Author: frik85 Date: Sat Jun 3 22:02:24 2006 New Revision: 22199

URL: http://svn.reactos.ru/svn/reactos?rev=22199&view=rev Log: Security update:

Fix a new well known MySQL bug (http://dev.mysql.com/doc/refman/4.1/en/news-4-1-20.html).

Modified: trunk/web/reactos.org/htdocs/roscms/index.php trunk/web/reactos.org/htdocs/support/index.php trunk/web/reactos.org/htdocs/wiki/index.php

Modified: trunk/web/reactos.org/htdocs/roscms/index.php URL: http://svn.reactos.ru/svn/reactos/trunk/web/reactos.org/htdocs/roscms/index.... ============================================================================== --- trunk/web/reactos.org/htdocs/roscms/index.php (original) +++ trunk/web/reactos.org/htdocs/roscms/index.php Sat Jun 3 22:02:24 2006 @@ -32,12 +32,19 @@ //include("./inc/db/connect_db.inc.php"); include("connect.db.php");

+ + // stop MySQL bug (http://dev.mysql.com/doc/refman/4.1/en/news-4-1-20.html): + $SQLinjectionprevention ="SET GLOBAL sql_mode='NO_BACKSLASH_ESCAPES';"; + $SQLinjectionprevention_query=mysql_query($SQLinjectionprevention); + + + /* * ReactOS CMS System - Version 2006-05-22 * * (c) by Klemens Friedl <frik85> * - */ + */

if ( !defined('ROSCMS_SYSTEM') ) { define ("ROSCMS_SYSTEM", "Version 0.1"); // to prevent hacking activity @@ -392,7 +399,7 @@ include("inc/body.php"); break;

- case "generate_fast": // Generate the static HTML pages (for direct link, e.g. http://www.reactos.org/roscms/?page=generate"); TODO check why this link doesn't work -> errors, etc.? + case "generate_fast_secret": // Generate the static HTML pages (for direct link, e.g. http://www.reactos.org/roscms/?page=generate"); TODO check why this link doesn't work -> errors, etc.? //require("inc/login.php"); include("inc/generate_page.php"); // static page generator break;

Modified: trunk/web/reactos.org/htdocs/support/index.php URL: http://svn.reactos.ru/svn/reactos/trunk/web/reactos.org/htdocs/support/index... ============================================================================== --- trunk/web/reactos.org/htdocs/support/index.php (original) +++ trunk/web/reactos.org/htdocs/support/index.php Sat Jun 3 22:02:24 2006 @@ -1,29 +1,11 @@ <?php - /* - RSDB - ReactOS Support Database - Copyright (C) 2005-2006 Klemens Friedl frik85@reactos.org - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - */

/* * ReactOS Support Database System - RSDB * * (c) by Klemens Friedl <frik85> * - * 2005 - 2006 + * 11/2005, 12/2005, 01/2006, 02/2006 */

error_reporting(E_ALL); @@ -33,10 +15,19 @@ die("ERROR: Disable 'magic quotes' in php.ini (=Off)"); }

+ + //global $HTTP_GET_VARS; // set the Get var global

require_once("connect.db.php"); + + + + // stop MySQL bug (http://dev.mysql.com/doc/refman/4.1/en/news-4-1-20.html): + $SQLinjectionprevention ="SET GLOBAL sql_mode='NO_BACKSLASH_ESCAPES';"; + $SQLinjectionprevention_query=mysql_query($SQLinjectionprevention); +

Modified: trunk/web/reactos.org/htdocs/wiki/index.php URL: http://svn.reactos.ru/svn/reactos/trunk/web/reactos.org/htdocs/wiki/index.ph... ============================================================================== --- trunk/web/reactos.org/htdocs/wiki/index.php (original) +++ trunk/web/reactos.org/htdocs/wiki/index.php Sat Jun 3 22:02:24 2006 @@ -61,6 +61,13 @@

require_once( './LocalSettings.php' ); require_once( 'includes/Setup.php' ); + + + // stop MySQL bug (http://dev.mysql.com/doc/refman/4.1/en/news-4-1-20.html): + $SQLinjectionprevention ="SET GLOBAL sql_mode='NO_BACKSLASH_ESCAPES';"; + $SQLinjectionprevention_query=mysql_query($SQLinjectionprevention); + +

wfProfileIn( 'main-misc-setup' ); OutputPage::setEncodings(); # Not really used yet