chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Removing double validation: Database::escape_string + Security::remove_XSS

Browse Source
skala
Julio Montoya 16 years ago
parent 3692c8043d
commit 0481770f83
7 changed files with 18 additions and 22 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 11
      main/document/edit_document.php
  2. 8
      main/dropbox/dropbox_functions.inc.php
  3. 2
      main/exercice/exercice.php
  4. 5
      main/exercice/exercise.class.php
  5. 8
      main/exercice/question.class.php
  6. 2
      main/forum/forumfunction.inc.php
  7. 4
      main/inc/lib/notebook.lib.php

11
main/document/edit_document.php
Unescape View File

@ -255,9 +255,9 @@ function change_name($base_work_dir, $source_file, $rename_to, $dir, $doc) {
if (isset($_POST['newComment'])) {
// Fixing the path if it is wrong
$commentPath = str_replace('//', '/', Database::escape_string(Security::remove_XSS($_POST['commentPath'])));
$newComment = trim(Database::escape_string(Security::remove_XSS($_POST['newComment']))); // Remove spaces
$newTitle = trim(Database::escape_string(Security::remove_XSS($_POST['newTitle']))); // Remove spaces
$commentPath = str_replace('//', '/', Database::escape_string(Security::remove_XSS($_POST['commentPath'])));
$newComment = trim(Database::escape_string($_POST['newComment'])); // Remove spaces
$newTitle = trim(Database::escape_string($_POST['newTitle'])); // Remove spaces
// Check whether there is already a database record for this file
$result = Database::query ("SELECT * FROM $dbTable WHERE path LIKE BINARY '".$commentPath."'");
while ($row = Database::fetch_array($result, 'ASSOC')) {
@ -267,9 +267,8 @@ if (isset($_POST['newComment'])) {
// Determine the correct query to the DB,
// new code always keeps document in database
$query = "UPDATE $dbTable
SET comment='".$newComment."', title='".$newTitle."'
WHERE path
LIKE BINARY '".$commentPath."'";
SET comment='".$newComment."', title='".$newTitle."'
WHERE path LIKE BINARY '".$commentPath."'";
Database::query($query);
$oldComment = $newComment;
$oldTitle = $newTitle;

8
main/dropbox/dropbox_functions.inc.php
Unescape View File

@ -339,22 +339,22 @@ function store_addcategory() {
if (!$_POST['edit_id']) {
$session_id = api_get_session_id();
// step 3a, we check if the category doesn't already exist
$sql = "SELECT * FROM ".$dropbox_cnf['tbl_category']." WHERE user_id='".$_user['user_id']."' AND cat_name='".Database::escape_string(Security::remove_XSS($_POST['category_name']))."' AND received='".$received."' AND sent='$sent' AND session_id='$session_id'";
$sql = "SELECT * FROM ".$dropbox_cnf['tbl_category']." WHERE user_id='".$_user['user_id']."' AND cat_name='".Database::escape_string($_POST['category_name'])."' AND received='".$received."' AND sent='$sent' AND session_id='$session_id'";
$result = Database::query($sql);
// step 3b, we add the category if it does not exist yet.
if (Database::num_rows($result) == 0) {
$sql = "INSERT INTO ".$dropbox_cnf['tbl_category']." (cat_name, received, sent, user_id, session_id)
VALUES ('".Database::escape_string(Security::remove_XSS($_POST['category_name']))."', '".Database::escape_string($received)."', '".Database::escape_string($sent)."', '".Database::escape_string($_user['user_id'])."',$session_id)";
VALUES ('".Database::escape_string($_POST['category_name'])."', '".Database::escape_string($received)."', '".Database::escape_string($sent)."', '".Database::escape_string($_user['user_id'])."',$session_id)";
Database::query($sql);
return array('type' => 'confirmation', 'message' => get_lang('CategoryStored'));
} else {
return array('type' => 'error', 'message' => get_lang('CategoryAlreadyExistsEditIt'));
}
} else {
$sql = "UPDATE ".$dropbox_cnf['tbl_category']." SET cat_name='".Database::escape_string(Security::remove_XSS($_POST['category_name']))."', received='".Database::escape_string($received)."' , sent='".Database::escape_string($sent)."'
$sql = "UPDATE ".$dropbox_cnf['tbl_category']." SET cat_name='".Database::escape_string($_POST['category_name'])."', received='".Database::escape_string($received)."' , sent='".Database::escape_string($sent)."'
WHERE user_id='".Database::escape_string($_user['user_id'])."'
AND cat_id='".Database::escape_string(Security::remove_XSS($_POST['edit_id']))."'";
AND cat_id='".Database::escape_string($_POST['edit_id'])."'";
Database::query($sql);
return array('type' => 'confirmation', 'message' => get_lang('CategoryModified'));
}

2
main/exercice/exercice.php
Unescape View File

@ -274,7 +274,7 @@ if ($show == 'result' && $_REQUEST['comments'] == 'update' && ($is_allowedToEdit
//search items
if (isset($_POST['my_exe_exo_id']) && isset($_POST['student_id'])) {
$sql_lp='SELECT li.id as lp_item_id,li.lp_id,li.item_type,li.path,liv.id AS lp_view_id,liv.user_id,max(liv.view_count) AS view_count FROM '.$TBL_LP_ITEM.' li
INNER JOIN '.$TBL_LP_VIEW.' liv ON li.lp_id=liv.lp_id WHERE li.path="'.Database::escape_string(Security::remove_XSS($_POST['my_exe_exo_id'])).'" AND li.item_type="quiz" AND user_id="'.Database::escape_string($_POST['student_id']).'" ';
INNER JOIN '.$TBL_LP_VIEW.' liv ON li.lp_id=liv.lp_id WHERE li.path="'.Database::escape_string($_POST['my_exe_exo_id']).'" AND li.item_type="quiz" AND user_id="'.Database::escape_string($_POST['student_id']).'" ';
$rs_lp=Database::query($sql_lp);
if (!($rs_lp===false)) {
$row_lp=Database::fetch_array($rs_lp);

5
main/exercice/exercise.class.php
Unescape View File

@ -571,10 +571,7 @@ class Exercise
// exercise already exists
if($id) {
/*
title='".Database::escape_string(Security::remove_XSS($exercise))."',
description='".Database::escape_string(Security::remove_XSS(api_html_entity_decode($description),COURSEMANAGERLOWSECURITY))."'";
*/
$sql="UPDATE $TBL_EXERCICES SET
title='".Database::escape_string($exercise)."',
description='".Database::escape_string($description)."'";

8
main/exercice/question.class.php
Unescape View File

@ -587,8 +587,8 @@ abstract class Question
// question already exists
if(!empty($id)) {
$sql="UPDATE $TBL_QUESTIONS SET
question ='".Database::escape_string(Security::remove_XSS($question))."',
description ='".Database::escape_string(Security::remove_XSS(api_html_entity_decode($description),COURSEMANAGERLOWSECURITY))."',
question ='".Database::escape_string($question)."',
description ='".Database::escape_string($description)."',
ponderation ='".Database::escape_string($weighting)."',
position ='".Database::escape_string($position)."',
type ='".Database::escape_string($type)."',
@ -619,8 +619,8 @@ abstract class Question
$position = $this -> position;
$sql="INSERT INTO $TBL_QUESTIONS(question,description,ponderation,position,type,picture,level) VALUES(
'".Database::escape_string(Security::remove_XSS($question))."',
'".Database::escape_string(Security::remove_XSS(api_html_entity_decode($description),COURSEMANAGERLOWSECURITY))."',
'".Database::escape_string($question)."',
'".Database::escape_string($description)."',
'".Database::escape_string($weighting)."',
'".Database::escape_string($position)."',
'".Database::escape_string($type)."',

2
main/forum/forumfunction.inc.php
Unescape View File

@ -580,7 +580,7 @@ function store_forum($values) {
$sql="UPDATE ".$table_forums." SET
forum_title='".$clean_title."',
".$sql_image."
forum_comment='".Database::escape_string(Security::remove_XSS(stripslashes(api_html_entity_decode($values['forum_comment'])),COURSEMANAGERLOWSECURITY))."',
forum_comment='".Database::escape_string($values['forum_comment'])."',
forum_category='".Database::escape_string($values['forum_category'])."',
allow_anonymous='".Database::escape_string(isset($values['allow_anonymous_group']['allow_anonymous'])?$values['allow_anonymous_group']['allow_anonymous']:null)."',
allow_edit='".Database::escape_string($values['students_can_edit_group']['students_can_edit'])."',

4
main/inc/lib/notebook.lib.php
Unescape View File

@ -109,8 +109,8 @@ class NotebookManager
user_id = '".Database::escape_string(api_get_user_id())."',
course = '".Database::escape_string(api_get_course_id())."',
session_id = '".Database::escape_string($_SESSION['id_session'])."',
title = '".Database::escape_string(Security::remove_XSS($values['note_title']))."',
description = '".Database::escape_string(Security::remove_XSS(stripslashes(api_html_entity_decode($values['note_comment'])),COURSEMANAGERLOWSECURITY))."',
title = '".Database::escape_string($values['note_title'])."',
description = '".Database::escape_string($values['note_comment'])."',
update_date = '".Database::escape_string(date('Y-m-d H:i:s'))."'
WHERE notebook_id = '".Database::escape_string($values['notebook_id'])."'";
$result = Database::query($sql);

Write Preview
Loading…
Cancel
Save