From 3d15b591e3f4196846fff005cc800feb383073c7 Mon Sep 17 00:00:00 2001
From: Philip Häusler <msquare@notrademark.de>
Date: Mon, 13 Jun 2011 19:34:01 +0200
Subject: cleanup, security sql fixes

---
 includes/pages/user_news.php | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'includes/pages/user_news.php')

diff --git a/includes/pages/user_news.php b/includes/pages/user_news.php
index 818c2da2..48b3764c 100644
--- a/includes/pages/user_news.php
+++ b/includes/pages/user_news.php
@@ -9,7 +9,7 @@ function user_meetings() {
 	else
 		$page = 0;
 
-	$news = sql_select("SELECT * FROM `News` WHERE `Treffen`=1 ORDER BY `ID` DESC LIMIT " . ($page * $DISPLAY_NEWS) . ", " . $DISPLAY_NEWS);
+	$news = sql_select("SELECT * FROM `News` WHERE `Treffen`=1 ORDER BY `ID` DESC LIMIT " . sql_escape($page * $DISPLAY_NEWS) . ", " . sql_escape($DISPLAY_NEWS));
 	foreach ($news as $entry)
 		$html .= display_news($entry);
 
@@ -54,7 +54,7 @@ function user_news_comments() {
 	$html = "";
 	if (isset ($_REQUEST["nid"]) && preg_match("/^[0-9]{1,}$/", $_REQUEST['nid']) && sql_num_query("SELECT * FROM `News` WHERE `ID`=" . sql_escape($_REQUEST['nid']) . " LIMIT 1") > 0) {
 		$nid = $_REQUEST["nid"];
-		list ($news) = sql_select("SELECT * FROM `News` WHERE `ID`=" . sql_escape($_REQUEST['nid']) . " LIMIT 1");
+		list ($news) = sql_select("SELECT * FROM `News` WHERE `ID`=" . sql_escape($nid) . " LIMIT 1");
 		if (isset ($_REQUEST["text"])) {
 			$text = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['text']));
 			sql_query("INSERT INTO `news_comments` (`Refid`, `Datum`, `Text`, `UID`) VALUES ('" . sql_escape($nid) . "', '" . date("Y-m-d H:i:s") . "', '" . sql_escape($text) . "', '" . sql_escape($user["UID"]) . "')");
@@ -66,7 +66,7 @@ function user_news_comments() {
 
 		$html .= '<h2>Kommentare</h2>';
 
-		$comments = sql_select("SELECT * FROM `news_comments` WHERE `Refid`='" . $nid . "' ORDER BY 'ID'");
+		$comments = sql_select("SELECT * FROM `news_comments` WHERE `Refid`='" . sql_escape($nid) . "' ORDER BY 'ID'");
 		foreach ($comments as $comment) {
 			$html .= '<article class="news_comment">';
 			$html .= DisplayAvatar($comment['UID']);
@@ -122,7 +122,7 @@ function user_news() {
 	else
 		$page = 0;
 
-	$news = sql_select("SELECT * FROM `News` ORDER BY `ID` DESC LIMIT " . ($page * $DISPLAY_NEWS) . ", " . $DISPLAY_NEWS);
+	$news = sql_select("SELECT * FROM `News` ORDER BY `ID` DESC LIMIT " . sql_escape($page * $DISPLAY_NEWS) . ", " . sql_escape($DISPLAY_NEWS));
 	foreach ($news as $entry)
 		$html .= display_news($entry);
 
-- 
cgit v1.2.3-54-g00ecf