Fix bug in ops pages displaying counts of zero if 'additional clauses' includes string

names such as name='first_workunit' svn path=/trunk/boinc/; revision=4573
2004-11-16 20:38:00 +00:00 · 2004-11-16 20:38:00 +00:00 · ad51e49f5c
parent d5e57be9fe
commit ad51e49f5c
4 changed files with 27 additions and 14 deletions
--- a/11
+++ b/11
@ -19545,3 +19545,14 @@ David  16 Nov 2004

    sched/
        validate_util.C
+
+Bruce 16 Nov 2004 
+     - Fix bug in ops pages displaying counts of zero if 'additional clauses' includes string
+       names such as name='first_workunit'
+
+      html/inc/
+        db_ops.inc
+        util_ops.inc
+
+      html/ops
+        db_action.php
--- a/html/inc/db_ops.inc
+++ b/html/inc/db_ops.inc
@ -104,9 +104,10 @@ class SqlQueryString {
    }
    function add($clause) {
        if (!$this->query) {
-            $this->query .= "where $clause";
+            $cleaned=boinc_real_escape_string($clause);
+            $this->query .= "where $cleaned";
        } else {
-            $this->query .= " and $clause";
+            $this->query .= " and $cleaned";
        }
    }
    function addclause($clause) {
--- a/html/inc/util_ops.inc
+++ b/html/inc/util_ops.inc
@ -23,9 +23,19 @@ define("TITLE_FONT", " <font color=ffffff> ");
 define("BODY_COLOR", " bgcolor=ffffff ");
 define("NOLOGIN", "Not logged in. Click <a href=login.php>here</a> to login.\n");

+function boinc_real_escape_string($unstripped) {
+  if (1) {
+    // valid for PHP>=4.3.0, 5.  If there is a run-time php_version() function please use it
+    // instead of this hack!
+    return mysql_real_escape_string($unstripped);
+  } else {
+    return str_replace("\'", "'", str_replace("\\\"", "'", $unstripped));
+  }
+}
+
 function admin_page_head($title) {
-    echo "<head><title>$title</title><body " . BODY_COLOR . ">\n";
-    echo TABLE . "<tr " . TITLE_COLOR . "><td>" . TITLE_FONT . "<font size=6><b><a href=index.php>".PROJECT.":</a>  $title</b></font></td></tr></table>\n";
+  echo "<head><title>$title</title><body " . BODY_COLOR . ">\n";
+  echo TABLE . "<tr " . TITLE_COLOR . "><td>" . TITLE_FONT . "<font size=6><b><a href=index.php>".PROJECT.":</a>  $title</b></font></td></tr></table>\n";
 }

 function admin_page_tail() {
--- a/html/ops/db_action.php
+++ b/html/ops/db_action.php
@ -116,16 +116,7 @@
        }
    }

-if (1) {
-    // valid for PHP>=4.3.0, 5.  If there is a run-time php_version() function please use it
-    // instead of this hack!
-    $escapehell=mysql_real_escape_string($main_query);
-} else {
-    $escapehell=str_replace("\'", "'", $main_query);
-    $escapehell=str_replace("\\\"", "'", $escapehell);
-}
-
-    $result = mysql_query($escapehell);
+    $result = mysql_query(boinc_real_escape_string($main_query));
    if ($result) {
        if ($detail == "low") {
            start_table();