PEAK XOOPS - Big Umbrella Anti-SQL-Injection (2) 
XOOPS
XOOPS : Big Umbrella Anti-SQL-Injection (2)
To Compare request and SQL, we have to override DB layer.
With XOOPS, this will be implemented as a modification for databasefactory.php because the database factory class looks too rigid.
This is my modification.
It might be not the best way, but better way for adopted by each core teams of XOOPS forks/folks.
class/database/databasefactory.php
require_once $file;
/* patch from */
if ( defined('XOOPS_DB_ALTERNATIVE') && class_exists( XOOPS_DB_ALTERNATIVE ) ) {
$class = XOOPS_DB_ALTERNATIVE ;
} else /* patch to */if (!defined('XOOPS_DB_PROXY')) {
$class = 'Xoops'.ucfirst(XOOPS_DB_TYPE).'DatabaseSafe';
} else {
$class = 'Xoops'.ucfirst(XOOPS_DB_TYPE).'DatabaseProxy';
}
$instance =& new $class();
hi minahito, marcan, and phppp.
I've made the patch can be accepted for you.
Please consider it.
At the next article, I will discuss about the condition when the db layer must be overridden, and the logic comparing requests and SQL.
Related articles
- Protector 3.4 (2009-09-17 13:18:44)
- Big Umbrella Anti-SQL-Injection (4) (2009-01-23 05:47:03)
- Big Umbrella Anti-SQL-Injection (3) (2009-01-16 05:07:17)
- Big Umbrella Anti-SQL-Injection(1) (2009-01-07 04:37:49)
Comments list
GIJOE
Posted on 2009/1/16 5:18
hi McDonald.
It's a good reaction!
The ImpressCMS team looks great with motivations to improve your works.
It's a good reaction!
The ImpressCMS team looks great with motivations to improve your works.
McDonald
Posted on 2009/1/15 20:28
Quote:
See here for a first reaction from ImpressCMS: http://community.impresscms.org/modules/newbb/viewtopic.php?post_id=27989#forumpost27989
hi minahito, marcan, and phppp.
I've made the patch can be accepted for you.
Please consider it.
See here for a first reaction from ImpressCMS: http://community.impresscms.org/modules/newbb/viewtopic.php?post_id=27989#forumpost27989
Login