From 6bede2fd229395f34c321a37efa2ea93e7b1a7ba Mon Sep 17 00:00:00 2001
From: Philip Häusler <msquare@notrademark.de>
Date: Sun, 28 Dec 2014 13:44:56 +0100
Subject: harden the sql queries

---
 includes/pages/user_messages.php | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

(limited to 'includes/pages/user_messages.php')

diff --git a/includes/pages/user_messages.php b/includes/pages/user_messages.php
index fe1b85ff..1785d5b6 100644
--- a/includes/pages/user_messages.php
+++ b/includes/pages/user_messages.php
@@ -7,7 +7,7 @@ function user_unread_messages() {
   global $user;
 
   if (isset($user)) {
-    $new_messages = sql_num_query("SELECT * FROM `Messages` WHERE isRead='N' AND `RUID`=" . sql_escape($user['UID']));
+    $new_messages = sql_num_query("SELECT * FROM `Messages` WHERE isRead='N' AND `RUID`='" . sql_escape($user['UID']) . "'");
     if ($new_messages > 0)
       return ' <span class="badge danger">' . $new_messages . '</span>';
   }
@@ -18,7 +18,7 @@ function user_messages() {
   global $user;
 
   if (! isset($_REQUEST['action'])) {
-    $users = sql_select("SELECT * FROM `User` WHERE NOT `UID`=" . sql_escape($user['UID']) . " ORDER BY `Nick`");
+    $users = sql_select("SELECT * FROM `User` WHERE NOT `UID`='" . sql_escape($user['UID']) . "' ORDER BY `Nick`");
 
     $to_select_data = array(
         "" => _("Select recipient...")
@@ -29,7 +29,7 @@ function user_messages() {
 
     $to_select = html_select_key('to', 'to', $to_select_data, '');
 
-    $messages = sql_select("SELECT * FROM `Messages` WHERE `SUID`=" . sql_escape($user['UID']) . " OR `RUID`=" . sql_escape($user['UID']) . " ORDER BY `isRead`,`Datum` DESC");
+    $messages = sql_select("SELECT * FROM `Messages` WHERE `SUID`='" . sql_escape($user['UID']) . "' OR `RUID`='" . sql_escape($user['UID']) . "' ORDER BY `isRead`,`Datum` DESC");
     foreach ($messages as $message) {
       $sender_user_source = User($message['SUID']);
       if ($sender_user_source === false)
@@ -84,9 +84,9 @@ function user_messages() {
         else
           return error(_("Incomplete call, missing Message ID."), true);
 
-        $message = sql_select("SELECT * FROM `Messages` WHERE `id`=" . sql_escape($id) . " LIMIT 1");
+        $message = sql_select("SELECT * FROM `Messages` WHERE `id`='" . sql_escape($id) . "' LIMIT 1");
         if (count($message) > 0 && $message[0]['RUID'] == $user['UID']) {
-          sql_query("UPDATE `Messages` SET `isRead`='Y' WHERE `id`=" . sql_escape($id) . " LIMIT 1");
+          sql_query("UPDATE `Messages` SET `isRead`='Y' WHERE `id`='" . sql_escape($id) . "' LIMIT 1");
           redirect(page_link_to("user_messages"));
         } else
           return error(_("No Message found."), true);
@@ -98,9 +98,9 @@ function user_messages() {
         else
           return error(_("Incomplete call, missing Message ID."), true);
 
-        $message = sql_select("SELECT * FROM `Messages` WHERE `id`=" . sql_escape($id) . " LIMIT 1");
+        $message = sql_select("SELECT * FROM `Messages` WHERE `id`='" . sql_escape($id) . "' LIMIT 1");
         if (count($message) > 0 && $message[0]['SUID'] == $user['UID']) {
-          sql_query("DELETE FROM `Messages` WHERE `id`=" . sql_escape($id) . " LIMIT 1");
+          sql_query("DELETE FROM `Messages` WHERE `id`='" . sql_escape($id) . "' LIMIT 1");
           redirect(page_link_to("user_messages"));
         } else
           return error(_("No Message found."), true);
-- 
cgit v1.2.3-70-g09d2