From 1b59cdb7feeffb4f973e9314b11d8ca05267d682 Mon Sep 17 00:00:00 2001 From: Maximilien Bersoult <mbersoult@centreon.com> Date: Mon, 30 Apr 2018 12:26:26 +0200 Subject: [PATCH] fix(sec): Fix SQL Injection in administration logs * Fix SQL Injection in Administration logs in search fields --- .../configChangelog/viewLogs.ihtml | 6 +++--- .../configChangelog/viewLogs.php | 21 +++++++++++-------- 2 files changed, 15 insertions(+), 12 deletions(-) diff --git a/www/include/Administration/configChangelog/viewLogs.ihtml b/www/include/Administration/configChangelog/viewLogs.ihtml index 70deff5242..0d76a131fe 100644 --- a/www/include/Administration/configChangelog/viewLogs.ihtml +++ b/www/include/Administration/configChangelog/viewLogs.ihtml @@ -11,8 +11,8 @@ <td></td> </tr> <tr> - <td><input type='text' name='searchO' value='{$searchO}' /></td> - <td><input type='text' name='searchU' value='{$searchU}' /></td> + <td><input type='text' name='searchO' value="{$searchO}" /></td> + <td><input type='text' name='searchU' value="{$searchU}" /></td> <td><select name='otype'>{$obj_type}</select></td> <td><input type='submit' class="btc bt_success" name='SearchB' value='{$Search}' /></td> </tr> @@ -29,7 +29,7 @@ <table class="ListTable"> <tr class="ListHeader"> <td class="ListColHeaderCenter" style='width:120px'>{t}Date{/t}</td> - <td class="ListColHeaderCenter" style="white-space:nowrap;">{t}Modificaton type{/t}</td> + <td class="ListColHeaderCenter" style="white-space:nowrap;">{t}Modificaton type{/t}</td> <td class="ListColHeaderCenter" style="white-space:nowrap;">{t}Objects{/t}</td> <td class="ListColHeaderCenter" style="white-space:nowrap;">{t}Object Name{/t}</td> <td class="ListColHeaderCenter" style="white-space:nowrap;">{t}Authors{/t}</td> diff --git a/www/include/Administration/configChangelog/viewLogs.php b/www/include/Administration/configChangelog/viewLogs.php index 83312fa182..5df5fec59b 100644 --- a/www/include/Administration/configChangelog/viewLogs.php +++ b/www/include/Administration/configChangelog/viewLogs.php @@ -43,8 +43,11 @@ function searchUserName($user_name) { global $pearDB; $str = ""; - - $DBRES = $pearDB->query("SELECT contact_id FROM contact WHERE contact_name LIKE '%".$user_name."%' OR contact_alias LIKE '%".$user_name."%'"); + + $DBRES = $pearDB->query("SELECT contact_id + FROM contact + WHERE contact_name LIKE '%" . $pearDB->escape($user_name) . "%' + OR contact_alias LIKE '%" . $pearDB->escape($user_name) . "%'"); while ($row = $DBRES->fetchRow()) { if ($str != "") { $str .= ", "; @@ -166,7 +169,7 @@ if ($searchO) { } else { $query .= " AND "; } - $query .= " object_name LIKE '%".$searchO."%' "; + $query .= " object_name LIKE '%" . $pearDB->escape($searchO) . "%' "; } if ($searchU) { if ($where_flag) { @@ -313,8 +316,8 @@ $tpl->assign('form', $renderer->toArray()); $tpl->assign('search_object_str', _("Object")); $tpl->assign('search_user_str', _("User")); $tpl->assign('Search', _('Search')); -$tpl->assign('searchO', $searchO); -$tpl->assign('searchU', $searchU); +$tpl->assign('searchO', htmlentities($searchO)); +$tpl->assign('searchU', htmlentities($searchU)); $tpl->assign('obj_str', _("Object Type")); $tpl->assign('type_id', $otype); @@ -322,8 +325,8 @@ $tpl->assign('event_type', _("Event Type")); $tpl->assign('time', _("Time")); $tpl->assign('contact', _("Contact")); -/* - * Pagination +/* + * Pagination */ $tpl->assign('limit', $limit); $tpl->assign('rows', $rows); @@ -339,13 +342,13 @@ if (isset($_POST['searchO']) || isset($_POST['searchU']) || isset($_POST['otype' $listAction = $centreon->CentreonLogAction->listAction($_GET['object_id'], $_GET['object_type']); $listModification = array(); $listModification = $centreon->CentreonLogAction->listModification($_GET['object_id'], $_GET['object_type']); - + if (isset($listAction)) { $tpl->assign("action", $listAction); } if (isset($listModification)) { $tpl->assign("modification", $listModification); } - + $tpl->display("viewLogsDetails.ihtml"); } -- GitLab