Commit Graph

7 Commits

Author SHA1 Message Date
David Anderson d27af6214d - user web: finish dealing with get args spam
svn path=/trunk/boinc/; revision=23010
2011-02-09 22:11:34 +00:00
David Anderson 4b5be47639 - web: replace the vaguely-named process_user_text()
with BoincDb::escape_string()
- web: have BoincDb::escape_string() also do a trim()

svn path=/trunk/boinc/; revision=16686
2008-12-14 22:18:49 +00:00
David Anderson 9baf78fe5f - web: added copyright and license info to PHP files
svn path=/trunk/boinc/; revision=15758
2008-08-05 22:43:14 +00:00
David Anderson d403a14e42 - web: cleaned up logic of string processing.
There are two aspects:
    1) undoing magic quotes (if it's being used).
        This must be done for all GET and POST string inputs.
        It is now done automatically by get_str() and post_str().
        The places that refer to $_GET and $_POST directly
        must do it themselves using undo_magic_quotes().
    2) Escaping user-supplied strings before using them in DB queries.
        This is done by process_user_text()
        (which should be renamed db_escape_string()).
        The new principle:
        call process_user_text() in the function that does the DB query
        (not at any higher level).


svn path=/trunk/boinc/; revision=15389
2008-06-11 19:36:10 +00:00
David Anderson 82b2b0f68f - user web: fix some PHP warnings
- user web: more DB code conversion

svn path=/trunk/boinc/; revision=13996
2007-10-30 18:16:29 +00:00
David Anderson 02bb061b6d *** empty log message ***
svn path=/trunk/boinc/; revision=11117
2006-09-06 20:56:55 +00:00
David Anderson 2fd5bf26d8 web RPC for setting venue
svn path=/trunk/boinc/; revision=8854
2005-11-14 18:38:09 +00:00