install/schemas/upgrade/1.1.6-1.1.7.php
author Dan Fuhry <dan@enanocms.org>
Tue, 16 Nov 2010 12:31:41 -0500
branch1.1.7-maintenance
changeset 1317 6012710ae538
parent 1181 91911e183685
child 1227 bdac73ed481e
permissions -rw-r--r--
SECURITY: Fix SQL injection in banlist check (1.1.7 branch)

<?php

// Migrate usernames in the logs table

global $db, $session, $paths, $template, $plugins; // Common objects

$q = $db->sql_query('SELECT user_id, username FROM ' . table_prefix . 'users;');
if ( !$q )
  $db->_die();

$map = array();
while($row = $db->fetchrow())
{
  $map[ $row['username'] ] = $row['user_id'];
}
$db->free_result();

$q = $db->sql_query('SELECT author FROM ' . table_prefix . 'logs WHERE author_uid = 1;');
if ( !$q )
  $db->_die();

$updated = array();

while ( $row = $db->fetchrow($q) )
{
  if ( isset($map[ $row['author'] ]) && !is_valid_ip($row['author']) && !in_array($row['author'], $updated) )
  {
    $author = $db->escape($row['author']);
    $sql = "UPDATE " . table_prefix . "logs SET author_uid = {$map[ $row['author'] ]} WHERE author = '$author';";
    if ( !$db->sql_query($sql) )
      $db->_die();
    $updated[] = $row['author'];
  }
}