diff options
| author | Robin Appelman <icewind1991@gmail.com> | 2011-09-17 02:29:35 +0200 |
|---|---|---|
| committer | Robin Appelman <icewind1991@gmail.com> | 2011-09-17 02:30:00 +0200 |
| commit | d0d3fecc9502733fadfa358bcb5e0e2baf46f224 (patch) | |
| tree | 08fdf319123fd9b27c5b734a142a73df460b5a31 /apps/unhosted | |
| parent | f0da2a22580f1b3cde6eb36711a6070175617010 (diff) | |
| download | nextcloud-server-d0d3fecc9502733fadfa358bcb5e0e2baf46f224.tar.gz nextcloud-server-d0d3fecc9502733fadfa358bcb5e0e2baf46f224.zip | |
no need to escape values when using prepared statements
Diffstat (limited to 'apps/unhosted')
| -rw-r--r-- | apps/unhosted/lib_unhosted.php | 8 |
1 files changed, 0 insertions, 8 deletions
diff --git a/apps/unhosted/lib_unhosted.php b/apps/unhosted/lib_unhosted.php index 304759c521c..59dc380c45c 100644 --- a/apps/unhosted/lib_unhosted.php +++ b/apps/unhosted/lib_unhosted.php @@ -2,9 +2,6 @@ class OC_UnhostedWeb { public static function getValidTokens($ownCloudUser, $userAddress, $dataScope) { - $user=OC_DB::escape($ownCloudUser); - $userAddress=OC_DB::escape($userAddress); - $dataScope=OC_DB::escape($dataScope); $query=OC_DB::prepare("SELECT token,appUrl FROM *PREFIX*authtoken WHERE user=? AND userAddress=? AND dataScope=? LIMIT 100"); $result=$query->execute(array($user,$userAddress,$dataScope)); if( PEAR::isError($result)) { @@ -43,7 +40,6 @@ class OC_UnhostedWeb { public static function deleteToken($token) { $user=OC_User::getUser(); - $token=OC_DB::escape($token); $query=OC_DB::prepare("DELETE FROM *PREFIX*authtoken WHERE token=? AND user=?"); $result=$query->execute(array($token,$user)); if( PEAR::isError($result)) { @@ -55,10 +51,6 @@ class OC_UnhostedWeb { } private static function addToken($token, $appUrl, $userAddress, $dataScope){ $user=OC_User::getUser(); - $token=OC_DB::escape($token); - $appUrl=OC_DB::escape($appUrl); - $userAddress=OC_DB::escape($userAddress); - $dataScope=OC_DB::escape($dataScope); $query=OC_DB::prepare("INSERT INTO *PREFIX*authtoken (`token`,`appUrl`,`user`,`userAddress`,`dataScope`) VALUES(?,?,?,?,?)"); $result=$query->execute(array($token,$appUrl,$user,$userAddress,$dataScope)); if( PEAR::isError($result)) { |