From d501af7f9db4d7185f4e44416679f7bda0352c66 Mon Sep 17 00:00:00 2001 From: Julio Date: Wed, 18 Aug 2021 13:51:19 +0200 Subject: [PATCH] Fix queries: Add Database::escape_string + int casting --- main/blog/blog.php | 2 +- main/forum/download.php | 2 +- main/inc/ajax/exercise.ajax.php | 4 ++++ main/session/session_category_list.php | 11 +++++------ 4 files changed, 11 insertions(+), 8 deletions(-) diff --git a/main/blog/blog.php b/main/blog/blog.php index 4408a78977..6001306ee2 100755 --- a/main/blog/blog.php +++ b/main/blog/blog.php @@ -7,7 +7,7 @@ */ require_once __DIR__.'/../inc/global.inc.php'; -$blog_id = isset($_GET['blog_id']) ? $_GET['blog_id'] : 0; +$blog_id = isset($_GET['blog_id']) ? (int) $_GET['blog_id'] : 0; if (empty($blog_id)) { api_not_allowed(true); diff --git a/main/forum/download.php b/main/forum/download.php index 35a3de0f29..2649cedc26 100755 --- a/main/forum/download.php +++ b/main/forum/download.php @@ -42,7 +42,7 @@ $sql = 'SELECT thread_id, forum_id,filename WHERE f.c_id = '.$course_id.' AND a.c_id = '.$course_id.' AND - path LIKE BINARY "'.$doc_url.'"'; + path LIKE BINARY "'.Database::escape_string($doc_url).'"'; $result = Database::query($sql); $row = Database::fetch_array($result); diff --git a/main/inc/ajax/exercise.ajax.php b/main/inc/ajax/exercise.ajax.php index 800ad269ca..160e59e65f 100755 --- a/main/inc/ajax/exercise.ajax.php +++ b/main/inc/ajax/exercise.ajax.php @@ -167,6 +167,10 @@ switch ($action) { $sidx = $_REQUEST['sidx']; //index to filter $sord = $_REQUEST['sord']; //asc or desc + if (!in_array($sidx, ['firstname', 'lastname', 'start_date'])) { + $sidx = 1; + } + if (!in_array($sord, ['asc', 'desc'])) { $sord = 'desc'; } diff --git a/main/session/session_category_list.php b/main/session/session_category_list.php index 77308b4cca..80794314f8 100644 --- a/main/session/session_category_list.php +++ b/main/session/session_category_list.php @@ -27,15 +27,15 @@ $tbl_session = Database::get_main_table(TABLE_MAIN_SESSION); $page = isset($_GET['page']) ? (int) $_GET['page'] : null; $action = isset($_REQUEST['action']) ? Security::remove_XSS($_REQUEST['action']) : null; -$sort = isset($_GET['sort']) && in_array($_GET['sort'], ['name', 'nbr_session', 'date_start', 'date_end']) - ? Security::remove_XSS($_GET['sort']) - : 'name'; +$columns = ['name', 'nbr_session', 'date_start', 'date_end']; +$sort = isset($_GET['sort']) && in_array($_GET['sort'], $columns) ? Security::remove_XSS($_GET['sort']) : 'name'; $idChecked = isset($_REQUEST['idChecked']) ? Security::remove_XSS($_REQUEST['idChecked']) : null; -$order = isset($_REQUEST['order']) ? Security::remove_XSS($_REQUEST['order']) : 'ASC'; +$order = $_REQUEST['order'] ?? 'ASC'; +$order = $order === 'ASC' ? 'DESC' : 'ASC'; $keyword = isset($_REQUEST['keyword']) ? Security::remove_XSS($_REQUEST['keyword']) : null; if ($action === 'delete_on_session' || $action === 'delete_off_session') { - $delete_session = $action == 'delete_on_session' ? true : false; + $delete_session = $action === 'delete_on_session' ? true : false; SessionManager::delete_session_category($idChecked, $delete_session); Display::addFlash(Display::return_message(get_lang('SessionCategoryDelete'))); header('Location: '.api_get_self().'?sort='.$sort); @@ -91,7 +91,6 @@ if (isset($_GET['search']) && $_GET['search'] === 'advanced') { $query_rows = "SELECT count(*) as total_rows FROM $tbl_session_category sc $where "; - $order = ($order == 'ASC') ? 'DESC' : 'ASC'; $result_rows = Database::query($query_rows); $recorset = Database::fetch_array($result_rows); $num = $recorset['total_rows'];