Private GIT

Skip to content
Snippets Groups Projects
Commit 1b59cdb7 authored by Maximilien Bersoult's avatar Maximilien Bersoult Committed by Stephane Chapron
Browse files

fix(sec): Fix SQL Injection in administration logs 

* Fix SQL Injection in Administration logs in search fields
parent 6e736bb1
Branches
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
www/include/Administration/configChangelog/viewLogs.ihtml
+ 3
3
View file @ 1b59cdb7
...@@ -11,8 +11,8 @@ ...@@ -11,8 +11,8 @@
<td></td> <td></td>
</tr> </tr>
<tr> <tr>
<td><input type='text' name='searchO' value='{$searchO}' /></td> <td><input type='text' name='searchO' value="{$searchO}" /></td>
<td><input type='text' name='searchU' value='{$searchU}' /></td> <td><input type='text' name='searchU' value="{$searchU}" /></td>
<td><select name='otype'>{$obj_type}</select></td> <td><select name='otype'>{$obj_type}</select></td>
<td><input type='submit' class="btc bt_success" name='SearchB' value='{$Search}' /></td> <td><input type='submit' class="btc bt_success" name='SearchB' value='{$Search}' /></td>
</tr> </tr>
......
www/include/Administration/configChangelog/viewLogs.php
+ 12
9
View file @ 1b59cdb7
...@@ -44,7 +44,10 @@ function searchUserName($user_name) ...@@ -44,7 +44,10 @@ function searchUserName($user_name)
global $pearDB; global $pearDB;
$str = ""; $str = "";
$DBRES = $pearDB->query("SELECT contact_id FROM contact WHERE contact_name LIKE '%".$user_name."%' OR contact_alias LIKE '%".$user_name."%'"); $DBRES = $pearDB->query("SELECT contact_id
FROM contact
WHERE contact_name LIKE '%" . $pearDB->escape($user_name) . "%'
OR contact_alias LIKE '%" . $pearDB->escape($user_name) . "%'");
while ($row = $DBRES->fetchRow()) { while ($row = $DBRES->fetchRow()) {
if ($str != "") { if ($str != "") {
$str .= ", "; $str .= ", ";
...@@ -166,7 +169,7 @@ if ($searchO) { ...@@ -166,7 +169,7 @@ if ($searchO) {
} else { } else {
$query .= " AND "; $query .= " AND ";
} }
$query .= " object_name LIKE '%".$searchO."%' "; $query .= " object_name LIKE '%" . $pearDB->escape($searchO) . "%' ";
} }
if ($searchU) { if ($searchU) {
if ($where_flag) { if ($where_flag) {
...@@ -313,8 +316,8 @@ $tpl->assign('form', $renderer->toArray()); ...@@ -313,8 +316,8 @@ $tpl->assign('form', $renderer->toArray());
$tpl->assign('search_object_str', _("Object")); $tpl->assign('search_object_str', _("Object"));
$tpl->assign('search_user_str', _("User")); $tpl->assign('search_user_str', _("User"));
$tpl->assign('Search', _('Search')); $tpl->assign('Search', _('Search'));
$tpl->assign('searchO', $searchO); $tpl->assign('searchO', htmlentities($searchO));
$tpl->assign('searchU', $searchU); $tpl->assign('searchU', htmlentities($searchU));
$tpl->assign('obj_str', _("Object Type")); $tpl->assign('obj_str', _("Object Type"));
$tpl->assign('type_id', $otype); $tpl->assign('type_id', $otype);
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment

Another place to be (or not)