diff -ruN ipplan.orig/admin/changepassword.php ipplan/admin/changepassword.php --- ipplan.orig/admin/changepassword.php 2009-08-17 23:44:07.000000000 +0200 +++ ipplan/admin/changepassword.php 2011-02-12 12:15:22.107373824 +0200 @@ -67,8 +67,8 @@ $ds->DbfTransactionStart(); $result=&$ds->ds->Execute("UPDATE users - SET password=".$ds->ds->qstr($password)." - WHERE userid=".$ds->ds->qstr($userid)); + SET password=".$ds->ds->QMagic($password)." + WHERE userid=".$ds->ds->QMagic($userid)); $ds->AuditLog(sprintf(my_("User %s changed password"), $userid)); if ($result) { diff -ruN ipplan.orig/admin/deletebounds.php ipplan/admin/deletebounds.php --- ipplan.orig/admin/deletebounds.php 2009-08-17 23:44:07.000000000 +0200 +++ ipplan/admin/deletebounds.php 2011-02-12 12:15:22.107373824 +0200 @@ -54,7 +54,7 @@ $ds->DbfTransactionStart(); $result=&$ds->ds->Execute("DELETE FROM bounds - WHERE grp=".$ds->ds->qstr($grp)." AND boundsaddr=$boundsaddr"); + WHERE grp=".$ds->ds->QMagic($grp)." AND boundsaddr=$boundsaddr"); if ($result) { $ds->DbfTransactionEnd(); diff -ruN ipplan.orig/admin/displayboundsform.php ipplan/admin/displayboundsform.php --- ipplan.orig/admin/displayboundsform.php 2009-08-17 23:44:07.000000000 +0200 +++ ipplan/admin/displayboundsform.php 2011-02-12 12:15:22.108373766 +0200 @@ -51,7 +51,7 @@ $where=""; if ($grp) { - $where="WHERE grp=".$ds->ds->qstr($grp); + $where="WHERE grp=".$ds->ds->QMagic($grp); } $result=&$ds->ds->Execute("SELECT boundsaddr, boundssize, grp diff -ruN ipplan.orig/admin/importbase.php ipplan/admin/importbase.php --- ipplan.orig/admin/importbase.php 2009-08-17 23:44:07.000000000 +0200 +++ ipplan/admin/importbase.php 2011-02-12 12:15:22.109373710 +0200 @@ -206,10 +206,10 @@ insert($w,block("<b>".sprintf(my_("Row is duplicate - updating with [ %s, %s ]"), $ipaddr, $descrip)."</b>")); $result=&$ds->ds->Execute("UPDATE base - SET descrip=".$ds->ds->qstr($descrip).", + SET descrip=".$ds->ds->QMagic($descrip).", lastmod=".$ds->ds->DBTimeStamp(time()).", - userid=".$ds->ds->qstr(getAuthUsername()).", - admingrp=".$ds->ds->qstr($admingrp)." + userid=".$ds->ds->QMagic(getAuthUsername()).", + admingrp=".$ds->ds->QMagic($admingrp)." WHERE customer=$cust AND baseaddr=$base"); @@ -225,12 +225,12 @@ $result = &$ds->ds->Execute("INSERT INTO baseadd (info, baseindex) VALUES - (".$ds->ds->qstr($info).", + (".$ds->ds->QMagic($info).", $baseindex)"); // Second, try to update. if ( $result == FALSE ) { $result=&$ds->ds->Execute("UPDATE baseadd - SET info=".$ds->ds->qstr($info)." + SET info=".$ds->ds->QMagic($info)." WHERE baseindex=$baseindex"); if ( $result == FALSE ) { @@ -267,12 +267,12 @@ $result = &$ds->ds->Execute("INSERT INTO baseadd (info, baseindex) VALUES - (".$ds->ds->qstr($info).", + (".$ds->ds->QMagic($info).", $baseindex)"); // Second, try to update. if ( $result == FALSE ) { $result=&$ds->ds->Execute("UPDATE baseadd - SET info=".$ds->ds->qstr($info)." + SET info=".$ds->ds->QMagic($info)." WHERE baseindex=$baseindex"); if ( $result == FALSE ) { diff -ruN ipplan.orig/admin/usermanager.php ipplan/admin/usermanager.php --- ipplan.orig/admin/usermanager.php 2009-08-17 23:44:07.000000000 +0200 +++ ipplan/admin/usermanager.php 2011-02-12 12:15:22.113373505 +0200 @@ -97,8 +97,8 @@ if ($usersearch != "") { $result=&$ds->ds->Execute("SELECT userid, userdescrip FROM users - WHERE userid LIKE ".$ds->ds->qstr("%".$usersearch."%") - ." OR userdescrip LIKE ".$ds->ds->qstr("%".$usersearch."%")); + WHERE userid LIKE ".$ds->ds->QMagic("%".$usersearch."%") + ." OR userdescrip LIKE ".$ds->ds->QMagic("%".$usersearch."%")); $MENU=".|".my_("Search Result")."\n"; $count=0; @@ -295,7 +295,7 @@ list($ipaddr, $userid, $grp, $grpdescrip, $createcust, $grpview) = myRegister("S:ipaddr S:userid S:grp S:grpdescrip S:createcust S:grpview"); $grp=trim($grp); $grpdescrip=trim($grpdescrip); - $result=&$ds->ds->Execute("SELECT * FROM users WHERE userid=".$ds->ds->qstr($userid)); + $result=&$ds->ds->Execute("SELECT * FROM users WHERE userid=".$ds->ds->QMagic($userid)); if ($result) { $row=$result->FetchRow(); } @@ -386,7 +386,7 @@ // in a table and allow the user to delete them. insert($con, generic("br")); - $result=&$ds->ds->Execute("SELECT * FROM usergrp WHERE userid=".$ds->ds->qstr($userid)); + $result=&$ds->ds->Execute("SELECT * FROM usergrp WHERE userid=".$ds->ds->QMagic($userid)); $lst=array(); while($row = $result->FetchRow()) { @@ -423,7 +423,7 @@ list($ipaddr, $size, $grp) = myRegister("S:ipaddr S:size S:grp"); - $result=&$ds->ds->Execute("SELECT * FROM grp WHERE grp=".$ds->ds->qstr($grp)); + $result=&$ds->ds->Execute("SELECT * FROM grp WHERE grp=".$ds->ds->QMagic($grp)); $row=$result->FetchRow(); $grpdescrip=$row["grpdescrip"]; $createcust=$row["createcust"]; @@ -501,7 +501,7 @@ insert($f2,submit(array("value"=>my_("Add User")))); // Edit users assigned to the group. - $result=&$ds->ds->Execute("SELECT * FROM usergrp WHERE grp=".$ds->ds->qstr($grp)); + $result=&$ds->ds->Execute("SELECT * FROM usergrp WHERE grp=".$ds->ds->QMagic($grp)); $lst=array(); while($row = $result->FetchRow()) { @@ -595,7 +595,7 @@ $result=&$ds->ds->Execute("SELECT boundsaddr, boundssize, grp FROM bounds - WHERE grp=".$ds->ds->qstr($grp)." + WHERE grp=".$ds->ds->QMagic($grp)." ORDER BY boundsaddr"); // logic here is: @@ -733,25 +733,25 @@ $ds->DbfTransactionStart(); // emulates mysql REPLACE $result=&$ds->ds->Execute("DELETE FROM users - WHERE userid=".$ds->ds->qstr($userid)); + WHERE userid=".$ds->ds->QMagic($userid)); $result=&$ds->ds->Execute("INSERT INTO users (userid, userdescrip, useremail, password) VALUES - (".$ds->ds->qstr($userid).", - ".$ds->ds->qstr($userdescrip).", - ".$ds->ds->qstr($useremail).", - ".$ds->ds->qstr($password).")"); + (".$ds->ds->QMagic($userid).", + ".$ds->ds->QMagic($userdescrip).", + ".$ds->ds->QMagic($useremail).", + ".$ds->ds->QMagic($password).")"); // add group if user selected a group other than "No group" if (!empty($grp)) { $result=&$ds->ds->Execute("DELETE FROM usergrp - WHERE userid=".$ds->ds->qstr($userid)." AND - grp=".$ds->ds->qstr($grp)); + WHERE userid=".$ds->ds->QMagic($userid)." AND + grp=".$ds->ds->QMagic($grp)); $result=&$ds->ds->Execute("INSERT INTO usergrp (userid, grp) VALUES - (".$ds->ds->qstr($userid).", - ".$ds->ds->qstr($grp).")"); + (".$ds->ds->QMagic($userid).", + ".$ds->ds->QMagic($grp).")"); } if ($result) { $ds->DbfTransactionEnd(); @@ -806,9 +806,9 @@ $result=&$ds->ds->Execute("INSERT INTO grp (grp, createcust, grpdescrip, grpopt, resaddr) VALUES - (".$ds->ds->qstr($grp).", - ".$ds->ds->qstr($createcust).", - ".$ds->ds->qstr($grpdescrip).", + (".$ds->ds->QMagic($grp).", + ".$ds->ds->QMagic($createcust).", + ".$ds->ds->QMagic($grpdescrip).", ".$grpbit.", $resaddr)"); if ($result) { @@ -830,8 +830,8 @@ $ds->DbfTransactionStart(); $result=&$ds->ds->Execute("DELETE FROM usergrp - WHERE userid=".$ds->ds->qstr($userid)." AND - grp=".$ds->ds->qstr($grp)); + WHERE userid=".$ds->ds->QMagic($userid)." AND + grp=".$ds->ds->QMagic($grp)); if ($result) { $ds->DbfTransactionEnd(); insert($w,text(my_("User deleted from group"))); @@ -862,9 +862,9 @@ if ($userid) { $ds->DbfTransactionStart(); $result=&$ds->ds->Execute("DELETE FROM users - WHERE userid=".$ds->ds->qstr($userid)) and + WHERE userid=".$ds->ds->QMagic($userid)) and $result=&$ds->ds->Execute("DELETE FROM usergrp - WHERE userid=".$ds->ds->qstr($userid)); + WHERE userid=".$ds->ds->QMagic($userid)); if ($result) { $ds->DbfTransactionEnd(); @@ -880,8 +880,8 @@ $userid=$usergrp; $ds->DbfTransactionStart(); $result=&$ds->ds->Execute("DELETE FROM usergrp - WHERE userid=".$ds->ds->qstr($userid)." AND - grp=".$ds->ds->qstr($grp)); + WHERE userid=".$ds->ds->QMagic($userid)." AND + grp=".$ds->ds->QMagic($grp)); if ($result) { $ds->DbfTransactionEnd(); @@ -901,7 +901,7 @@ // check if grp has customers $result=&$ds->ds->Execute("SELECT custdescrip FROM customer - WHERE admingrp=".$ds->ds->qstr($grp)); + WHERE admingrp=".$ds->ds->QMagic($grp)); if ($row=$result->FetchRow()) { $formerror .=my_("Cannot delete group because the following customers are assigned to the group:"); do { @@ -913,7 +913,7 @@ // check if grp has subnets $result=&$ds->ds->Execute("SELECT baseaddr, descrip FROM base - WHERE admingrp=".$ds->ds->qstr($grp)." + WHERE admingrp=".$ds->ds->QMagic($grp)." ORDER BY baseaddr"); if ($row=$result->FetchRow()) { $formerror .= my_("Cannot delete group because the following subnets are assigned to the group:"); @@ -925,11 +925,11 @@ $ds->DbfTransactionStart(); $result=&$ds->ds->Execute("DELETE FROM grp - WHERE grp=".$ds->ds->qstr($grp)) and + WHERE grp=".$ds->ds->QMagic($grp)) and $result=&$ds->ds->Execute("DELETE FROM usergrp - WHERE grp=".$ds->ds->qstr($grp)) and + WHERE grp=".$ds->ds->QMagic($grp)) and $result=&$ds->ds->Execute("DELETE FROM bounds - WHERE grp=".$ds->ds->qstr($grp)); + WHERE grp=".$ds->ds->QMagic($grp)); if ($result) { $ds->DbfTransactionEnd(); @@ -955,9 +955,9 @@ if ($formerror == "" ) { $ds->DbfTransactionStart(); $result=&$ds->ds->Execute("UPDATE users - SET userdescrip=".$ds->ds->qstr($userdescrip).", - useremail=".$ds->ds->qstr($useremail)." - WHERE userid=".$ds->ds->qstr($userid)); + SET userdescrip=".$ds->ds->QMagic($userdescrip).", + useremail=".$ds->ds->QMagic($useremail)." + WHERE userid=".$ds->ds->QMagic($userid)); $ds->AuditLog(sprintf(my_("User %s modified"), $userid)); if ($result) { @@ -991,8 +991,8 @@ $ds->DbfTransactionStart(); $result=&$ds->ds->Execute("UPDATE users - SET password=".$ds->ds->qstr($password)." - WHERE userid=".$ds->ds->qstr($userid)); + SET password=".$ds->ds->QMagic($password)." + WHERE userid=".$ds->ds->QMagic($userid)); $ds->AuditLog(sprintf(my_("User %s changed password"), $userid)); if ($result) { @@ -1018,13 +1018,13 @@ $ds->DbfTransactionStart(); // emulate mysql REPLACE $result=&$ds->ds->Execute("DELETE FROM usergrp - WHERE userid=".$ds->ds->qstr($userid)." AND - grp=".$ds->ds->qstr($grp)); + WHERE userid=".$ds->ds->QMagic($userid)." AND + grp=".$ds->ds->QMagic($grp)); $result=&$ds->ds->Execute("INSERT INTO usergrp (userid, grp) VALUES - (".$ds->ds->qstr($userid).", - ".$ds->ds->qstr($grp).")"); + (".$ds->ds->QMagic($userid).", + ".$ds->ds->QMagic($grp).")"); if ($result) { $ds->DbfTransactionEnd(); @@ -1064,11 +1064,11 @@ } $result=&$ds->ds->Execute("UPDATE grp - SET grpdescrip=".$ds->ds->qstr($grpdescrip).", - createcust=".$ds->ds->qstr($createcust).", + SET grpdescrip=".$ds->ds->QMagic($grpdescrip).", + createcust=".$ds->ds->QMagic($createcust).", grpopt=".$grpbit.", resaddr=".$resaddr." - WHERE grp=".$ds->ds->qstr($grp)); + WHERE grp=".$ds->ds->QMagic($grp)); if ($result) { $ds->DbfTransactionEnd(); @@ -1094,7 +1094,7 @@ // creating readonly group? if ($base == 0 and $size == 0) { - if ($ds->ds->GetOne("SELECT count(*) AS cnt FROM bounds WHERE grp=".$ds->ds->qstr($grp))) { + if ($ds->ds->GetOne("SELECT count(*) AS cnt FROM bounds WHERE grp=".$ds->ds->QMagic($grp))) { $formerror .= my_("Boundary cannot be created - overlaps with existing boundary")."\n"; } } @@ -1122,7 +1122,7 @@ $result=&$ds->ds->Execute("INSERT INTO bounds (boundsaddr, boundssize, grp) VALUES - ($base, $size, ".$ds->ds->qstr($grp).")"); + ($base, $size, ".$ds->ds->QMagic($grp).")"); if ($result) { $ds->DbfTransactionEnd(); @@ -1147,7 +1147,7 @@ ($boundsaddr < boundsaddr AND $boundsaddr+$boundssize > boundsaddr + boundssize - 1)) AND - grp=".$ds->ds->qstr($grp)); + grp=".$ds->ds->QMagic($grp)); if ($result->FetchRow()) { return 1; } @@ -1158,7 +1158,7 @@ list($grp, $boundsaddr) = myRegister("S:grp S:boundsaddr"); $result=&$ds->ds->Execute("DELETE FROM bounds - WHERE grp=".$ds->ds->qstr($grp)." AND boundsaddr=$boundsaddr"); + WHERE grp=".$ds->ds->QMagic($grp)." AND boundsaddr=$boundsaddr"); if ($result) { $ds->DbfTransactionEnd(); diff -ruN ipplan.orig/auth.php ipplan/auth.php --- ipplan.orig/auth.php 2009-08-17 23:43:43.000000000 +0200 +++ ipplan/auth.php 2011-02-12 12:15:02.887364589 +0200 @@ -192,14 +192,14 @@ $passwd=crypt($passwd, 'xq'); $result=$ds->Execute("SELECT usergrp.grp AS grp FROM users, usergrp - WHERE users.userid=".$ds->qstr($user)." AND - users.password=".$ds->qstr($passwd)." AND + WHERE users.userid=".$ds->QMagic($user)." AND + users.password=".$ds->QMagic($passwd)." AND users.userid=usergrp.userid"); } else { $result=$ds->Execute("SELECT usergrp.grp AS grp FROM users, usergrp - WHERE users.userid=".$ds->qstr($user)." AND + WHERE users.userid=".$ds->QMagic($user)." AND users.userid=usergrp.userid"); } diff -ruN ipplan.orig/class.dbflib.php ipplan/class.dbflib.php --- ipplan.orig/class.dbflib.php 2009-08-17 23:43:43.000000000 +0200 +++ ipplan/class.dbflib.php 2011-02-12 12:15:02.889364823 +0200 @@ -143,14 +143,14 @@ WHERE baseindex=$baseindex AND ipaddr=$ipaddr")) { // should have FOR UPDATE here! $result = &$this->ds->Execute("UPDATE ipaddr - SET userinf=".$this->ds->qstr($user).", - location=".$this->ds->qstr($location).", - telno=".$this->ds->qstr($telno).", - macaddr=".$this->ds->qstr($macaddr).", - descrip=".$this->ds->qstr($descrip).", - hname=".$this->ds->qstr($hname).", + SET userinf=".$this->ds->QMagic($user).", + location=".$this->ds->QMagic($location).", + telno=".$this->ds->QMagic($telno).", + macaddr=".$this->ds->QMagic($macaddr).", + descrip=".$this->ds->QMagic($descrip).", + hname=".$this->ds->QMagic($hname).", lastmod=".$this->ds->DBTimeStamp(time()).", - userid=".$this->ds->qstr($userid)." + userid=".$this->ds->QMagic($userid)." WHERE baseindex=$baseindex AND ipaddr=$ipaddr"); } @@ -159,16 +159,16 @@ (userinf, location, telno, macaddr, descrip, hname, baseindex, ipaddr, lastmod, userid) VALUES - (".$this->ds->qstr($user).", - ".$this->ds->qstr($location).", - ".$this->ds->qstr($telno).", - ".$this->ds->qstr($macaddr).", - ".$this->ds->qstr($descrip).", - ".$this->ds->qstr($hname).", + (".$this->ds->QMagic($user).", + ".$this->ds->QMagic($location).", + ".$this->ds->QMagic($telno).", + ".$this->ds->QMagic($macaddr).", + ".$this->ds->QMagic($descrip).", + ".$this->ds->QMagic($hname).", $baseindex, $ipaddr, ".$this->ds->DBTimeStamp(time()).", - ".$this->ds->qstr($userid).")"); + ".$this->ds->QMagic($userid).")"); } // always try to update record - record could not exist, which @@ -183,7 +183,7 @@ WHERE baseindex=$baseindex AND ipaddr=$ipaddr")) { // should have FOR UPDATE here! $result = &$this->ds->Execute("UPDATE ipaddradd - SET info=".$this->ds->qstr($info)." + SET info=".$this->ds->QMagic($info)." WHERE baseindex=$baseindex AND ipaddr=$ipaddr"); // this generates a "duplicate key" error if no update @@ -195,7 +195,7 @@ $result = &$this->ds->Execute("INSERT INTO ipaddradd (info, baseindex, ipaddr) VALUES - (".$this->ds->qstr($info).", + (".$this->ds->QMagic($info).", $baseindex, $ipaddr)"); } @@ -208,9 +208,9 @@ $userid = getAuthUsername(); $result = &$this->ds->Execute("UPDATE ipaddr - SET $field=".$this->ds->qstr($value).", + SET $field=".$this->ds->QMagic($value).", lastmod=".$this->ds->DBTimeStamp(time()).", - userid=".$this->ds->qstr($userid)." + userid=".$this->ds->QMagic($userid)." WHERE baseindex=$baseindex AND ipaddr=$ipaddr"); // record does not exist, error @@ -331,11 +331,11 @@ baseopt, customer, userid, lastmod) VALUES ($baseaddr, $subnetsize, - ".$this->ds->qstr($descrip).", - ".$this->ds->qstr($grp).", + ".$this->ds->QMagic($descrip).", + ".$this->ds->QMagic($grp).", $dhcp, $cust, - ".$this->ds->qstr($userid).", + ".$this->ds->QMagic($userid).", ".$this->ds->DBTimeStamp(time()).")"); if (DBF_TYPE == "mysql" or DBF_TYPE == "maxsql") { @@ -360,7 +360,7 @@ WHERE base.baseindex=$baseindex AND base.customer=customer.customer AND customer.admingrp=usergrp.grp AND - usergrp.userid=".$this->ds->qstr($userid)); + usergrp.userid=".$this->ds->QMagic($userid)); if ($row = $result->FetchRow()) { return $row["admingrp"]; @@ -376,9 +376,9 @@ // could use GetRow here $result = &$this->ds->Execute("SELECT usergrp.grp FROM usergrp, grp - WHERE usergrp.userid=".$this->ds->qstr($userid)." AND + WHERE usergrp.userid=".$this->ds->QMagic($userid)." AND usergrp.grp=grp.grp AND - grp.createcust=".$this->ds->qstr('Y')); + grp.createcust=".$this->ds->QMagic('Y')); if ($row = $result->FetchRow()) { return $row["grp"]; @@ -425,7 +425,7 @@ $string = " IN ("; foreach($grps as $value) { - $string .= $this->ds->qstr($value).","; + $string .= $this->ds->QMagic($value).","; } return substr($string, 0, -1).")"; } @@ -457,7 +457,7 @@ $result = &$this->ds->Execute("SELECT count(*) AS cnt FROM bounds - WHERE grp=".$this->ds->qstr($grp)); + WHERE grp=".$this->ds->QMagic($grp)); $row = $result->FetchRow(); // no bounds, group can do anything if ($row["cnt"] == 0) { @@ -470,7 +470,7 @@ boundsaddr + boundssize - 1) AND ($boundsaddr+$boundssize-1 BETWEEN boundsaddr AND boundsaddr + boundssize - 1)) AND - grp=".$this->ds->qstr($grp)); + grp=".$this->ds->QMagic($grp)); if ($result->FetchRow()) { return 1; @@ -719,16 +719,16 @@ (userinf, location, telno, descrip, hname, baseindex, ipaddr, lastmod, lastpol, userid) VALUES - (".$this->ds->qstr("").", - ".$this->ds->qstr("").", - ".$this->ds->qstr("").", - ".$this->ds->qstr("Unknown - added by IPplan poller").", - ".$this->ds->qstr("").", + (".$this->ds->QMagic("").", + ".$this->ds->QMagic("").", + ".$this->ds->QMagic("").", + ".$this->ds->QMagic("Unknown - added by IPplan poller").", + ".$this->ds->QMagic("").", $baseindex, $ipaddr, ".$this->ds->DBTimeStamp(time()).", ".$this->ds->DBTimeStamp(time()).", - ".$this->ds->qstr("POLLER").")"); + ".$this->ds->QMagic("POLLER").")"); } } @@ -942,8 +942,8 @@ $this->ds->Execute("INSERT INTO auditlog (action, userid, dt) VALUES - (".$this->ds->qstr(substr($message,0,254)).", - ".$this->ds->qstr(getAuthUsername()).", + (".$this->ds->QMagic(substr($message,0,254)).", + ".$this->ds->QMagic(getAuthUsername()).", ".$this->ds->DBTimeStamp(time()).")"); } else if (is_array($message)) { @@ -960,8 +960,8 @@ $this->ds->Execute("INSERT INTO auditlog (action, userid, dt) VALUES - (".$this->ds->qstr(substr($value,0,254)).", - ".$this->ds->qstr(getAuthUsername()).", + (".$this->ds->QMagic(substr($value,0,254)).", + ".$this->ds->QMagic(getAuthUsername()).", ".$this->ds->DBTimeStamp(time()).")"); } @@ -983,10 +983,10 @@ if (!empty($search)) { switch ($expr) { case "NLIKE": - $sql="$var NOT LIKE ".$this->ds->qstr("%$search%"); + $sql="$var NOT LIKE ".$this->ds->QMagic("%$search%"); break; case "EXACT": - $sql="$var = ".$this->ds->qstr("$search"); + $sql="$var = ".$this->ds->QMagic("$search"); break; case "RLIKE": // default is RLIKE, need to protect for DBF's without RLIKE @@ -994,11 +994,11 @@ return ""; } if (DBF_TYPE=="mysql" or DBF_TYPE=="maxsql") { - $sql="$var RLIKE ".$this->ds->qstr("$search"); + $sql="$var RLIKE ".$this->ds->QMagic("$search"); break; } if (DBF_TYPE=="postgres7") { - $sql="$var ~ ".$this->ds->qstr("$search"); + $sql="$var ~ ".$this->ds->QMagic("$search"); break; } case "NRLIKE": @@ -1006,22 +1006,22 @@ return ""; } if (DBF_TYPE=="mysql" or DBF_TYPE=="maxsql") { - $sql="$var NOT RLIKE ".$this->ds->qstr("$search"); + $sql="$var NOT RLIKE ".$this->ds->QMagic("$search"); break; } if (DBF_TYPE=="postgres7") { - $sql="$var NOT ~ ".$this->ds->qstr("$search"); + $sql="$var NOT ~ ".$this->ds->QMagic("$search"); break; } case "LIKE": - $sql="$var LIKE ".$this->ds->qstr("%$search%"); + $sql="$var LIKE ".$this->ds->QMagic("%$search%"); break; case "END": - $sql="$var LIKE ".$this->ds->qstr("%$search"); + $sql="$var LIKE ".$this->ds->QMagic("%$search"); break; // default is START search default: - $sql="$var LIKE ".$this->ds->qstr("$search%"); + $sql="$var LIKE ".$this->ds->QMagic("$search%"); } // should there be an AND? if ($addand) { diff -ruN ipplan.orig/class.dnslib.php ipplan/class.dnslib.php --- ipplan.orig/class.dnslib.php 2009-08-17 23:43:43.000000000 +0200 +++ ipplan/class.dnslib.php 2011-02-12 12:15:02.890364937 +0200 @@ -262,10 +262,10 @@ recordtype, userid, ip_hostname) ". "VALUES ($this->cust, $dataid, ". $i.",". $this->ds->DBTimeStamp(time()).",". - $this->ds->qstr($host).",". - $this->ds->qstr($recordtype).",". - $this->ds->qstr(getAuthUsername()).",". - $this->ds->qstr($iphostname).")" ); + $this->ds->QMagic($host).",". + $this->ds->QMagic($recordtype).",". + $this->ds->QMagic(getAuthUsername()).",". + $this->ds->QMagic($iphostname).")" ); if (!$result) { return FALSE; } @@ -288,7 +288,7 @@ (id, hname, horder) VALUES ($dataid, - ".$this->ds->qstr($hnametemp).", + ".$this->ds->QMagic($hnametemp).", $i)"); if (!$result) { return FALSE; @@ -340,23 +340,23 @@ // Updated DB here. $result = $this->ds->Execute("UPDATE fwdzone ". - "set serialdate=".$this->ds->qstr($this->serialdate). + "set serialdate=".$this->ds->QMagic($this->serialdate). ", serialnum=$this->serialnum". ",ttl=".$this->ttl. ",refresh=".$this->refresh. ",retry=".$this->retry. ",expire=".$this->expire. ",minimum=".$this->minimum. - ",error_message=".$this->ds->qstr("E"). - ",responsiblemail=".$this->ds->qstr($this->responsiblemail). - ",userid=".$this->ds->qstr(getAuthUsername()). - ",zonefilepath1=".$this->ds->qstr($this->zonepath). - ",zonefilepath2=".$this->ds->qstr($this->seczonepath). + ",error_message=".$this->ds->QMagic("E"). + ",responsiblemail=".$this->ds->QMagic($this->responsiblemail). + ",userid=".$this->ds->QMagic(getAuthUsername()). + ",zonefilepath1=".$this->ds->QMagic($this->zonepath). + ",zonefilepath2=".$this->ds->QMagic($this->seczonepath). ",createmod=".$this->ds->DBDate($this->createmod). ",lastmod=".$this->ds->DBTimeStamp(time()). ",expiremod=".$this->ds->DBDate($this->expiremod). ",regmod=".$this->ds->DBDate($this->regmod). - ",slaveonly=".$this->ds->qstr($this->slaveonly). + ",slaveonly=".$this->ds->QMagic($this->slaveonly). " WHERE customer=$cust AND data_id=".$dataid ); if($this->ds->GetRow("SELECT info @@ -364,7 +364,7 @@ WHERE customer=$cust AND data_id=$dataid")) { // should have FOR UPDATE here! $result = $this->ds->Execute("UPDATE fwdzoneadd ". - "set info=".$this->ds->qstr($this->info). + "set info=".$this->ds->QMagic($this->info). " WHERE customer=$cust AND data_id=".$dataid ); } else { // no record, insert @@ -372,7 +372,7 @@ $result = $this->ds->Execute("INSERT into fwdzoneadd (customer, data_id, info) ". "VALUES ($this->cust,". $dataid.",". - $this->ds->qstr($this->info).")" ); + $this->ds->QMagic($this->info).")" ); } } @@ -398,23 +398,23 @@ createmod, lastmod, expiremod, regmod, serialdate, serialnum, ttl, refresh, retry, expire, minimum, responsiblemail, userid, zonefilepath1, zonefilepath2, slaveonly) ". "VALUES ($this->cust,". - $this->ds->qstr($this->domain).",". - $this->ds->qstr("E").",". + $this->ds->QMagic($this->domain).",". + $this->ds->QMagic("E").",". $this->ds->DBDate($this->createmod).",". $this->ds->DBTimeStamp(time()).",". $this->ds->DBDate($this->expiremod).",". $this->ds->DBDate($this->regmod).",". - $this->ds->qstr($this->serialdate).", $this->serialnum,". + $this->ds->QMagic($this->serialdate).", $this->serialnum,". $this->ttl.",". $this->refresh.",". $this->retry.",". $this->expire.",". $this->minimum.",". - $this->ds->qstr($this->responsiblemail).",". - $this->ds->qstr(getAuthUsername()).",". - $this->ds->qstr($this->zonepath).",". - $this->ds->qstr($this->seczonepath).",". - $this->ds->qstr($this->slaveonly).")" ); + $this->ds->QMagic($this->responsiblemail).",". + $this->ds->QMagic(getAuthUsername()).",". + $this->ds->QMagic($this->zonepath).",". + $this->ds->QMagic($this->seczonepath).",". + $this->ds->QMagic($this->slaveonly).")" ); // did not fail due to key error? // should not fail as we checked this already! @@ -427,7 +427,7 @@ $result=$this->ds->Execute("SELECT data_id FROM fwdzone WHERE customer=$this->cust AND - domain=".$this->ds->qstr($this->domain)); + domain=".$this->ds->QMagic($this->domain)); $temprow = $result->FetchRow(); $dataid=$temprow["data_id"]; } @@ -436,7 +436,7 @@ $result = $this->ds->Execute("INSERT into fwdzoneadd (customer, data_id, info) ". "VALUES ($this->cust,". $dataid.",". - $this->ds->qstr($this->info).")" ); + $this->ds->QMagic($this->info).")" ); } return $dataid; @@ -465,7 +465,7 @@ // could use unique key on database to do check, but requires extra key // just to add a new record $restemp=$this->ds->Execute("SELECT domain FROM fwdzone - WHERE customer=$cust AND domain = ".$this->ds->qstr($this->domain)); + WHERE customer=$cust AND domain = ".$this->ds->QMagic($this->domain)); if ($restemp->FetchRow()) { // domain already exists, fail transaction @@ -499,11 +499,11 @@ (data_id, host, recordtype, ip_hostname, sortorder, customer, userid, lastmod) SELECT $dataid AS data_id, fwdzonerec.host, fwdzonerec.recordtype, fwdzonerec.ip_hostname, fwdzonerec.sortorder, fwdzonerec.customer, - ".$this->ds->qstr(getAuthUsername())." AS userid, + ".$this->ds->QMagic(getAuthUsername())." AS userid, ".$this->ds->DBTimeStamp(time())." AS lastmod FROM fwdzonerec, fwdzone WHERE fwdzonerec.data_id=fwdzone.data_id AND - fwdzone.domain=".$this->ds->qstr("template.com")); + fwdzone.domain=".$this->ds->QMagic("template.com")); } $this->err = 0; @@ -526,9 +526,9 @@ // Update DNS Database Serial Count. Update Serial Count only when we export. $result = $this->ds->Execute("UPDATE fwdzone ". - "set serialdate=".$this->ds->qstr($this->serialdate). - ", userid=".$this->ds->qstr(getAuthUsername()). - ", error_message=".$this->ds->qstr(""). + "set serialdate=".$this->ds->QMagic($this->serialdate). + ", userid=".$this->ds->QMagic(getAuthUsername()). + ", error_message=".$this->ds->QMagic(""). ", lastexp=".$this->ds->DBTimeStamp(time()). ", serialnum=$this->serialnum". " WHERE customer=$cust AND data_id=".$dataid); @@ -798,7 +798,7 @@ (id, hname, horder) VALUES ($zoneid, - ".$this->ds->qstr($hnametemp).", + ".$this->ds->QMagic($hnametemp).", $i)"); if (!$result) { @@ -854,22 +854,22 @@ // Updated DB here. $result = $this->ds->Execute("UPDATE zones SET zoneip=$zoneip". - ",zone=".$this->ds->qstr($this->zone). + ",zone=".$this->ds->QMagic($this->zone). ",zonesize=$size". - ",serialdate=".$this->ds->qstr($this->serialdate). + ",serialdate=".$this->ds->QMagic($this->serialdate). ",serialnum=$this->serialnum". ",ttl=".$this->ttl. ",refresh=".$this->refresh. ",retry=".$this->retry. ",expire=".$this->expire. ",minimum=".$this->minimum. - ",error_message=".$this->ds->qstr("E"). - ",responsiblemail=".$this->ds->qstr($this->responsiblemail). - ",userid=".$this->ds->qstr(getAuthUsername()). - ",zonefilepath1=".$this->ds->qstr($this->zonepath). - ",zonefilepath2=".$this->ds->qstr($this->seczonepath). + ",error_message=".$this->ds->QMagic("E"). + ",responsiblemail=".$this->ds->QMagic($this->responsiblemail). + ",userid=".$this->ds->QMagic(getAuthUsername()). + ",zonefilepath1=".$this->ds->QMagic($this->zonepath). + ",zonefilepath2=".$this->ds->QMagic($this->seczonepath). ",lastmod=".$this->ds->DBTimeStamp(time()). - ",slaveonly=".$this->ds->qstr($this->slaveonly). + ",slaveonly=".$this->ds->QMagic($this->slaveonly). " WHERE customer=$cust AND id=".$zoneid ); // delete all the DNS records first to preserve correct order @@ -896,20 +896,20 @@ lastmod, responsiblemail, userid, zonefilepath1, zonefilepath2, slaveonly) ". "VALUES ($this->cust, $this->zoneip,". - $this->ds->qstr($this->zone).", $this->size,". - $this->ds->qstr($this->serialdate).", $this->serialnum,". - $this->ds->qstr("E").",". + $this->ds->QMagic($this->zone).", $this->size,". + $this->ds->QMagic($this->serialdate).", $this->serialnum,". + $this->ds->QMagic("E").",". $this->ttl.",". $this->refresh.",". $this->retry.",". $this->expire.",". $this->minimum.",". $this->ds->DBTimeStamp(time()).",". - $this->ds->qstr($this->responsiblemail).",". - $this->ds->qstr(getAuthUsername()).",". - $this->ds->qstr($this->zonepath).",". - $this->ds->qstr($this->seczonepath).",". - $this->ds->qstr($this->slaveonly).")" ); + $this->ds->QMagic($this->responsiblemail).",". + $this->ds->QMagic(getAuthUsername()).",". + $this->ds->QMagic($this->zonepath).",". + $this->ds->QMagic($this->seczonepath).",". + $this->ds->QMagic($this->slaveonly).")" ); // did not fail due to key error? // should not fail as we checked this already! @@ -953,7 +953,7 @@ // could use unique key on database to do check, but requires extra key // just to add a new record $restemp=$this->ds->Execute("SELECT zone FROM zones - WHERE customer=$cust AND zone = ".$this->ds->qstr($this->zone)); + WHERE customer=$cust AND zone = ".$this->ds->QMagic($this->zone)); if ($restemp->FetchRow()) { // domain already exists, fail transaction @@ -999,10 +999,10 @@ $this->Serial(); $result = $this->ds->Execute("UPDATE zones ". - "set serialdate=".$this->ds->qstr($this->serialdate). - ", userid=".$this->ds->qstr(getAuthUsername()). + "set serialdate=".$this->ds->QMagic($this->serialdate). + ", userid=".$this->ds->QMagic(getAuthUsername()). ", lastexp=".$this->ds->DBTimeStamp(time()). - ", error_message=".$this->ds->qstr(""). + ", error_message=".$this->ds->QMagic(""). ", serialnum=$this->serialnum ". " WHERE customer=$cust AND id=$zoneid"); @@ -1155,8 +1155,8 @@ // Update DNS Database Serial Count. Update Serial Count only when we export. $result = $this->ds->Execute("UPDATE fwdzone ". - "set serialdate=".$this->ds->qstr($this->serialdate). - ", userid=".$this->ds->qstr(getAuthUsername()). + "set serialdate=".$this->ds->QMagic($this->serialdate). + ", userid=".$this->ds->QMagic(getAuthUsername()). ", serialnum=$this->serialnum". " WHERE customer=$cust AND data_id=".$zoneid); diff -ruN ipplan.orig/contrib/ipplan-poller.php ipplan/contrib/ipplan-poller.php --- ipplan.orig/contrib/ipplan-poller.php 2009-02-22 23:44:50.000000000 +0200 +++ ipplan/contrib/ipplan-poller.php 2011-02-12 12:15:22.114373458 +0200 @@ -242,7 +242,7 @@ if ($hostnames) { $result = $ds->Execute("UPDATE ipaddr - SET lastpol=".$ds->DBTimeStamp(time()).", hname=".$ds->qstr($hname)." + SET lastpol=".$ds->DBTimeStamp(time()).", hname=".$ds->QMagic($hname)." WHERE baseindex=$baseindex AND ipaddr=$ipaddr"); } @@ -258,23 +258,23 @@ (userinf, location, telno, descrip, hname, baseindex, ipaddr, lastmod, lastpol, userid) VALUES - (".$ds->qstr("").", - ".$ds->qstr("").", - ".$ds->qstr("").", - ".$ds->qstr("Unknown - added by IPplan command line poller").", - ".$ds->qstr($hname).", + (".$ds->QMagic("").", + ".$ds->QMagic("").", + ".$ds->QMagic("").", + ".$ds->QMagic("Unknown - added by IPplan command line poller").", + ".$ds->QMagic($hname).", $baseindex, $ipaddr, ".$ds->DBTimeStamp(time()).", ".$ds->DBTimeStamp(time()).", - ".$ds->qstr("POLLER").")"); + ".$ds->QMagic("POLLER").")"); if ($audit) { $ds->Execute("INSERT INTO auditlog (action, userid, dt) VALUES - (".$ds->qstr(sprintf("User POLLER added ip record %s customer %u index %u", $key, $cust, $baseindex)).", - ".$ds->qstr("POLLER").", + (".$ds->QMagic(sprintf("User POLLER added ip record %s customer %u index %u", $key, $cust, $baseindex)).", + ".$ds->QMagic("POLLER").", ".$ds->DBTimeStamp(time()).")"); } } diff -ruN ipplan.orig/user/createarea.php ipplan/user/createarea.php --- ipplan.orig/user/createarea.php 2009-08-17 23:43:59.000000000 +0200 +++ ipplan/user/createarea.php 2011-02-12 12:15:22.118373284 +0200 @@ -84,7 +84,7 @@ $ds->DbfTransactionStart(); if ($action=="modify") { $result=&$ds->ds->Execute("UPDATE area SET areaaddr=$base, - descrip=".$ds->ds->qstr($descrip)." WHERE areaindex=$areaindex") and + descrip=".$ds->ds->QMagic($descrip)." WHERE areaindex=$areaindex") and $ds->AuditLog(array("event"=>151, "action"=>"modify area", "descrip"=>$descrip, "user"=>getAuthUsername(), "area"=>$ipaddr, "cust"=>$cust)); @@ -93,7 +93,7 @@ $result=&$ds->ds->Execute("INSERT INTO area (areaaddr, descrip, customer) VALUES - ($base, ".$ds->ds->qstr($descrip).", $cust)") and + ($base, ".$ds->ds->QMagic($descrip).", $cust)") and $ds->AuditLog(array("event"=>150, "action"=>"create area", "descrip"=>$descrip, "user"=>getAuthUsername(), "area"=>$ipaddr, "cust"=>$cust)); diff -ruN ipplan.orig/user/createrange.php ipplan/user/createrange.php --- ipplan.orig/user/createrange.php 2009-08-17 23:43:59.000000000 +0200 +++ ipplan/user/createrange.php 2011-02-12 12:15:22.118373284 +0200 @@ -166,7 +166,7 @@ if ($action=="modify") { $result=&$ds->ds->Execute("UPDATE netrange SET areaindex=$areaindex, - descrip=".$ds->ds->qstr($descrip).", + descrip=".$ds->ds->QMagic($descrip).", rangeaddr=$base, rangesize=$size WHERE rangeindex=$rangeindex") and $ds->AuditLog(array("event"=>161, "action"=>"modify range", @@ -179,7 +179,7 @@ customer) VALUES ($base, $size, $areaindex, - ".$ds->ds->qstr($descrip).", + ".$ds->ds->QMagic($descrip).", $cust)") and $ds->AuditLog(array("event"=>160, "action"=>"create range", "descrip"=>$descrip, "user"=>getAuthUsername(), "areaindex"=>$areaindex, diff -ruN ipplan.orig/user/createsubnet.php ipplan/user/createsubnet.php --- ipplan.orig/user/createsubnet.php 2009-08-17 23:43:59.000000000 +0200 +++ ipplan/user/createsubnet.php 2011-02-12 12:15:22.118373284 +0200 @@ -219,7 +219,7 @@ $result = &$ds->ds->Execute("INSERT INTO baseadd (info, baseindex) VALUES - (".$ds->ds->qstr($info).", $id)"); + (".$ds->ds->QMagic($info).", $id)"); } $ds->DbfTransactionEnd(); diff -ruN ipplan.orig/user/displaysubnet.php ipplan/user/displaysubnet.php --- ipplan.orig/user/displaysubnet.php 2009-08-17 23:43:59.000000000 +0200 +++ ipplan/user/displaysubnet.php 2011-02-12 12:15:22.121373166 +0200 @@ -221,7 +221,7 @@ WHERE base.customer=$cust AND base.baseindex=ipaddr.baseindex AND ipaddr.ipaddr!=$ip AND - ipaddr.macaddr=".$ds->ds->qstr($macaddr))) { + ipaddr.macaddr=".$ds->ds->QMagic($macaddr))) { $formerror .= sprintf(my_("Duplicate MAC address: %s"), $oldmacaddr)."\n"; insert($w,anchor("searchall.php?cust=".$cust."&field=macaddr&search=".$macaddr, my_("Show duplicate MAC addresses"))); @@ -302,7 +302,7 @@ WHERE requestindex=$request"); $gw=$ds->ds->GetOne("SELECT ipaddr FROM ipaddr WHERE baseindex=$baseindex AND - descrip LIKE ".$ds->ds->qstr("GW%")); + descrip LIKE ".$ds->ds->QMagic("GW%")); $body="?Subject=IP address request actioned&body="; $body2="The request details submitted: $requestdesc\n\n"; @@ -931,15 +931,15 @@ FROM fwdzone, fwdzonerec WHERE fwdzone.data_id=fwdzonerec.data_id AND fwdzone.customer=$cust AND - fwdzonerec.recordtype=".$ds->ds->qstr("A")." AND - fwdzonerec.error_message=".$ds->ds->qstr("A")." AND - fwdzonerec.ip_hostname=".$ds->ds->qstr(inet_ntoa($ip))); + fwdzonerec.recordtype=".$ds->ds->QMagic("A")." AND + fwdzonerec.error_message=".$ds->ds->QMagic("A")." AND + fwdzonerec.ip_hostname=".$ds->ds->QMagic(inet_ntoa($ip))); $recs=$result->PO_RecordCount("fwdzone, fwdzonerec", "fwdzone.data_id=fwdzonerec.data_id AND fwdzone.customer=$cust AND - fwdzonerec.recordtype=".$ds->ds->qstr("A")." AND - fwdzonerec.error_message=".$ds->ds->qstr("A")." AND - fwdzonerec.ip_hostname=".$ds->ds->qstr(inet_ntoa($ip))); + fwdzonerec.recordtype=".$ds->ds->QMagic("A")." AND + fwdzonerec.error_message=".$ds->ds->QMagic("A")." AND + fwdzonerec.ip_hostname=".$ds->ds->QMagic(inet_ntoa($ip))); // must be exactly one A record on one domain else cannot delete if($recs == 1) { $row=$result->FetchRow(); @@ -950,7 +950,7 @@ $result = &$ds->ds->Execute("DELETE FROM fwdzonerec WHERE customer=$cust AND recidx=$recidx") and - $ds->ds->Execute("UPDATE fwdzone SET error_message=".$ds->ds->qstr("E"). + $ds->ds->Execute("UPDATE fwdzone SET error_message=".$ds->ds->QMagic("E"). " WHERE customer=$cust AND data_id=".$dom_id) and $ds->AuditLog(array("event"=>120, "action"=>"delete zone record", "cust"=>$cust, "user"=>getAuthUsername(), "id"=>$recidx)); @@ -985,13 +985,13 @@ FROM fwdzone, fwdzonerec WHERE fwdzone.data_id=fwdzonerec.data_id AND fwdzone.customer=$cust AND - fwdzonerec.recordtype=".$ds->ds->qstr("A")." AND - fwdzonerec.ip_hostname=".$ds->ds->qstr(inet_ntoa($ip))); + fwdzonerec.recordtype=".$ds->ds->QMagic("A")." AND + fwdzonerec.ip_hostname=".$ds->ds->QMagic(inet_ntoa($ip))); $recs=$result->PO_RecordCount("fwdzone, fwdzonerec", "fwdzone.data_id=fwdzonerec.data_id AND fwdzone.customer=$cust AND - fwdzonerec.recordtype=".$ds->ds->qstr("A")." AND - fwdzonerec.ip_hostname=".$ds->ds->qstr(inet_ntoa($ip))); + fwdzonerec.recordtype=".$ds->ds->QMagic("A")." AND + fwdzonerec.ip_hostname=".$ds->ds->QMagic(inet_ntoa($ip))); // must be exactly one A record on one domain else cannot update if($recs == 1) { // does domain name of record match ip records hostname? @@ -1011,13 +1011,13 @@ } insert($w,textbr(my_("IP hostname field in DNS forward zone modified"))); - $ds->ds->Execute("UPDATE fwdzonerec SET host=".$ds->ds->qstr($hnametmp).", + $ds->ds->Execute("UPDATE fwdzonerec SET host=".$ds->ds->QMagic($hnametmp).", lastmod=".$ds->ds->DBTimeStamp(time()).", - userid=".$ds->ds->qstr(getAuthUsername())." + userid=".$ds->ds->QMagic(getAuthUsername())." WHERE customer=$cust AND - recordtype=".$ds->ds->qstr("A")." AND - ip_hostname=".$ds->ds->qstr(inet_ntoa($ip))) and - $ds->ds->Execute("UPDATE fwdzone SET error_message=".$ds->ds->qstr("E"). + recordtype=".$ds->ds->QMagic("A")." AND + ip_hostname=".$ds->ds->QMagic(inet_ntoa($ip))) and + $ds->ds->Execute("UPDATE fwdzone SET error_message=".$ds->ds->QMagic("E"). " WHERE customer=$cust AND data_id=".$dataid) and $ds->AuditLog(array("event"=>122, "action"=>"modified zone record", "cust"=>$cust, "user"=>getAuthUsername(), "domain"=>$domain, "host"=>$hnametmp, @@ -1048,12 +1048,12 @@ $result = &$ds->ds->Execute("SELECT length(domain) AS domainlen, data_id, domain FROM fwdzone WHERE customer=$cust AND - ".$ds->ds->qstr($hname."$")." $regex domain + ".$ds->ds->QMagic($hname."$")." $regex domain ORDER BY domainlen DESC"); $recs=$result->PO_RecordCount("fwdzone", "customer=$cust AND - ".$ds->ds->qstr($hname."$")." $regex domain"); + ".$ds->ds->QMagic($hname."$")." $regex domain"); // must be exactly one matching zone only, or more than one zone // sorted DESC. If second case, use first record for longest match @@ -1069,12 +1069,12 @@ recordtype, error_message, userid, ip_hostname) ". "VALUES ($cust, $dataid, 9999,". $ds->ds->DBTimeStamp(time()).",". - $ds->ds->qstr($hnametmp).",". - $ds->ds->qstr("A").",". - $ds->ds->qstr("A").",". - $ds->ds->qstr(getAuthUsername()).",". - $ds->ds->qstr(inet_ntoa($ip)).")" ) and - $ds->ds->Execute("UPDATE fwdzone SET error_message=".$ds->ds->qstr("E"). + $ds->ds->QMagic($hnametmp).",". + $ds->ds->QMagic("A").",". + $ds->ds->QMagic("A").",". + $ds->ds->QMagic(getAuthUsername()).",". + $ds->ds->QMagic(inet_ntoa($ip)).")" ) and + $ds->ds->Execute("UPDATE fwdzone SET error_message=".$ds->ds->QMagic("E"). " WHERE customer=$cust AND data_id=".$dataid) and $ds->AuditLog(array("event"=>121, "action"=>"add zone record", "cust"=>$cust, "user"=>getAuthUsername(), "domain"=>$domain, "host"=>$hnametmp, diff -ruN ipplan.orig/user/exportdhcp.php ipplan/user/exportdhcp.php --- ipplan.orig/user/exportdhcp.php 2009-08-17 23:43:59.000000000 +0200 +++ ipplan/user/exportdhcp.php 2011-02-12 12:15:22.122373129 +0200 @@ -150,7 +150,7 @@ $result_ip=&$ds->ds->Execute("SELECT ipaddr, macaddr, hname FROM ipaddr WHERE baseindex=$baseindex AND - userinf LIKE ".$ds->ds->qstr("%".DHCPRESERVED."%")." + userinf LIKE ".$ds->ds->QMagic("%".DHCPRESERVED."%")." ORDER BY ipaddr"); $iprange_dynamicIPs=array(); diff -ruN ipplan.orig/user/modifybase.php ipplan/user/modifybase.php --- ipplan.orig/user/modifybase.php 2009-08-17 23:43:59.000000000 +0200 +++ ipplan/user/modifybase.php 2011-02-12 12:15:22.124373058 +0200 @@ -224,7 +224,7 @@ $result=&$ds->ds->Execute("UPDATE base SET subnetsize=$size*2, lastmod=".$ds->ds->DBTimeStamp(time()).", - userid=".$ds->ds->qstr(getAuthUsername())." + userid=".$ds->ds->QMagic(getAuthUsername())." WHERE baseindex=$baseindex"); $ds->AuditLog(array("event"=>173, "action"=>"join subnet", @@ -240,7 +240,7 @@ $result=&$ds->ds->Execute("UPDATE base SET subnetsize=$size/2, lastmod=".$ds->ds->DBTimeStamp(time()).", - userid=".$ds->ds->qstr(getAuthUsername())." + userid=".$ds->ds->QMagic(getAuthUsername())." WHERE baseindex=$baseindex"); // ... and create new subnet $timetmp=time(); diff -ruN ipplan.orig/user/modifycustomer.php ipplan/user/modifycustomer.php --- ipplan.orig/user/modifycustomer.php 2009-08-17 23:43:59.000000000 +0200 +++ ipplan/user/modifycustomer.php 2011-02-12 12:15:22.124373058 +0200 @@ -126,9 +126,9 @@ $result=&$ds->ds->Execute("INSERT INTO customer (custdescrip, crm, admingrp) VALUES - (".$ds->ds->qstr($custdescrip).", - ".$ds->ds->qstr($crm).", - ".$ds->ds->qstr($grp).")"); + (".$ds->ds->QMagic($custdescrip).", + ".$ds->ds->QMagic($crm).", + ".$ds->ds->QMagic($grp).")"); // did not fail due to key error? if ($result) { @@ -139,7 +139,7 @@ // emulate getting the last insert_id $result=&$ds->ds->Execute("SELECT customer FROM customer - WHERE custdescrip=".$ds->ds->qstr($custdescrip)); + WHERE custdescrip=".$ds->ds->QMagic($custdescrip)); $temprow = $result->FetchRow(); $cust=$temprow["customer"]; } @@ -160,9 +160,9 @@ } $result=&$ds->ds->Execute("UPDATE customer - SET custdescrip=".$ds->ds->qstr($custdescrip).", - crm=".$ds->ds->qstr($crm).", - admingrp=".$ds->ds->qstr($grp)." + SET custdescrip=".$ds->ds->QMagic($custdescrip).", + crm=".$ds->ds->QMagic($crm).", + admingrp=".$ds->ds->QMagic($grp)." WHERE customer=$cust"); // did not fail due to key error? @@ -176,7 +176,7 @@ // test for CRM duplicates - this is not a unique key and cannot be if (!empty($crm)) { $recs=$ds->ds->GetOne("SELECT count(*) AS cnt FROM customer - WHERE crm=".$ds->ds->qstr($crm)); + WHERE crm=".$ds->ds->QMagic($crm)); if ($recs > 1) { //duplicate ? insert($w,text(my_("The CRM field has already been used for another customer"), array("color"=>"#FF0000"))); insert($w,textbr()); @@ -200,25 +200,25 @@ phne, mbox) VALUES ($cust, - ".$ds->ds->qstr("").", - ".$ds->ds->qstr($org).", - ".$ds->ds->qstr($street).", - ".$ds->ds->qstr($city).", - ".$ds->ds->qstr($state).", - ".$ds->ds->qstr($zipcode).", - ".$ds->ds->qstr($cntry).", - ".$ds->ds->qstr($nichandl).", - ".$ds->ds->qstr($lname).", - ".$ds->ds->qstr($fname).", - ".$ds->ds->qstr($mname).", - ".$ds->ds->qstr($torg).", - ".$ds->ds->qstr($tstreet).", - ".$ds->ds->qstr($tcity).", - ".$ds->ds->qstr($tstate).", - ".$ds->ds->qstr($tzipcode).", - ".$ds->ds->qstr($tcntry).", - ".$ds->ds->qstr($phne).", - ".$ds->ds->qstr($mbox).")"); + ".$ds->ds->QMagic("").", + ".$ds->ds->QMagic($org).", + ".$ds->ds->QMagic($street).", + ".$ds->ds->QMagic($city).", + ".$ds->ds->QMagic($state).", + ".$ds->ds->QMagic($zipcode).", + ".$ds->ds->QMagic($cntry).", + ".$ds->ds->QMagic($nichandl).", + ".$ds->ds->QMagic($lname).", + ".$ds->ds->QMagic($fname).", + ".$ds->ds->QMagic($mname).", + ".$ds->ds->QMagic($torg).", + ".$ds->ds->QMagic($tstreet).", + ".$ds->ds->QMagic($tcity).", + ".$ds->ds->QMagic($tstate).", + ".$ds->ds->QMagic($tzipcode).", + ".$ds->ds->QMagic($tcntry).", + ".$ds->ds->QMagic($phne).", + ".$ds->ds->QMagic($mbox).")"); // delete all the DNS records first to preserve correct order $result=&$ds->ds->Execute("DELETE FROM revdns @@ -235,8 +235,8 @@ (customer, hname, ipaddr, horder) VALUES ($cust, - ".$ds->ds->qstr($hnametemp).", - ".$ds->ds->qstr($ipaddrtemp).", + ".$ds->ds->QMagic($hnametemp).", + ".$ds->ds->QMagic($ipaddrtemp).", $i)"); } } @@ -245,7 +245,7 @@ FROM custadd WHERE customer=$cust")) { // should have FOR UPDATE here! $result = &$ds->ds->Execute("UPDATE custadd - SET info=".$ds->ds->qstr($info)." + SET info=".$ds->ds->QMagic($info)." WHERE customer=$cust"); // this generates a "duplicate key" error if no update // should be OK under normal circumstances, but generates error under @@ -256,7 +256,7 @@ $result = &$ds->ds->Execute("INSERT INTO custadd (info, customer) VALUES - (".$ds->ds->qstr($info).", $cust)"); + (".$ds->ds->QMagic($info).", $cust)"); } } diff -ruN ipplan.orig/user/modifydns.php ipplan/user/modifydns.php --- ipplan.orig/user/modifydns.php 2009-08-17 23:43:59.000000000 +0200 +++ ipplan/user/modifydns.php 2011-02-12 12:15:22.125373029 +0200 @@ -245,10 +245,10 @@ recordtype, userid, ip_hostname) ". "VALUES ($cust, $ds->dataid, 9999,". $ds->ds->DBTimeStamp(time()).",". - $ds->ds->qstr($host).",". // myhost or myhost.mydomain.com. - $ds->ds->qstr($recordtype).",". // A, MX, NS - $ds->ds->qstr(getAuthUsername()).",". - $ds->ds->qstr($iphostname).")" ); // ip address for A, or 10 myhost for MX + $ds->ds->QMagic($host).",". // myhost or myhost.mydomain.com. + $ds->ds->QMagic($recordtype).",". // A, MX, NS + $ds->ds->QMagic(getAuthUsername()).",". + $ds->ds->QMagic($iphostname).")" ); // ip address for A, or 10 myhost for MX */ $ds->AuditLog(array("event"=>111, "action"=>"add forward zone", "cust"=>$cust, @@ -316,7 +316,7 @@ if ($dataid==0) { $dataid = &$ds->ds->GetCol("SELECT data_id FROM fwdzone - WHERE customer=$cust AND error_message=".$ds->ds->qstr("E")." + WHERE customer=$cust AND error_message=".$ds->ds->QMagic("E")." ORDER BY domain "); } diff -ruN ipplan.orig/user/modifydnsrecord.php ipplan/user/modifydnsrecord.php --- ipplan.orig/user/modifydnsrecord.php 2009-08-17 23:43:59.000000000 +0200 +++ ipplan/user/modifydnsrecord.php 2011-02-12 12:15:22.126372966 +0200 @@ -81,7 +81,7 @@ if ($action=="delete") { if (!$dom_id=$ds->ds->GetOne("SELECT data_id FROM fwdzone - WHERE customer=$cust AND domain=".$ds->ds->qstr($domain))) { + WHERE customer=$cust AND domain=".$ds->ds->QMagic($domain))) { myError($w,$p, my_("Could not find the zone - possibly deleted by another user")); } @@ -110,7 +110,7 @@ $baseindex=$row1["baseindex"]; $ds->ds->Execute("UPDATE ipaddr - SET hname=".$ds->ds->qstr($row["host"])." + SET hname=".$ds->ds->QMagic($row["host"])." WHERE baseindex=$baseindex AND ipaddr=".inet_aton($row["ip_hostname"])); insert($w,textbr(sprintf(my_("IP record %s updated in subnet '%s' due to deletion of auto created A record"), $row["ip_hostname"], $row1["descrip"]))); } @@ -118,7 +118,7 @@ $result = &$ds->ds->Execute("DELETE FROM fwdzonerec WHERE customer=$cust AND recidx=$value") and $ds->ds->Execute("UPDATE fwdzone - SET error_message=".$ds->ds->qstr("E").", + SET error_message=".$ds->ds->QMagic("E").", lastmod=".$ds->ds->DBTimeStamp(time()). " WHERE customer=$cust AND data_id=".$dom_id) and $ds->AuditLog(array("event"=>120, "action"=>"delete zone record", "cust"=>$cust, @@ -161,7 +161,7 @@ $result = &$ds->ds->Execute("SELECT fwdzonerec.recidx, fwdzonerec.sortorder FROM fwdzone, fwdzonerec WHERE fwdzone.customer=$cust AND - fwdzone.domain=".$ds->ds->qstr($domain)." AND + fwdzone.domain=".$ds->ds->QMagic($domain)." AND fwdzone.data_id=fwdzonerec.data_id ORDER by fwdzonerec.sortorder"); @@ -297,14 +297,14 @@ $result = &$ds->ds->Execute("SELECT customer FROM fwdzonerec WHERE customer=$cust AND data_id=$zoneid AND - host=".$ds->ds->qstr($host)." AND - recordtype=".$ds->ds->qstr($recordtype)." AND - ip_hostname=".$ds->ds->qstr($iphostname)); + host=".$ds->ds->QMagic($host)." AND + recordtype=".$ds->ds->QMagic($recordtype)." AND + ip_hostname=".$ds->ds->QMagic($iphostname)); $recs=$result->PO_RecordCount("fwdzonerec", "customer=$cust AND data_id=$zoneid AND - host=".$ds->ds->qstr($host)." AND - recordtype=".$ds->ds->qstr($recordtype)." AND - ip_hostname=".$ds->ds->qstr($iphostname)); + host=".$ds->ds->QMagic($host)." AND + recordtype=".$ds->ds->QMagic($recordtype)." AND + ip_hostname=".$ds->ds->QMagic($iphostname)); if($recs > 0) { myError($w,$p, my_("Cannot create duplicate records")); } @@ -317,12 +317,12 @@ $result = &$ds->ds->Execute("SELECT ip_hostname FROM fwdzonerec WHERE customer=$cust AND - recordtype=".$ds->ds->qstr("A")." AND - ip_hostname=".$ds->ds->qstr($iphostname)); + recordtype=".$ds->ds->QMagic("A")." AND + ip_hostname=".$ds->ds->QMagic($iphostname)); $recs=$result->PO_RecordCount("fwdzonerec", "customer=$cust AND - recordtype=".$ds->ds->qstr("A")." AND - ip_hostname=".$ds->ds->qstr($iphostname)); + recordtype=".$ds->ds->QMagic("A")." AND + ip_hostname=".$ds->ds->QMagic($iphostname)); if($recs == 1) { $updateiprec=1; } @@ -361,12 +361,12 @@ recordtype, userid, ip_hostname) ". "VALUES ($cust, $zoneid, ". $sortorder.",". $ds->ds->DBTimeStamp(time()).",". - $ds->ds->qstr($host).",". - $ds->ds->qstr($recordtype).",". - $ds->ds->qstr(getAuthUsername()).",". - $ds->ds->qstr($iphostname).")" ) and + $ds->ds->QMagic($host).",". + $ds->ds->QMagic($recordtype).",". + $ds->ds->QMagic(getAuthUsername()).",". + $ds->ds->QMagic($iphostname).")" ) and $ds->ds->Execute("UPDATE fwdzone - SET error_message=".$ds->ds->qstr("E").", + SET error_message=".$ds->ds->QMagic("E").", lastmod=".$ds->ds->DBTimeStamp(time()). " WHERE customer=$cust AND data_id=".$dom_id) and $ds->AuditLog(array("event"=>121, "action"=>"add zone record", "cust"=>$cust, @@ -392,7 +392,7 @@ } $dom_id=$ds->ds->GetOne("SELECT data_id FROM fwdzone - WHERE customer=$cust AND domain=".$ds->ds->qstr($domain)); + WHERE customer=$cust AND domain=".$ds->ds->QMagic($domain)); // Updated DB here. // Log the Transaction. @@ -411,14 +411,14 @@ } $result = &$ds->ds->Execute("UPDATE fwdzonerec SET sortorder=".$sortorder. - ", host=".$ds->ds->qstr($host). + ", host=".$ds->ds->QMagic($host). ", lastmod=".$ds->ds->DBTimeStamp(time()). - ", recordtype=".$ds->ds->qstr($recordtype). - ", userid=".$ds->ds->qstr(getAuthUsername()). - ", ip_hostname=".$ds->ds->qstr($iphostname). + ", recordtype=".$ds->ds->QMagic($recordtype). + ", userid=".$ds->ds->QMagic(getAuthUsername()). + ", ip_hostname=".$ds->ds->QMagic($iphostname). " WHERE customer=$cust AND recidx=".$dataid ) and $ds->ds->Execute("UPDATE fwdzone - SET error_message=".$ds->ds->qstr("E").", + SET error_message=".$ds->ds->QMagic("E").", lastmod=".$ds->ds->DBTimeStamp(time()). " WHERE customer=$cust AND data_id=".$dom_id) and $ds->AuditLog(array("event"=>122, "action"=>"modified zone record", "cust"=>$cust, @@ -458,7 +458,7 @@ $result = &$ds->ds->Execute("SELECT domain, data_id FROM fwdzone WHERE customer=$cust AND - slaveonly=".$ds->ds->qstr("N")." + slaveonly=".$ds->ds->QMagic("N")." ORDER BY domain"); if (!$result) { myError($w,$p, my_("No domains found. Create some domains and try again.")); diff -ruN ipplan.orig/user/modifyipform.php ipplan/user/modifyipform.php --- ipplan.orig/user/modifyipform.php 2009-08-17 23:43:59.000000000 +0200 +++ ipplan/user/modifyipform.php 2011-02-12 12:15:22.127372904 +0200 @@ -192,7 +192,7 @@ // add serialized info from file upload $ds->ds->Execute("UPDATE ipaddradd - SET infobin=".$ds->ds->qstr(serialize($files))." + SET infobin=".$ds->ds->QMagic(serialize($files))." WHERE baseindex=$baseindex AND ipaddr=$ip"); // this generates a "duplicate key" error if no update @@ -202,7 +202,7 @@ $ds->ds->Execute("INSERT INTO ipaddradd (infobin, baseindex, ipaddr) VALUES - (".$ds->ds->qstr(serialize($files)).", + (".$ds->ds->QMagic(serialize($files)).", $baseindex, $ip)"); } @@ -235,7 +235,7 @@ // add serialized info after file deteled $ds->ds->Execute("UPDATE ipaddradd - SET infobin=".$ds->ds->qstr(empty($files) ? "" : serialize($files))." + SET infobin=".$ds->ds->QMagic(empty($files) ? "" : serialize($files))." WHERE baseindex=$baseindex AND ipaddr=$ip") and $ds->AuditLog(array("event"=>141, "action"=>"delete file", diff -ruN ipplan.orig/user/modifysubnet.php ipplan/user/modifysubnet.php --- ipplan.orig/user/modifysubnet.php 2009-08-17 23:43:59.000000000 +0200 +++ ipplan/user/modifysubnet.php 2011-02-12 12:15:22.127372904 +0200 @@ -129,11 +129,11 @@ // between base and baseadd is baseindex column if ($duplicatesubnet==0) { $result=&$ds->ds->Execute("UPDATE base - SET descrip=".$ds->ds->qstr($descrip).", - admingrp=".$ds->ds->qstr($grp).", + SET descrip=".$ds->ds->QMagic($descrip).", + admingrp=".$ds->ds->QMagic($grp).", customer=$cust, lastmod=".$ds->ds->DBTimeStamp(time()).", - userid=".$ds->ds->qstr($userid)." + userid=".$ds->ds->QMagic($userid)." WHERE baseindex=$baseindex"); $ds->AuditLog(array("event"=>174, "action"=>"move subnet", @@ -163,13 +163,13 @@ (ipaddr, userinf, location, telno, descrip, lastmod, userid, baseindex) VALUES - (".$ds->ds->qstr($tempipaddr).", - ".$ds->ds->qstr($tempuser).", - ".$ds->ds->qstr($templocation).", - ".$ds->ds->qstr($temptelno).", - ".$ds->ds->qstr($tempdescrip).", + (".$ds->ds->QMagic($tempipaddr).", + ".$ds->ds->QMagic($tempuser).", + ".$ds->ds->QMagic($templocation).", + ".$ds->ds->QMagic($temptelno).", + ".$ds->ds->QMagic($tempdescrip).", $templastmod, - ".$ds->ds->qstr($tempuserid).", + ".$ds->ds->QMagic($tempuserid).", $id)"); } // end while } @@ -206,11 +206,11 @@ $ds->DbfTransactionStart(); $result=&$ds->ds->Execute("UPDATE base - SET descrip=".$ds->ds->qstr($descrip).", - admingrp=".$ds->ds->qstr($grp).", + SET descrip=".$ds->ds->QMagic($descrip).", + admingrp=".$ds->ds->QMagic($grp).", lastmod=".$ds->ds->DBTimeStamp(time()).", baseopt=$dhcp, - userid=".$ds->ds->qstr($userid)." + userid=".$ds->ds->QMagic($userid)." WHERE baseindex=$baseindex") and $ds->AuditLog(array("event"=>171, "action"=>"modify subnet", "descrip"=>$descrip, "user"=>getAuthUsername(), "baseaddr"=>inet_ntoa($base), @@ -242,7 +242,7 @@ FROM baseadd WHERE baseindex=$baseindex")) { // should have FOR UPDATE here! $result = &$ds->ds->Execute("UPDATE baseadd - SET info=".$ds->ds->qstr($info)." + SET info=".$ds->ds->QMagic($info)." WHERE baseindex=$baseindex"); // this generates a "duplicate key" error if no update // should be OK under normal circumstances, but generates error under @@ -253,7 +253,7 @@ $result = &$ds->ds->Execute("INSERT INTO baseadd (info, baseindex) VALUES - (".$ds->ds->qstr($info).", $baseindex)"); + (".$ds->ds->QMagic($info).", $baseindex)"); } } diff -ruN ipplan.orig/user/modifyzone.php ipplan/user/modifyzone.php --- ipplan.orig/user/modifyzone.php 2009-08-17 23:43:59.000000000 +0200 +++ ipplan/user/modifyzone.php 2011-02-12 12:15:22.128372846 +0200 @@ -276,7 +276,7 @@ WHERE zones.customer=base.customer AND base.baseindex=ipaddr.baseindex AND zones.customer=$cust AND - ($sqlfn >= zones.serialdate OR zones.error_message=".$ds->ds->qstr("E").") AND + ($sqlfn >= zones.serialdate OR zones.error_message=".$ds->ds->QMagic("E").") AND ipaddr.ipaddr >= zones.zoneip AND ipaddr.ipaddr < zones.zoneip+zones.zonesize"); } diff -ruN ipplan.orig/user/requestip.php ipplan/user/requestip.php --- ipplan.orig/user/requestip.php 2009-08-17 23:43:59.000000000 +0200 +++ ipplan/user/requestip.php 2011-02-12 12:15:22.128372846 +0200 @@ -120,14 +120,14 @@ hname, telno, macaddr, info) VALUES ($cust, - ".$ds->ds->qstr($request).", - ".$ds->ds->qstr($user).", - ".$ds->ds->qstr($location).", - ".$ds->ds->qstr($descrip).", - ".$ds->ds->qstr($hname).", - ".$ds->ds->qstr($telno).", - ".$ds->ds->qstr($newmacaddr).", - ".$ds->ds->qstr($info).")") and + ".$ds->ds->QMagic($request).", + ".$ds->ds->QMagic($user).", + ".$ds->ds->QMagic($location).", + ".$ds->ds->QMagic($descrip).", + ".$ds->ds->QMagic($hname).", + ".$ds->ds->QMagic($telno).", + ".$ds->ds->QMagic($newmacaddr).", + ".$ds->ds->QMagic($info).")") and $ds->AuditLog(array("event"=>200, "action"=>"request ip", "descrip"=>$descrip, "user"=>getAuthUsername(), "userinf"=>$user, "location"=>$location, "hname"=>$hname, "telno"=>$telno, diff -ruN ipplan.orig/user/searchall.php ipplan/user/searchall.php --- ipplan.orig/user/searchall.php 2009-08-17 23:43:59.000000000 +0200 +++ ipplan/user/searchall.php 2011-02-12 12:15:22.129372792 +0200 @@ -94,35 +94,35 @@ myError($w,$p, my_("Regular expression repetition-operator operand invalid")); } /* if ($field == "any") { - $where ="WHERE ipaddr.userinf RLIKE ".$ds->ds->qstr($search); - $where.=" OR ipaddr.location RLIKE ".$ds->ds->qstr($search); - $where.=" OR ipaddr.telno RLIKE ".$ds->ds->qstr($search); - $where.=" OR ipaddr.descrip RLIKE ".$ds->ds->qstr($search); - $where.=" OR ipaddr.hname RLIKE ".$ds->ds->qstr($search); + $where ="WHERE ipaddr.userinf RLIKE ".$ds->ds->QMagic($search); + $where.=" OR ipaddr.location RLIKE ".$ds->ds->QMagic($search); + $where.=" OR ipaddr.telno RLIKE ".$ds->ds->QMagic($search); + $where.=" OR ipaddr.descrip RLIKE ".$ds->ds->QMagic($search); + $where.=" OR ipaddr.hname RLIKE ".$ds->ds->QMagic($search); $where.=" OR (ipaddr.ipaddr=ipaddradd.ipaddr AND - ipaddradd.info RLIKE ".$ds->ds->qstr($search).")"; + ipaddradd.info RLIKE ".$ds->ds->QMagic($search).")"; } else */ if ($field == "userinf") - $where="WHERE ipaddr.userinf RLIKE ".$ds->ds->qstr($search); + $where="WHERE ipaddr.userinf RLIKE ".$ds->ds->QMagic($search); else if ($field == "location") - $where="WHERE ipaddr.location RLIKE ".$ds->ds->qstr($search); + $where="WHERE ipaddr.location RLIKE ".$ds->ds->QMagic($search); else if ($field == "telno") - $where="WHERE ipaddr.telno RLIKE ".$ds->ds->qstr($search); + $where="WHERE ipaddr.telno RLIKE ".$ds->ds->QMagic($search); else if ($field == "descrip") - $where="WHERE ipaddr.descrip RLIKE ".$ds->ds->qstr($search); + $where="WHERE ipaddr.descrip RLIKE ".$ds->ds->QMagic($search); else if ($field == "hname") - $where="WHERE ipaddr.hname RLIKE ".$ds->ds->qstr($search); + $where="WHERE ipaddr.hname RLIKE ".$ds->ds->QMagic($search); else if ($field == "macaddr") - $where="WHERE ipaddr.macaddr RLIKE ".$ds->ds->qstr($search); + $where="WHERE ipaddr.macaddr RLIKE ".$ds->ds->QMagic($search); else if ($field == "template" and $tmplfield == "any") { $addtables=", ipaddradd"; $where="WHERE ipaddr.ipaddr=ipaddradd.ipaddr AND ipaddr.baseindex = ipaddradd.baseindex AND - ipaddradd.info RLIKE ".$ds->ds->qstr($search); + ipaddradd.info RLIKE ".$ds->ds->QMagic($search); } else if ($field == "template" and $tmplfield != "any") { $addtables=", ipaddradd"; $where="WHERE ipaddr.ipaddr=ipaddradd.ipaddr AND ipaddr.baseindex = ipaddradd.baseindex AND - ipaddradd.info RLIKE ".$ds->ds->qstr(".*\:\"".$tmplfield."\"\;.*\".*".$search.".*\"\;"); + ipaddradd.info RLIKE ".$ds->ds->QMagic(".*\:\"".$tmplfield."\"\;.*\".*".$search.".*\"\;"); } } else if (DBF_TYPE=="postgres7") { @@ -131,65 +131,65 @@ } /* if ($field == "any") { - $where ="WHERE ipaddr.userinf ~ ".$ds->ds->qstr($search); - $where.=" OR ipaddr.location ~ ".$ds->ds->qstr($search); - $where.=" OR ipaddr.telno ~ ".$ds->ds->qstr($search); - $where.=" OR ipaddr.descrip ~ ".$ds->ds->qstr($search); - $where.=" OR ipaddr.hname ~ ".$ds->ds->qstr($search); + $where ="WHERE ipaddr.userinf ~ ".$ds->ds->QMagic($search); + $where.=" OR ipaddr.location ~ ".$ds->ds->QMagic($search); + $where.=" OR ipaddr.telno ~ ".$ds->ds->QMagic($search); + $where.=" OR ipaddr.descrip ~ ".$ds->ds->QMagic($search); + $where.=" OR ipaddr.hname ~ ".$ds->ds->QMagic($search); $where.=" OR (ipaddr.ipaddr=ipaddradd.ipaddr AND - ipaddradd.info ~ ".$ds->ds->qstr($search).")"; + ipaddradd.info ~ ".$ds->ds->QMagic($search).")"; } else */ if ($field == "userinf") - $where="WHERE ipaddr.userinf ~ ".$ds->ds->qstr($search); + $where="WHERE ipaddr.userinf ~ ".$ds->ds->QMagic($search); else if ($field == "location") - $where="WHERE ipaddr.location ~ ".$ds->ds->qstr($search); + $where="WHERE ipaddr.location ~ ".$ds->ds->QMagic($search); else if ($field == "telno") - $where="WHERE ipaddr.telno ~ ".$ds->ds->qstr($search); + $where="WHERE ipaddr.telno ~ ".$ds->ds->QMagic($search); else if ($field == "descrip") - $where="WHERE ipaddr.descrip ~ ".$ds->ds->qstr($search); + $where="WHERE ipaddr.descrip ~ ".$ds->ds->QMagic($search); else if ($field == "hname") - $where="WHERE ipaddr.hname ~ ".$ds->ds->qstr($search); + $where="WHERE ipaddr.hname ~ ".$ds->ds->QMagic($search); else if ($field == "macaddr") - $where="WHERE ipaddr.macaddr ~ ".$ds->ds->qstr($search); + $where="WHERE ipaddr.macaddr ~ ".$ds->ds->QMagic($search); else if ($field == "template" and $tmplfield == "any") { $addtables=", ipaddradd"; $where="WHERE ipaddr.ipaddr=ipaddradd.ipaddr AND ipaddr.baseindex = ipaddradd.baseindex AND - ipaddradd.info ~ ".$ds->ds->qstr($search); + ipaddradd.info ~ ".$ds->ds->QMagic($search); } else if ($field == "template" and $tmplfield != "any") { $addtables=", ipaddradd"; $where="WHERE ipaddr.ipaddr=ipaddradd.ipaddr AND ipaddr.baseindex = ipaddradd.baseindex AND - ipaddradd.info ~ ".$ds->ds->qstr(".*\:\"".$tmplfield."\"\;.*\".*".$search.".*\"\;"); + ipaddradd.info ~ ".$ds->ds->QMagic(".*\:\"".$tmplfield."\"\;.*\".*".$search.".*\"\;"); } } else { /* if ($field == "any") { - $where ="WHERE ipaddr.userinf LIKE ".$ds->ds->qstr("%".$search."%"); - $where.=" OR ipaddr.location LIKE ".$ds->ds->qstr("%".$search."%"); - $where.=" OR ipaddr.telno LIKE ".$ds->ds->qstr("%".$search."%"); - $where.=" OR ipaddr.descrip LIKE ".$ds->ds->qstr("%".$search."%"); - $where.=" OR ipaddr.hname LIKE ".$ds->ds->qstr("%".$search."%"); + $where ="WHERE ipaddr.userinf LIKE ".$ds->ds->QMagic("%".$search."%"); + $where.=" OR ipaddr.location LIKE ".$ds->ds->QMagic("%".$search."%"); + $where.=" OR ipaddr.telno LIKE ".$ds->ds->QMagic("%".$search."%"); + $where.=" OR ipaddr.descrip LIKE ".$ds->ds->QMagic("%".$search."%"); + $where.=" OR ipaddr.hname LIKE ".$ds->ds->QMagic("%".$search."%"); $where.=" OR (ipaddr.ipaddr=ipaddradd.ipaddr AND - ipaddradd.info LIKE ".$ds->ds->qstr("%".$search."%").")"; + ipaddradd.info LIKE ".$ds->ds->QMagic("%".$search."%").")"; } else */ if ($field == "userinf") - $where="WHERE ipaddr.userinf LIKE ".$ds->ds->qstr("%".$search."%"); + $where="WHERE ipaddr.userinf LIKE ".$ds->ds->QMagic("%".$search."%"); else if ($field == "location") - $where="WHERE ipaddr.location LIKE ".$ds->ds->qstr("%".$search."%"); + $where="WHERE ipaddr.location LIKE ".$ds->ds->QMagic("%".$search."%"); else if ($field == "telno") - $where="WHERE ipaddr.telno LIKE ".$ds->ds->qstr("%".$search."%"); + $where="WHERE ipaddr.telno LIKE ".$ds->ds->QMagic("%".$search."%"); else if ($field == "descrip") - $where="WHERE ipaddr.descrip LIKE ".$ds->ds->qstr("%".$search."%"); + $where="WHERE ipaddr.descrip LIKE ".$ds->ds->QMagic("%".$search."%"); else if ($field == "hname") - $where="WHERE ipaddr.hname LIKE ".$ds->ds->qstr("%".$search."%"); + $where="WHERE ipaddr.hname LIKE ".$ds->ds->QMagic("%".$search."%"); else if ($field == "macaddr") - $where="WHERE ipaddr.macaddr LIKE ".$ds->ds->qstr("%".$search."%"); + $where="WHERE ipaddr.macaddr LIKE ".$ds->ds->QMagic("%".$search."%"); else if ($field == "template") { $addtables=", ipaddradd"; $where="WHERE ipaddr.ipaddr=ipaddradd.ipaddr AND - ipaddradd.info LIKE ".$ds->ds->qstr("%".$search."%"); + ipaddradd.info LIKE ".$ds->ds->QMagic("%".$search."%"); } }