diff --git a/include/db/db.inc.php b/include/db/db.inc.php index b77245bbc..cf7ab7617 100644 --- a/include/db/db.inc.php +++ b/include/db/db.inc.php @@ -183,4 +183,27 @@ function serendipity_db_implode($string, &$array, $type = 'int') { return $string; } +/** + * @access public + * @param string Database table column name + * @param string Database column type + * @return string Column CAST() to chosen database + */ +function serendipity_db_cast($columnName, $type) { + global $serendipity; + + if (stristr($serendipity['dbType'], 'sqlite')) { + return $columnName; + } + + // MySQL (and variants) have unsigned integer. ANSI SQL does not. + if ($type == 'unsigned') { + if (!stristr($serendipity['dbType'], 'mysqli')) + $type = 'integer'; + } + + // Adds explicits casting for ANSI SQL -compliant DBs, like mysql and postgresql. + return "cast($columnName as $type)"; +} + /* vim: set sts=4 ts=4 expandtab : */ diff --git a/include/functions_comments.inc.php b/include/functions_comments.inc.php index 821558a42..0a611060f 100644 --- a/include/functions_comments.inc.php +++ b/include/functions_comments.inc.php @@ -19,9 +19,8 @@ function serendipity_checkCommentToken($token, $cid) { $goodtoken = false; if ($serendipity['useCommentTokens']) { - // Delete any comment tokens older than 1 week. - serendipity_db_query("DELETE FROM {$serendipity['dbPrefix']}options - WHERE okey LIKE 'comment_%' AND name < " . (time() - 604800) ); + serendipity_cleanCTokens(); + // Get the token for this comment id $tokencheck = serendipity_db_query("SELECT * FROM {$serendipity['dbPrefix']}options WHERE okey = 'comment_" . (int)$cid . "' LIMIT 1", true, 'assoc'); @@ -964,16 +963,11 @@ function serendipity_insertComment($id, $commentInfo, $type = 'NORMAL', $source function serendipity_commentSubscriptionConfirm($hash) { global $serendipity; - // Delete possible current cookie. Also delete any confirmation hashs that smell like 3-week-old, dead fish. - if (stristr($serendipity['dbType'], 'sqlite')) { - $cast = "name"; - } else { - // Adds explicits casting for mysql, postgresql and others. - $cast = "cast(name as integer)"; - } - + // Delete possible current cookie. Also delete any confirmation hashes that smell like dead fish. + $threeWeeksAgo = time() - 1814400; + $nameCast = serendipity_db_cast('name', 'integer'); serendipity_db_query("DELETE FROM {$serendipity['dbPrefix']}options - WHERE okey LIKE 'commentsub_%' AND $cast < (" . (time() - 1814400) . ")"); + WHERE okey LIKE 'commentsub_%' AND $nameCast < {$threeWeeksAgo}"); $hashinfo = serendipity_db_query("SELECT value FROM {$serendipity['dbPrefix']}options @@ -1226,15 +1220,27 @@ function serendipity_generateCToken($cid) { global $serendipity; + serendipity_cleanCTokens(); + + // Issue new comment moderation hash $ctoken = bin2hex(random_bytes(16)); - - //Delete any comment tokens older than 1 week. - serendipity_db_query("DELETE FROM {$serendipity['dbPrefix']}options - WHERE okey LIKE 'comment_%' AND name < " . (time() - 604800) ); + serendipity_db_query("INSERT INTO {$serendipity['dbPrefix']}options (name, value, okey) + VALUES ('" . time() . "', '" . $ctoken . "', 'comment_" . $cid ."')"); - // Issue new comment moderation hash - serendipity_db_query("INSERT INTO {$serendipity['dbPrefix']}options (name, value, okey) - VALUES ('" . time() . "', '" . $ctoken . "', 'comment_" . $cid ."')"); return $ctoken; - +} + +/** + * Clean over week-old comment tokens from DB + * + * @return null + */ +function serendipity_cleanCTokens() { + global $serendipity; + + //Delete any comment tokens older than 1 week. + $oneWeekAgo = time() - 604800; + $nameCast = serendipity_db_cast('name', 'integer'); + serendipity_db_query("DELETE FROM {$serendipity['dbPrefix']}options + WHERE okey LIKE 'comment_%' AND $nameCast < {$oneWeekAgo}"); } \ No newline at end of file diff --git a/include/functions_config.inc.php b/include/functions_config.inc.php index 4090ada6d..c492ce988 100644 --- a/include/functions_config.inc.php +++ b/include/functions_config.inc.php @@ -445,19 +445,11 @@ function serendipity_issueAutologin($user) { // Delete possible current cookie. Also delete any autologin keys that smell like 3-week-old, dead fish. - if (stristr($serendipity['dbType'], 'sqlite')) { - $cast = "okey"; - } elseif (stristr($serendipity['dbType'], 'mysqli')) { - // Adds explicit casting for mysql. - $cast = "cast(okey as unsigned)"; - } else { - // Adds explicit casting for postgresql and others. - $cast = "cast(okey as integer)"; - } - + $threeWeeksAgo = time() - 1814400; + $okeyCast = serendipity_db_cast('okey', 'unsigned'); serendipity_db_query("DELETE FROM {$serendipity['dbPrefix']}options WHERE name = 'autologin_" . serendipity_db_escape_string($user) . "' - OR (name LIKE 'autologin_%' AND $cast < " . (time() - 1814400) . ")"); + OR (name LIKE 'autologin_%' AND $okeyCast < {$threeWeeksAgo}"); // Issue new autologin cookie serendipity_db_query("INSERT INTO {$serendipity['dbPrefix']}options (name, value, okey) VALUES ('autologin_" . serendipity_db_escape_string($user) . "', '" . $rnd . "', '" . time() . "')"); @@ -473,18 +465,14 @@ function serendipity_issueAutologin($user) { function serendipity_checkAutologin($user) { global $serendipity; - if (stristr($serendipity['dbType'], 'sqlite')) { - $cast = "okey"; - } elseif (stristr($serendipity['dbType'], 'mysqli')) { - // Adds explicit casting for mysql. - $cast = "cast(okey as unsigned)"; - } else { - // Adds explicit casting for postgresql and others. - $cast = "cast(okey as integer)"; - } + $threeWeeksAgo = time() - 1814400; + $okeyCast = serendipity_db_cast('okey', 'unsigned'); // Fetch autologin data from DB - $autologin_stored = serendipity_db_query("SELECT name, value, okey FROM {$serendipity['dbPrefix']}options WHERE name = 'autologin_" . serendipity_db_escape_string($user) . "' AND $cast > " . (time() - 1814400) . " LIMIT 1", true, 'assoc'); + $autologin_stored = serendipity_db_query("SELECT name, value, okey FROM {$serendipity['dbPrefix']}options + WHERE name = 'autologin_" . serendipity_db_escape_string($user) . "' + AND $okeyCast > {$threeWeeksAgo} LIMIT 1", + true, 'assoc'); if (!is_array($autologin_stored)) { return false;