chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Add security fixes from 1.11.x

Browse Source
pull/3890/head
Julio Montoya 4 years ago
parent b19d9ed254
commit 806785dfb6
14 changed files with 48 additions and 36 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 6
      public/main/inc/lib/groupmanager.lib.php
  2. 23
      public/main/inc/lib/myspace.lib.php
  3. 2
      public/main/inc/lib/notebook.lib.php
  4. 14
      public/main/inc/lib/online.inc.php
  5. 10
      public/main/inc/lib/sessionmanager.lib.php
  6. 2
      public/main/inc/lib/statistics.lib.php
  7. 5
      public/main/inc/lib/tracking.lib.php
  8. 6
      public/main/inc/lib/usermanager.lib.php
  9. 2
      public/main/session/session_category_list.php
  10. 2
      public/main/session/session_course_list.php
  11. 2
      public/main/session/session_course_user_list.php
  12. 2
      public/main/user/subscribe_user.php
  13. 6
      public/main/webservices/cm_webservice_inbox.php
  14. 2
      public/main/webservices/cm_webservice_user.php

6
public/main/inc/lib/groupmanager.lib.php
Unescape View File

@ -1170,9 +1170,9 @@ class GroupManager
g.iid = $group_id"; g.iid = $group_id";
if (!empty($column) && !empty($direction)) { if (!empty($column) && !empty($direction)) {
$column = Database::escape_string($column, null, false); $column = Database::escape_string($column);
$direction = ('ASC' == $direction ? 'ASC' : 'DESC'); $direction = ('ASC' === $direction ? 'ASC' : 'DESC');
$sql .= " ORDER BY $column $direction"; $sql .= " ORDER BY `$column` $direction";
} }
if (!empty($start) && !empty($limit)) { if (!empty($start) && !empty($limit)) {

23
public/main/inc/lib/myspace.lib.php
Unescape View File

@ -556,7 +556,7 @@ class MySpace
} }
} }
if (!empty($order[$tracking_column])) { if (!empty($order[$tracking_column])) {
$sqlCoachs .= ' ORDER BY '.$order[$tracking_column].' '.$tracking_direction; $sqlCoachs .= " ORDER BY `".$order[$tracking_column]."` ".$tracking_direction;
} }
$result_coaches = Database::query($sqlCoachs); $result_coaches = Database::query($sqlCoachs);
@ -1499,6 +1499,12 @@ class MySpace
$column, $column,
$direction $direction
) { ) {
switch ($column) {
default:
case 1:
$column = 'title';
break;
}
$courses = CourseManager::get_courses_list( $courses = CourseManager::get_courses_list(
$from, $from,
$numberItems, $numberItems,
@ -1570,8 +1576,10 @@ class MySpace
null, null,
true true
); );
$progress += $progress_tmp[0]; if ($progress_tmp) {
$nb_progress_lp += $progress_tmp[1]; $progress += $progress_tmp[0];
$nb_progress_lp += $progress_tmp[1];
}
$score_tmp = Tracking::get_avg_student_score( $score_tmp = Tracking::get_avg_student_score(
$userId, $userId,
$course, $course,
@ -2505,9 +2513,9 @@ class MySpace
$direction = 'ASC'; $direction = 'ASC';
} }
$column = intval($column); $column = (int) $column;
$from = intval($from); $from = (int) $from;
$number_of_items = intval($number_of_items); $number_of_items = (int) $number_of_items;
$sql .= " ORDER BY col$column $direction "; $sql .= " ORDER BY col$column $direction ";
$sql .= " LIMIT $from,$number_of_items"; $sql .= " LIMIT $from,$number_of_items";
@ -2637,7 +2645,7 @@ class MySpace
} }
$order = [ $order = [
"$column $direction", " `$column` $direction",
]; ];
$userList = UserManager::get_user_list([], $order, $from, $numberItems); $userList = UserManager::get_user_list([], $order, $from, $numberItems);
$return = []; $return = [];
@ -3324,6 +3332,7 @@ class MySpace
$numberItems = (int) $numberItems; $numberItems = (int) $numberItems;
$column = (int) $column; $column = (int) $column;
$orderDirection = Database::escape_string($orderDirection); $orderDirection = Database::escape_string($orderDirection);
$orderDirection = !in_array(strtolower(trim($orderDirection)), ['asc', 'desc']) ? 'asc' : $orderDirection;
$user = Database::get_main_table(TABLE_MAIN_USER); $user = Database::get_main_table(TABLE_MAIN_USER);
$course = Database::get_main_table(TABLE_MAIN_COURSE); $course = Database::get_main_table(TABLE_MAIN_COURSE);

2
public/main/inc/lib/notebook.lib.php
Unescape View File

@ -216,7 +216,7 @@ class NotebookManager
// Database table definition // Database table definition
$table = Database::get_course_table(TABLE_NOTEBOOK); $table = Database::get_course_table(TABLE_NOTEBOOK);
$order_by = ' ORDER BY '.$notebookView." $sort_direction "; $order_by = " ORDER BY `$notebookView` $sort_direction ";
// Condition for the session // Condition for the session
$condition_session = api_get_session_condition($sessionId); $condition_session = api_get_session_condition($sessionId);

14
public/main/inc/lib/online.inc.php
Unescape View File

@ -10,9 +10,6 @@ use ChamiloSession as Session;
* @author Denes Nagy, principal author * @author Denes Nagy, principal author
* @author Bart Mollet * @author Bart Mollet
* @author Roan Embrechts, cleaning and bugfixing * @author Roan Embrechts, cleaning and bugfixing
*/
/**
* Insert a login reference for the current user into the track_e_online stats * Insert a login reference for the current user into the track_e_online stats
* table. This table keeps trace of the last login. Nothing else matters (we * table. This table keeps trace of the last login. Nothing else matters (we
* don't keep traces of anything older). * don't keep traces of anything older).
@ -287,12 +284,11 @@ function who_is_online(
} }
} }
$direction = strtolower($direction);
if (empty($direction)) { if (empty($direction)) {
$direction = 'DESC'; $direction = 'DESC';
} else { } else {
if (!in_array($direction, ['asc', 'desc'])) { if (!in_array(strtolower($direction), ['asc', 'desc'])) {
$direction = 'DESC'; $direction = 'DESC';
} }
} }
@ -313,14 +309,14 @@ function who_is_online(
friend_user_id <> '".api_get_user_id()."' AND friend_user_id <> '".api_get_user_id()."' AND
relation_type='".USER_RELATION_TYPE_FRIEND."' AND relation_type='".USER_RELATION_TYPE_FRIEND."' AND
user_id = '".api_get_user_id()."' user_id = '".api_get_user_id()."'
ORDER BY $column $direction ORDER BY `$column` $direction
LIMIT $from, $number_of_items"; LIMIT $from, $number_of_items";
} else { } else {
$query = "SELECT DISTINCT login_user_id, login_date $query = "SELECT DISTINCT login_user_id, login_date
FROM ".$track_online_table." e FROM ".$track_online_table." e
INNER JOIN ".$table_user." u ON (u.id = e.login_user_id) INNER JOIN ".$table_user." u ON (u.id = e.login_user_id)
WHERE u.status != ".ANONYMOUS." AND login_date >= '".$current_date."' WHERE u.status != ".ANONYMOUS." AND login_date >= '".$current_date."'
ORDER BY $column $direction ORDER BY `$column` $direction
LIMIT $from, $number_of_items"; LIMIT $from, $number_of_items";
} }
@ -336,7 +332,7 @@ function who_is_online(
login_date >= '".$current_date."' AND login_date >= '".$current_date."' AND
friend_user_id <> '".api_get_user_id()."' AND friend_user_id <> '".api_get_user_id()."' AND
relation_type='".USER_RELATION_TYPE_FRIEND."' relation_type='".USER_RELATION_TYPE_FRIEND."'
ORDER BY $column $direction ORDER BY `$column` $direction
LIMIT $from, $number_of_items"; LIMIT $from, $number_of_items";
} else { } else {
// all users online // all users online
@ -346,7 +342,7 @@ function who_is_online(
ON (u.id=track.login_user_id) ON (u.id=track.login_user_id)
WHERE u.status != ".ANONYMOUS." AND track.access_url_id = $access_url_id AND WHERE u.status != ".ANONYMOUS." AND track.access_url_id = $access_url_id AND
login_date >= '".$current_date."' login_date >= '".$current_date."'
ORDER BY $column $direction ORDER BY `$column` $direction
LIMIT $from, $number_of_items"; LIMIT $from, $number_of_items";
} }
} }

10
public/main/inc/lib/sessionmanager.lib.php
Unescape View File

@ -822,7 +822,7 @@ class SessionManager
$options $options
) { ) {
//escaping vars //escaping vars
$sessionId = 'T' == $sessionId ? 'T' : intval($sessionId); $sessionId = $sessionId === 'T' ? 'T' : intval($sessionId);
$courseId = intval($courseId); $courseId = intval($courseId);
//tables //tables
@ -832,7 +832,7 @@ class SessionManager
$course = api_get_course_info_by_id($courseId); $course = api_get_course_info_by_id($courseId);
$sessionCond = 'and session_id = %s'; $sessionCond = 'and session_id = %s';
if ('T' == $sessionId) { if ($sessionId === 'T') {
$sessionCond = ''; $sessionCond = '';
} }
@ -849,7 +849,7 @@ class SessionManager
$order = null; $order = null;
if (!empty($options['order'])) { if (!empty($options['order'])) {
$order = " ORDER BY ".$options['order']; $order = " ORDER BY ".$options['order']." ";
} }
$sql = "SELECT u.id as user_id, u.lastname, u.firstname, u.username, u.email, s.c_id $sql = "SELECT u.id as user_id, u.lastname, u.firstname, u.username, u.email, s.c_id
@ -878,7 +878,7 @@ class SessionManager
]; ];
$sessionCond = 'AND v.session_id = %d'; $sessionCond = 'AND v.session_id = %d';
if ('T' == $sessionId) { if ($sessionId == 'T') {
$sessionCond = ""; $sessionCond = "";
} }
@ -6235,7 +6235,7 @@ class SessionManager
if (!empty($column) && !empty($direction)) { if (!empty($column) && !empty($direction)) {
$column = str_replace('u.', '', $column); $column = str_replace('u.', '', $column);
$sql .= " ORDER BY $column $direction "; $sql .= " ORDER BY `$column` $direction ";
} }
$limitCondition = ''; $limitCondition = '';

2
public/main/inc/lib/statistics.lib.php
Unescape View File

@ -991,7 +991,7 @@ class Statistics
HAVING t.c_id <> '' HAVING t.c_id <> ''
AND DATEDIFF( '".api_get_utc_datetime()."' , access_date ) <= ".$date_diff; AND DATEDIFF( '".api_get_utc_datetime()."' , access_date ) <= ".$date_diff;
} }
$sql .= ' ORDER BY '.$columns[$column].' '.$sql_order[$direction]; $sql .= ' ORDER BY `'.$columns[$column].'` '.$sql_order[$direction];
$from = ($page_nr - 1) * $per_page; $from = ($page_nr - 1) * $per_page;
$sql .= ' LIMIT '.$from.','.$per_page; $sql .= ' LIMIT '.$from.','.$per_page;

5
public/main/inc/lib/tracking.lib.php
Unescape View File

@ -3828,7 +3828,7 @@ class Tracking
if (in_array($orderByName, ['name', 'access_start_date'])) { if (in_array($orderByName, ['name', 'access_start_date'])) {
$orderByDirection = in_array(strtolower($orderByDirection), ['asc', 'desc']) ? $orderByDirection : 'asc'; $orderByDirection = in_array(strtolower($orderByDirection), ['asc', 'desc']) ? $orderByDirection : 'asc';
$orderByName = Database::escape_string($orderByName); $orderByName = Database::escape_string($orderByName);
$orderBy .= " ORDER BY $orderByName $orderByDirection"; $orderBy .= " ORDER BY `$orderByName` $orderByDirection";
} }
} }
@ -7729,7 +7729,8 @@ class TrackingCourseLog
$table_item_property = Database::get_course_table(TABLE_ITEM_PROPERTY); $table_item_property = Database::get_course_table(TABLE_ITEM_PROPERTY);
$table_user = Database::get_main_table(TABLE_MAIN_USER); $table_user = Database::get_main_table(TABLE_MAIN_USER);
$table_session = Database::get_main_table(TABLE_MAIN_SESSION); $table_session = Database::get_main_table(TABLE_MAIN_SESSION);
$session_id = intval($session_id); $column = (int) $column;
$direction = !in_array(strtolower(trim($direction)), ['asc', 'desc']) ? 'asc' : $direction;
$sql = "SELECT $sql = "SELECT
tool as col0, tool as col0,

6
public/main/inc/lib/usermanager.lib.php
Unescape View File

@ -2163,8 +2163,8 @@ class UserManager
$field_filter = (int) $field_filter; $field_filter = (int) $field_filter;
$sqlf .= " AND filter = $field_filter "; $sqlf .= " AND filter = $field_filter ";
} }
$sqlf .= " ORDER BY ".$columns[$column]." $sort_direction "; $sqlf .= " ORDER BY `".$columns[$column]."` $sort_direction ";
if (0 != $number_of_items) { if ($number_of_items != 0) {
$sqlf .= " LIMIT ".intval($from).','.intval($number_of_items); $sqlf .= " LIMIT ".intval($from).','.intval($number_of_items);
} }
$resf = Database::query($sqlf); $resf = Database::query($sqlf);
@ -4650,7 +4650,7 @@ class UserManager
if (!empty($column) && !empty($direction)) { if (!empty($column) && !empty($direction)) {
// Fixing order due the UNIONs // Fixing order due the UNIONs
$column = str_replace('u.', '', $column); $column = str_replace('u.', '', $column);
$orderBy = " ORDER BY $column $direction "; $orderBy = " ORDER BY `$column` $direction ";
} }
} }

2
public/main/session/session_category_list.php
Unescape View File

@ -84,7 +84,7 @@ if (isset($_GET['search']) && 'advanced' === $_GET['search']) {
) as nbr_session ) as nbr_session
FROM $tbl_session_category sc FROM $tbl_session_category sc
$where $where
ORDER BY $sort $order ORDER BY `$sort` $order
LIMIT $from,".($limit + 1); LIMIT $from,".($limit + 1);
$query_rows = "SELECT count(*) as total_rows $query_rows = "SELECT count(*) as total_rows

2
public/main/session/session_course_list.php
Unescape View File

@ -58,7 +58,7 @@ $from = $page * $limit;
$sql = "SELECT c.id, c.code, c.title, nbr_users $sql = "SELECT c.id, c.code, c.title, nbr_users
FROM $tbl_session_rel_course, $tbl_course c FROM $tbl_session_rel_course, $tbl_course c
WHERE c_id = c.id AND session_id='$id_session' WHERE c_id = c.id AND session_id='$id_session'
ORDER BY $sort ORDER BY `$sort`
LIMIT $from,".($limit + 1); LIMIT $from,".($limit + 1);
$result = Database::query($sql); $result = Database::query($sql);
$Courses = Database::store_result($result); $Courses = Database::store_result($result);

2
public/main/session/session_course_user_list.php
Unescape View File

@ -102,7 +102,7 @@ $sql = "
WHERE WHERE
s.session_id = $id_session AND s.session_id = $id_session AND
url.access_url_id = $urlId url.access_url_id = $urlId
ORDER BY $sort $direction ORDER BY `$sort` $direction
LIMIT $from,".($limit + 1); LIMIT $from,".($limit + 1);
if ('desc' === $direction) { if ('desc' === $direction) {

2
public/main/user/subscribe_user.php
Unescape View File

@ -659,6 +659,8 @@ function get_user_data($from, $number_of_items, $column, $direction)
} }
$sql .= " AND u.status != ".ANONYMOUS." "; $sql .= " AND u.status != ".ANONYMOUS." ";
$column = (int) $column;
$direction = !in_array(strtolower(trim($direction)), ['asc', 'desc']) ? 'asc' : $direction;
// Sorting and pagination (used by the sortable table) // Sorting and pagination (used by the sortable table)
$sql .= " ORDER BY col$column $direction "; $sql .= " ORDER BY col$column $direction ";
$from = (int) $from; $from = (int) $from;

6
public/main/webservices/cm_webservice_inbox.php
Unescape View File

@ -106,13 +106,17 @@ class WSCMInbox extends WSCM
$from, $from,
$number_of_items $number_of_items
) { ) {
$from = (int) $from;
$number_of_items = (int) $number_of_items;
if ("valid" == $this->verifyUserPass($username, $password)) { if ("valid" == $this->verifyUserPass($username, $password)) {
$user_id = UserManager::get_user_id_from_username($username); $user_id = UserManager::get_user_id_from_username($username);
$table_message = Database::get_main_table(TABLE_MESSAGE); $table_message = Database::get_main_table(TABLE_MESSAGE);
$sql_query = "SELECT id FROM $table_message $sql_query = "SELECT id FROM $table_message
WHERE user_sender_id=".$user_id." AND msg_status=".MESSAGE_STATUS_OUTBOX." WHERE user_sender_id=".$user_id." AND msg_status=".MESSAGE_STATUS_OUTBOX."
ORDER BY send_date LIMIT $from,$number_of_items"; ORDER BY send_date
LIMIT $from,$number_of_items";
$sql_result = Database::query($sql_query); $sql_result = Database::query($sql_query);
$message = "#"; $message = "#";

2
public/main/webservices/cm_webservice_user.php
Unescape View File

@ -195,7 +195,7 @@ class WSCMUser extends WSCM
} }
$order = ''; $order = '';
foreach ($order_by as $orderByItem) { foreach ($order_by as $orderByItem) {
$order .= Database::escape_string($orderByItem, null, false).', '; $order .= Database::escape_string($orderByItem).', ';
} }
$order = substr($order, 0, -2); $order = substr($order, 0, -2);
if (count($order_by) > 0) { if (count($order_by) > 0) {

Write Preview
Loading…
Cancel
Save