Difference between revisions of "Issue:SQL injection"

From FollowTheScore
Jump to: navigation, search
(New page: {{Issue |Type = Bug |Extension = DPL |Version = 1.6.3 |Description = SQL injection via (Not)Created/(Last)ModifiedBy |Status = open }} == Problem == <pre> Index: D...)
 
 
Line 4: Line 4:
 
  |Version    = 1.6.3
 
  |Version    = 1.6.3
 
  |Description = SQL injection via (Not)Created/(Last)ModifiedBy
 
  |Description = SQL injection via (Not)Created/(Last)ModifiedBy
  |Status      = open
+
  |Status      = closed
 
}}
 
}}
  
Line 51: Line 51:
  
 
== Reply ==
 
== Reply ==
 +
Thank you. The change will be part of DPL rev. 1.6.6
 +
:[[User:Gero|Gero]] 08:13, 20 January 2008 (CET)

Latest revision as of 09:13, 20 January 2008

Description: SQL injection via (Not)Created/(Last)ModifiedBy
Extension / Version: DPL   /   1.6.3
Type / Status: Bug   /   closed

Problem

Index: DynamicPageList2.php
===================================================================
--- DynamicPageList2.php        (revision 8500)
+++ DynamicPageList2.php        (revision 8589)
@@ -2410,26 +2410,26 @@
         
         // Revisions ==================================
         if ( $sCreatedBy != "" ) {
-            $sSqlCond_page_rev .= ' AND \''.$sCreatedBy.'\' = (select rev_user_text from '.$sRevisionTable
+            $sSqlCond_page_rev .= ' AND ' . $dbr->addQuotes($sCreatedBy) . ' = (select rev_user_text from '.$sRevisionTable
                                 .' where '.$sRevisionTable.'.rev_page=page_id order by '.$sRevisionTable.'.rev_timestamp ASC limit 1)';
         }
         if ( $sNotCreatedBy != "" ) {
-            $sSqlCond_page_rev .= ' AND \''.$sNotCreatedBy.'\' != (select rev_user_text from '.$sRevisionTable
+            $sSqlCond_page_rev .= ' AND ' . $dbr->addQuotes($sNotCreatedBy) . ' != (select rev_user_text from '.$sRevisionTable
                                 .' where '.$sRevisionTable.'.rev_page=page_id order by '.$sRevisionTable.'.rev_timestamp ASC limit 1)';
         }
         if ( $sModifiedBy != "" ) {
-            $sSqlCond_page_rev .= ' AND \''.$sModifiedBy.'\' in (select rev_user_text from '.$sRevisionTable
+            $sSqlCond_page_rev .= ' AND ' . $dbr->addQuotes($sModifiedBy) . ' in (select rev_user_text from '.$sRevisionTable
                                 .' where '.$sRevisionTable.'.rev_page=page_id)';
         }
         if ( $sNotModifiedBy != "" ) {
-            $sSqlCond_page_rev .= ' AND \''.$sNotModifiedBy.'\' not in (select rev_user_text from '.$sRevisionTable.' where '.$sRevisionTable.'.rev_page=page_id)';
+            $sSqlCond_page_rev .= ' AND ' . $dbr->addQuotes($sNotModifiedBy) . ' not in (select rev_user_text from '.$sRevisionTable.' where '.$sRevisionTable.'.rev_page=page_id)';
         }
         if ( $sLastModifiedBy != "" ) {
-            $sSqlCond_page_rev .= ' AND \''.$sLastModifiedBy.'\' = (select rev_user_text from '.$sRevisionTable
+            $sSqlCond_page_rev .= ' AND ' . $dbr->addQuotes($sLastModifiedBy) . ' = (select rev_user_text from '.$sRevisionTable
                                 .' where '.$sRevisionTable.'.rev_page=page_id order by '.$sRevisionTable.'.rev_timestamp DESC limit 1)';
         }
         if ( $sNotLastModifiedBy != "" ) {
-            $sSqlCond_page_rev .= ' AND \''.$sNotLastModifiedBy.'\' != (select rev_user_text from '.$sRevisionTable
+            $sSqlCond_page_rev .= ' AND ' . $dbr->addQuotes($sNotLastModifiedBy) . ' != (select rev_user_text from '.$sRevisionTable
                                 .' where '.$sRevisionTable.'.rev_page=page_id order by '.$sRevisionTable.'.rev_timestamp DESC limit 1)';
         }


Reply

Thank you. The change will be part of DPL rev. 1.6.6

Gero 08:13, 20 January 2008 (CET)
Retrieved from "http://followthescore.org/dpldemo/index.php?title=Issue:SQL_injection&oldid=9174"