Fix queries: Add Database::escape_string + int casting

4 years ago · d501af7f9d
parent 4c36bbc833
commit d501af7f9d
4 changed files with 11 additions and 8 deletions
--- a/main/blog/blog.php
+++ b/main/blog/blog.php
@ -7,7 +7,7 @@
 */
 require_once __DIR__.'/../inc/global.inc.php';

-$blog_id = isset($_GET['blog_id']) ? $_GET['blog_id'] : 0;
+$blog_id = isset($_GET['blog_id']) ? (int) $_GET['blog_id'] : 0;

 if (empty($blog_id)) {
    api_not_allowed(true);
--- a/main/forum/download.php
+++ b/main/forum/download.php
@ -42,7 +42,7 @@ $sql = 'SELECT thread_id, forum_id,filename
        WHERE
            f.c_id = '.$course_id.' AND
            a.c_id = '.$course_id.' AND
-            path LIKE BINARY "'.$doc_url.'"';
+            path LIKE BINARY "'.Database::escape_string($doc_url).'"';

 $result = Database::query($sql);
 $row = Database::fetch_array($result);
--- a/main/inc/ajax/exercise.ajax.php
+++ b/main/inc/ajax/exercise.ajax.php
@ -167,6 +167,10 @@ switch ($action) {
        $sidx = $_REQUEST['sidx']; //index to filter
        $sord = $_REQUEST['sord']; //asc or desc

+        if (!in_array($sidx, ['firstname', 'lastname', 'start_date'])) {
+            $sidx = 1;
+        }
+
        if (!in_array($sord, ['asc', 'desc'])) {
            $sord = 'desc';
        }
--- a/main/session/session_category_list.php
+++ b/main/session/session_category_list.php
@ -27,15 +27,15 @@ $tbl_session = Database::get_main_table(TABLE_MAIN_SESSION);

 $page = isset($_GET['page']) ? (int) $_GET['page'] : null;
 $action = isset($_REQUEST['action']) ? Security::remove_XSS($_REQUEST['action']) : null;
-$sort = isset($_GET['sort']) && in_array($_GET['sort'], ['name', 'nbr_session', 'date_start', 'date_end'])
-    ? Security::remove_XSS($_GET['sort'])
-    : 'name';
+$columns = ['name', 'nbr_session', 'date_start', 'date_end'];
+$sort = isset($_GET['sort']) && in_array($_GET['sort'], $columns) ? Security::remove_XSS($_GET['sort']) : 'name';
 $idChecked = isset($_REQUEST['idChecked']) ? Security::remove_XSS($_REQUEST['idChecked']) : null;
-$order = isset($_REQUEST['order']) ? Security::remove_XSS($_REQUEST['order']) : 'ASC';
+$order = $_REQUEST['order'] ?? 'ASC';
+$order = $order === 'ASC' ? 'DESC' : 'ASC';
 $keyword = isset($_REQUEST['keyword']) ? Security::remove_XSS($_REQUEST['keyword']) : null;

 if ($action === 'delete_on_session' || $action === 'delete_off_session') {
-    $delete_session = $action == 'delete_on_session' ? true : false;
+    $delete_session = $action === 'delete_on_session' ? true : false;
    SessionManager::delete_session_category($idChecked, $delete_session);
    Display::addFlash(Display::return_message(get_lang('SessionCategoryDelete')));
    header('Location: '.api_get_self().'?sort='.$sort);
@ -91,7 +91,6 @@ if (isset($_GET['search']) && $_GET['search'] === 'advanced') {

    $query_rows = "SELECT count(*) as total_rows
                  FROM $tbl_session_category sc $where ";
-    $order = ($order == 'ASC') ? 'DESC' : 'ASC';
    $result_rows = Database::query($query_rows);
    $recorset = Database::fetch_array($result_rows);
    $num = $recorset['total_rows'];