[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Fmsystem-commits] [14854] more on SQL-injection
From: |
Sigurd Nes |
Subject: |
[Fmsystem-commits] [14854] more on SQL-injection |
Date: |
Sun, 20 Mar 2016 17:33:23 +0000 |
Revision: 14854
http://svn.sv.gnu.org/viewvc/?view=rev&root=fmsystem&revision=14854
Author: sigurdne
Date: 2016-03-20 17:33:23 +0000 (Sun, 20 Mar 2016)
Log Message:
-----------
more on SQL-injection
Modified Paths:
--------------
trunk/activitycalendar/inc/class.soactivity.inc.php
trunk/activitycalendarfrontend/inc/class.uiactivity.inc.php
trunk/phpgwapi/inc/class.db.inc.php
Modified: trunk/activitycalendar/inc/class.soactivity.inc.php
===================================================================
--- trunk/activitycalendar/inc/class.soactivity.inc.php 2016-03-20 15:18:34 UTC
(rev 14853)
+++ trunk/activitycalendar/inc/class.soactivity.inc.php 2016-03-20 17:33:23 UTC
(rev 14854)
@@ -626,13 +626,15 @@
*
*
*/
- function get_district( $district_id )
+ function get_district( $id )
{
$result = "Ingen";
// $district_id = (int)$district_id;
- if ($district_id != null)
+ $table = 'fm_district';// id is integer
+// $table = 'fm_request_status';// id is varchar
+ if ($id != null)
{
- $sql = "SELECT descr FROM fm_district WHERE
id={$district_id}";
+ $sql = "SELECT descr FROM {$table} WHERE
id={$id}";
$this->db->query($sql, __LINE__, __FILE__);
while ($this->db->next_record())
{
Modified: trunk/activitycalendarfrontend/inc/class.uiactivity.inc.php
===================================================================
--- trunk/activitycalendarfrontend/inc/class.uiactivity.inc.php 2016-03-20
15:18:34 UTC (rev 14853)
+++ trunk/activitycalendarfrontend/inc/class.uiactivity.inc.php 2016-03-20
17:33:23 UTC (rev 14854)
@@ -43,10 +43,6 @@
$GLOBALS['phpgw_info']['flags']['xslt_app'] = false;
$district_id = phpgw::get_var('district_id');
- //test
-// $district_id = "1 UNION ALL SELECT
(CHR(113)||CHR(118)||CHR(118)||CHR(120)||CHR(113))||(CHR(119)||CHR(66)||CHR(122)||CHR(88)||CHR(111)||CHR(104)||CHR(78)||CHR(70)||CHR(76)||CHR(115)||CHR(89)||CHR(84)||CHR(85)||CHR(110)||CHR(104)||CHR(104)||CHR(101)||CHR(66)||CHR(80)||CHR(108)||CHR(77)||CHR(87)||CHR(83)||CHR(85)||CHR(110)||CHR(108)||CHR(76)||CHR(84)||CHR(88)||CHR(70)||CHR(78)||CHR(70)||CHR(67)||CHR(110)||CHR(114)||CHR(98)||CHR(82)||CHR(65)||CHR(100)||CHR(111))||(CHR(113)||CHR(112)||CHR(120)||CHR(113)||CHR(113))--
-";
-
-
$district = $this->so_activity->get_district(
$district_id );
print_r($district);
}
Modified: trunk/phpgwapi/inc/class.db.inc.php
===================================================================
--- trunk/phpgwapi/inc/class.db.inc.php 2016-03-20 15:18:34 UTC (rev 14853)
+++ trunk/phpgwapi/inc/class.db.inc.php 2016-03-20 17:33:23 UTC (rev 14854)
@@ -752,7 +752,7 @@
$first_element = false;
continue;
}
- if(preg_match("/\bUNION\b/i", $sql)) //
FIND 'UNION ALL SELECT'
+
if(preg_match("/(\bUNION\b|\bPG_SLEEP\b|\bCHR\b|\bGENERATE_SERIES\b)/i", $sql))
// FIND 'UNION ALL SELECT'
{
$this->transaction_abort();
trigger_error('Attempt on
SQL-injection: UNION ALL SELECT', E_USER_ERROR);
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Fmsystem-commits] [14854] more on SQL-injection,
Sigurd Nes <=