ ".$ds->ds->QMagic($tempuserid).",
$id)");
} // end while
}
@@ -206,11 +206,11 @@
$ds->DbfTransactionStart();
$result=&$ds->ds->Execute("UPDATE base
- SET descrip=".$ds->ds->qstr($descrip).",
- admingrp=".$ds->ds->qstr($grp).",
+ SET descrip=".$ds->ds->QMagic($descrip).",
+ admingrp=".$ds->ds->QMagic($grp).",
lastmod=".$ds->ds->DBTimeStamp(time()).",
baseopt=$dhcp,
- userid=".$ds->ds->qstr($userid)."
+ userid=".$ds->ds->QMagic($userid)."
WHERE baseindex=$baseindex") and
$ds->AuditLog(array("event"=>171, "action"=>"modify subnet",
"descrip"=>$descrip, "user"=>getAuthUsername(), "baseaddr"=>inet_ntoa($base),
@@ -242,7 +242,7 @@
FROM baseadd
WHERE baseindex=$baseindex")) { // should have FOR UPDATE here!
$result = &$ds->ds->Execute("UPDATE baseadd
- SET info=".$ds->ds->qstr($info)."
+ SET info=".$ds->ds->QMagic($info)."
WHERE baseindex=$baseindex");
// this generates a "duplicate key" error if no update
// should be OK under normal circumstances, but generates error under
@@ -253,7 +253,7 @@
$result = &$ds->ds->Execute("INSERT INTO baseadd
(info, baseindex)
VALUES
- (".$ds->ds->qstr($info).", $baseindex)");
+ (".$ds->ds->QMagic($info).", $baseindex)");
}
}
diff -ruN ipplan.orig/user/modifyzone.php ipplan/user/modifyzone.php
--- ipplan.orig/user/modifyzone.php 2009-08-17 23:43:59.000000000 +0200
+++ ipplan/user/modifyzone.php 2011-02-12 12:15:22.128372846 +0200
@@ -276,7 +276,7 @@
WHERE zones.customer=base.customer AND
base.baseindex=ipaddr.baseindex AND
zones.customer=$cust AND
- ($sqlfn >= zones.serialdate OR zones.error_message=".$ds->ds->qstr("E").") AND
+ ($sqlfn >= zones.serialdate OR zones.error_message=".$ds->ds->QMagic("E").") AND
ipaddr.ipaddr >= zones.zoneip AND
ipaddr.ipaddr < zones.zoneip+zones.zonesize");
}
diff -ruN ipplan.orig/user/requestip.php ipplan/user/requestip.php
--- ipplan.orig/user/requestip.php 2009-08-17 23:43:59.000000000 +0200
+++ ipplan/user/requestip.php 2011-02-12 12:15:22.128372846 +0200
@@ -120,14 +120,14 @@
hname, telno, macaddr, info)
VALUES
($cust,
- ".$ds->ds->qstr($request).",
- ".$ds->ds->qstr($user).",
- ".$ds->ds->qstr($location).",
- ".$ds->ds->qstr($descrip).",
- ".$ds->ds->qstr($hname).",
- ".$ds->ds->qstr($telno).",
- ".$ds->ds->qstr($newmacaddr).",
- ".$ds->ds->qstr($info).")") and
+ ".$ds->ds->QMagic($request).",
+ ".$ds->ds->QMagic($user).",
+ ".$ds->ds->QMagic($location).",
+ ".$ds->ds->QMagic($descrip).",
+ ".$ds->ds->QMagic($hname).",
+ ".$ds->ds->QMagic($telno).",
+ ".$ds->ds->QMagic($newmacaddr).",
+ ".$ds->ds->QMagic($info).")") and
$ds->AuditLog(array("event"=>200, "action"=>"request ip",
"descrip"=>$descrip, "user"=>getAuthUsername(), "userinf"=>$user,
"location"=>$location, "hname"=>$hname, "telno"=>$telno,
diff -ruN ipplan.orig/user/searchall.php ipplan/user/searchall.php
--- ipplan.orig/user/searchall.php 2009-08-17 23:43:59.000000000 +0200
+++ ipplan/user/searchall.php 2011-02-12 12:15:22.129372792 +0200
@@ -94,35 +94,35 @@
myError($w,$p, my_("Regular expression repetition-operator operand invalid"));
}
/* if ($field == "any") {
- $where ="WHERE ipaddr.userinf RLIKE ".$ds->ds->qstr($search);
- $where.=" OR ipaddr.location RLIKE ".$ds->ds->qstr($search);
- $where.=" OR ipaddr.telno RLIKE ".$ds->ds->qstr($search);
- $where.=" OR ipaddr.descrip RLIKE ".$ds->ds->qstr($search);
- $where.=" OR ipaddr.hname RLIKE ".$ds->ds->qstr($search);
+ $where ="WHERE ipaddr.userinf RLIKE ".$ds->ds->QMagic($search);
+ $where.=" OR ipaddr.location RLIKE ".$ds->ds->QMagic($search);
+ $where.=" OR ipaddr.telno RLIKE ".$ds->ds->QMagic($search);
+ $where.=" OR ipaddr.descrip RLIKE ".$ds->ds->QMagic($search);
+ $where.=" OR ipaddr.hname RLIKE ".$ds->ds->QMagic($search);
$where.=" OR (ipaddr.ipaddr=ipaddradd.ipaddr AND
- ipaddradd.info RLIKE ".$ds->ds->qstr($search).")";
+ ipaddradd.info RLIKE ".$ds->ds->QMagic($search).")";
}
else */
if ($field == "userinf")
- $where="WHERE ipaddr.userinf RLIKE ".$ds->ds->qstr($search);
+ $where="WHERE ipaddr.userinf RLIKE ".$ds->ds->QMagic($search);
else if ($field == "location")
- $where="WHERE ipaddr.location RLIKE ".$ds->ds->qstr($search);
+ $where="WHERE ipaddr.location RLIKE ".$ds->ds->QMagic($search);
else if ($field == "telno")
- $where="WHERE ipaddr.telno RLIKE ".$ds->ds->qstr($search);
+ $where="WHERE ipaddr.telno RLIKE ".$ds->ds->QMagic($search);
else if ($field == "descrip")
- $where="WHERE ipaddr.descrip RLIKE ".$ds->ds->qstr($search);
+ $where="WHERE ipaddr.descrip RLIKE ".$ds->ds->QMagic($search);
else if ($field == "hname")
- $where="WHERE ipaddr.hname RLIKE ".$ds->ds->qstr($search);
+ $where="WHERE ipaddr.hname RLIKE ".$ds->ds->QMagic($search);
else if ($field == "macaddr")
- $where="WHERE ipaddr.macaddr RLIKE ".$ds->ds->qstr($search);
+ $where="WHERE ipaddr.macaddr RLIKE ".$ds->ds->QMagic($search);
else if ($field == "template" and $tmplfield == "any") {
$addtables=", ipaddradd";
$where="WHERE ipaddr.ipaddr=ipaddradd.ipaddr AND ipaddr.baseindex = ipaddradd.baseindex AND
- ipaddradd.info RLIKE ".$ds->ds->qstr($search);
+ ipaddradd.info RLIKE ".$ds->ds->QMagic($search);
} else if ($field == "template" and $tmplfield != "any") {
$addtables=", ipaddradd";
$where="WHERE ipaddr.ipaddr=ipaddradd.ipaddr AND ipaddr.baseindex = ipaddradd.baseindex AND
- ipaddradd.info RLIKE ".$ds->ds->qstr(".*\:\"".$tmplfield."\"\;.*\".*".$search.".*\"\;");
+ ipaddradd.info RLIKE ".$ds->ds->QMagic(".*\:\"".$tmplfield."\"\;.*\".*".$search.".*\"\;");
}
}
else if (DBF_TYPE=="postgres7") {
@@ -131,65 +131,65 @@
}
/*
if ($field == "any") {
- $where ="WHERE ipaddr.userinf ~ ".$ds->ds->qstr($search);
- $where.=" OR ipaddr.location ~ ".$ds->ds->qstr($search);
- $where.=" OR ipaddr.telno ~ ".$ds->ds->qstr($search);
- $where.=" OR ipaddr.descrip ~ ".$ds->ds->qstr($search);
- $where.=" OR ipaddr.hname ~ ".$ds->ds->qstr($search);
+ $where ="WHERE ipaddr.userinf ~ ".$ds->ds->QMagic($search);
+ $where.=" OR ipaddr.location ~ ".$ds->ds->QMagic($search);
+ $where.=" OR ipaddr.telno ~ ".$ds->ds->QMagic($search);
+ $where.=" OR ipaddr.descrip ~ ".$ds->ds->QMagic($search);
+ $where.=" OR ipaddr.hname ~ ".$ds->ds->QMagic($search);
$where.=" OR (ipaddr.ipaddr=ipaddradd.ipaddr AND
- ipaddradd.info ~ ".$ds->ds->qstr($search).")";
+ ipaddradd.info ~ ".$ds->ds->QMagic($search).")";
}
else */
if ($field == "userinf")
- $where="WHERE ipaddr.userinf ~ ".$ds->ds->qstr($search);
+ $where="WHERE ipaddr.userinf ~ ".$ds->ds->QMagic($search);
else if ($field == "location")
- $where="WHERE ipaddr.location ~ ".$ds->ds->qstr($search);
+ $where="WHERE ipaddr.location ~ ".$ds->ds->QMagic($search);
else if ($field == "telno")
- $where="WHERE ipaddr.telno ~ ".$ds->ds->qstr($search);
+ $where="WHERE ipaddr.telno ~ ".$ds->ds->QMagic($search);
else if ($field == "descrip")
- $where="WHERE ipaddr.descrip ~ ".$ds->ds->qstr($search);
+ $where="WHERE ipaddr.descrip ~ ".$ds->ds->QMagic($search);
else if ($field == "hname")
- $where="WHERE ipaddr.hname ~ ".$ds->ds->qstr($search);
+ $where="WHERE ipaddr.hname ~ ".$ds->ds->QMagic($search);
else if ($field == "macaddr")
- $where="WHERE ipaddr.macaddr ~ ".$ds->ds->qstr($search);
+ $where="WHERE ipaddr.macaddr ~ ".$ds->ds->QMagic($search);
else if ($field == "template" and $tmplfield == "any") {
$addtables=", ipaddradd";
$where="WHERE ipaddr.ipaddr=ipaddradd.ipaddr AND ipaddr.baseindex = ipaddradd.baseindex AND
- ipaddradd.info ~ ".$ds->ds->qstr($search);
+ ipaddradd.info ~ ".$ds->ds->QMagic($search);
} else if ($field == "template" and $tmplfield != "any") {
$addtables=", ipaddradd";
$where="WHERE ipaddr.ipaddr=ipaddradd.ipaddr AND ipaddr.baseindex = ipaddradd.baseindex AND
- ipaddradd.info ~ ".$ds->ds->qstr(".*\:\"".$tmplfield."\"\;.*\".*".$search.".*\"\;");
+ ipaddradd.info ~ ".$ds->ds->QMagic(".*\:\"".$tmplfield."\"\;.*\".*".$search.".*\"\;");
}
}
else {
/*
if ($field == "any") {
- $where ="WHERE ipaddr.userinf LIKE ".$ds->ds->qstr("%".$search."%");
- $where.=" OR ipaddr.location LIKE ".$ds->ds->qstr("%".$search."%");
- $where.=" OR ipaddr.telno LIKE ".$ds->ds->qstr("%".$search."%");
- $where.=" OR ipaddr.descrip LIKE ".$ds->ds->qstr("%".$search."%");
- $where.=" OR ipaddr.hname LIKE ".$ds->ds->qstr("%".$search."%");
+ $where ="WHERE ipaddr.userinf LIKE ".$ds->ds->QMagic("%".$search."%");
+ $where.=" OR ipaddr.location LIKE ".$ds->ds->QMagic("%".$search."%");
+ $where.=" OR ipaddr.telno LIKE ".$ds->ds->QMagic("%".$search."%");
+ $where.=" OR ipaddr.descrip LIKE ".$ds->ds->QMagic("%".$search."%");
+ $where.=" OR ipaddr.hname LIKE ".$ds->ds->QMagic("%".$search."%");
$where.=" OR (ipaddr.ipaddr=ipaddradd.ipaddr AND
- ipaddradd.info LIKE ".$ds->ds->qstr("%".$search."%").")";
+ ipaddradd.info LIKE ".$ds->ds->QMagic("%".$search."%").")";
}
else */
if ($field == "userinf")
- $where="WHERE ipaddr.userinf LIKE ".$ds->ds->qstr("%".$search."%");
+ $where="WHERE ipaddr.userinf LIKE ".$ds->ds->QMagic("%".$search."%");
else if ($field == "location")
- $where="WHERE ipaddr.location LIKE ".$ds->ds->qstr("%".$search."%");
+ $where="WHERE ipaddr.location LIKE ".$ds->ds->QMagic("%".$search."%");
else if ($field == "telno")
- $where="WHERE ipaddr.telno LIKE ".$ds->ds->qstr("%".$search."%");
+ $where="WHERE ipaddr.telno LIKE ".$ds->ds->QMagic("%".$search."%");
else if ($field == "descrip")
- $where="WHERE ipaddr.descrip LIKE ".$ds->ds->qstr("%".$search."%");
+ $where="WHERE ipaddr.descrip LIKE ".$ds->ds->QMagic("%".$search."%");
else if ($field == "hname")
- $where="WHERE ipaddr.hname LIKE ".$ds->ds->qstr("%".$search."%");
+ $where="WHERE ipaddr.hname LIKE ".$ds->ds->QMagic("%".$search."%");
else if ($field == "macaddr")
- $where="WHERE ipaddr.macaddr LIKE ".$ds->ds->qstr("%".$search."%");
+ $where="WHERE ipaddr.macaddr LIKE ".$ds->ds->QMagic("%".$search."%");
else if ($field == "template") {
$addtables=", ipaddradd";
$where="WHERE ipaddr.ipaddr=ipaddradd.ipaddr AND
- ipaddradd.info LIKE ".$ds->ds->qstr("%".$search."%");
+ ipaddradd.info LIKE ".$ds->ds->QMagic("%".$search."%");
}
}