From a17a8d5e2641a8d5b6e0a87dcc5d99f56648a295 Mon Sep 17 00:00:00 2001 From: Roland Hieber Date: Thu, 18 Feb 2010 18:23:42 +0100 Subject: [PATCH 1/1] migration to db_user to prevent sql injections --- sql/mod_error-reporter.sql | 9 +++++++-- src/config.php | 2 ++ src/detail.php | 3 ++- src/index.php | 2 ++ 4 files changed, 13 insertions(+), 3 deletions(-) diff --git a/sql/mod_error-reporter.sql b/sql/mod_error-reporter.sql index 00ebb91..5551a14 100644 --- a/sql/mod_error-reporter.sql +++ b/sql/mod_error-reporter.sql @@ -25,6 +25,8 @@ -- THE SOFTWARE. -- +CREATE USER errorreporter; + CREATE TABLE mod_errorreporter ( er_uid SERIAL NOT NULL PRIMARY KEY, er_date TIMESTAMP WITHOUT TIME ZONE NOT NULL, @@ -40,6 +42,9 @@ CREATE TABLE mod_errorreporter ( er_hidden BOOL ); -GRANT SELECT, INSERT, UPDATE, DELETE ON mod_errorreporter TO webusr, webadm; -GRANT SELECT, UPDATE ON mod_errorreporter_er_uid_seq TO webusr, webadm; +GRANT SELECT, INSERT, UPDATE, DELETE ON mod_errorreporter TO errorreporter; +GRANT SELECT, UPDATE ON mod_errorreporter_er_uid_seq TO errorreporter; +GRANT SELECT ON users TO errorreporter; +GRANT SELECT, INSERT ON log_module TO errorreporter; +GRANT INSERT ON log TO errorreporter; diff --git a/src/config.php b/src/config.php index 52ba154..dfc09c1 100644 --- a/src/config.php +++ b/src/config.php @@ -33,6 +33,8 @@ require_once("ctrl.inc"); require_once("db.inc"); require_once("sec/admsecure.inc"); +db_user("errorreporter"); + html_header("