Issue:SQL injection

From FollowTheScore
Revision as of 22:24, 19 January 2008 by Ppiotr (talk | contribs) (New page: {{Issue |Type = Bug |Extension = DPL |Version = 1.6.3 |Description = SQL injection via (Not)Created/(Last)ModifiedBy |Status = open }} == Problem == <pre> Index: D...)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
Description: SQL injection via (Not)Created/(Last)ModifiedBy
Extension / Version: DPL   /   1.6.3
Type / Status: Bug   /   open

Problem

Index: DynamicPageList2.php
===================================================================
--- DynamicPageList2.php        (revision 8500)
+++ DynamicPageList2.php        (revision 8589)
@@ -2410,26 +2410,26 @@
         
         // Revisions ==================================
         if ( $sCreatedBy != "" ) {
-            $sSqlCond_page_rev .= ' AND \''.$sCreatedBy.'\' = (select rev_user_text from '.$sRevisionTable
+            $sSqlCond_page_rev .= ' AND ' . $dbr->addQuotes($sCreatedBy) . ' = (select rev_user_text from '.$sRevisionTable
                                 .' where '.$sRevisionTable.'.rev_page=page_id order by '.$sRevisionTable.'.rev_timestamp ASC limit 1)';
         }
         if ( $sNotCreatedBy != "" ) {
-            $sSqlCond_page_rev .= ' AND \''.$sNotCreatedBy.'\' != (select rev_user_text from '.$sRevisionTable
+            $sSqlCond_page_rev .= ' AND ' . $dbr->addQuotes($sNotCreatedBy) . ' != (select rev_user_text from '.$sRevisionTable
                                 .' where '.$sRevisionTable.'.rev_page=page_id order by '.$sRevisionTable.'.rev_timestamp ASC limit 1)';
         }
         if ( $sModifiedBy != "" ) {
-            $sSqlCond_page_rev .= ' AND \''.$sModifiedBy.'\' in (select rev_user_text from '.$sRevisionTable
+            $sSqlCond_page_rev .= ' AND ' . $dbr->addQuotes($sModifiedBy) . ' in (select rev_user_text from '.$sRevisionTable
                                 .' where '.$sRevisionTable.'.rev_page=page_id)';
         }
         if ( $sNotModifiedBy != "" ) {
-            $sSqlCond_page_rev .= ' AND \''.$sNotModifiedBy.'\' not in (select rev_user_text from '.$sRevisionTable.' where '.$sRevisionTable.'.rev_page=page_id)';
+            $sSqlCond_page_rev .= ' AND ' . $dbr->addQuotes($sNotModifiedBy) . ' not in (select rev_user_text from '.$sRevisionTable.' where '.$sRevisionTable.'.rev_page=page_id)';
         }
         if ( $sLastModifiedBy != "" ) {
-            $sSqlCond_page_rev .= ' AND \''.$sLastModifiedBy.'\' = (select rev_user_text from '.$sRevisionTable
+            $sSqlCond_page_rev .= ' AND ' . $dbr->addQuotes($sLastModifiedBy) . ' = (select rev_user_text from '.$sRevisionTable
                                 .' where '.$sRevisionTable.'.rev_page=page_id order by '.$sRevisionTable.'.rev_timestamp DESC limit 1)';
         }
         if ( $sNotLastModifiedBy != "" ) {
-            $sSqlCond_page_rev .= ' AND \''.$sNotLastModifiedBy.'\' != (select rev_user_text from '.$sRevisionTable
+            $sSqlCond_page_rev .= ' AND ' . $dbr->addQuotes($sNotLastModifiedBy) . ' != (select rev_user_text from '.$sRevisionTable
                                 .' where '.$sRevisionTable.'.rev_page=page_id order by '.$sRevisionTable.'.rev_timestamp DESC limit 1)';
         }
     


Reply