Changeset 213 for branches/awmn/globals/classes/mysql.php

Timestamp:

10/03/2009 02:40:27 PM (3 years ago)

Author:

Acinonyx

Message:

[awmn] Fix unvalidated input of photos id which allows deletion of files from unprivileged users

File:

• branches/awmn/globals/classes/mysql.php (modified) (3 diffs)

branches/awmn/globals/classes/mysql.php

@@ -27 +27 @@
         var $last_query;
         var $insert_id;
+        var $affected_rows;
         var $log=FALSE;
         var $logs_table='';
@@ -52 +53 @@
         function query($query) {
                 $this->insert_id = 0;
+                $this->affected_rows = 0;
                 $this->last_query=$query;
                 $this->total_queries += 1;
@@ -180 +182 @@
                 $query = "DELETE FROM $table".($using==""?"":" USING $using").($where==""?"":" WHERE $where");
                 $res = $this->query_data($query);
+                if ($res === TRUE) $this->affected_rows = mysql_affected_rows($this->mysql_link);
                 if ($addlog && isset($aff)) {
                         for ($i=0;$i<count($aff);$i++) {