Big Umbrella Anti-SQL-Injection (2)
Date 2009-01-15 16:12:57 | Category: XOOPS
|
To Compare request and SQL, we have to override DB layer. With XOOPS, this will be implemented as a modification for databasefactory.php because the database factory class looks too rigid.
This is my modification. It might be not the best way, but better way for adopted by each core teams of XOOPS forks/folks.
class/database/databasefactory.php
require_once $file;
/* patch from */
if ( defined('XOOPS_DB_ALTERNATIVE') && class_exists( XOOPS_DB_ALTERNATIVE ) ) {
$class = XOOPS_DB_ALTERNATIVE ;
} else /* patch to */if (!defined('XOOPS_DB_PROXY')) {
$class = 'Xoops'.ucfirst(XOOPS_DB_TYPE).'DatabaseSafe';
} else {
$class = 'Xoops'.ucfirst(XOOPS_DB_TYPE).'DatabaseProxy';
}
$instance =& new $class();
hi minahito, marcan, and phppp.
I've made the patch can be accepted for you. Please consider it.
At the next article, I will discuss about the condition when the db layer must be overridden, and the logic comparing requests and SQL.
|
|