Skip to content
Permalink
Browse files Browse the repository at this point in the history
request #24202: SQL injection via the user settings of the CVS commit…
…s browser

Change-Id: I9dff1d45d703de5c9a55182d673a70c21ea53d89
  • Loading branch information
LeSuisse committed Dec 7, 2021
1 parent 94fa870 commit b82be89
Showing 1 changed file with 3 additions and 3 deletions.
6 changes: 3 additions & 3 deletions src/www/cvs/commit_utils.php
Expand Up @@ -713,12 +713,12 @@ function cvs_get_revisions($project, $offset, $chunksz, $_tag = 100, $_branch =
$query = "SELECT id from cvs_repositories where cvs_repositories.repository='$cvs_repository' ";
$rs = db_query($query);
$repo_id = db_result($rs, 0, 0);
$repo_id = $repo_id ? $repo_id : -1;
$repo_id = db_ei($repo_id ? $repo_id : -1);

$select = 'SELECT distinct cvs_checkins.commitid as id, cvs_checkins.commitid as revision, cvs_descs.id as did, cvs_descs.description, cvs_commits.comm_when as c_when, cvs_commits.comm_when as date, cvs_commits.comm_when as f_when, user.user_name as who ';
$from = "FROM cvs_descs, cvs_checkins, user, cvs_commits ";
$where = "WHERE cvs_checkins.descid=cvs_descs.id " .
"AND " . (check_cvs_access(user_getname(), $project->getUnixName(false), '') ? 1 : 0) . " " .
"AND " . db_ei(check_cvs_access(user_getname(), $project->getUnixName(false), '') ? 1 : 0) . " " .
"AND cvs_checkins.commitid=cvs_commits.id " .
"AND user.user_id=cvs_checkins.whoid " .
"AND cvs_checkins.repositoryid=" . $repo_id . " " .
Expand All @@ -729,7 +729,7 @@ function cvs_get_revisions($project, $offset, $chunksz, $_tag = 100, $_branch =

$limit = '';
if (! $pv) {
$limit = " LIMIT $offset,$chunksz";
$limit = " LIMIT " . db_ei($offset) . ',' . db_ei($chunksz);
}

if (empty($order_by)) {
Expand Down

0 comments on commit b82be89

Please sign in to comment.