Hugging Face's logo

Spaces:
CatPtain
/
wordpress
Running

App Files Community
CatPtain commited on
Commit
5ed2b6d
Β·
verified Β·
1 Parent(s): d13adb8

Upload 2 files

Browse files
Files changed (2) hide show
  1. db.php +61 -0
  2. test-php.php +18 -2
db.php CHANGED
@@ -238,6 +238,67 @@ class SQLite_DB {
238
  return addcslashes($text, '\\%_');
239
  }
240
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
241
  public function print_error($str = '') {
242
  global $EZSQL_ERROR;
243
 
 
238
  return addcslashes($text, '\\%_');
239
  }
240
 
241
+ public function _escape($data) {
242
+ if (is_array($data)) {
243
+ return array_map(array($this, '_escape'), $data);
244
+ }
245
+
246
+ if (is_string($data)) {
247
+ return addslashes($data);
248
+ }
249
+
250
+ return $data;
251
+ }
252
+
253
+ public function _real_escape($data) {
254
+ if (!is_scalar($data)) {
255
+ return '';
256
+ }
257
+
258
+ // For SQLite, we use addslashes as there's no equivalent to mysqli_real_escape_string
259
+ $escaped = addslashes($data);
260
+ return $this->add_placeholder_escape($escaped);
261
+ }
262
+
263
+ public function _weak_escape($data) {
264
+ if (func_num_args() === 1 && function_exists('_deprecated_function')) {
265
+ _deprecated_function(__METHOD__, '3.6.0', 'wpdb::prepare() or esc_sql()');
266
+ }
267
+ return addslashes($data);
268
+ }
269
+
270
+ public function escape($data) {
271
+ if (func_num_args() === 1 && function_exists('_deprecated_function')) {
272
+ _deprecated_function(__METHOD__, '3.6.0', 'wpdb::prepare() or esc_sql()');
273
+ }
274
+ if (is_array($data)) {
275
+ foreach ($data as $k => $v) {
276
+ if (is_array($v)) {
277
+ $data[$k] = $this->escape($v);
278
+ } else {
279
+ $data[$k] = $this->_weak_escape($v);
280
+ }
281
+ }
282
+ } else {
283
+ $data = $this->_weak_escape($data);
284
+ }
285
+ return $data;
286
+ }
287
+
288
+ public function add_placeholder_escape($query) {
289
+ // Replace % with placeholder to prevent SQLi attacks
290
+ return str_replace('%', $this->placeholder_escape(), $query);
291
+ }
292
+
293
+ public function placeholder_escape() {
294
+ static $placeholder;
295
+ if (!$placeholder) {
296
+ // Generate a unique placeholder
297
+ $placeholder = '{' . wp_generate_password(20, false) . '}';
298
+ }
299
+ return $placeholder;
300
+ }
301
+
302
  public function print_error($str = '') {
303
  global $EZSQL_ERROR;
304
 
test-php.php CHANGED
@@ -61,7 +61,7 @@ if (file_exists('/var/www/html/wp-content/db.php')) {
61
  echo "<p>βœ“ SQLite_DB class loaded successfully</p>";
62
 
63
  // Test required methods
64
- $methods = ['set_prefix', 'get_results', 'get_row', 'get_var', 'get_col', 'prepare', 'insert', 'update', 'delete', 'suppress_errors', 'show_errors', 'hide_errors', 'bail', 'timer_start', 'timer_stop', 'get_blog_prefix'];
65
  foreach ($methods as $method) {
66
  if (method_exists($test_db, $method)) {
67
  echo "<p style='color: green;'>βœ“ Method $method exists</p>";
@@ -112,7 +112,7 @@ if ($db->ready) {
112
  $option_count = $db->get_var("SELECT COUNT(*) FROM {$db->prefix}options");
113
  echo "<p>Total options in database: $option_count</p>";
114
 
115
- $test_options = array('siteurl', 'home', 'blogname', 'admin_email');
116
  foreach ($test_options as $option) {
117
  $value = $db->get_var($db->prepare("SELECT option_value FROM {$db->prefix}options WHERE option_name = %s", $option));
118
  if ($value !== null) {
@@ -121,6 +121,22 @@ if ($db->ready) {
121
  echo "<p style='color: red;'>βœ— Option '$option' not found</p>";
122
  }
123
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
124
  } else {
125
  echo "<p style='color: red;'>βœ— Database connection failed</p>";
126
  }
 
61
  echo "<p>βœ“ SQLite_DB class loaded successfully</p>";
62
 
63
  // Test required methods
64
+ $methods = ['set_prefix', 'get_results', 'get_row', 'get_var', 'get_col', 'prepare', 'insert', 'update', 'delete', 'suppress_errors', 'show_errors', 'hide_errors', 'bail', 'timer_start', 'timer_stop', 'get_blog_prefix', '_escape', '_real_escape', '_weak_escape', 'escape', 'add_placeholder_escape', 'placeholder_escape'];
65
  foreach ($methods as $method) {
66
  if (method_exists($test_db, $method)) {
67
  echo "<p style='color: green;'>βœ“ Method $method exists</p>";
 
112
  $option_count = $db->get_var("SELECT COUNT(*) FROM {$db->prefix}options");
113
  echo "<p>Total options in database: $option_count</p>";
114
 
115
+ $test_options = array('siteurl', 'home', 'blogname', 'blogdescription', 'users_can_register', 'admin_email');
116
  foreach ($test_options as $option) {
117
  $value = $db->get_var($db->prepare("SELECT option_value FROM {$db->prefix}options WHERE option_name = %s", $option));
118
  if ($value !== null) {
 
121
  echo "<p style='color: red;'>βœ— Option '$option' not found</p>";
122
  }
123
  }
124
+
125
+ echo "<h3>Escape Methods Test</h3>";
126
+ // Test escape methods
127
+ $test_string = "Test's \"quoted\" string with % symbols";
128
+ $test_array = array('key1' => "value's", 'key2' => 'value"with"quotes');
129
+
130
+ echo "<p><strong>Original string:</strong> " . htmlspecialchars($test_string) . "</p>";
131
+ echo "<p><strong>_escape():</strong> " . htmlspecialchars($db->_escape($test_string)) . "</p>";
132
+ echo "<p><strong>_real_escape():</strong> " . htmlspecialchars($db->_real_escape($test_string)) . "</p>";
133
+ echo "<p><strong>_weak_escape():</strong> " . htmlspecialchars($db->_weak_escape($test_string)) . "</p>";
134
+
135
+ echo "<p><strong>Array escape test:</strong></p>";
136
+ $escaped_array = $db->_escape($test_array);
137
+ foreach ($escaped_array as $key => $value) {
138
+ echo "<p style='margin-left: 20px;'>$key: " . htmlspecialchars($value) . "</p>";
139
+ }
140
  } else {
141
  echo "<p style='color: red;'>βœ— Database connection failed</p>";
142
  }