From 93313d760c7e0db93f00ab2ff972b1495a8d67ae Mon Sep 17 00:00:00 2001 From: rvelices Date: Fri, 17 Oct 2008 01:06:00 +0000 Subject: - mysql potential injection paranoia + code compaction in common.inc.php git-svn-id: http://piwigo.org/svn/branches/2.0@2765 68402e56-0260-453c-a942-63ccdbb3a9ee --- include/common.inc.php | 61 +++++++------------------------------------- include/ws_functions.inc.php | 10 +++++--- 2 files changed, 15 insertions(+), 56 deletions(-) (limited to 'include') diff --git a/include/common.inc.php b/include/common.inc.php index cbe1d6d89..0b1a2b581 100644 --- a/include/common.inc.php +++ b/include/common.inc.php @@ -36,64 +36,21 @@ set_magic_quotes_runtime(0); // Disable magic_quotes_runtime // if( !get_magic_quotes_gpc() ) { + function sanitize_mysql_kv(&$v, $k) + { + $v = addslashes($v); + } if( is_array( $_GET ) ) { - while( list($k, $v) = each($_GET) ) - { - if( is_array($_GET[$k]) ) - { - while( list($k2, $v2) = each($_GET[$k]) ) - { - $_GET[$k][$k2] = addslashes($v2); - } - @reset($_GET[$k]); - } - else - { - $_GET[$k] = addslashes($v); - } - } - @reset($_GET); + array_walk_recursive( $_GET, 'sanitize_mysql_kv' ); } - - if( is_array($_POST) ) + if( is_array( $_POST ) ) { - while( list($k, $v) = each($_POST) ) - { - if( is_array($_POST[$k]) ) - { - while( list($k2, $v2) = each($_POST[$k]) ) - { - $_POST[$k][$k2] = addslashes($v2); - } - @reset($_POST[$k]); - } - else - { - $_POST[$k] = addslashes($v); - } - } - @reset($_POST); + array_walk_recursive( $_POST, 'sanitize_mysql_kv' ); } - - if( is_array($_COOKIE) ) + if( is_array( $_COOKIE ) ) { - while( list($k, $v) = each($_COOKIE) ) - { - if( is_array($_COOKIE[$k]) ) - { - while( list($k2, $v2) = each($_COOKIE[$k]) ) - { - $_COOKIE[$k][$k2] = addslashes($v2); - } - @reset($_COOKIE[$k]); - } - else - { - $_COOKIE[$k] = addslashes($v); - } - } - @reset($_COOKIE); + array_walk_recursive( $_COOKIE, 'sanitize_mysql_kv' ); } } if ( !empty($_SERVER["PATH_INFO"]) ) diff --git a/include/ws_functions.inc.php b/include/ws_functions.inc.php index e4470f6c4..4bf48578a 100644 --- a/include/ws_functions.inc.php +++ b/include/ws_functions.inc.php @@ -187,6 +187,7 @@ function ws_caddie_add($params, &$service) { return new PwgError(401, 'Access denied'); } + $params['image_id'] = array_map( 'intval',$params['image_id'] ); if ( empty($params['image_id']) ) { return new PwgError(WS_ERR_INVALID_PARAM, "Invalid image_id"); @@ -291,7 +292,7 @@ SELECT i.*, GROUP_CONCAT(category_id) cat_ids AND ', $where_clauses).' GROUP BY i.id '.$order_by.' -LIMIT '.$params['per_page']*$params['page'].','.$params['per_page']; +LIMIT '.(int)($params['per_page']*$params['page']).','.(int)$params['per_page']; $result = pwg_query($query); while ($row = mysql_fetch_assoc($result)) @@ -683,8 +684,8 @@ SELECT id, date, author, content FROM '.COMMENTS_TABLE.' WHERE '.$where_comments.' ORDER BY date - LIMIT '.$params['comments_per_page']*(int)$params['comments_page']. - ','.$params['comments_per_page']; + LIMIT '.(int)($params['comments_per_page']*$params['comments_page']). + ','.(int)$params['comments_per_page']; $result = pwg_query($query); while ($row = mysql_fetch_assoc($result)) @@ -857,6 +858,7 @@ function ws_images_setPrivacyLevel($params, &$service) { return new PwgError(401, 'Access denied'); } + $params['image_id'] = array_map( 'intval',$params['image_id'] ); if ( empty($params['image_id']) ) { return new PwgError(WS_ERR_INVALID_PARAM, "Invalid image_id"); @@ -1262,7 +1264,7 @@ SELECT DISTINCT i.* FROM '.IMAGES_TABLE.' i WHERE '. implode(' AND ', $where_clauses).' '.$order_by.' -LIMIT '.$params['per_page']*$params['page'].','.$params['per_page']; +LIMIT '.(int)($params['per_page']*$params['page']).','.(int)$params['per_page']; $result = pwg_query($query); while ($row = mysql_fetch_assoc($result)) -- cgit v1.2.3