[TEP-COMMIT] CVS: admin/admin/includes/functions languages.php,1.5,1.6 sessions.php,1.7,1.8

Update of /cvsroot/tep/admin/admin/includes/functions
In directory sc8-pr-cvs1:/tmp/cvs-serv17767/admin/includes/functions

Modified Files:
        languages.php sessions.php 
Log Message:
standards updates


Index: languages.php
===================================================================
RCS file: /cvsroot/tep/admin/admin/includes/functions/languages.php,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -d -r1.5 -r1.6
--- languages.php       22 Nov 2002 19:07:05 -0000      1.5
+++ languages.php       20 Jun 2003 16:23:08 -0000      1.6
@@ -13,7 +13,7 @@
   function tep_get_languages_directory($code) {
     global $languages_id;
 
-    $language_query = tep_db_query("select languages_id, directory from " . 
TABLE_LANGUAGES . " where code = '" . $code . "'");
+    $language_query = tep_db_query("select languages_id, directory from " . 
TABLE_LANGUAGES . " where code = '" . tep_db_input($code) . "'");
     if (tep_db_num_rows($language_query)) {
       $language = tep_db_fetch_array($language_query);
       $languages_id = $language['languages_id'];

Index: sessions.php
===================================================================
RCS file: /cvsroot/tep/admin/admin/includes/functions/sessions.php,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -d -r1.7 -r1.8
--- sessions.php        18 Mar 2002 16:37:22 -0000      1.7
+++ sessions.php        20 Jun 2003 16:23:08 -0000      1.8
@@ -5,7 +5,7 @@
   osCommerce, Open Source E-Commerce Solutions
   http://www.oscommerce.com
 
-  Copyright (c) 2002 osCommerce
+  Copyright (c) 2003 osCommerce
 
   Released under the GNU General Public License
 */
@@ -24,7 +24,7 @@
     }
 
     function _sess_read($key) {
-      $qid = tep_db_query("select value from " . TABLE_SESSIONS . " where 
sesskey = '" . $key . "' and expiry > '" . time() . "'");
+      $qid = tep_db_query("select value from " . TABLE_SESSIONS . " where 
sesskey = '" . tep_db_input($key) . "' and expiry > '" . time() . "'");
 
       $value = tep_db_fetch_array($qid);
       if ($value['value']) {
@@ -40,18 +40,18 @@
       $expiry = time() + $SESS_LIFE;
       $value = addslashes($val);
 
-      $qid = tep_db_query("select count(*) as total from " . TABLE_SESSIONS . 
" where sesskey = '" . $key . "'");
+      $qid = tep_db_query("select count(*) as total from " . TABLE_SESSIONS . 
" where sesskey = '" . tep_db_input($key) . "'");
       $total = tep_db_fetch_array($qid);
 
       if ($total['total'] > 0) {
-        return tep_db_query("update " . TABLE_SESSIONS . " set expiry = '" . 
$expiry . "', value = '" . $value . "' where sesskey = '" . $key . "'");
+        return tep_db_query("update " . TABLE_SESSIONS . " set expiry = '" . 
tep_db_input($expiry) . "', value = '" . tep_db_input($value) . "' where 
sesskey = '" . tep_db_input($key) . "'");
       } else {
-        return tep_db_query("insert into " . TABLE_SESSIONS . " values ('" . 
$key . "', '" . $expiry . "', '" . $value . "')");
+        return tep_db_query("insert into " . TABLE_SESSIONS . " values ('" . 
tep_db_input($key) . "', '" . $expiry . "', '" . tep_db_input($value) . "')");
       }
     }
 
     function _sess_destroy($key) {
-      return tep_db_query("delete from " . TABLE_SESSIONS . " where sesskey = 
'" . $key . "'");
+      return tep_db_query("delete from " . TABLE_SESSIONS . " where sesskey = 
'" . tep_db_input($key) . "'");
     }
 
     function _sess_gc($maxlifetime) {
@@ -112,4 +112,4 @@
       return session_save_path();
     }
   }
-?>
\ No newline at end of file
+?>



-------------------------------------------------------
This SF.Net email is sponsored by: INetU
Attention Web Developers & Consultants: Become An INetU Hosting Partner.
Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission!
INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php