Issue:SQL injection
From FollowTheScore
| Description: | SQL injection via (Not)Created/(Last)ModifiedBy |
| Extension / Version: | DPL / 1.6.3 |
| Type / Status: | Bug / closed |
Problem
Index: DynamicPageList2.php
===================================================================
--- DynamicPageList2.php (revision 8500)
+++ DynamicPageList2.php (revision 8589)
@@ -2410,26 +2410,26 @@
// Revisions ==================================
if ( $sCreatedBy != "" ) {
- $sSqlCond_page_rev .= ' AND \''.$sCreatedBy.'\' = (select rev_user_text from '.$sRevisionTable
+ $sSqlCond_page_rev .= ' AND ' . $dbr->addQuotes($sCreatedBy) . ' = (select rev_user_text from '.$sRevisionTable
.' where '.$sRevisionTable.'.rev_page=page_id order by '.$sRevisionTable.'.rev_timestamp ASC limit 1)';
}
if ( $sNotCreatedBy != "" ) {
- $sSqlCond_page_rev .= ' AND \''.$sNotCreatedBy.'\' != (select rev_user_text from '.$sRevisionTable
+ $sSqlCond_page_rev .= ' AND ' . $dbr->addQuotes($sNotCreatedBy) . ' != (select rev_user_text from '.$sRevisionTable
.' where '.$sRevisionTable.'.rev_page=page_id order by '.$sRevisionTable.'.rev_timestamp ASC limit 1)';
}
if ( $sModifiedBy != "" ) {
- $sSqlCond_page_rev .= ' AND \''.$sModifiedBy.'\' in (select rev_user_text from '.$sRevisionTable
+ $sSqlCond_page_rev .= ' AND ' . $dbr->addQuotes($sModifiedBy) . ' in (select rev_user_text from '.$sRevisionTable
.' where '.$sRevisionTable.'.rev_page=page_id)';
}
if ( $sNotModifiedBy != "" ) {
- $sSqlCond_page_rev .= ' AND \''.$sNotModifiedBy.'\' not in (select rev_user_text from '.$sRevisionTable.' where '.$sRevisionTable.'.rev_page=page_id)';
+ $sSqlCond_page_rev .= ' AND ' . $dbr->addQuotes($sNotModifiedBy) . ' not in (select rev_user_text from '.$sRevisionTable.' where '.$sRevisionTable.'.rev_page=page_id)';
}
if ( $sLastModifiedBy != "" ) {
- $sSqlCond_page_rev .= ' AND \''.$sLastModifiedBy.'\' = (select rev_user_text from '.$sRevisionTable
+ $sSqlCond_page_rev .= ' AND ' . $dbr->addQuotes($sLastModifiedBy) . ' = (select rev_user_text from '.$sRevisionTable
.' where '.$sRevisionTable.'.rev_page=page_id order by '.$sRevisionTable.'.rev_timestamp DESC limit 1)';
}
if ( $sNotLastModifiedBy != "" ) {
- $sSqlCond_page_rev .= ' AND \''.$sNotLastModifiedBy.'\' != (select rev_user_text from '.$sRevisionTable
+ $sSqlCond_page_rev .= ' AND ' . $dbr->addQuotes($sNotLastModifiedBy) . ' != (select rev_user_text from '.$sRevisionTable
.' where '.$sRevisionTable.'.rev_page=page_id order by '.$sRevisionTable.'.rev_timestamp DESC limit 1)';
}
Reply
Thank you. The change will be part of DPL rev. 1.6.6
- Gero 08:13, 20 January 2008 (CET)
