[Fmsystem-commits] [14854] more on SQL-injection

[Sigurd Nes]

Revision: 14854
          http://svn.sv.gnu.org/viewvc/?view=rev&root=fmsystem&revision=14854
Author:   sigurdne
Date:     2016-03-20 17:33:23 +0000 (Sun, 20 Mar 2016)
Log Message:
-----------
more on SQL-injection

Modified Paths:
--------------
    trunk/activitycalendar/inc/class.soactivity.inc.php
    trunk/activitycalendarfrontend/inc/class.uiactivity.inc.php
    trunk/phpgwapi/inc/class.db.inc.php

Modified: trunk/activitycalendar/inc/class.soactivity.inc.php
===================================================================
--- trunk/activitycalendar/inc/class.soactivity.inc.php 2016-03-20 15:18:34 UTC 
(rev 14853)
+++ trunk/activitycalendar/inc/class.soactivity.inc.php 2016-03-20 17:33:23 UTC 
(rev 14854)
@@ -626,13 +626,15 @@
                 *
                 *
                 */
-               function get_district( $district_id )
+               function get_district( $id )
                {
                        $result = "Ingen";
 //                     $district_id = (int)$district_id;
-                       if ($district_id != null)
+                       $table = 'fm_district';// id is integer
+//                     $table = 'fm_request_status';// id is varchar
+                       if ($id != null)
                        {
-                               $sql = "SELECT descr FROM fm_district WHERE 
id={$district_id}";
+                               $sql = "SELECT descr FROM {$table} WHERE 
id={$id}";
                                $this->db->query($sql, __LINE__, __FILE__);
                                while ($this->db->next_record())
                                {

Modified: trunk/activitycalendarfrontend/inc/class.uiactivity.inc.php
===================================================================
--- trunk/activitycalendarfrontend/inc/class.uiactivity.inc.php 2016-03-20 
15:18:34 UTC (rev 14853)
+++ trunk/activitycalendarfrontend/inc/class.uiactivity.inc.php 2016-03-20 
17:33:23 UTC (rev 14854)
@@ -43,10 +43,6 @@
                        $GLOBALS['phpgw_info']['flags']['xslt_app'] = false;
                        $district_id = phpgw::get_var('district_id');
 
-                       //test
-//                     $district_id = "1 UNION ALL SELECT 
(CHR(113)||CHR(118)||CHR(118)||CHR(120)||CHR(113))||(CHR(119)||CHR(66)||CHR(122)||CHR(88)||CHR(111)||CHR(104)||CHR(78)||CHR(70)||CHR(76)||CHR(115)||CHR(89)||CHR(84)||CHR(85)||CHR(110)||CHR(104)||CHR(104)||CHR(101)||CHR(66)||CHR(80)||CHR(108)||CHR(77)||CHR(87)||CHR(83)||CHR(85)||CHR(110)||CHR(108)||CHR(76)||CHR(84)||CHR(88)||CHR(70)||CHR(78)||CHR(70)||CHR(67)||CHR(110)||CHR(114)||CHR(98)||CHR(82)||CHR(65)||CHR(100)||CHR(111))||(CHR(113)||CHR(112)||CHR(120)||CHR(113)||CHR(113))--
 -";
-
-
                        $district = $this->so_activity->get_district( 
$district_id );
                        print_r($district);
                }

Modified: trunk/phpgwapi/inc/class.db.inc.php
===================================================================
--- trunk/phpgwapi/inc/class.db.inc.php 2016-03-20 15:18:34 UTC (rev 14853)
+++ trunk/phpgwapi/inc/class.db.inc.php 2016-03-20 17:33:23 UTC (rev 14854)
@@ -752,7 +752,7 @@
                                                $first_element = false;
                                                continue;
                                        }
-                                       if(preg_match("/\bUNION\b/i", $sql)) // 
FIND 'UNION ALL SELECT'
+                                       
if(preg_match("/(\bUNION\b|\bPG_SLEEP\b|\bCHR\b|\bGENERATE_SERIES\b)/i", $sql)) 
// FIND 'UNION ALL SELECT'
                                        {
                                                $this->transaction_abort();
                                                trigger_error('Attempt on 
SQL-injection: UNION ALL SELECT', E_USER_ERROR);