archive/piwigo
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

- mysql potential injection paranoia + code compaction in common.inc.php

Browse source 
git-svn-id: http://piwigo.org/svn/branches/2.0@2765 68402e56-0260-453c-a942-63ccdbb3a9ee
This commit is contained in:
rvelices 2008-10-17 01:06:00 +00:00
parent 376bd21335
commit 93313d760c
2 changed files with 15 additions and 56 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

61
include/common.inc.php
View file

@ -36,64 +36,21 @@ set_magic_quotes_runtime(0); // Disable magic_quotes_runtime
//
if( !get_magic_quotes_gpc() )
{
function sanitize_mysql_kv(&$v, $k)
{
$v = addslashes($v);
}
if( is_array( $_GET ) )
{
while( list($k, $v) = each($_GET) )
{
if( is_array($_GET[$k]) )
{
while( list($k2, $v2) = each($_GET[$k]) )
{
$_GET[$k][$k2] = addslashes($v2);
}
@reset($_GET[$k]);
}
else
{
$_GET[$k] = addslashes($v);
}
}
@reset($_GET);
array_walk_recursive( $_GET, 'sanitize_mysql_kv' );
}
if( is_array($_POST) )
if( is_array( $_POST ) )
{
while( list($k, $v) = each($_POST) )
{
if( is_array($_POST[$k]) )
{
while( list($k2, $v2) = each($_POST[$k]) )
{
$_POST[$k][$k2] = addslashes($v2);
}
@reset($_POST[$k]);
}
else
{
$_POST[$k] = addslashes($v);
}
}
@reset($_POST);
array_walk_recursive( $_POST, 'sanitize_mysql_kv' );
}
if( is_array($_COOKIE) )
if( is_array( $_COOKIE ) )
{
while( list($k, $v) = each($_COOKIE) )
{
if( is_array($_COOKIE[$k]) )
{
while( list($k2, $v2) = each($_COOKIE[$k]) )
{
$_COOKIE[$k][$k2] = addslashes($v2);
}
@reset($_COOKIE[$k]);
}
else
{
$_COOKIE[$k] = addslashes($v);
}
}
@reset($_COOKIE);
array_walk_recursive( $_COOKIE, 'sanitize_mysql_kv' );
}
}
if ( !empty($_SERVER["PATH_INFO"]) )

10
include/ws_functions.inc.php
View file

@ -187,6 +187,7 @@ function ws_caddie_add($params, &$service)
{
return new PwgError(401, 'Access denied');
}
$params['image_id'] = array_map( 'intval',$params['image_id'] );
if ( empty($params['image_id']) )
{
return new PwgError(WS_ERR_INVALID_PARAM, "Invalid image_id");
@ -291,7 +292,7 @@ SELECT i.*, GROUP_CONCAT(category_id) cat_ids
AND ', $where_clauses).'
GROUP BY i.id
'.$order_by.'
LIMIT '.$params['per_page']*$params['page'].','.$params['per_page'];
LIMIT '.(int)($params['per_page']*$params['page']).','.(int)$params['per_page'];
$result = pwg_query($query);
while ($row = mysql_fetch_assoc($result))
@ -683,8 +684,8 @@ SELECT id, date, author, content
FROM '.COMMENTS_TABLE.'
WHERE '.$where_comments.'
ORDER BY date
LIMIT '.$params['comments_per_page']*(int)$params['comments_page'].
','.$params['comments_per_page'];
LIMIT '.(int)($params['comments_per_page']*$params['comments_page']).
','.(int)$params['comments_per_page'];
$result = pwg_query($query);
while ($row = mysql_fetch_assoc($result))
@ -857,6 +858,7 @@ function ws_images_setPrivacyLevel($params, &$service)
{
return new PwgError(401, 'Access denied');
}
$params['image_id'] = array_map( 'intval',$params['image_id'] );
if ( empty($params['image_id']) )
{
return new PwgError(WS_ERR_INVALID_PARAM, "Invalid image_id");
@ -1262,7 +1264,7 @@ SELECT DISTINCT i.* FROM '.IMAGES_TABLE.' i
WHERE '. implode('
AND ', $where_clauses).'
'.$order_by.'
LIMIT '.$params['per_page']*$params['page'].','.$params['per_page'];
LIMIT '.(int)($params['per_page']*$params['page']).','.(int)$params['per_page'];
$result = pwg_query($query);
while ($row = mysql_fetch_assoc($result))