diff --git a/composer.json b/composer.json index bf45ebc..0b0a2d1 100644 --- a/composer.json +++ b/composer.json @@ -1,7 +1,6 @@ { "name": "privatebin/privatebin", "description": "PrivateBin is a minimalist, open source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256 bit AES in Galois Counter mode.", - "version": "0.22", "repositories": [ { "type": "vcs", diff --git a/lib/privatebin/db.php b/lib/privatebin/db.php index 2bbc03f..3f211c7 100644 --- a/lib/privatebin/db.php +++ b/lib/privatebin/db.php @@ -606,7 +606,7 @@ class privatebin_db extends privatebin_abstract */ private static function _sanitizeIdentifier($identifier) { - return self::$_prefix . preg_replace('/[^A-Za-z0-9_]+/', '', $identifier); + return preg_replace('/[^A-Za-z0-9_]+/', '', self::$_prefix . $identifier); } /** @@ -624,45 +624,42 @@ class privatebin_db extends privatebin_abstract case '0.21': // create the meta column if necessary (pre 0.21 change) try { - self::$_db->exec('SELECT meta FROM ' . self::$_prefix . 'paste LIMIT 1;'); + self::$_db->exec('SELECT meta FROM ' . self::_sanitizeIdentifier('paste') . ' LIMIT 1;'); } catch (PDOException $e) { - self::$_db->exec('ALTER TABLE ' . self::$_prefix . 'paste ADD COLUMN meta TEXT;'); + self::$_db->exec('ALTER TABLE ' . self::_sanitizeIdentifier('paste') . ' ADD COLUMN meta TEXT;'); } // SQLite only allows one ALTER statement at a time... self::$_db->exec( - 'ALTER TABLE ' . self::$_prefix . 'paste ADD COLUMN attachment MEDIUMBLOB;' + 'ALTER TABLE ' . self::_sanitizeIdentifier('paste') . ' ADD COLUMN attachment MEDIUMBLOB;' ); self::$_db->exec( - 'ALTER TABLE ' . self::$_prefix . 'paste ADD COLUMN attachmentname BLOB;' + 'ALTER TABLE ' . self::_sanitizeIdentifier('paste') . ' ADD COLUMN attachmentname BLOB;' ); // SQLite doesn't support MODIFY, but it allows TEXT of similar // size as BLOB, so there is no need to change it there if (self::$_type !== 'sqlite') { self::$_db->exec( - 'ALTER TABLE ' . self::$_prefix . 'paste ' . - 'ADD PRIMARY KEY (dataid),' . - 'MODIFY COLUMN data BLOB;' + 'ALTER TABLE ' . self::_sanitizeIdentifier('paste') . + ' ADD PRIMARY KEY (dataid), MODIFY COLUMN data BLOB;' ); self::$_db->exec( - 'ALTER TABLE ' . self::$_prefix . 'comment ' . - 'ADD PRIMARY KEY (dataid),' . - 'MODIFY COLUMN data BLOB, ' . - 'MODIFY COLUMN nickname BLOB, ' . - 'MODIFY COLUMN vizhash BLOB;' + 'ALTER TABLE ' . self::_sanitizeIdentifier('comment') . + ' ADD PRIMARY KEY (dataid), MODIFY COLUMN data BLOB, ' . + 'MODIFY COLUMN nickname BLOB, MODIFY COLUMN vizhash BLOB;' ); } else { self::$_db->exec( - 'CREATE UNIQUE INDEX primary ON ' . self::$_prefix . 'paste(dataid);' + 'CREATE UNIQUE INDEX primary ON ' . self::_sanitizeIdentifier('paste') . '(dataid);' ); self::$_db->exec( - 'CREATE UNIQUE INDEX primary ON ' . self::$_prefix . 'comment(dataid);' + 'CREATE UNIQUE INDEX primary ON ' . self::_sanitizeIdentifier('comment') . '(dataid);' ); } self::$_db->exec( - 'CREATE INDEX parent ON ' . self::$_prefix . 'comment(pasteid);' + 'CREATE INDEX parent ON ' . self::_sanitizeIdentifier('comment') . '(pasteid);' ); } }