Skip to content

Commit

Permalink
Corretta vulnerabilità SQL Injection
Browse files Browse the repository at this point in the history
  • Loading branch information
@AlexRed
AlexRed committed Mar 8, 2017
1 parent 280fffc commit dd265d2
Show file tree
Hide file tree
Showing 17 changed files with 5 additions and 1 deletion.
Empty file modified contentmap.php
100755 → 100644
View file
Empty file.
2 changes: 1 addition & 1 deletion extras/lib_contentmap/json/articlesmarkers.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -355,7 +355,7 @@ protected function Load()
$query->from("#__content");

// Condition: content id passed py plugin
$query->where("id = '" . JRequest::getVar("contentid", 0, "GET") . "'");
$query->where("id = '" . intval(JRequest::getVar("contentid", 0, "GET")) . "'");

// Condition: metadata field contains "xreference":"coordinates"
// {\"xreference\":\"} the string "xreference":"
Expand Down
Empty file modified extras/lib_contentmap/language/cs-CZ/cs-CZ.contentmap.ini
100755 → 100644
View file
Empty file.
Empty file modified extras/lib_contentmap/language/en-GB/en-GB.contentmap.ini
100755 → 100644
View file
Empty file.
Empty file modified extras/lib_contentmap/language/es-ES/es-ES.contentmap.ini
100755 → 100644
View file
Empty file.
Empty file modified extras/lib_contentmap/language/fr-FR/fr-FR.contentmap.ini
100755 → 100644
View file
Empty file.
Empty file modified extras/lib_contentmap/language/it-IT/it-IT.contentmap.ini
100755 → 100644
View file
Empty file.
Empty file modified extras/lib_contentmap/language/nb-NO/nb-NO.contentmap.ini
100755 → 100644
View file
Empty file.
Empty file modified extras/lib_contentmap/language/nl-NL/nl-NL.contentmap.ini
100755 → 100644
View file
Empty file.
Empty file modified extras/lib_contentmap/language/pt-BR/pt-BR.contentmap.ini
100755 → 100644
View file
Empty file.
Empty file modified extras/lib_contentmap/language/ru-RU/ru-RU.contentmap.ini
100755 → 100644
View file
Empty file.
Empty file modified extras/lib_contentmap/language/sv-SE/sv-SE.contentmap.ini
100755 → 100644
View file
Empty file.
Empty file modified extras/lib_contentmap/media/js/markerclusterer.js
100755 → 100644
View file
Empty file.
Empty file modified extras/lib_contentmap/media/js/markerclusterer_compiled.js
100755 → 100644
View file
Empty file.
Empty file modified extras/mod_contentmap/mod_contentmap.xml
100755 → 100644
View file
Empty file.
Empty file modified extras/plg_contentmap/contentmap.xml
100755 → 100644
View file
Empty file.
4 changes: 4 additions & 0 deletions site/views/smartloader/view.html.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,10 @@ function display($tpl = null)
// Load module || component || plugin parameters. Defaults to plugin
$owner = JRequest::getVar("owner", "", "GET") or $owner = "plugin"; // getVar() default value doesn't work with ?owner=""

if (!in_array($owner,array('module','plugin','component','article'))){
die();
}

$db = JFactory::getDbo();
jimport("joomla.database.databasequery");
$query = $db->getQuery(true);
Expand Down

0 comments on commit dd265d2

Please sign in to comment.