3 if( file_exists( XOOPS_ROOT_PATH.
'/class/database/drivers/'.
XOOPS_DB_TYPE.
'/database.php' ) ) {
4 require_once XOOPS_ROOT_PATH.
'/class/database/drivers/'.
XOOPS_DB_TYPE.
'/database.php';
6 require_once XOOPS_ROOT_PATH.
'/class/database/'.
XOOPS_DB_TYPE.
'database.php';
9 require_once XOOPS_ROOT_PATH.
'/class/database/database.php' ;
18 'information_schema' ,
30 $this->doubtful_requests =
$protector->getDblayertrapDoubtfuls() ;
31 $this->doubtful_needles = array_merge( $this->doubtful_needles , $this->doubtful_requests ) ;
39 $protector->last_error_type =
'SQL Injection' ;
42 die(
'SQL Injection found' ) ;
49 $sql_len = strlen(
$sql ) ;
55 $current_string =
'' ;
57 for(
$i = 0 ;
$i < $sql_len ;
$i ++ ) {
61 $new_i = strpos(
$sql , $string_start ,
$i ) ;
62 $current_string .= substr(
$sql ,
$i , $new_i -
$i + 1 ) ;
66 }
else if(
$sql[
$i-1] !=
'\\' ) {
69 $strings[] = $current_string ;
73 $escaped_backslash =
false ;
75 $escaped_backslash = ! $escaped_backslash ;
78 if ($escaped_backslash) {
81 $strings[] = $current_string ;
88 }
else if( $char ==
'"' || $char ==
"'" ) {
90 $string_start = $char ;
91 $current_string = $char ;
93 $sql_wo_string .= $char ;
99 return array( $sql_wo_string , $strings ) ;
109 foreach( $this->doubtful_requests as $request ) {
110 if( addslashes( $request ) != $request ) {
111 if( stristr(
$sql , trim( $request ) ) ) {
114 foreach( $strings as $string ) {
115 if( strstr( $string , $request ) ) {
133 foreach( $this->doubtful_requests as $request ) {
134 if( strstr( $sql_wo_strings , trim( $request ) ) ) {
140 if( preg_match(
'/(\/\*|\-\-|\#)/' , $sql_wo_strings , $regs ) ) {
141 foreach( $this->doubtful_requests as $request ) {
142 if( strstr( $request , $regs[1] ) ) {
152 $sql4check = substr(
$sql , 7 ) ;
153 foreach( $this->doubtful_needles as $needle ) {
154 if( stristr( $sql4check , $needle ) ) {
160 if( ! defined(
'XOOPS_DB_PROXY' ) ) {