Added input cleaning to the bug history (another SQL poisoning attack…

…). Reformatted code in bugnote_set_view_state.php git-svn-id: http://mantisbt.svn.sourceforge.net/svnroot/mantisbt/trunk@1188 f5dc347c-c33d-0410-90a0-b07cc1902cb9
mantisbt · Aug 12, 2002 · 36ed5a4 · 36ed5a4
1 parent 2e841fb
commit 36ed5a4
Show file tree

Hide file tree

Showing 3 changed files with 95 additions and 20 deletions.
diff --git a/bug_update.php b/bug_update.php
@@ -113,24 +113,24 @@
 
 	# log changes
 	$t_user_id = get_current_user_field( 'id' );
-	history_log_event_direct( $c_id, 'category',        $h_category, $c_category, $t_user_id );
-	history_log_event_direct( $c_id, 'severity',        $h_severity, $c_severity, $t_user_id );
-	history_log_event_direct( $c_id, 'reproducibility', $h_reproducibility, $c_reproducibility, $t_user_id );
-	history_log_event_direct( $c_id, 'priority',        $h_priority, $c_priority, $t_user_id );
-	history_log_event_direct( $c_id, 'status',          $h_status, $c_status, $t_user_id );
-	history_log_event_direct( $c_id, 'projection',      $h_projection, $c_projection, $t_user_id );
-	history_log_event_direct( $c_id, 'duplicate_id',    $h_duplicate_id, $c_duplicate_id, $t_user_id );
-	history_log_event_direct( $c_id, 'resolution',      $h_resolution, $c_resolution, $t_user_id );
-	history_log_event_direct( $c_id, 'handler_id',      $h_handler_id, $c_handler_id, $t_user_id );
-	history_log_event_direct( $c_id, 'reporter_id',     $h_reporter_id, $c_reporter_id, $t_user_id );
-	history_log_event_direct( $c_id, 'eta',             $h_eta, $c_eta, $t_user_id );
-	history_log_event_direct( $c_id, 'summary',         $h_summary, $c_summary, $t_user_id );
-	history_log_event_direct( $c_id, 'os',              $h_os, $c_os, $t_user_id );
-	history_log_event_direct( $c_id, 'os_build',        $h_os_build, $c_os_build, $t_user_id );
-	history_log_event_direct( $c_id, 'platform',        $h_platform, $c_platform, $t_user_id );
-	history_log_event_direct( $c_id, 'build',           $h_build, $c_build, $t_user_id );
-	history_log_event_direct( $c_id, 'version',         $h_version, $c_version, $t_user_id );
-	history_log_event_direct( $c_id, 'view_state',      $h_view_state, $c_view_state, $t_user_id );
+	history_log_event_direct( $c_id, 'category',        $h_category, $f_category, $t_user_id );
+	history_log_event_direct( $c_id, 'severity',        $h_severity, $f_severity, $t_user_id );
+	history_log_event_direct( $c_id, 'reproducibility', $h_reproducibility, $f_reproducibility, $t_user_id );
+	history_log_event_direct( $c_id, 'priority',        $h_priority, $f_priority, $t_user_id );
+	history_log_event_direct( $c_id, 'status',          $h_status, $f_status, $t_user_id );
+	history_log_event_direct( $c_id, 'projection',      $h_projection, $f_projection, $t_user_id );
+	history_log_event_direct( $c_id, 'duplicate_id',    $h_duplicate_id, $f_duplicate_id, $t_user_id );
+	history_log_event_direct( $c_id, 'resolution',      $h_resolution, $f_resolution, $t_user_id );
+	history_log_event_direct( $c_id, 'handler_id',      $h_handler_id, $f_handler_id, $t_user_id );
+	history_log_event_direct( $c_id, 'reporter_id',     $h_reporter_id, $f_reporter_id, $t_user_id );
+	history_log_event_direct( $c_id, 'eta',             $h_eta, $f_eta, $t_user_id );
+	history_log_event_direct( $c_id, 'summary',         $h_summary, $f_summary, $t_user_id );
+	history_log_event_direct( $c_id, 'os',              $h_os, $f_os, $t_user_id );
+	history_log_event_direct( $c_id, 'os_build',        $h_os_build, $f_os_build, $t_user_id );
+	history_log_event_direct( $c_id, 'platform',        $h_platform, $f_platform, $t_user_id );
+	history_log_event_direct( $c_id, 'build',           $h_build, $f_build, $t_user_id );
+	history_log_event_direct( $c_id, 'version',         $h_version, $f_version, $t_user_id );
+	history_log_event_direct( $c_id, 'view_state',      $h_view_state, $f_view_state, $t_user_id );
 
 	if ( $h_description != $c_description ) {
 		history_log_event_special( $c_id, DESCRIPTION_UPDATED );

diff --git a/bugnote_set_view_state.php b/bugnote_set_view_state.php
@@ -14,7 +14,7 @@
 	$t_bugnote_user_id	= get_bugnote_field( $f_bugnote_id, 'reporter_id' );
 	$t_id				= get_bugnote_field( $f_bugnote_id, 'bug_id' );
 	$t_user_id			= get_current_user_field( 'id' );
-	$c_bugnote_id = (integer)$f_bugnote_id;
+	$c_bugnote_id 		= (integer)$f_bugnote_id;
 
 	project_access_check( $t_id );
 

diff --git a/core_history_API.php b/core_history_API.php
@@ -1 +1,76 @@
-<?php	# Mantis - a php based bugtracking system	# Copyright (C) 2000, 2001  Kenzaburo Ito - kenito@300baud.org	# This program is distributed under the terms and conditions of the GPL	# See the files README and LICENSE for details	###########################################################################	# History API	###########################################################################	# --------------------	# log the changes (old / new value are supplied to reduce db access)	# events should be logged *after* the modification	function history_log_event_direct( $p_bug_id, $p_field_name, $p_old_value, $p_new_value, $p_user_id = 0 ) {		global $g_mantis_bug_history_table;		# Only log events that change the value		if ( $p_new_value != $p_old_value ) {			$c_user_id = (integer)$p_user_id;			if ( 0 == $c_user_id ) {				$c_user_id   = get_current_user_field( 'id' );			};			$query = "INSERT INTO $g_mantis_bug_history_table					( user_id, bug_id, date_modified, field_name, old_value, new_value )					VALUES					( '$c_user_id', '$p_bug_id', NOW(), '$p_field_name', '$p_old_value', '$p_new_value' )";			$result = db_query( $query );		}	}	# --------------------	# log the changes	# events should be logged *after* the modification	function history_log_event( $p_bug_id, $p_field_name, $p_old_value ) {		history_log_event_direct( $p_bug_id, $p_field_name, $p_old_value, get_bug_field( $p_bug_id, $p_field_name ) );	}	# --------------------	# log the changes	# events should be logged *after* the modification	# These are special case logs (new bug, deleted bugnote, etc.)	function history_log_event_special( $p_bug_id, $p_type, $p_optional='',  $p_optional2='' ) {		global $g_mantis_bug_history_table;		$p_optional = string_prepare_text( $p_optional );		$t_user_id   = get_current_user_field( 'id' );		$query = "INSERT INTO $g_mantis_bug_history_table				( user_id, bug_id, date_modified, type, old_value, new_value )				VALUES				( '$t_user_id', '$p_bug_id', NOW(), '$p_type', '$p_optional', '$p_optional2' )";		$result = db_query( $query );	}	# --------------------	# return all bug history for a given bug id ordered by date	function history_get_events( $p_bug_id ) {		global $g_mantis_bug_history_table, $g_mantis_user_table;		$query = "SELECT b.*, u.username				FROM $g_bug_history_table b				LEFT JOIN $g_mantis_user_table u				ON b.user_id=u.id				WHERE bug_id='$p_bug_id'				ORDER BY date_modified DESC";		$result = db_query( $query );	}	# --------------------?>
+<?php
+	# Mantis - a php based bugtracking system
+	# Copyright (C) 2000, 2001  Kenzaburo Ito - kenito@300baud.org
+	# This program is distributed under the terms and conditions of the GPL
+	# See the files README and LICENSE for details
+
+	###########################################################################
+	# History API
+	###########################################################################
+
+	# --------------------
+	# log the changes (old / new value are supplied to reduce db access)
+	# events should be logged *after* the modification
+	function history_log_event_direct( $p_bug_id, $p_field_name, $p_old_value, $p_new_value, $p_user_id = 0 ) {
+		global $g_mantis_bug_history_table;
+
+		# Only log events that change the value
+		if ( $p_new_value != $p_old_value ) {
+			$c_field_name	= string_prepare_text( $p_field_name );
+			$c_old_value	= string_prepare_text( $p_old_value );
+			$c_new_value	= string_prepare_text( $p_new_value );
+			$c_bug_id		= (integer)$p_bug_id;
+			$c_user_id 		= (integer)$p_user_id;
+			if ( 0 == $c_user_id ) {
+				$c_user_id	= get_current_user_field( 'id' );
+			};
+
+			$query = "INSERT INTO $g_mantis_bug_history_table
+					( user_id, bug_id, date_modified, field_name, old_value, new_value )
+					VALUES
+					( '$c_user_id', '$c_bug_id', NOW(), '$c_field_name', '$c_old_value', '$c_new_value' )";
+			$result = db_query( $query );
+		}
+	}
+	# --------------------
+	# log the changes
+	# events should be logged *after* the modification
+	function history_log_event( $p_bug_id, $p_field_name, $p_old_value ) {
+		history_log_event_direct( $p_bug_id, $p_field_name, $p_old_value, get_bug_field( $p_bug_id, $p_field_name ) );
+	}
+	# --------------------
+	# log the changes
+	# events should be logged *after* the modification
+	# These are special case logs (new bug, deleted bugnote, etc.)
+	function history_log_event_special( $p_bug_id, $p_type, $p_optional='',  $p_optional2='' ) {
+		global $g_mantis_bug_history_table;
+
+		$c_bug_id		= (integer)$c_bug_id;
+		$c_type			= (integer)$c_type;
+		$c_optional		= string_prepare_text( $p_optional );
+		$c_optional2	= string_prepare_text( $p_optional2 );
+		$t_user_id		= get_current_user_field( 'id' );
+
+		$query = "INSERT INTO $g_mantis_bug_history_table
+				( user_id, bug_id, date_modified, type, old_value, new_value )
+				VALUES
+				( '$t_user_id', '$c_bug_id', NOW(), '$c_type', '$c_optional', '$c_optional2' )";
+		$result = db_query( $query );
+	}
+	# --------------------
+	# return all bug history for a given bug id ordered by date
+	function history_get_events( $p_bug_id ) {
+		global $g_mantis_bug_history_table, $g_mantis_user_table;
+
+		$c_bug_id 		= (integer)$p_bug_id;
+
+		$query = "SELECT b.*, u.username
+				FROM $g_bug_history_table b
+				LEFT JOIN $g_mantis_user_table u
+				ON b.user_id=u.id
+				WHERE bug_id='$c_bug_id'
+				ORDER BY date_modified DESC";
+		$result = db_query( $query );
+	}
+	# --------------------
+?>