From 2eea1457e674e7ebb8a82bf6fd1a079f76a7632f Mon Sep 17 00:00:00 2001
From: Horus3
Date: Sun, 21 Sep 2014 23:41:43 +0200
Subject: using WordPress escape() function in the database layer now

---
 public_html/class/mysql.php | 71 ++++++++++++++++++++++++++++++++++++++-------
 1 file changed, 61 insertions(+), 10 deletions(-)

(limited to 'public_html/class/mysql.php')

diff --git a/public_html/class/mysql.php b/public_html/class/mysql.php
index 0fb46bb..0844eaa 100644
--- a/public_html/class/mysql.php
+++ b/public_html/class/mysql.php
@@ -16,7 +16,7 @@ class vfsdb {
 		}
 
 		if ( $this->db->connect_errno() ){
-			failure("<p>Can't connect to the database. MySQL gave this error code: ".$this->db->connect_errno . "</p>", '500 Server Failure', false, '<h1>Connection to MySQL server failed.</h1>');
+			failure("<p>Can't connect to the database. MySQL gave this error code: " . $this->db->connect_errno . "</p>", '500 Server Failure', false, '<h1>Connection to MySQL server failed.</h1>');
 		}
 
 		if ( ! $this->db->ping() ){
@@ -41,23 +41,74 @@ class vfsdb {
 		return true;
 	}
 
-	private function _prepare($sql){
-		if ( is_null($sql) || $sql == "")
+	# does a single MySQL query with output (SELECT, INSERT, UPDATE... )
+	public function doQuery($string){
+		if ( ! $this->check() )
 			return false;
 
-		return $this->db->real_escape_string($sql);
+		return $this->db->query($sql);
 	}
 
-	public function doQuery($string){
+	# does multiple queries WITHOUT output (INSERT, UPDATE, DELETE... )
+	public function execMultipleQueries($sql){
 		if ( ! $this->check() )
-			failure("<p>Can't reach MySQL server. Server says: ". $this->db->error . "</p>", '500 Server Failure', false, "<h1>Can't reach MySQL server!</h1>")
+			return false;	
 
-		$sql = _prepare($string);
-		if ( ! $sql )
+		$result = $this->db->multi_query($sql);
+		if ( ! $result )
 			return false;
 
-		return $this->db->query($sql);
+		do {
+			if( ! $this->db->more_results() )	
+				break;
+			if ( ! $this->db->next_result() ){
+				if ( $this->db->error != "" ){
+					$res->free();
+					return false;
+				}
+			}
+		} while (true);
+
+		return true;
+	}
+
+	# code by WordPress. See @link https://core.trac.wordpress.org/browser/branches/4.0/src/wp-includes/wp-db.php#L1154
+	# syntax like sprintf()
+	public function prepare( $query, $args ) {
+		if ( is_null( $query ) )
+			return;
+		
+		// This is not meant to be foolproof -- but it will catch obviously incorrect usage.
+		if ( strpos( $query, '%' ) === false ) {
+			return false;
+		}
+		
+		$args = func_get_args();
+		array_shift( $args );
+
+		// If args were passed as an array (as in vsprintf), move them up
+		if ( isset( $args[0] ) && is_array($args[0]) )
+			$args = $args[0];
+
+		$query = str_replace( "'%s'", '%s', $query ); // in case someone mistakenly already singlequoted it
+		$query = str_replace( '"%s"', '%s', $query ); // doublequote unquoting
+		$query = preg_replace( '|(?<!%)%f|' , '%F', $query ); // Force floats to be locale unaware
+		$query = preg_replace( '|(?<!%)%s|', "'%s'", $query ); // quote the strings, avoiding escaped strings like %%s
+
+		array_walk( $args, array( $this, '_escape_by_ref' ) );
+
+		return @vsprintf( $query, $args );
+	}
+
+	private function _escape_by_ref( &$string ){
+		if ( ! is_float( $string ) )
+			$string = $this->_real_escape( $string );
+	}
+
+	private function _real_escape( $string ){
+		return $this->db->real_escape_string($string);
 	}
+	# WordPress End
 
 	public function createTables(){
 		$user_table = 
@@ -103,7 +154,7 @@ class vfsdb {
 			)
 		ENGINE=InnoDB;';
 
-		if ( ! $this->db->query($user_table . ' ' . $files_table . ' ' . $banned_user_table) )
+		if ( ! $this->execMultipleQueries('BEGIN; '. $user_table . ' ' . $files_table . ' ' . $banned_user_table . ' END;') )
 			failure("<p>There was a problem during bootstrapping the database schema. " . $this->db->error . "</p>", '500 Server Failure', false, "<h1>CREATE TABLE FAILED</h1>");
 	}
 	
-- 
cgit v1.2.3