# HG changeset patch
# User Dan Fuhry <dan@enanocms.org>
# Date 1289927489 18000
# Node ID 29b14c220a78574327fc24568389e387f4abfa5b
# Parent  da50b017af94df3150ed2fa78d5f193fa6ae350c
SECURITY: Fix SQL injection in banlist check

diff -r da50b017af94 -r 29b14c220a78 includes/sessions.php
--- a/includes/sessions.php	Tue Nov 16 12:10:24 2010 -0500
+++ b/includes/sessions.php	Tue Nov 16 12:11:29 2010 -0500
@@ -1790,10 +1790,10 @@
 				$sql = "SELECT $col_reason, ban_value, ban_type, is_regex FROM " . table_prefix . "banlist WHERE \n"
 							. "    ( ban_type = " . BAN_IP    . " AND is_regex = 0 ) OR \n"
 							. "    ( ban_type = " . BAN_IP    . " AND is_regex = 1 AND '{$_SERVER['REMOTE_ADDR']}' REGEXP ban_value ) OR \n"
-							. "    ( ban_type = " . BAN_USER  . " AND is_regex = 0 AND ban_value = '{$this->username}' ) OR \n"
-							. "    ( ban_type = " . BAN_USER  . " AND is_regex = 1 AND '{$this->username}' REGEXP ban_value ) OR \n"
-							. "    ( ban_type = " . BAN_EMAIL . " AND is_regex = 0 AND ban_value = '{$this->email}' ) OR \n"
-							. "    ( ban_type = " . BAN_EMAIL . " AND is_regex = 1 AND '{$this->email}' REGEXP ban_value ) \n"
+							. "    ( ban_type = " . BAN_USER  . " AND is_regex = 0 AND ban_value = '" . $db->escape($this->username) . "' ) OR \n"
+							. "    ( ban_type = " . BAN_USER  . " AND is_regex = 1 AND '" . $db->escape($this->username) . "' REGEXP ban_value ) OR \n"
+							. "    ( ban_type = " . BAN_EMAIL . " AND is_regex = 0 AND ban_value = '" . $db->escape($this->email) . "' ) OR \n"
+							. "    ( ban_type = " . BAN_EMAIL . " AND is_regex = 1 AND '" . $db->escape($this->email) . "' REGEXP ban_value ) \n"
 							. "  ORDER BY ban_type ASC;";
 			}
 			else if ( ENANO_DBLAYER == 'PGSQL' )
@@ -1801,10 +1801,10 @@
 				$sql = "SELECT $col_reason, ban_value, ban_type, is_regex FROM " . table_prefix . "banlist WHERE \n"
 							. "    ( ban_type = " . BAN_IP    . " AND is_regex = 0 ) OR \n"
 							. "    ( ban_type = " . BAN_IP    . " AND is_regex = 1 AND '{$_SERVER['REMOTE_ADDR']}' ~ ban_value ) OR \n"
-							. "    ( ban_type = " . BAN_USER  . " AND is_regex = 0 AND ban_value = '{$this->username}' ) OR \n"
-							. "    ( ban_type = " . BAN_USER  . " AND is_regex = 1 AND '{$this->username}' ~ ban_value ) OR \n"
-							. "    ( ban_type = " . BAN_EMAIL . " AND is_regex = 0 AND ban_value = '{$this->email}' ) OR \n"
-							. "    ( ban_type = " . BAN_EMAIL . " AND is_regex = 1 AND '{$this->email}' ~ ban_value ) \n"
+							. "    ( ban_type = " . BAN_USER  . " AND is_regex = 0 AND ban_value = '" . $db->escape($this->username) . "' ) OR \n"
+							. "    ( ban_type = " . BAN_USER  . " AND is_regex = 1 AND '" . $db->escape($this->username) . "' ~ ban_value ) OR \n"
+							. "    ( ban_type = " . BAN_EMAIL . " AND is_regex = 0 AND ban_value = '" . $db->escape($this->email) . "' ) OR \n"
+							. "    ( ban_type = " . BAN_EMAIL . " AND is_regex = 1 AND '" . $db->escape($this->email) . "' ~ ban_value ) \n"
 							. "  ORDER BY ban_type ASC;";
 			}
 			$q = $this->sql($sql);