From 5753ca2cee5dfbd07ff125d0d6889742a7ffc997 Mon Sep 17 00:00:00 2001
From: teikakki <dafocabar@gmail.com>
Date: Wed, 28 Nov 2018 14:26:55 +0000
Subject: [PATCH 1/9] Disabling emulated parameters
Emulated parameters can be vulnerable to SQL injection.
Take also a look here: https://stackoverflow.com/questions/134099/are-pdo-prepared-statements-sufficient-to-prevent-sql-injection
---
var/www/html/login.php | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/var/www/html/login.php b/var/www/html/login.php
index 7129f93..a9bb009 100644
--- a/var/www/html/login.php
+++ b/var/www/html/login.php
@@ -1,7 +1,7 @@
<?php
include('../common.php');
try{
- $db=new PDO('mysql:host=' . DBHOST . ';dbname=' . DBNAME, DBUSER, DBPASS, [PDO::ATTR_ERRMODE=>PDO::ERRMODE_WARNING, PDO::ATTR_PERSISTENT=>PERSISTENT]);
+ $db=new PDO('mysql:host=' . DBHOST . ';dbname=' . DBNAME, DBUSER, DBPASS, [PDO::ATTR_ERRMODE=>PDO::ERRMODE_WARNING, PDO::ATTR_PERSISTENT=>PERSISTENT, PDO::ATTR_EMULATE_PREPARES=>false]);
}catch(PDOException $e){
die('No Connection to MySQL database!');
}
From 7ab640ea4bef730ab05a5b6cf06c418c81b76d83 Mon Sep 17 00:00:00 2001
From: teikakki <dafocabar@gmail.com>
Date: Wed, 28 Nov 2018 14:28:36 +0000
Subject: [PATCH 2/9] emulated params
---
var/www/html/admin.php | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/var/www/html/admin.php b/var/www/html/admin.php
index ac1fcb4..0790018 100644
--- a/var/www/html/admin.php
+++ b/var/www/html/admin.php
@@ -1,7 +1,7 @@
<?php
include('../common.php');
try{
- $db=new PDO('mysql:host=' . DBHOST . ';dbname=' . DBNAME, DBUSER, DBPASS, [PDO::ATTR_ERRMODE=>PDO::ERRMODE_WARNING, PDO::ATTR_PERSISTENT=>PERSISTENT]);
+ $db=new PDO('mysql:host=' . DBHOST . ';dbname=' . DBNAME, DBUSER, DBPASS, [PDO::ATTR_ERRMODE=>PDO::ERRMODE_WARNING, PDO::ATTR_PERSISTENT=>PERSISTENT, PDO::ATTR_EMULATE_PREPARES=>false]);
}catch(PDOException $e){
die('No Connection to MySQL database!');
}
From 01af3c367d90df1a71e12523eee8a1eca3cb3a46 Mon Sep 17 00:00:00 2001
From: teikakki <dafocabar@gmail.com>
Date: Wed, 28 Nov 2018 14:28:49 +0000
Subject: [PATCH 3/9] emulated params
---
var/www/html/delete.php | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/var/www/html/delete.php b/var/www/html/delete.php
index 5e35f36..4053c9b 100644
--- a/var/www/html/delete.php
+++ b/var/www/html/delete.php
@@ -1,7 +1,7 @@
<?php
include('../common.php');
try{
- $db=new PDO('mysql:host=' . DBHOST . ';dbname=' . DBNAME, DBUSER, DBPASS, [PDO::ATTR_ERRMODE=>PDO::ERRMODE_WARNING, PDO::ATTR_PERSISTENT=>PERSISTENT]);
+ $db=new PDO('mysql:host=' . DBHOST . ';dbname=' . DBNAME, DBUSER, DBPASS, [PDO::ATTR_ERRMODE=>PDO::ERRMODE_WARNING, PDO::ATTR_PERSISTENT=>PERSISTENT, PDO::ATTR_EMULATE_PREPARES=>false]);
}catch(PDOException $e){
die('No Connection to MySQL database!');
}
From b46d0c7ab016cfb43d38e1897df665d2aece8765 Mon Sep 17 00:00:00 2001
From: teikakki <dafocabar@gmail.com>
Date: Wed, 28 Nov 2018 14:29:13 +0000
Subject: [PATCH 4/9] emulated params
---
var/www/html/files.php | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/var/www/html/files.php b/var/www/html/files.php
index 7fc38da..a7af756 100644
--- a/var/www/html/files.php
+++ b/var/www/html/files.php
@@ -1,7 +1,7 @@
<?php
include('../common.php');
try{
- $db=new PDO('mysql:host=' . DBHOST . ';dbname=' . DBNAME, DBUSER, DBPASS, [PDO::ATTR_ERRMODE=>PDO::ERRMODE_WARNING, PDO::ATTR_PERSISTENT=>PERSISTENT]);
+ $db=new PDO('mysql:host=' . DBHOST . ';dbname=' . DBNAME, DBUSER, DBPASS, [PDO::ATTR_ERRMODE=>PDO::ERRMODE_WARNING, PDO::ATTR_PERSISTENT=>PERSISTENT, PDO::ATTR_EMULATE_PREPARES=>false]);
}catch(PDOException $e){
die('No Connection to MySQL database!');
}
From 79774b5a1dc4c421f576ee2f8f4bafb050bc1804 Mon Sep 17 00:00:00 2001
From: teikakki <dafocabar@gmail.com>
Date: Wed, 28 Nov 2018 14:29:27 +0000
Subject: [PATCH 5/9] emualted params
---
var/www/html/home.php | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/var/www/html/home.php b/var/www/html/home.php
index dcb38c1..652c5da 100644
--- a/var/www/html/home.php
+++ b/var/www/html/home.php
@@ -1,7 +1,7 @@
<?php
include('../common.php');
try{
- $db=new PDO('mysql:host=' . DBHOST . ';dbname=' . DBNAME, DBUSER, DBPASS, [PDO::ATTR_ERRMODE=>PDO::ERRMODE_WARNING, PDO::ATTR_PERSISTENT=>PERSISTENT]);
+ $db=new PDO('mysql:host=' . DBHOST . ';dbname=' . DBNAME, DBUSER, DBPASS, [PDO::ATTR_ERRMODE=>PDO::ERRMODE_WARNING, PDO::ATTR_PERSISTENT=>PERSISTENT, PDO::ATTR_EMULATE_PREPARES=>false]);
}catch(PDOException $e){
die('No Connection to MySQL database!');
}
From 6ffd291f124542cdcee3500f95b52c42951efe54 Mon Sep 17 00:00:00 2001
From: teikakki <dafocabar@gmail.com>
Date: Wed, 28 Nov 2018 14:29:46 +0000
Subject: [PATCH 6/9] emulated params
---
var/www/html/list.php | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/var/www/html/list.php b/var/www/html/list.php
index 1613d3a..6ef97c4 100644
--- a/var/www/html/list.php
+++ b/var/www/html/list.php
@@ -2,7 +2,7 @@
header('Content-Type: text/html; charset=UTF-8');
include_once('../common.php');
try{
- $db=new PDO('mysql:host=' . DBHOST . ';dbname=' . DBNAME, DBUSER, DBPASS, [PDO::ATTR_ERRMODE=>PDO::ERRMODE_WARNING, PDO::ATTR_PERSISTENT=>PERSISTENT]);
+ $db=new PDO('mysql:host=' . DBHOST . ';dbname=' . DBNAME, DBUSER, DBPASS, [PDO::ATTR_ERRMODE=>PDO::ERRMODE_WARNING, PDO::ATTR_PERSISTENT=>PERSISTENT, PDO::ATTR_EMULATE_PREPARES=>false]);
}catch(PDOException $e){
die('No Connection to MySQL database!');
}
From 4475e3b2773dc25b26998c6668bf77edf3e70bec Mon Sep 17 00:00:00 2001
From: teikakki <dafocabar@gmail.com>
Date: Wed, 28 Nov 2018 14:30:05 +0000
Subject: [PATCH 7/9] emulated params
---
var/www/html/log.php | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/var/www/html/log.php b/var/www/html/log.php
index b9fa60f..08ff563 100644
--- a/var/www/html/log.php
+++ b/var/www/html/log.php
@@ -1,7 +1,7 @@
<?php
include('../common.php');
try{
- $db=new PDO('mysql:host=' . DBHOST . ';dbname=' . DBNAME, DBUSER, DBPASS, [PDO::ATTR_ERRMODE=>PDO::ERRMODE_WARNING, PDO::ATTR_PERSISTENT=>PERSISTENT]);
+ $db=new PDO('mysql:host=' . DBHOST . ';dbname=' . DBNAME, DBUSER, DBPASS, [PDO::ATTR_ERRMODE=>PDO::ERRMODE_WARNING, PDO::ATTR_PERSISTENT=>PERSISTENT, PDO::ATTR_EMULATE_PREPARES=>false]);
}catch(PDOException $e){
die('No Connection to MySQL database!');
}
From 1fc180752f96e7ddee443c4732fd43d63286f88c Mon Sep 17 00:00:00 2001
From: teikakki <dafocabar@gmail.com>
Date: Wed, 28 Nov 2018 14:30:22 +0000
Subject: [PATCH 8/9] emulated params
---
var/www/html/password.php | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/var/www/html/password.php b/var/www/html/password.php
index 9bdd5ce..e415c16 100644
--- a/var/www/html/password.php
+++ b/var/www/html/password.php
@@ -1,7 +1,7 @@
<?php
include('../common.php');
try{
- $db=new PDO('mysql:host=' . DBHOST . ';dbname=' . DBNAME, DBUSER, DBPASS, [PDO::ATTR_ERRMODE=>PDO::ERRMODE_WARNING, PDO::ATTR_PERSISTENT=>PERSISTENT]);
+ $db=new PDO('mysql:host=' . DBHOST . ';dbname=' . DBNAME, DBUSER, DBPASS, [PDO::ATTR_ERRMODE=>PDO::ERRMODE_WARNING, PDO::ATTR_PERSISTENT=>PERSISTENT, PDO::ATTR_EMULATE_PREPARES=>false]);
}catch(PDOException $e){
die('No Connection to MySQL database!');
}
From cf8a6cde80dd45eeb33ad5d42b4128be7ce5adcb Mon Sep 17 00:00:00 2001
From: teikakki <dafocabar@gmail.com>
Date: Wed, 28 Nov 2018 14:30:36 +0000
Subject: [PATCH 9/9] emulated params
---
var/www/html/register.php | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/var/www/html/register.php b/var/www/html/register.php
index 439f872..f33a9f2 100644
--- a/var/www/html/register.php
+++ b/var/www/html/register.php
@@ -1,7 +1,7 @@
<?php
include('../common.php');
try{
- $db=new PDO('mysql:host=' . DBHOST . ';dbname=' . DBNAME, DBUSER, DBPASS, [PDO::ATTR_ERRMODE=>PDO::ERRMODE_WARNING, PDO::ATTR_PERSISTENT=>PERSISTENT]);
+ $db=new PDO('mysql:host=' . DBHOST . ';dbname=' . DBNAME, DBUSER, DBPASS, [PDO::ATTR_ERRMODE=>PDO::ERRMODE_WARNING, PDO::ATTR_PERSISTENT=>PERSISTENT, PDO::ATTR_EMULATE_PREPARES=>false]);
}catch(PDOException $e){
die('No Connection to MySQL database!');
}