From 197203727417a03d87053a47e5aa5175a76e3e0b Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Thu, 17 Oct 2013 04:24:53 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)

---
 program/lib/MDB2/Driver/Native/sqlite.php |   43 +++++++------------------------------------
 1 files changed, 7 insertions(+), 36 deletions(-)

diff --git a/program/lib/MDB2/Driver/Native/sqlite.php b/program/lib/MDB2/Driver/Native/sqlite.php
old mode 100755
new mode 100644
index 987473e..ee2a54f
--- a/program/lib/MDB2/Driver/Native/sqlite.php
+++ b/program/lib/MDB2/Driver/Native/sqlite.php
@@ -2,7 +2,7 @@
 // +----------------------------------------------------------------------+
 // | PHP versions 4 and 5                                                 |
 // +----------------------------------------------------------------------+
-// | Copyright (c) 1998-2004 Manuel Lemos, Tomas V.V.Cox,                 |
+// | Copyright (c) 1998-2006 Manuel Lemos, Tomas V.V.Cox,                 |
 // | Stig. S. Bakken, Lukas Smith                                         |
 // | All rights reserved.                                                 |
 // +----------------------------------------------------------------------+
@@ -39,51 +39,22 @@
 // | WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE          |
 // | POSSIBILITY OF SUCH DAMAGE.                                          |
 // +----------------------------------------------------------------------+
-// | Author: Lukas Smith <smith@backendmedia.com>                         |
+// | Author: Lukas Smith <smith@pooteeweet.org>                           |
 // +----------------------------------------------------------------------+
 //
-// $Id$
+// $Id: sqlite.php 215004 2006-06-18 21:59:05Z lsmith $
 //
+
+require_once 'MDB2/Driver/Native/Common.php';
 
 /**
  * MDB2 SQLite driver for the native module
  *
  * @package MDB2
  * @category Database
- * @author  Lukas Smith <smith@backendmedia.com>
+ * @author  Lukas Smith <smith@pooteeweet.org>
  */
-class MDB2_Driver_Native_sqlite
+class MDB2_Driver_Native_sqlite extends MDB2_Driver_Native_Common
 {
-    var $db_index;
-
-    // {{{ constructor
-
-    /**
-     * Constructor
-     */
-    function __construct($db_index)
-    {
-        $this->db_index = $db_index;
-    }
-
-    function MDB2_Driver_Native_sqlite($db_index)
-    {
-        $this->__construct($db_index);
-    }
-
-    // }}}
-    // {{{ getInsertID()
-
-    /**
-     * get last insert ID
-     *
-     * @return mixed MDB2 Error Object or id
-     * @access public
-     */
-    function getInsertID()
-    {
-        $db =& $GLOBALS['_MDB2_databases'][$this->db_index];
-        return @sqlite_last_insert_rowid($db->connection);
-    }
 }
 ?>
\ No newline at end of file

--
Gitblit v1.9.1