PEAK XOOPS - Big Umbrella Anti-SQL-Injection (2) in englishin japanese

Archive | RSS |
XOOPS
XOOPS : Big Umbrella Anti-SQL-Injection (2)
Poster : GIJOE on 2009-01-15 16:12:57 (11472 reads)

in englishin japanese
To Compare request and SQL, we have to override DB layer.
With XOOPS, this will be implemented as a modification for databasefactory.php because the database factory class looks too rigid.

This is my modification.
It might be not the best way, but better way for adopted by each core teams of XOOPS forks/folks.

class/database/databasefactory.php


			require_once $file;
			/* patch from */
			if ( defined('XOOPS_DB_ALTERNATIVE') && class_exists( XOOPS_DB_ALTERNATIVE ) ) {
				$class = XOOPS_DB_ALTERNATIVE ;
			} else /* patch to */if (!defined('XOOPS_DB_PROXY')) {
				$class = 'Xoops'.ucfirst(XOOPS_DB_TYPE).'DatabaseSafe';
			} else {
				$class = 'Xoops'.ucfirst(XOOPS_DB_TYPE).'DatabaseProxy';
			}
			$instance =& new $class();


hi minahito, marcan, and phppp.

I've made the patch can be accepted for you.
Please consider it.

At the next article, I will discuss about the condition when the db layer must be overridden, and the logic comparing requests and SQL.


Related articles
Printer friendly page Send this story to a friend

Comments list

GIJOE  Posted on 2009/1/16 5:18
hi McDonald.

It's a good reaction!
The ImpressCMS team looks great with motivations to improve your works.
McDonald  Posted on 2009/1/15 20:28
Quote:
hi minahito, marcan, and phppp.

I've made the patch can be accepted for you.
Please consider it.

See here for a first reaction from ImpressCMS: http://community.impresscms.org/modules/newbb/viewtopic.php?post_id=27989#forumpost27989

Login
Username or e-mail:

Password:

Remember Me

Lost Password?

Register now!