From: Harris Wong Date: Tue, 27 Sep 2011 20:32:14 +0000 (-0000) Subject: 4811: Multiple vulnerabilities fixed as listed on the tracker. X-Git-Tag: v1.2~21 X-Git-Url: https://iam.tj/gitweb/gitweb.cgi?p=acontent.git;a=commitdiff_plain;h=6a0ceb0a0e76117c8fb82f71624eb3713e54de03 4811: Multiple vulnerabilities fixed as listed on the tracker. --- diff --git a/docs/include/classes/DAO/LanguagesDAO.class.php b/docs/include/classes/DAO/LanguagesDAO.class.php index 74be470..4662771 100644 --- a/docs/include/classes/DAO/LanguagesDAO.class.php +++ b/docs/include/classes/DAO/LanguagesDAO.class.php @@ -88,8 +88,8 @@ class LanguagesDAO extends DAO { if ($fieldValue == '') return false; $sql = "UPDATE ".TABLE_PREFIX."languages - SET ".$fieldName."='".$addslashes($fieldValue)."' - WHERE language_code = '".$langCode."'"; + SET ".$addslashes($fieldName)."='".$addslashes($fieldValue)."' + WHERE language_code = '".$addslashes($langCode)."'"; return $this->execute($sql); } diff --git a/docs/include/classes/DAO/MyownPatchesDAO.class.php b/docs/include/classes/DAO/MyownPatchesDAO.class.php index 093f5d9..4fa9112 100644 --- a/docs/include/classes/DAO/MyownPatchesDAO.class.php +++ b/docs/include/classes/DAO/MyownPatchesDAO.class.php @@ -104,7 +104,7 @@ class MyownPatchesDAO extends DAO { return array(_AT('TR_ERROR_EMPTY_FIELD')); $sql = "UPDATE ".TABLE_PREFIX."myown_patches - SET ".$fieldName."='".$addslashes($fieldValue)."' + SET ".$addslashes($fieldName)."='".$addslashes($fieldValue)."' WHERE myown_patch_id = ".$myownPatchID; return $this->execute($sql); diff --git a/docs/include/classes/DAO/OAuthServerConsumersDAO.class.php b/docs/include/classes/DAO/OAuthServerConsumersDAO.class.php index a7d5ccc..a8d7dee 100644 --- a/docs/include/classes/DAO/OAuthServerConsumersDAO.class.php +++ b/docs/include/classes/DAO/OAuthServerConsumersDAO.class.php @@ -164,7 +164,8 @@ class OAuthServerConsumersDAO extends DAO { */ function getByConsumer($consumer) { - $sql = "SELECT * FROM ".TABLE_PREFIX."oauth_server_consumers WHERE consumer='".$consumer."'"; + global $addslashes; + $sql = "SELECT * FROM ".TABLE_PREFIX."oauth_server_consumers WHERE consumer='".$addslashes($consumer)."'"; return $this->execute($sql); } diff --git a/docs/include/classes/DAO/OAuthServerTokensDAO.class.php b/docs/include/classes/DAO/OAuthServerTokensDAO.class.php index 1b9ae96..2187ed6 100644 --- a/docs/include/classes/DAO/OAuthServerTokensDAO.class.php +++ b/docs/include/classes/DAO/OAuthServerTokensDAO.class.php @@ -89,9 +89,10 @@ class OAuthServerTokensDAO extends DAO { */ function updateUserIDByToken($token, $user_id) { + global $addslashes; $sql = "UPDATE ".TABLE_PREFIX."oauth_server_tokens SET user_id = ".$user_id." - WHERE token = '".$token."'"; + WHERE token = '".$addslashes($token)."'"; return $this->execute($sql); } @@ -150,9 +151,10 @@ class OAuthServerTokensDAO extends DAO { */ function getByTokenAndType($token, $token_type) { + global $addslashes; $sql = "SELECT * FROM ".TABLE_PREFIX."oauth_server_tokens - WHERE token = '".$token."' - AND token_type = '".$token_type."'"; + WHERE token = '".$addslashes($token)."' + AND token_type = '".$addslashes($token_type)."'"; return $this->execute($sql); } diff --git a/docs/include/classes/DAO/UsersDAO.class.php b/docs/include/classes/DAO/UsersDAO.class.php index f646ec0..b159ee6 100644 --- a/docs/include/classes/DAO/UsersDAO.class.php +++ b/docs/include/classes/DAO/UsersDAO.class.php @@ -252,8 +252,8 @@ class UsersDAO extends DAO { } $sql = "UPDATE ".TABLE_PREFIX."users - SET ".$fieldName."='".$addslashes($fieldValue)."' - WHERE user_id = ".$userID; + SET ".$addslashes($fieldName)."='".$addslashes($fieldValue)."' + WHERE user_id = ".intval($userID); return $this->execute($sql); } diff --git a/docs/search.php b/docs/search.php index e960985..05e0cc0 100644 --- a/docs/search.php +++ b/docs/search.php @@ -63,10 +63,10 @@ if (is_array($errors)) } $coursesDAO = new CoursesDAO(); -$results = $coursesDAO->getSearchResult($keywords, '', $start, $maxResults); +$results = $coursesDAO->getSearchResult($addslashes($keywords), '', $start, $maxResults); // get total number of search results regardless of $maxResults -$all_results = $coursesDAO->getSearchResult($keywords); +$all_results = $coursesDAO->getSearchResult($addslashes($keywords)); if (is_array($all_results)) $total_num = count($all_results); else $total_num = 0;