Browse code

* Weitere Module auf prepared-statements umgestellt * Warnung beim Aufruf von db_escape_string() und maybe_null() hinzugefügt

Bernd Wurst authored on03/02/2014 16:57:44
Showing17 changed files
... ...
@@ -62,6 +62,10 @@ class DB extends PDO {
62 62
 */
63 63
 function db_escape_string($string)
64 64
 {
65
+  if (config("enable_debug")) {
66
+    $backtrace = debug_backtrace();
67
+    warning("call to db_escape_string() in {$backtrace[1]['file']} line {$backtrace[1]['line']}");
68
+  }
65 69
   global $_db;
66 70
   __ensure_connected();
67 71
   $quoted = $_db->quote($string);
... ...
@@ -112,6 +112,10 @@ function server_names()
112 112
 // Diese Funktion funktioniert nicht für preprared statements
113 113
 function maybe_null($value)
114 114
 {
115
+  if (config("enable_debug")) {
116
+    $backtrace = debug_backtrace();
117
+    warning("call to maybe_null() in {$backtrace[1]['file']} line {$backtrace[1]['line']}");
118
+  }
115 119
   if ($value == NULL)
116 120
     return 'NULL';
117 121
 
... ...
@@ -131,19 +135,19 @@ function logger($severity, $scriptname, $scope, $message)
131 135
   if (config('logging') <= $severity)
132 136
     return;
133 137
 
134
-  $user = 'NULL';
138
+  $user = NULL;
135 139
   if ($_SESSION['role'] & ROLE_SYSTEMUSER)
136
-    $user = "'{$_SESSION['userinfo']['username']}'";
140
+    $user = $_SESSION['userinfo']['username'];
137 141
   elseif ($_SESSION['role'] & ROLE_CUSTOMER)
138
-    $user = "'{$_SESSION['customerinfo']['customerno']}'";
142
+    $user = $_SESSION['customerinfo']['customerno'];
139 143
   
140
-  $remote = db_escape_string($_SERVER['REMOTE_ADDR']);
141
-
142
-  $scriptname = db_escape_string($scriptname);
143
-  $scope = db_escape_string($scope);
144
-  $message = db_escape_string($message);
144
+  $args = array(":user" => $user,
145
+                ":remote" => $_SERVER['REMOTE_ADDR'],
146
+                ":scriptname" => $scriptname,
147
+                ":scope" => $scope,
148
+                ":message" => $message);
145 149
 
146
-  db_query("INSERT INTO misc.scriptlog (remote, user,scriptname,scope,message) VALUES ('{$remote}', {$user}, '{$scriptname}', '{$scope}', '{$message}');");
150
+  db_query("INSERT INTO misc.scriptlog (remote, user,scriptname,scope,message) VALUES (:remote, :user, :scriptname, :scope, :message)", $args);
147 151
 }
148 152
 
149 153
 function html_header($arg)
... ...
@@ -36,9 +36,9 @@ function get_domain_offer($domainname)
36 36
 
37 37
   $data = array("domainname" => $domainname, "basename" => $basename, "tld" => $tld);
38 38
 
39
-  $result = db_query("SELECT tld, gebuehr, setup FROM misc.domainpreise_kunde WHERE kunde={$cid} AND tld='{$tld}' AND ruecksprache='N'");
39
+  $result = db_query("SELECT tld, gebuehr, setup FROM misc.domainpreise_kunde WHERE kunde=:cid AND tld=:tld AND ruecksprache='N'", array(":cid" => $cid, ":tld" => $tld));
40 40
   if ($result->rowCount() != 1) {
41
-    $result = db_query("SELECT tld, gebuehr, setup FROM misc.domainpreise WHERE tld='{$tld}' AND ruecksprache='N'");
41
+    $result = db_query("SELECT tld, gebuehr, setup FROM misc.domainpreise WHERE tld=:tld AND ruecksprache='N'", array(":tld" => $tld));
42 42
   }
43 43
   if ($result->rowCount() != 1) {
44 44
     warning('Die Endung »'.$tld.'« steht zur automatischen Eintragung nicht zur Verfügung.');
... ...
@@ -81,16 +81,23 @@ function register_domain($domainname, $uid)
81 81
     system_failure('Kein User gesetzt');
82 82
   }
83 83
 
84
-  db_query("INSERT INTO kundendaten.domains (kunde, useraccount, domainname, tld, billing, registrierungsdatum, dns,webserver, mail, provider, betrag, brutto) VALUES ({$cid}, {$useraccount}, '{$data['basename']}', '{$data['tld']}', 'regular', NULL, 1, 1, 'auto', 'terions', {$data['gebuehr']}, 1) ");
84
+  $args = array(":cid" => $cid,
85
+                ":useraccount" => $useraccount,
86
+                ":basename" => $data['basename'],
87
+                ":tld" => $data['tld'],
88
+                ":gebuehr" => $data['gebuehr']);
89
+  db_query("INSERT INTO kundendaten.domains (kunde, useraccount, domainname, tld, billing, registrierungsdatum, dns,webserver, mail, provider, betrag, brutto) VALUES ".
90
+           "(:cid, :useraccount, :basename, :tld, 'regular', NULL, 1, 1, 'auto', 'terions', :gebuehr, 1) ", $args);
85 91
   if ($data['setup']) {
86
-    db_query("INSERT INTO kundendaten.leistungen (kunde,periodisch,datum,betrag,brutto,beschreibung,anzahl) VALUES ({$cid}, 0, CURDATE(), {$data['setup']}, 1, 'Einmalige Setup-Gebühren für Domain \"{$data['domainname']}\"', 1)");
92
+    $args = array(":cid" => $cid, ":setup" => $data['setup'], ":text" => 'Einmalige Setup-Gebühren für Domain "'.$data['domainname'].'"');
93
+    db_query("INSERT INTO kundendaten.leistungen (kunde,periodisch,datum,betrag,brutto,beschreibung,anzahl) VALUES (:cid, 0, CURDATE(), :setup, 1, :text, 1)", $args);
87 94
   }
88 95
 }
89 96
 
90 97
 function list_useraccounts()
91 98
 {
92 99
   $customerno = (int) $_SESSION['customerinfo']['customerno'];
93
-  $result = db_query("SELECT uid,username,name FROM system.useraccounts WHERE kunde={$customerno}");
100
+  $result = db_query("SELECT uid,username,name FROM system.useraccounts WHERE kunde=?", array($customerno));
94 101
   $ret = array();
95 102
   while ($item = $result->fetch())
96 103
   {
... ...
@@ -70,10 +70,10 @@ else
70 70
   
71 71
   $record['hostname'] = $_REQUEST['hostname'];
72 72
   $record['domain'] = (int) $_REQUEST['domain'];
73
-  $record['ip'] = (isset($_REQUEST['ip']) ? $_REQUEST['ip'] : '');
74
-  $record['data'] = $_REQUEST['data'];
75
-  $record['dyndns'] = (isset($_REQUEST['dyndns']) ? (int) $_REQUEST['dyndns'] : '');
76
-  $record['spec'] = (isset($_REQUEST['spec']) ? (int) $_REQUEST['spec'] : '');
73
+  $record['ip'] = (isset($_REQUEST['ip']) ? $_REQUEST['ip'] : NULL);
74
+  $record['data'] = (isset($_REQUEST['data']) ? $_REQUEST['data'] : NULL);
75
+  $record['dyndns'] = (isset($_REQUEST['dyndns']) ? (int) $_REQUEST['dyndns'] : NULL);
76
+  $record['spec'] = (isset($_REQUEST['spec']) ? (int) $_REQUEST['spec'] : NULL);
77 77
   $record['ttl'] = (int) $_REQUEST['ttl'];
78 78
   
79 79
   save_dns_record($id, $record);
... ...
@@ -25,7 +25,7 @@ require_once('class/domain.php');
25 25
 function get_dyndns_accounts() 
26 26
 {
27 27
   $uid = (int) $_SESSION['userinfo']['uid'];
28
-  $result = db_query("SELECT * FROM dns.dyndns WHERE uid={$uid}");
28
+  $result = db_query("SELECT * FROM dns.dyndns WHERE uid=?", array($uid));
29 29
   $list = array();
30 30
   while ($item = $result->fetch()) {
31 31
     array_push($list, $item);
... ...
@@ -37,9 +37,9 @@ function get_dyndns_accounts()
37 37
 
38 38
 function get_dyndns_account($id) 
39 39
 {
40
-  $id = (int) $id;
41
-  $uid = (int) $_SESSION['userinfo']['uid'];
42
-  $result = db_query("SELECT * FROM dns.dyndns WHERE id={$id} AND uid={$uid}");
40
+  $args = array(":id" => (int) $id,
41
+                ":uid" => (int) $_SESSION['userinfo']['uid']);
42
+  $result = db_query("SELECT * FROM dns.dyndns WHERE id=:id AND uid=:uid", $args);
43 43
   if ($result->rowCount() != 1) {
44 44
     logger(LOG_WARNING, "modules/dns/include/dnsinclude", "dyndns", "account »{$id}« invalid for uid »{$uid}«.");
45 45
     system_failure("Account ungültig");
... ...
@@ -57,14 +57,16 @@ function create_dyndns_account($handle, $password_http, $sshkey)
57 57
   if ($password_http == '' && $sshkey == '')
58 58
     system_failure('Sie müssen entweder einen SSH-Key oder ein Passwort zum Web-Update eingeben.');  
59 59
 
60
-  $handle = maybe_null(db_escape_string(filter_input_username($handle)));
61
-  $sshkey = maybe_null(db_escape_string(filter_input_general($sshkey)));
60
+  $handle = filter_input_username($handle);
61
+  $sshkey = filter_input_general($sshkey);
62 62
 
63 63
   $pwhash = 'NULL';
64 64
   if ($password_http)
65 65
     $pwhash = "'{SHA}".base64_encode(sha1($password_http, true))."'";
66 66
 
67
-  db_query("INSERT INTO dns.dyndns (uid, handle, password, sshkey) VALUES ({$uid}, {$handle}, {$pwhash}, {$sshkey})");
67
+  db_query("INSERT INTO dns.dyndns (uid, handle, password, sshkey) VALUES ".
68
+           "(:uid, :handle, :pwhash, :sshkey)",
69
+           array(":uid" => $uid, ":handle" => $handle, ":pwhash" => $pwhash, ":sshkey" => $sshkey));
68 70
   logger(LOG_INFO, "modules/dns/include/dnsinclude", "dyndns", "inserted account");
69 71
 }
70 72
 
... ...
@@ -72,10 +74,10 @@ function create_dyndns_account($handle, $password_http, $sshkey)
72 74
 function edit_dyndns_account($id, $handle, $password_http, $sshkey)
73 75
 {
74 76
   $id = (int) $id;
75
-  $handle = maybe_null(db_escape_string(filter_input_username($handle)));
76
-  $sshkey = maybe_null(db_escape_string(filter_input_general($sshkey)));
77
+  $handle = filter_input_username($handle);
78
+  $sshkey = filter_input_general($sshkey);
77 79
 
78
-  $pwhash = 'NULL';
80
+  $pwhash = NULL;
79 81
   if ($password_http)
80 82
   {
81 83
     if ($password_http == '************')
... ...
@@ -83,8 +85,9 @@ function edit_dyndns_account($id, $handle, $password_http, $sshkey)
83 85
     else
84 86
       $pwhash = "'{SHA}".base64_encode(sha1($password_http, true))."'";
85 87
   }
86
-
87
-  db_query("UPDATE dns.dyndns SET handle={$handle}, password={$pwhash}, sshkey={$sshkey} WHERE id={$id} LIMIT 1");
88
+  
89
+  $args = array(":handle" => $handle, ":pwhash" => $pwhash, ":sshkey" => $sshkey, ":id" => $id);
90
+  db_query("UPDATE dns.dyndns SET handle=:handle, password=:pwhash, sshkey=:sshkey WHERE id=:id", $args);
88 91
   logger(LOG_INFO, "modules/dns/include/dnsinclude", "dyndns", "edited account »{$id}«");
89 92
 }
90 93
 
... ...
@@ -93,7 +96,7 @@ function delete_dyndns_account($id)
93 96
 {
94 97
   $id = (int) $id;
95 98
 
96
-  db_query("DELETE FROM dns.dyndns WHERE id={$id} LIMIT 1");
99
+  db_query("DELETE FROM dns.dyndns WHERE id=?", array($id));
97 100
   logger(LOG_INFO, "modules/dns/include/dnsinclude", "dyndns", "deleted account »{$id}«");
98 101
 }
99 102
 
... ...
@@ -101,7 +104,7 @@ function delete_dyndns_account($id)
101 104
 function get_dyndns_records($id)
102 105
 {
103 106
   $id = (int) $id;
104
-  $result = db_query("SELECT hostname, domain, type, ttl, lastchange, id FROM dns.custom_records WHERE dyndns={$id}");
107
+  $result = db_query("SELECT hostname, domain, type, ttl, lastchange, id FROM dns.custom_records WHERE dyndns=?", array($id));
105 108
   $data = array();
106 109
   while ($entry = $result->fetch()) {
107 110
     $dom = new Domain((int) $entry['domain']);
... ...
@@ -142,7 +145,7 @@ function blank_dns_record($type)
142 145
 function get_dns_record($id)
143 146
 {
144 147
   $id = (int) $id;
145
-  $result = db_query("SELECT hostname, domain, type, ip, dyndns, spec, data, ttl FROM dns.custom_records WHERE id={$id}");
148
+  $result = db_query("SELECT hostname, domain, type, ip, dyndns, spec, data, ttl FROM dns.custom_records WHERE id=?", array($id));
146 149
   if ($result->rowCount() != 1)
147 150
     system_failure('illegal ID');
148 151
   $data = $result->fetch();
... ...
@@ -156,7 +159,7 @@ function get_dns_record($id)
156 159
 function get_domain_records($dom)
157 160
 {
158 161
   $dom = (int) $dom;
159
-  $result = db_query("SELECT hostname, domain, type, ip, dyndns, spec, data, ttl, id FROM dns.custom_records WHERE domain={$dom}");
162
+  $result = db_query("SELECT hostname, domain, type, ip, dyndns, spec, data, ttl, id FROM dns.custom_records WHERE domain=?", array($dom));
160 163
   $data = array();
161 164
   while ($entry = $result->fetch()) {
162 165
     $dom = new Domain((int) $entry['domain']);
... ...
@@ -172,9 +175,7 @@ function get_domain_records($dom)
172 175
 
173 176
 function get_domain_auto_records($domainname)
174 177
 {
175
-  $domainname = db_escape_string($domainname);
176
-  //$result = db_query("SELECT hostname, domain, CONCAT_WS('.', hostname, domain) AS fqdn, type, ip, spec, data, TRIM(ttl) FROM dns.v_autogenerated_records WHERE domain='{$domainname}'");
177
-  $result = db_query("SELECT hostname, domain, CONCAT_WS('.', hostname, domain) AS fqdn, type, ip, spec, data, ttl FROM dns.tmp_autorecords WHERE domain='{$domainname}'");
178
+  $result = db_query("SELECT hostname, domain, CONCAT_WS('.', hostname, domain) AS fqdn, type, ip, spec, data, ttl FROM dns.tmp_autorecords WHERE domain=?", array($domainname));
178 179
   $data = array();
179 180
   while ($entry = $result->fetch()) {
180 181
     array_push($data, $entry);
... ...
@@ -208,37 +209,37 @@ function save_dns_record($id, $record)
208 209
       if ($record['dyndns'])
209 210
       {
210 211
         get_dyndns_account( $record['dyndns'] );
211
-      	$record['ip'] = '';
212
+      	$record['ip'] = NULL;
212 213
       }
213 214
       else
214 215
       {
215 216
         verify_input_ipv4($record['ip']);
216
-        $record['data'] = '';
217
-        $record['spec'] = '';
217
+        $record['data'] = NULL;
218
+        $record['spec'] = NULL;
218 219
       }
219 220
       break;
220 221
     case 'aaaa':
221
-      $record['dyndns'] = '';
222
+      $record['dyndns'] = NULL;
222 223
       verify_input_ipv6($record['ip']);
223
-      $record['data'] = '';
224
-      $record['spec'] = '';
224
+      $record['data'] = NULL;
225
+      $record['spec'] = NULL;
225 226
       break;
226 227
     case 'mx':
227
-      $record['dyndns'] = '';
228
+      $record['dyndns'] = NULL;
228 229
       $record['spec'] = (int) $record['spec'];
229 230
       if ($record['spec'] < 1)
230 231
         systen_failure("invalid priority");
231 232
       verify_input_hostname($record['data']);
232 233
       if (! $record['data'] )
233 234
         system_failure('MX hostname missing');
234
-      $record['ip'] = '';
235
+      $record['ip'] = NULL;
235 236
       break;
236 237
     case 'cname':
237 238
     case 'ptr':
238 239
     case 'ns':
239
-      $record['dyndns'] = '';
240
-      $record['spec'] = '';
241
-      $record['ip'] = '';
240
+      $record['dyndns'] = NULL;
241
+      $record['spec'] = NULL;
242
+      $record['ip'] = NULL;
242 243
       verify_input_hostname($record['data']);
243 244
       if (! $record['data'] )
244 245
         system_failure('destination host missing');
... ...
@@ -246,17 +247,17 @@ function save_dns_record($id, $record)
246 247
 
247 248
     case 'spf':
248 249
     case 'txt':
249
-      $record['dyndns'] = '';
250
-      $record['spec'] = '';
251
-      $record['ip'] = '';
250
+      $record['dyndns'] = NULL;
251
+      $record['spec'] = NULL;
252
+      $record['ip'] = NULL;
252 253
       if (! $record['data'] )
253 254
         system_failure('text entry missing');
254 255
       break;
255 256
 
256 257
     case 'sshfp':
257
-      $record['dyndns'] = '';
258
+      $record['dyndns'] = NULL;
258 259
       $record['spec'] = max( (int) $record['spec'], 1);
259
-      $record['ip'] = '';
260
+      $record['ip'] = NULL;
260 261
       if (! $record['data'] )
261 262
         system_failure('text entry missing');
262 263
       break;
... ...
@@ -268,16 +269,20 @@ function save_dns_record($id, $record)
268 269
       system_failure('Not implemented');
269 270
   }
270 271
   $id = (int) $id;
271
-  $record['hostname'] = maybe_null($record['hostname']);
272
-  $record['ttl'] = ($record['ttl'] == 0 ? 'NULL' : (int) $record['ttl']);
273
-  $record['ip'] = maybe_null($record['ip']);
274
-  $record['data'] = maybe_null($record['data']);
275
-  $record['spec'] = maybe_null($record['spec']);
276
-  $record['dyndns'] = maybe_null($record['dyndns']);
277
-  if ($id)
278
-    db_query("UPDATE dns.custom_records SET hostname={$record['hostname']}, domain={$dom->id}, type='{$record['type']}', ttl={$record['ttl']}, ip={$record['ip']}, dyndns={$record['dyndns']}, data={$record['data']}, spec={$record['spec']} WHERE id={$id} LIMIT 1");
279
-  else
280
-    db_query("INSERT INTO dns.custom_records (hostname, domain, type, ttl, ip, dyndns, data, spec) VALUES ({$record['hostname']}, {$dom->id}, '{$record['type']}', {$record['ttl']}, {$record['ip']}, {$record['dyndns']}, {$record['data']}, {$record['spec']})");
272
+  $args = array(":domain" => $dom->id,
273
+                ":hostname" => $record['hostname'],
274
+                ":type" => $record['type'],
275
+                ":ttl" => ($record['ttl'] == 0 ? NULL : (int) $record['ttl']),
276
+                ":ip" => $record['ip'],
277
+                ":dyndns" => $record['dyndns'],
278
+                ":data" => $record['data'],
279
+                ":spec" => $record['spec']);
280
+  if ($id) {
281
+    $args[":id"] = $id;
282
+    db_query("UPDATE dns.custom_records SET hostname=:hostname, domain=:domain, type=:type, ttl=:ttl, ip=:ip, dyndns=:dyndns, data=:data, spec=:spec WHERE id=:id", $args);
283
+  } else {
284
+    db_query("INSERT INTO dns.custom_records (hostname, domain, type, ttl, ip, dyndns, data, spec) VALUES (:hostname, :domain, :type, :ttl, :ip, :dyndns, :data, :spec)", $args);
285
+  }
281 286
 
282 287
 }
283 288
 
... ...
@@ -287,7 +292,7 @@ function delete_dns_record($id)
287 292
   $id = (int) $id;
288 293
   // Diese Funktion prüft, ob der Eintrag einer eigenen Domain gehört
289 294
   $record = get_dns_record($id);
290
-  db_query("DELETE FROM dns.custom_records WHERE id={$id} LIMIT 1");
295
+  db_query("DELETE FROM dns.custom_records WHERE id=?", array($id));
291 296
 }
292 297
 
293 298
 
... ...
@@ -297,7 +302,7 @@ function convert_from_autorecords($domainid)
297 302
   $dom->ensure_userdomain();
298 303
   $dom = $dom->id;
299 304
 
300
-  db_query("INSERT IGNORE INTO dns.custom_records SELECT r.id, r.lastchange, type, d.id, hostname, ip, NULL AS dyndns, data, spec, ttl FROM dns.v_tmptable_allrecords AS r INNER JOIN dns.v_domains AS d ON (d.name=r.domain) WHERE d.id={$dom}");
305
+  db_query("INSERT IGNORE INTO dns.custom_records SELECT r.id, r.lastchange, type, d.id, hostname, ip, NULL AS dyndns, data, spec, ttl FROM dns.v_tmptable_allrecords AS r INNER JOIN dns.v_domains AS d ON (d.name=r.domain) WHERE d.id=?", array($dom));
301 306
   disable_autorecords($dom);
302 307
   db_query("UPDATE dns.dnsstatus SET status='outdated'");
303 308
   warning("Die automatischen Einträge werden in Kürze abgeschaltet, bitte haben Sie einen Moment Geduld.");
... ...
@@ -310,7 +315,7 @@ function enable_autorecords($domainid)
310 315
   $dom->ensure_userdomain();
311 316
   $dom = $dom->id;
312 317
 
313
-  db_query("UPDATE kundendaten.domains SET autodns=1 WHERE id={$dom} LIMIT 1");
318
+  db_query("UPDATE kundendaten.domains SET autodns=1 WHERE id=?", array($dom));
314 319
   warning("Die automatischen Einträge werden in Kürze aktiviert, bitte haben Sie einen Moment Geduld.");
315 320
 }
316 321
 
... ...
@@ -320,14 +325,14 @@ function disable_autorecords($domainid)
320 325
   $dom->ensure_userdomain();
321 326
   $dom = $dom->id;
322 327
 
323
-  db_query("UPDATE kundendaten.domains SET autodns=0 WHERE id={$dom} LIMIT 1");
328
+  db_query("UPDATE kundendaten.domains SET autodns=0 WHERE id=?", array($dom));
324 329
 }
325 330
 
326 331
 
327 332
 function domain_is_maildomain($domain)
328 333
 {
329 334
   $domain = (int) $domain;
330
-  $result = db_query("SELECT mail FROM kundendaten.domains WHERE id={$domain}");
335
+  $result = db_query("SELECT mail FROM kundendaten.domains WHERE id=?", array($domain));
331 336
   $dom = $result->fetch();
332 337
   return ($dom['mail'] != 'none');
333 338
 }
... ...
@@ -35,9 +35,8 @@ function do_ajax_cert_login() {
35 35
 
36 36
 function get_logins_by_cert($cert) 
37 37
 {
38
-	$cert = db_escape_string(str_replace(array('-----BEGIN CERTIFICATE-----', '-----END CERTIFICATE-----', ' ', "\n"), array(), $cert));
39
-	$query = "SELECT type,username,startpage FROM system.clientcert WHERE cert='{$cert}'";
40
-	$result = db_query($query);
38
+	$cert = str_replace(array('-----BEGIN CERTIFICATE-----', '-----END CERTIFICATE-----', ' ', "\n"), array(), $cert);
39
+	$result = db_query("SELECT type,username,startpage FROM system.clientcert WHERE cert=?", array($cert));
41 40
 	if ($result->rowCount() < 1)
42 41
 		return NULL;
43 42
 	else {
... ...
@@ -54,8 +53,7 @@ function get_cert_by_id($id)
54 53
   $id = (int) $id;
55 54
 	if ($id == 0)
56 55
 	  system_failure('no ID');
57
-	$query = "SELECT id,dn,issuer,cert,username,startpage FROM system.clientcert WHERE `id`='{$id}' LIMIT 1";
58
-	$result = db_query($query);
56
+	$result = db_query("SELECT id,dn,issuer,cert,username,startpage FROM system.clientcert WHERE `id`=?", array($id));
59 57
 	if ($result->rowCount() < 1)
60 58
 		return NULL;
61 59
 	$ret = $result->fetch();
... ...
@@ -66,11 +64,9 @@ function get_cert_by_id($id)
66 64
 
67 65
 function get_certs_by_username($username) 
68 66
 {
69
-	$username = db_escape_string($username);
70 67
 	if ($username == '')
71 68
 	  system_failure('empty username');
72
-	$query = "SELECT id,dn,issuer,cert,startpage FROM system.clientcert WHERE `username`='{$username}'";
73
-	$result = db_query($query);
69
+	$result = db_query("SELECT id,dn,issuer,cert,startpage FROM system.clientcert WHERE `username`=?", array($username));
74 70
 	if ($result->rowCount() < 1)
75 71
 		return NULL;
76 72
 	while ($row = $result->fetch()) {
... ...
@@ -86,33 +82,34 @@ function add_clientcert($certdata, $dn, $issuer, $startpage='')
86 82
   $username = NULL;
87 83
   if ($_SESSION['role'] & ROLE_SYSTEMUSER) {
88 84
     $type = 'user';
89
-    $username = db_escape_string($_SESSION['userinfo']['username']);
85
+    $username = $_SESSION['userinfo']['username'];
90 86
     if (isset($_SESSION['subuser'])) {
91
-      $username = db_escape_string($_SESSION['subuser']);
87
+      $username = $_SESSION['subuser'];
92 88
       $type = 'subuser';
93 89
     }
94 90
   } elseif ($_SESSION['role'] & ROLE_VMAIL_ACCOUNT) {
95 91
     $type = 'email';
96
-    $username = db_escape_string($_SESSION['mailaccount']);
92
+    $username = $_SESSION['mailaccount'];
97 93
   }
98 94
   if (! $type || ! $username) {
99 95
     system_failure('cannot get type or username of login');
100 96
   }
101
-  $certdata = db_escape_string($certdata);
102
-  $dn = maybe_null(db_escape_string($dn));
103
-  $issuer = maybe_null(db_escape_string($issuer));
104 97
   if ($startpage &&  ! check_path($startpage))
105 98
     system_failure('Startseite kaputt');
106
-  $startpage = maybe_null(db_escape_string($startpage));
107 99
 
108 100
   if ($certdata == '')
109 101
     system_failure('Kein Zertifikat');
110
-  DEBUG($certdata);
111
-  DEBUG($dn);
112
-  DEBUG($issuer);
102
+
103
+  $args = array(":dn" => $dn,
104
+                ":issuer" => $issuer,
105
+                ":certdata" => $certdata,
106
+                ":type" => $type,
107
+                ":username" => $username,
108
+                ":startpage" => $startpage);
109
+  DEBUG($args);
113 110
 
114 111
   db_query("INSERT INTO system.clientcert (`dn`, `issuer`, `cert`, `type`, `username`, `startpage`) 
115
-VALUES ({$dn}, {$issuer}, '{$certdata}', '{$type}', '{$username}', {$startpage})");
112
+VALUES (:dn, :issuer, :certdata, :type, :username, :startpage)", $args);
116 113
 
117 114
 }
118 115
 
... ...
@@ -124,18 +121,19 @@ function delete_clientcert($id)
124 121
   $username = NULL;
125 122
   if ($_SESSION['role'] & ROLE_SYSTEMUSER) {
126 123
     $type = 'user';
127
-    $username = db_escape_string($_SESSION['userinfo']['username']);
124
+    $username = $_SESSION['userinfo']['username'];
128 125
     if (isset($_SESSION['subuser'])) {
129
-      $username = db_escape_string($_SESSION['subuser']);
126
+      $username = $_SESSION['subuser'];
130 127
       $type = 'subuser';
131 128
     }
132 129
   } elseif ($_SESSION['role'] & ROLE_VMAIL_ACCOUNT) {
133 130
     $type = 'email';
134
-    $username = db_escape_string($_SESSION['mailaccount']);
131
+    $username = $_SESSION['mailaccount'];
135 132
   }
136 133
   if (! $type || ! $username) {
137 134
     system_failure('cannot get type or username of login');
138 135
   }
139
-  db_query("DELETE FROM system.clientcert WHERE id={$id} AND type='{$type}' AND username='{$username}' LIMIT 1");
136
+  db_query("DELETE FROM system.clientcert WHERE id=:id AND type=:type AND username=:username", 
137
+           array(":id" => $id, ":type" => $type, ":username" => $username));
140 138
 }
141 139
 
... ...
@@ -175,7 +175,6 @@ function get_lastschrift($rechnungsnummer) {
175 175
 
176 176
 function get_lastschriften($mandatsreferenz)
177 177
 {
178
-  $mandatsreferenz = db_escape_string($mandatsreferenz);
179 178
   $result = db_query("SELECT rechnungsnummer, rechnungsdatum, betrag, buchungsdatum FROM kundendaten.sepalastschrift WHERE mandatsreferenz=? ORDER BY buchungsdatum DESC", array($mandatsreferenz));
180 179
   $ret = array();
181 180
   while ($item = $result->fetch()) {
... ...
@@ -198,8 +197,7 @@ function get_sepamandate()
198 197
 
199 198
 function yesterday($date) 
200 199
 {
201
-  $date = db_escape_string($date);
202
-  $result = db_query("SELECT '{$date}' - INTERVAL 1 DAY");
200
+  $result = db_query("SELECT ? - INTERVAL 1 DAY", array($date));
203 201
   return $result->fetch()[0];
204 202
 }
205 203
 
... ...
@@ -21,7 +21,7 @@ require_once('invoice.php');
21 21
 
22 22
 $kundenname = $_SESSION['customerinfo']['name'];
23 23
 $id = (int) $_SESSION['customerinfo']['customerno'];
24
-$result = db_query("SELECT CONCAT(adresse, '\\\\n', plz, ' ', ort) AS adresse FROM kundendaten.kunden WHERE id={$id}");
24
+$result = db_query("SELECT CONCAT(adresse, '\\\\n', plz, ' ', ort) AS adresse FROM kundendaten.kunden WHERE id=?", array($id));
25 25
 $r = $result->fetch();
26 26
 
27 27
 header("Content-Type: text/javascript");
... ...
@@ -16,21 +16,19 @@ Nevertheless, in case you use a significant part of this code, we ask (but not r
16 16
 
17 17
 function set_newsletter_address($address) {
18 18
   $cid = $_SESSION['customerinfo']['customerno'];
19
-  $address = maybe_null(db_escape_string($address));
20
-  db_query("UPDATE kundendaten.kunden SET email_newsletter={$address} WHERE id={$cid}");
19
+  db_query("UPDATE kundendaten.kunden SET email_newsletter=:address WHERE id=:cid", array(":address" => $address, ":cid" => $cid));
21 20
 }
22 21
 
23 22
 function get_newsletter_address() {
24 23
   $cid = $_SESSION['customerinfo']['customerno'];
25
-  $result = db_query("SELECT email_newsletter FROM kundendaten.kunden WHERE id={$cid}");
24
+  $result = db_query("SELECT email_newsletter FROM kundendaten.kunden WHERE id=?", array($cid));
26 25
   $r = $result->fetch();
27 26
   return $r['email_newsletter'];
28 27
 }
29 28
 
30 29
 
31 30
 function get_latest_news() {
32
-  $today = strftime('%Y-%m-%d');
33
-  $result = db_query("SELECT id, date, subject, content FROM misc.news WHERE date > '{$today}' - INTERVAL 1 YEAR ORDER BY date DESC");
31
+  $result = db_query("SELECT id, date, subject, content FROM misc.news WHERE date > CURDATE() - INTERVAL 1 YEAR ORDER BY date DESC");
34 32
   $ret = array();
35 33
   while ($item = $result->fetch()) {
36 34
     $ret[] = $item;
... ...
@@ -42,7 +40,7 @@ function get_latest_news() {
42 40
 
43 41
 function get_news_item($id) {
44 42
   $id = (int) $id;
45
-  $result = db_query("SELECT date, subject, content FROM misc.news WHERE id={$id}");
43
+  $result = db_query("SELECT date, subject, content FROM misc.news WHERE id=?", array($id));
46 44
   $ret = $result->fetch();
47 45
   DEBUG($ret);
48 46
   return $ret;
... ...
@@ -19,7 +19,7 @@ require_once("inc/security.php");
19 19
 require_once("inc/base.php");
20 20
 
21 21
 
22
-if ($_POST['newsletter'] == 'no' || $_POST['recipient'] == "") {
22
+if ((isset($_REQUEST['newsletter']) && $_REQUEST['newsletter'] == 'no') || (isset($_REQUEST['recipient']) && $_REQUEST['recipient'] == "")) {
23 23
   $sure = user_is_sure();
24 24
   if ($sure === NULL)
25 25
   {
... ...
@@ -39,10 +39,10 @@ if ($_POST['newsletter'] == 'no' || $_POST['recipient'] == "") {
39 39
   }
40 40
 } else {
41 41
   check_form_token('newsletter');
42
-  if (! check_emailaddr($_POST['recipient']) || filter_input_general($_POST['recipient']) != $_POST['recipient']) {
42
+  if (! check_emailaddr($_REQUEST['recipient']) || filter_input_general($_REQUEST['recipient']) != $_REQUEST['recipient']) {
43 43
     system_failure("Keine gültige E-Mail-Adresse!");
44 44
   }
45
-  set_newsletter_address($_POST['recipient']);
45
+  set_newsletter_address($_REQUEST['recipient']);
46 46
   if (! $debugmode)
47 47
     header('Location: newsletter');
48 48
 }
... ...
@@ -45,22 +45,23 @@ function list_customers()
45 45
 
46 46
 function find_customers($string) 
47 47
 {
48
-  $string = db_escape_string(chop($string));
48
+  $args = array(":string" => '%'.chop($string).'%', ":number" => $string);
49 49
   $return = array();
50 50
   $result = db_query("SELECT k.id FROM kundendaten.kunden AS k LEFT JOIN system.useraccounts AS u ON (k.id=u.kunde) WHERE ".
51
-                     "firma LIKE '%{$string}%' OR firma2 LIKE '%{$string}%' OR ".
52
-                     "nachname LIKE '%{$string}%' OR vorname LIKE '%{$string}%' OR ".
53
-                     "adresse LIKE '%{$string}%' OR adresse2 LIKE '%{$string}%' OR ".
54
-                     "ort LIKE '%{$string}%' OR pgp_id LIKE '%{$string}%' OR ".
55
-                     "notizen LIKE '%{$string}%' OR email_rechnung LIKE '%{$string}%' OR ".
56
-                     "email LIKE '%{$string}%' OR email_extern LIKE '%{$string}%' OR u.name LIKE '%{$string}%' OR ".
57
-                     "u.username LIKE '%{$string}%' OR k.id='{$string}' OR u.uid='{$string}';");
51
+                     "firma LIKE :string OR firma2 LIKE :string OR ".
52
+                     "nachname LIKE :string OR vorname LIKE :string OR ".
53
+                     "adresse LIKE :string OR adresse2 LIKE :string OR ".
54
+                     "ort LIKE :string OR pgp_id LIKE :string OR ".
55
+                     "notizen LIKE :string OR email_rechnung LIKE :string OR ".
56
+                     "email LIKE :string OR email_extern LIKE :string OR u.name LIKE :string OR ".
57
+                     "u.username LIKE :string OR k.id=:number OR u.uid=:number", $args);
58 58
   while ($entry = $result->fetch())
59 59
     $return[] = $entry['id'];
60 60
 
61
+  unset($args[':number']);
61 62
   $result = db_query("SELECT kunde FROM kundendaten.domains WHERE kunde IS NOT NULL AND (
62
-                      domainname LIKE '%{$string}%' OR CONCAT_WS('.', domainname, tld) LIKE '%{$string}%'
63
-                      )");
63
+                      domainname LIKE :string OR CONCAT_WS('.', domainname, tld) LIKE :string
64
+                      )", $args);
64 65
 
65 66
   while ($entry = $result->fetch())
66 67
     $return[] = $entry['kunde'];
... ...
@@ -74,7 +75,7 @@ function find_users_for_customer($id)
74 75
   $id = (int) $id;
75 76
   $return = array();
76 77
   $result = db_query("SELECT uid, username, name FROM system.useraccounts WHERE ".
77
-                     "kunde='{$id}';");
78
+                     "kunde=?", array($id));
78 79
   while ($entry = $result->fetch())
79 80
     $return[] = $entry;
80 81
 
... ...
@@ -197,13 +197,6 @@ function refresh_cert($id, $info, $cert, $key = NULL)
197 197
 
198 198
   $id = (int) $id;
199 199
   $oldcert = cert_details($id);
200
-  $cert = db_escape_string($cert);
201
-  $subject = db_escape_string(filter_input_general($info['subject']));
202
-  $cn = db_escape_string(filter_input_general($info['cn']));
203
-  
204
-  $valid_from = db_escape_string($info['valid_from']);
205
-  $valid_until = db_escape_string($info['valid_until']);
206
-
207 200
   $args = array(":subject" => filter_input_general($info['subject']),
208 201
                 ":cn" => filter_input_general($info['cn']),
209 202
                 ":cert" => $cert,
... ...
@@ -307,7 +300,6 @@ function save_csr($cn, $bits, $replace=NULL)
307 300
   list($csr, $key) = create_csr($cn, $bits);
308 301
   
309 302
   $uid = (int) $_SESSION['userinfo']['uid'];
310
-  $cn = db_escape_string(filter_input_hostname($cn, true));
311 303
   db_query("INSERT INTO vhosts.csr (uid, hostname, bits, `replace`, csr, `key`) VALUES (:uid, :cn, :bits, :replace, :csr, :key)",
312 304
            array(":uid" => $uid, ":cn" => filter_input_hostname($cn, true), ":bits" => $bits, 
313 305
                  ":replace" => $replace, ":csr" => $csr, ":key" => $key));
... ...
@@ -62,9 +62,8 @@ function list_vhosts()
62 62
 
63 63
 function ipv6_possible($server)
64 64
 {
65
-  $serverid = (int) $server;
66
-  $servername = db_escape_string($server);
67
-  $result = db_query("SELECT v6_prefix FROM system.servers WHERE id={$serverid} OR hostname='{$servername}'");
65
+  $args = array(":server" => $server);
66
+  $result = db_query("SELECT v6_prefix FROM system.servers WHERE id=:server OR hostname=:server", $args);
68 67
   $line = $result->fetch();
69 68
   DEBUG("Server {$server} is v6-capable: ". ($line['v6_prefix'] != NULL));
70 69
   return ($line['v6_prefix'] != NULL);
... ...
@@ -150,7 +149,7 @@ function get_vhost_details($id)
150 149
 {
151 150
   $id = (int) $id;
152 151
   $uid = (int) $_SESSION['userinfo']['uid'];
153
-  $result = db_query("SELECT vh.*,IF(dav.id IS NULL OR dav.type='svn', 0, 1) AS is_dav,IF(dav.id IS NULL OR dav.type='dav', 0, 1) AS is_svn, IF(webapps.id IS NULL, 0, 1) AS is_webapp FROM vhosts.v_vhost AS vh LEFT JOIN vhosts.dav ON (dav.vhost=vh.id) LEFT JOIN vhosts.webapps ON (webapps.vhost = vh.id) WHERE uid={$uid} AND vh.id={$id}");
152
+  $result = db_query("SELECT vh.*,IF(dav.id IS NULL OR dav.type='svn', 0, 1) AS is_dav,IF(dav.id IS NULL OR dav.type='dav', 0, 1) AS is_svn, IF(webapps.id IS NULL, 0, 1) AS is_webapp FROM vhosts.v_vhost AS vh LEFT JOIN vhosts.dav ON (dav.vhost=vh.id) LEFT JOIN vhosts.webapps ON (webapps.vhost = vh.id) WHERE uid=:uid AND vh.id=:id", array(":uid" => $uid, ":id" => $id));
154 153
   if ($result->rowCount() != 1)
155 154
     system_failure('Interner Fehler beim Auslesen der Daten');
156 155
 
... ...
@@ -213,7 +212,7 @@ function delete_vhost($id)
213 212
     system_failure("id == 0");
214 213
   $vhost = get_vhost_details($id);
215 214
   logger(LOG_INFO, 'modules/vhosts/include/vhosts', 'vhosts', 'Removing vhost #'.$id.' ('.$vhost['hostname'].'.'.$vhost['domain'].')');
216
-  db_query("DELETE FROM vhosts.vhost WHERE id={$vhost['id']} LIMIT 1");
215
+  db_query("DELETE FROM vhosts.vhost WHERE id=?", array($vhost['id']));
217 216
 }
218 217
 
219 218
 
... ...
@@ -224,8 +223,8 @@ function make_svn_vhost($id)
224 223
   if ($id == 0)
225 224
     system_failure("id == 0");
226 225
   logger(LOG_INFO, 'modules/vhosts/include/vhosts', 'vhosts', 'Converting vhost #'.$id.' to SVN');
227
-  db_query("REPLACE INTO vhosts.dav (vhost, type) VALUES ({$id}, 'svn')");
228
-  db_query("DELETE FROM vhosts.webapps WHERE vhost={$id}");
226
+  db_query("REPLACE INTO vhosts.dav (vhost, type) VALUES (?, 'svn')", array($id));
227
+  db_query("DELETE FROM vhosts.webapps WHERE vhost=?", array($id));
229 228
 }
230 229
 
231 230
 function make_dav_vhost($id) 
... ...
@@ -234,8 +233,8 @@ function make_dav_vhost($id)
234 233
   if ($id == 0)
235 234
     system_failure("id == 0");
236 235
   logger(LOG_INFO, 'modules/vhosts/include/vhosts', 'vhosts', 'Converting vhost #'.$id.' to WebDAV');
237
-  db_query("REPLACE INTO vhosts.dav (vhost, type, options) VALUES ({$id}, 'dav', 'nouserfile')");
238
-  db_query("DELETE FROM vhosts.webapps WHERE vhost={$id}");
236
+  db_query("REPLACE INTO vhosts.dav (vhost, type, options) VALUES (?, 'dav', 'nouserfile')", array($id));
237
+  db_query("DELETE FROM vhosts.webapps WHERE vhost=?", array($id));
239 238
 }
240 239
 
241 240
 function make_regular_vhost($id)
... ...
@@ -244,8 +243,8 @@ function make_regular_vhost($id)
244 243
   if ($id == 0)
245 244
     system_failure("id == 0");
246 245
   logger(LOG_INFO, 'modules/vhosts/include/vhosts', 'vhosts', 'Converting vhost #'.$id.' to regular');
247
-  db_query("DELETE FROM vhosts.dav WHERE vhost={$id}");
248
-  db_query("DELETE FROM vhosts.webapps WHERE vhost={$id}");
246
+  db_query("DELETE FROM vhosts.dav WHERE vhost=?", array($id));
247
+  db_query("DELETE FROM vhosts.webapps WHERE vhost=?", array($id));
249 248
 }
250 249
 
251 250
 
... ...
@@ -255,12 +254,12 @@ function make_webapp_vhost($id, $webapp)
255 254
   $webapp = (int) $webapp;
256 255
   if ($id == 0)
257 256
     system_failure("id == 0");
258
-  $result = db_query("SELECT displayname FROM vhosts.global_webapps WHERE id={$webapp};");
257
+  $result = db_query("SELECT displayname FROM vhosts.global_webapps WHERE id=?", array($webapp));
259 258
   if ($result->rowCount() == 0)
260 259
     system_failure("webapp-id invalid");
261 260
   $webapp_name = $result->fetch(PDO::FETCH_OBJ)->displayname;
262 261
   logger(LOG_INFO, 'modules/vhosts/include/vhosts', 'vhosts', 'Setting up webapp '.$webapp_name.' on vhost #'.$id);
263
-  db_query("REPLACE INTO vhosts.webapps (vhost, webapp) VALUES ({$id}, {$webapp})");
262
+  db_query("REPLACE INTO vhosts.webapps (vhost, webapp) VALUES (?, ?)", array($id, $webapp));
264 263
   mail('webapps-setup@schokokeks.org', 'setup', 'setup');
265 264
 }
266 265
 
... ...
@@ -269,22 +268,26 @@ function check_hostname_collision($hostname, $domain)
269 268
 {
270 269
   $uid = (int) $_SESSION['userinfo']['uid'];
271 270
   # Neuer vhost => Prüfe Duplikat
272
-  $hostnamecheck = "hostname='".db_escape_string($hostname)."'";
271
+  $args = array(":hostname" => $hostname, ":domain" => $domain);
272
+  $hostnamecheck = "hostname=:hostname";
273 273
   if (! $hostname) {
274 274
     $hostnamecheck = "hostname IS NULL";
275
+    unset($args[":hostname"]);
275 276
   }
276
-  $domaincheck = "domain=". (int) $domain ;
277
+  $domaincheck = "domain=:domain";
277 278
   if ($domain == -1) {
278
-    $domaincheck = "domain IS NULL AND user={$uid}";
279
+    $args[":uid"] = $uid;
280
+    unset($args[":domain"]);
281
+    $domaincheck = "domain IS NULL AND user=:uid";
279 282
   }
280
-  $result = db_query("SELECT id FROM vhosts.vhost WHERE {$hostnamecheck} AND {$domaincheck}");
283
+  $result = db_query("SELECT id FROM vhosts.vhost WHERE {$hostnamecheck} AND {$domaincheck}", $args);
281 284
   if ($result->rowCount() > 0) {
282 285
     system_failure('Eine Konfiguration mit diesem Namen gibt es bereits.');
283 286
   }
284 287
   if ($domain == -1) {
285 288
     return ;
286 289
   }
287
-  $result = db_query("SELECT id, vhost FROM vhosts.alias WHERE {$hostnamecheck} AND {$domaincheck}");
290
+  $result = db_query("SELECT id, vhost FROM vhosts.alias WHERE {$hostnamecheck} AND {$domaincheck}", $args);
288 291
   if ($result->rowCount() > 0) {
289 292
     $data = $result->fetch();
290 293
     $vh = get_vhost_details($data['vhost']);
... ...
@@ -297,46 +300,42 @@ function save_vhost($vhost)
297 300
   if (! is_array($vhost))
298 301
     system_failure('$vhost kein array!');
299 302
   $id = (int) $vhost['id'];
300
-  $hostname = maybe_null($vhost['hostname']);
303
+  $hostname = $vhost['hostname'];
301 304
   $domain = (int) $vhost['domain_id'];
302 305
   if ($domain == 0)
303 306
     system_failure('$domain == 0');
304 307
   if ($vhost['domain_id'] == -1)
305
-    $domain = 'NULL';
308
+    $domain = NULL;
306 309
   if ($id == 0) {
307 310
     check_hostname_collision($vhost['hostname'], $vhost['domain_id']);
308 311
   }
309
-  $docroot = maybe_null($vhost['docroot']);
310
-  $php = maybe_null($vhost['php']);
311
-  $cgi = ($vhost['cgi'] == 1 ? 1 : 0);
312
-  $ssl = maybe_null($vhost['ssl']);
313 312
   $hsts = (int) $vhost['hsts'];
314 313
   if ($hsts < 0) {
315
-    $hsts = "NULL";
314
+    $hsts = NULL;
316 315
   }
317
-  $suexec_user = 'NULL';
316
+  $suexec_user = NULL;
318 317
 
319 318
   $available_suexec = available_suexec_users();
320 319
   foreach ($available_suexec AS $u)
321 320
     if ($u['uid'] == $vhost['suexec_user'])
322 321
       $suexec_user = $u['uid'];
323 322
 
324
-  $server = 'NULL';
323
+  $server = NULL;
325 324
   $available_servers = additional_servers();
326 325
   if (in_array($vhost['server'], $available_servers)) {
327 326
     $server = (int) $vhost['server'];
328 327
   }
329 328
   if ($server == my_server_id()) {
330
-    $server = 'NULL';
329
+    $server = NULL;
331 330
   }
332 331
 
333
-  $logtype = maybe_null($vhost['logtype']);
334
-  $errorlog = (int) $vhost['errorlog'];
335 332
   if ($vhost['is_svn']) {
336
-    if (! $vhost['options']) $vhost['options']='nodocroot';
337
-    else $vhost['options']+=",nodocroot";
333
+    if (! $vhost['options']) {
334
+      $vhost['options']='nodocroot';
335
+    } else {
336
+      $vhost['options']+=",nodocroot";
337
+    }
338 338
   }
339
-  $options = db_escape_string( $vhost['options'] );
340 339
 
341 340
   $cert = 0;
342 341
   $certs = user_certs();
... ...
@@ -344,13 +343,13 @@ function save_vhost($vhost)
344 343
     if ($c['id'] == $vhost['cert'])
345 344
       $cert = $c['id'];
346 345
   if ($cert == 0)
347
-    $cert = 'NULL';
346
+    $cert = NULL;
348 347
 
349
-  $ipv4 = 'NULL';
348
+  $ipv4 = NULL;
350 349
   $ipv4_avail = user_ipaddrs();
351 350
   if (in_array($vhost['ipv4'], $ipv4_avail))
352 351
   {
353
-    $ipv4 = maybe_null($vhost['ipv4']);
352
+    $ipv4 = $vhost['ipv4'];
354 353
   }
355 354
 
356 355
   $autoipv6 = 1;
... ...
@@ -358,15 +357,33 @@ function save_vhost($vhost)
358 357
     $autoipv6 = $vhost['autoipv6'];
359 358
   }
360 359
 
361
-  $stats = maybe_null($vhost['stats']);
362
-
360
+  $args = array(":hostname" => $hostname,
361
+                ":domain" => $domain,
362
+                ":docroot" => $vhost['docroot'],
363
+                ":php" => $vhost['php'],
364
+                ":cgi" => ($vhost['cgi'] == 1 ? 1 : 0),
365
+                ":ssl" => $vhost['ssl'],
366
+                ":hsts" => $hsts,
367
+                ":suexec_user" => $suexec_user,
368
+                ":server" => $server,
369
+                ":logtype" => $vhost['logtype'],
370
+                ":errorlog" => (int) $vhost['errorlog'],
371
+                ":cert" => $cert,
372
+                ":ipv4" => $ipv4,
373
+                ":autoipv6" => $autoipv6,
374
+                ":options" => $vhost['options'],
375
+                ":stats" => $vhost['stats'],
376
+                ":id" => $id);
363 377
   if ($id != 0) {
364 378
     logger(LOG_INFO, 'modules/vhosts/include/vhosts', 'vhosts', 'Updating vhost #'.$id.' ('.$vhost['hostname'].'.'.$vhost['domain'].')');
365
-    db_query("UPDATE vhosts.vhost SET hostname={$hostname}, domain={$domain}, docroot={$docroot}, php={$php}, cgi={$cgi}, `ssl`={$ssl}, hsts={$hsts}, `suexec_user`={$suexec_user}, `server`={$server}, logtype={$logtype}, errorlog={$errorlog}, certid={$cert}, ipv4={$ipv4}, autoipv6={$autoipv6}, options='{$options}', stats={$stats} WHERE id={$id} LIMIT 1");
379
+    db_query("UPDATE vhosts.vhost SET hostname=:hostname, domain=:domain, docroot=:docroot, php=:php, cgi=:cgi, `ssl`=:ssl, hsts=:hsts, `suexec_user`=:suexec_user, `server`=:server, logtype=:logtype, errorlog=:errorlog, certid=:cert, ipv4=:ipv4, autoipv6=:autoipv6, options=:options, stats=:stats WHERE id=:id", $args);
366 380
   }
367 381
   else {
382
+    $args[":user"] = $_SESSION['userinfo']['uid'];
383
+    unset($args[":id"]);
368 384
     logger(LOG_INFO, 'modules/vhosts/include/vhosts', 'vhosts', 'Creating vhost '.$vhost['hostname'].'.'.$vhost['domain'].'');
369
-    $result = db_query("INSERT INTO vhosts.vhost (user, hostname, domain, docroot, php, cgi, `ssl`, hsts, `suexec_user`, `server`, logtype, errorlog, certid, ipv4, autoipv6, options, stats) VALUES ({$_SESSION['userinfo']['uid']}, {$hostname}, {$domain}, {$docroot}, {$php}, {$cgi}, {$ssl}, {$hsts}, {$suexec_user}, {$server}, {$logtype}, {$errorlog}, {$cert}, {$ipv4}, {$autoipv6}, '{$options}', {$stats})");
385
+    $result = db_query("INSERT INTO vhosts.vhost (user, hostname, domain, docroot, php, cgi, `ssl`, hsts, `suexec_user`, `server`, logtype, errorlog, certid, ipv4, autoipv6, options, stats) VALUES ".
386
+                       "(:user, :hostname, :domain, :docroot, :php, :cgi, :ssl, :hsts, :suexec_user, :server, :logtype, :errorlog, :cert, :ipv4, :autoipv6, :options, :stats)", $args);
370 387
     $id = db_insert_id();
371 388
   }
372 389
   $oldvhost = get_vhost_details($id);
... ...
@@ -389,7 +406,7 @@ function get_alias_details($id)
389 406
 {
390 407
   $id = (int) $id;
391 408
   $uid = (int) $_SESSION['userinfo']['uid'];
392
-  $result = db_query("SELECT * FROM vhosts.v_alias WHERE id={$id}");
409
+  $result = db_query("SELECT * FROM vhosts.v_alias WHERE id=?", array($id));
393 410
   
394 411
   if ($result->rowCount() != 1)
395 412
     system_failure('Interner Fehler beim Auslesen der Alias-Daten');
... ...
@@ -413,7 +430,7 @@ function delete_alias($id)
413 430
   $alias = get_alias_details($id);
414 431
 
415 432
   logger(LOG_INFO, 'modules/vhosts/include/vhosts', 'aliases', 'Removing alias #'.$id.' ('.$alias['hostname'].'.'.$alias['domain'].')');
416
-  db_query("DELETE FROM vhosts.alias WHERE id={$id}");
433
+  db_query("DELETE FROM vhosts.alias WHERE id=?", array($id));
417 434
 }
418 435
 
419 436
 function save_alias($alias)
... ...
@@ -421,21 +438,26 @@ function save_alias($alias)
421 438
   if (! is_array($alias))
422 439
     system_failure('$alias kein array!');
423 440
   $id = (isset($alias['id']) ? (int) $alias['id'] : 0);
424
-  $hostname = maybe_null($alias['hostname']);
425 441
   $domain = (int) $alias['domain_id'];
426 442
   if ($domain == 0)
427 443
     system_failure('$domain == 0');
428 444
   if ($alias['domain_id'] == -1)
429
-    $domain = 'NULL';
445
+    $domain = NULL;
430 446
   $vhost = get_vhost_details( (int) $alias['vhost']);
431
-  $options = db_escape_string( $alias['options'] );
447
+  $args = array(":hostname" => $alias['hostname'],
448
+                ":domain" => $domain,
449
+                ":vhost" => $vhost['id'],
450
+                ":options" => $alias['options'],
451
+                ":id" => $id);
432 452
   if ($id == 0) {
453
+    unset($args[":id"]);
433 454
     logger(LOG_INFO, 'modules/vhosts/include/vhosts', 'aliases', 'Creating alias '.$alias['hostname'].'.'.$alias['domain'].' for VHost '.$vhost['id']);
434
-    db_query("INSERT INTO vhosts.alias (hostname, domain, vhost, options) VALUES ({$hostname}, {$domain}, {$vhost['id']}, '{$options}')");
455
+    db_query("INSERT INTO vhosts.alias (hostname, domain, vhost, options) VALUES (:hostname, :domain, :vhost, :options)", $args);
435 456
   }
436 457
   else {
458
+    unset($args[":vhost"]);
437 459
     logger(LOG_INFO, 'modules/vhosts/include/vhosts', 'aliases', 'Updating alias #'.$id.' ('.$alias['hostname'].'.'.$alias['domain'].')');
438
-    db_query("UPDATE vhosts.alias SET hostname={$hostname}, domain={$domain}, options='{$options}' WHERE id={$id} LIMIT 1");
460
+    db_query("UPDATE vhosts.alias SET hostname=:hostname, domain=:domain, options=:options WHERE id=:id", $args);
439 461
   }
440 462
 }
441 463
 
... ...
@@ -443,7 +465,7 @@ function save_alias($alias)
443 465
 function available_suexec_users()
444 466
 {
445 467
   $uid = (int) $_SESSION['userinfo']['uid'];
446
-  $result = db_query("SELECT uid, username FROM vhosts.available_users LEFT JOIN vhosts.v_useraccounts ON (uid = suexec_user) WHERE mainuser={$uid}");
468
+  $result = db_query("SELECT uid, username FROM vhosts.available_users LEFT JOIN vhosts.v_useraccounts ON (uid = suexec_user) WHERE mainuser=?", array($uid));
447 469
   $ret = array();
448 470
   while ($i = $result->fetch())
449 471
     $ret[] = $i;
... ...
@@ -457,7 +479,7 @@ function available_suexec_users()
457 479
 function user_ipaddrs()
458 480
 {
459 481
   $uid = (int) $_SESSION['userinfo']['uid'];
460
-  $result = db_query("SELECT ipaddr FROM vhosts.ipaddr_available WHERE uid={$uid}");
482
+  $result = db_query("SELECT ipaddr FROM vhosts.ipaddr_available WHERE uid=?", array($uid));
461 483
   $ret = array();
462 484
   while ($i = $result->fetch())
463 485
   {
... ...
@@ -27,12 +27,13 @@ $uid = (int) $_SESSION['userinfo']['uid'];
27 27
 
28 28
 if (isset($_POST['freq']) && in_array($_POST['freq'],array("day","week","month"))) {
29 29
   check_form_token('freewvs_freq'); 
30
-	db_query("REPLACE INTO qatools.freewvs (user,freq) VALUES ({$uid},'{$_POST['freq']}');");
30
+  $args = array(":uid" => $uid, ":freq" => $_POST['freq']);
31
+	db_query("REPLACE INTO qatools.freewvs (user,freq) VALUES (:uid,:freq)", $args);
31 32
 	header("Location: freewvs");
32 33
 	die();
33 34
 }
34 35
 
35
-$result = db_query("SELECT freq FROM qatools.v_freewvs WHERE uid={$uid};");
36
+$result = db_query("SELECT freq FROM qatools.v_freewvs WHERE uid=?", array($uid));
36 37
 $result=$result->fetch();
37 38
 $freq=$result['freq'];
38 39
 
... ...
@@ -20,7 +20,7 @@ require_once('inc/base.php');
20 20
 function load_results()
21 21
 {
22 22
   $uid = (int) $_SESSION['userinfo']['uid'];
23
-  $result = db_query("SELECT directory, docroot, lastcheck, appname, version, state, safeversion, vulninfo FROM qatools.freewvs_results WHERE uid={$uid}");
23
+  $result = db_query("SELECT directory, docroot, lastcheck, appname, version, state, safeversion, vulninfo FROM qatools.freewvs_results WHERE uid=?", array($uid));
24 24
   $ret = array();
25 25
   while ($line = $result->fetch()) {
26 26
     array_push($ret, $line);
... ...
@@ -30,7 +30,7 @@ function load_results()
30 30
 
31 31
 function get_upgradeinstructions($appname) {
32 32
   $appname = db_escape_string($appname);
33
-  $result = db_query("SELECT url FROM qatools.freewvs_upgradeinstructions WHERE appname='{$appname}' LIMIT 1");
33
+  $result = db_query("SELECT url FROM qatools.freewvs_upgradeinstructions WHERE appname=?", array($appname));
34 34
   if ($result->rowCount() > 0) {
35 35
     $tmp = $result->fetch();
36 36
     return $tmp[0];
... ...
@@ -20,12 +20,12 @@ function create_new_webapp($appname, $directory, $url, $data)
20 20
 {
21 21
   if (directory_in_use($directory))
22 22
     system_failure('Sie haben erst kürzlich eine Anwendung in diesem Verzeichnis installieren lassen. Aus Sicherheitsgründen können Sie in diesem Verzeichnis am selben Tag nicht schon wieder eine Anwendung installieren.');
23
-  $username = db_escape_string($_SESSION['userinfo']['username']);
24
-  $appname = db_escape_string($appname);
25
-  $directory = db_escape_string($directory);
26
-  $url = db_escape_string($url);
27
-  $data = db_escape_string($data);
28
-  db_query("INSERT INTO vhosts.webapp_installer (appname, directory, url, state, username, data) VALUES ('{$appname}', '{$directory}', '{$url}', 'new', '{$username}', '{$data}')");
23
+  $args = array(":username" => $_SESSION['userinfo']['username'],
24
+                ":appname" => $appname,
25
+                ":dir" => $directory,
26
+                ":url" => $url,
27
+                ":data" => $data);
28
+  db_query("INSERT INTO vhosts.webapp_installer (appname, directory, url, state, username, data) VALUES (:appname, :dir, :url, 'new', :username, :data)", $args);
29 29
 }
30 30
 
31 31
 
... ...
@@ -33,17 +33,16 @@ function request_update($appname, $directory, $url)
33 33
 {
34 34
   if (directory_in_use($directory))
35 35
     system_failure('Sie haben erst kürzlich eine Anwendung in diesem Verzeichnis installieren lassen oder ein Update in diesem Verzeichnis angefordert. Bitte warten Sie bis diese Aktion durchgeführt wurde.');
36
-  $username = db_escape_string($_SESSION['userinfo']['username']);
37
-  $appname = db_escape_string($appname);
38
-  $directory = db_escape_string($directory);
39
-  $url = maybe_null(db_escape_string($url));
40
-  db_query("INSERT INTO vhosts.webapp_installer (appname, directory, url, state, username) VALUES ('{$appname}', '{$directory}', {$url}, 'old', '{$username}')");
36
+  $args = array(":username" => $_SESSION['userinfo']['username'],
37
+                ":appname" => $appname,
38
+                ":dir" => $directory,
39
+                ":url" => $url);
40
+  db_query("INSERT INTO vhosts.webapp_installer (appname, directory, url, state, username) VALUES (:appname, :dir, :url, 'old', :username)", $args);
41 41
 }
42 42
 
43 43
 function directory_in_use($directory)
44 44
 {
45
-  $directory = db_escape_string($directory);
46
-  $result = db_query("SELECT id FROM vhosts.webapp_installer WHERE (state IN ('new','old') OR DATE(lastchange)=CURDATE()) AND directory='{$directory}'");
45
+  $result = db_query("SELECT id FROM vhosts.webapp_installer WHERE (state IN ('new','old') OR DATE(lastchange)=CURDATE()) AND directory=?", array($directory));
47 46
   if ($result->rowCount() > 0)
48 47
     return true;
49 48
   return false;
... ...
@@ -101,8 +100,7 @@ function get_url_for_dir($docroot, $cutoff = '')
101 100
 {
102 101
   if (substr($docroot, -1) == '/')
103 102
     $docroot = substr($docroot, 0, -1);
104
-  $docroot = db_escape_string($docroot);
105
-  $result = db_query("SELECT `ssl`, IF(FIND_IN_SET('aliaswww', options), CONCAT('www.',fqdn), fqdn) AS fqdn FROM vhosts.v_vhost WHERE docroot IN ('{$docroot}', '{$docroot}/') LIMIT 1");
103
+  $result = db_query("SELECT `ssl`, IF(FIND_IN_SET('aliaswww', options), CONCAT('www.',fqdn), fqdn) AS fqdn FROM vhosts.v_vhost WHERE docroot IN (?, ?)", array($docroot, $docroot.'/'));
106 104
   if ($result->rowCount() < 1)
107 105
   {
108 106
     if (!strstr($docroot, '/'))
... ...
@@ -122,7 +120,7 @@ function create_webapp_mysqldb($application, $sitename)
122 120
   // dependet auf das mysql-modul
123 121
   require_once('modules/mysql/include/mysql.php'); 
124 122
   
125
-  $username = db_escape_string($_SESSION['userinfo']['username']);
123
+  $username = $_SESSION['userinfo']['username'];
126 124
   $description = "Automatisch erzeugte Datenbank für {$application} ({$sitename})";
127 125
   
128 126
   // zuerst versuchen wir username_webappname. Wenn das nicht klappt, dann wird hochgezählt
... ...
@@ -38,7 +38,7 @@ function find_role($login, $password, $i_am_admin = False)
38 38
   $uid = (int) $login;
39 39
   if ($uid == 0)
40 40
     $uid = 'NULL';
41
-  $result = db_query("SELECT username, passwort AS password, kundenaccount AS `primary`, status, ((SELECT acc.uid FROM system.v_useraccounts AS acc LEFT JOIN system.gruppenzugehoerigkeit USING (uid) LEFT JOIN system.gruppen AS g ON (g.gid=gruppenzugehoerigkeit.gid) WHERE g.name='admin' AND acc.uid=u.uid) IS NOT NULL) AS admin FROM system.v_useraccounts AS u LEFT JOIN system.passwoerter USING(uid) WHERE u.uid={$uid} OR username='{$login}' LIMIT 1;");
41
+  $result = db_query("SELECT username, passwort AS password, kundenaccount AS `primary`, status, ((SELECT acc.uid FROM system.v_useraccounts AS acc LEFT JOIN system.gruppenzugehoerigkeit USING (uid) LEFT JOIN system.gruppen AS g ON (g.gid=gruppenzugehoerigkeit.gid) WHERE g.name='admin' AND acc.uid=u.uid) IS NOT NULL) AS admin FROM system.v_useraccounts AS u LEFT JOIN system.passwoerter USING(uid) WHERE u.uid=:uid OR username=:login LIMIT 1;", array(":uid" => $uid, ":login" => $login));
42 42
   if (@$result->rowCount() > 0)
43 43
   {
44 44
     $entry = $result->fetch(PDO::FETCH_OBJ);
... ...
@@ -68,9 +68,9 @@ function find_role($login, $password, $i_am_admin = False)
68 68
   // Customer?
69 69
   $customerno = (int) $login;
70 70
   $pass = sha1($password);
71
-  $result = db_query("SELECT passwort AS password FROM kundendaten.kunden WHERE status=0 AND id={$customerno} AND passwort='{$pass}';");
71
+  $result = db_query("SELECT passwort AS password FROM kundendaten.kunden WHERE status=0 AND id=:customerno AND passwort=:pass", array(":customerno" => $customerno, ":pass" => $pass));
72 72
   if ($i_am_admin)
73
-    $result = db_query("SELECT passwort AS password FROM kundendaten.kunden WHERE status=0 AND id={$customerno}");
73
+    $result = db_query("SELECT passwort AS password FROM kundendaten.kunden WHERE status=0 AND id=?", array($customerno));
74 74
   if (@$result->rowCount() > 0)
75 75
   {
76 76
     return ROLE_CUSTOMER;
... ...
@@ -78,7 +78,7 @@ function find_role($login, $password, $i_am_admin = False)
78 78
 
79 79
   // Sub-User
80 80
 
81
-  $result = db_query("SELECT password FROM system.subusers WHERE username='{$login}'");
81
+  $result = db_query("SELECT password FROM system.subusers WHERE username=?", array($login));
82 82
   if (@$result->rowCount() > 0)
83 83
   {
84 84
     $entry = $result->fetch(PDO::FETCH_OBJ);
... ...
@@ -111,7 +111,7 @@ function find_role($login, $password, $i_am_admin = False)
111 111
       }
112 112
     }
113 113
   }
114
-  $result = db_query("SELECT cryptpass FROM mail.courier_mailaccounts WHERE account='{$account}' LIMIT 1;");
114
+  $result = db_query("SELECT cryptpass FROM mail.courier_mailaccounts WHERE account=?", array($account));
115 115
   if (@$result->rowCount() > 0)
116 116
   {
117 117
     $entry = $result->fetch(PDO::FETCH_OBJ);
... ...
@@ -127,7 +127,7 @@ function find_role($login, $password, $i_am_admin = False)
127 127
   
128 128
   // virtueller Mail-Account
129 129
   $account = $login;
130
-  $result = db_query("SELECT cryptpass FROM mail.courier_virtual_accounts WHERE account='{$account}' LIMIT 1;");
130
+  $result = db_query("SELECT cryptpass FROM mail.courier_virtual_accounts WHERE account=?", array($account));
131 131
   if (@$result->rowCount() > 0)
132 132
   {
133 133
     $entry = $result->fetch(PDO::FETCH_OBJ);
... ...
@@ -157,13 +157,13 @@ function get_customer_info($customer)
157 157
   if ($customerno != 0)
158 158
   {
159 159
     DEBUG('Looking up customerinfo for customer no. '.$customerno);
160
-    $result = db_query("SELECT id, anrede, firma, CONCAT_WS(' ', vorname, nachname) AS name, COALESCE(email,email_rechnung,email_extern) AS email FROM kundendaten.kunden WHERE id={$customerno} LIMIT 1;");
160
+    $result = db_query("SELECT id, anrede, firma, CONCAT_WS(' ', vorname, nachname) AS name, COALESCE(email,email_rechnung,email_extern) AS email FROM kundendaten.kunden WHERE id=?", array($customerno));
161 161
   }
162 162
   else
163 163
   {
164
-    $username = db_escape_string($customer);
164
+    $username = $customer;
165 165
     DEBUG('looking up customer info for username '.$username);
166
-    $result = db_query("SELECT id, anrede, firma, CONCAT_WS(' ', vorname, nachname) AS name, COALESCE(email,email_rechnung,email_extern) AS email FROM kundendaten.kunden AS k JOIN system.v_useraccounts AS u ON (u.kunde=k.id) WHERE u.username='{$username}'");
166
+    $result = db_query("SELECT id, anrede, firma, CONCAT_WS(' ', vorname, nachname) AS name, COALESCE(email,email_rechnung,email_extern) AS email FROM kundendaten.kunden AS k JOIN system.v_useraccounts AS u ON (u.kunde=k.id) WHERE u.username=?", array($username));
167 167
   }
168 168
   if (@$result->rowCount() == 0)
169 169
     system_failure("Konnte Kundendaten nicht auslesen!");
... ...
@@ -181,7 +181,7 @@ function get_customer_info($customer)
181 181
 
182 182
 function get_subuser_info($username)
183 183
 {
184
-  $result = db_query("SELECT uid, modules FROM system.subusers WHERE username='{$username}'");
184
+  $result = db_query("SELECT uid, modules FROM system.subusers WHERE username=?", array($username));
185 185
   if ($result->rowCount() < 1)
186 186
   {
187 187
     logger(LOG_ERR, "session/checkuser", "login", "error reading subuser's data: »{$username}«");
... ...
@@ -196,9 +196,8 @@ function get_subuser_info($username)
196 196
 
197 197
 function get_user_info($username)
198 198
 {
199
-  $username = db_escape_string($username);
200 199
   $result = db_query("SELECT kunde AS customerno, username, uid, homedir, name, server
201
-                      FROM system.v_useraccounts WHERE username='{$username}' OR uid='{$username}' LIMIT 1");
200
+                      FROM system.v_useraccounts WHERE username=:username OR uid=:username", array(":username" => $username));
202 201
   if ($result->rowCount() < 1)
203 202
   {
204 203
     logger(LOG_ERR, "session/checkuser", "login", "error reading user's data: »{$username}«");
... ...
@@ -218,30 +217,30 @@ function get_user_info($username)
218 217
 function set_customer_verified($customerno)
219 218
 {
220 219
   $customerno = (int) $customerno;
221
-  db_query("UPDATE kundendaten.kunden SET status=0 WHERE id={$customerno};");
220
+  db_query("UPDATE kundendaten.kunden SET status=0 WHERE id=?", array($customerno));
222 221
   logger(LOG_INFO, "session/checkuser", "register", "set customer's status to 0.");
223 222
 }
224 223
 
225 224
 function set_customer_lastlogin($customerno)
226 225
 {
227 226
   $customerno = (int) $customerno;
228
-  db_query("UPDATE kundendaten.kunden SET lastlogin=NOW() WHERE id={$customerno};");
227
+  db_query("UPDATE kundendaten.kunden SET lastlogin=NOW() WHERE id=?", array($customerno));
229 228
 }
230 229
 
231 230
 function set_customer_password($customerno, $newpass)
232 231
 {
233 232
   $customerno = (int) $customerno;
234 233
   $newpass = sha1($newpass);
235
-  db_query("UPDATE kundendaten.kunden SET passwort='$newpass' WHERE id='".$customerno."' LIMIT 1");
234
+  db_query("UPDATE kundendaten.kunden SET passwort=:newpass WHERE id=:customerno", array(":newpass" => $newpass, ":customerno" => $customerno));
236 235
   logger(LOG_INFO, "session/checkuser", "pwchange", "changed customer's password.");
237 236
 }
238 237
 
239 238
 function set_subuser_password($subuser, $newpass)
240 239
 {
241
-  $subuser = db_escape_string($subuser);
242
-  $uid = (int) $_SESSION['userinfo']['uid'];
243
-  $newpass = sha1($newpass);
244
-  db_query("UPDATE system.subusers SET password='$newpass' WHERE username='{$subuser}' AND uid={$uid}");
240
+  $args = array(":subuser" => $subuser,
241
+                ":uid" => (int) $_SESSION['userinfo']['uid'],
242
+                ":newpass" => sha1($newpass));
243
+  db_query("UPDATE system.subusers SET password=:newpass WHERE username=:subuser AND uid=:uid", $args);
245 244
   logger(LOG_INFO, "session/checkuser", "pwchange", "changed subuser's password.");
246 245
 }
247 246
 
... ...
@@ -260,14 +259,14 @@ function set_systemuser_password($uid, $newpass)
260 259
     $salt = random_string(8);
261 260
     $newpass = crypt($newpass, "\$1\${$salt}\$");
262 261
   }
263
-  db_query("UPDATE system.passwoerter SET passwort='$newpass' WHERE uid='".$uid."' LIMIT 1");
262
+  db_query("UPDATE system.passwoerter SET passwort=:newpass WHERE uid=:uid", array(":newpass" => $newpass, ":uid" => $uid));
264 263
   logger(LOG_INFO, "session/checkuser", "pwchange", "changed user's password.");
265 264
 }
266 265
 
267 266
 
268 267
 function user_for_mailaccount($account) 
269 268
 {
270
-  $result = db_query("SELECT uid FROM mail.courier_mailaccounts WHERE account='{$account}' LIMIT 1;");
269
+  $result = db_query("SELECT uid FROM mail.courier_mailaccounts WHERE account=?", array($account));
271 270
   if ($result->rowCount() != 1) {
272 271
     system_failure('Diese Adresse ist herrenlos?!');
273 272
   }
... ...
@@ -277,7 +276,7 @@ function user_for_mailaccount($account)
277 276
 
278 277
 function user_for_vmail_account($account)
279 278
 {
280
-  $result = db_query("SELECT useraccount FROM mail.v_vmail_accounts WHERE CONCAT_WS('@', local, domainname)='{$account}' LIMIT 1;");
279
+  $result = db_query("SELECT useraccount FROM mail.v_vmail_accounts WHERE CONCAT_WS('@', local, domainname)=?", array($account));
281 280
   if ($result->rowCount() != 1) {
282 281
     system_failure('Diese Adresse ist herrenlos?!');
283 282
   }
... ...
@@ -298,7 +297,7 @@ function setup_session($role, $useridentity)
298 297
     $_SESSION['restrict_modules'] = explode(',', $info['modules']);
299 298
     $_SESSION['role'] = ROLE_SYSTEMUSER | ROLE_SUBUSER;
300 299
     $_SESSION['subuser'] = $useridentity;
301
-    $data = db_query("SELECT kundenaccount FROM system.useraccounts WHERE username='{$info['username']}'");
300
+    $data = db_query("SELECT kundenaccount FROM system.useraccounts WHERE username=?", array($info['username']));
302 301
     if ($entry = $data->fetch) {
303 302
       if ($entry['kundenaccount'] == 1) {
304 303
         $customer = get_customer_info($_SESSION['userinfo']['username']);