Skip to content
Permalink
Browse files Browse the repository at this point in the history
Merge pull request #122 from Erftralle/fix-sql-injection-image-ordering
Fix SQL Injection Attack Vulnerability via image sorting options
  • Loading branch information
Chraneco committed Jan 21, 2018
2 parents 67b0415 + cc109a0 commit dc414ee
Show file tree
Hide file tree
Showing 3 changed files with 47 additions and 6 deletions.
22 changes: 22 additions & 0 deletions administrator/components/com_joomgallery/helpers/config.php
Expand Up @@ -337,6 +337,14 @@ class JoomConfig extends JObject
*/
protected $_extended = false;

/**
* Contains all valid ORDER BY clauses for the image sorting
* options $jg_firstorder, $jg_secondorder and $jg_thirdorder.
*
* @var array
*/
private static $_validImageSortingOrderByClauses = array('ordering ASC', 'ordering DESC', 'imgdate ASC', 'imgdate DESC', 'imgtitle ASC', 'imgtitle DESC');

/**
* Constructor
*
Expand Down Expand Up @@ -472,4 +480,18 @@ public function getStyleSheetName($id = 0)

return 'joom_settings'.$this->_id.'.css';
}

/**
* Returns a string containing a valid image sorting ORDER BY clause for a given index or an
* array containing all of them.
*
* @param mixed $index
* @return mixed A string containing a valid image sorting ORDER BY clause or an array
* containing all of them.
* @since 3.3
*/
public static function getValidImageSortingOrderByClauses($index = false)
{
return $index !== false ? self::$_validImageSortingOrderByClauses[$index] : self::$_validImageSortingOrderByClauses;
}
}
Expand Up @@ -414,6 +414,25 @@ public function check()
$this->jg_usercatorderlist = implode(',', $this->jg_usercatorderlist);
}

// Checking for a SQL injection in the image sorting ORDER BY clauses
if(!in_array($this->jg_firstorder, JoomConfig::getValidImageSortingOrderByClauses()))
{
JFactory::getApplication()->enqueueMessage('SQL injection hacking attempt prevented!', 'warning');
$this->jg_firstorder = JoomConfig::getValidImageSortingOrderByClauses(0);
}

if(!empty($this->jg_secondorder) && !in_array($this->jg_secondorder, JoomConfig::getValidImageSortingOrderByClauses()))
{
JFactory::getApplication()->enqueueMessage('SQL injection hacking attempt prevented!', 'warning');
$this->jg_secondorder = JoomConfig::getValidImageSortingOrderByClauses(2);
}

if(!empty($this->jg_thirdorder) && !in_array($this->jg_thirdorder, JoomConfig::getValidImageSortingOrderByClauses()))
{
JFactory::getApplication()->enqueueMessage('SQL injection hacking attempt prevented!', 'warning');
$this->jg_thirdorder = JoomConfig::getValidImageSortingOrderByClauses(4);
}

// When no array there are no ticked checkboxes submitted per $_POST
if(is_array($this->jg_subifdtags))
{
Expand Down
Expand Up @@ -332,12 +332,12 @@

JHTML::_('joomconfig.start', 'page10');
JHTML::_('joomconfig.intro', JText::_('COM_JOOMGALLERY_CONFIG_FS_IO_INTRO'));
$picorder[] = JHTML::_('select.option','ordering ASC', JText::_('COM_JOOMGALLERY_COMMON_OPTION_ORDERBY_ORDERING_ASC'));
$picorder[] = JHTML::_('select.option','ordering DESC', JText::_('COM_JOOMGALLERY_COMMON_OPTION_ORDERBY_ORDERING_DESC'));
$picorder[] = JHTML::_('select.option','imgdate ASC', JText::_('COM_JOOMGALLERY_COMMON_OPTION_ORDERBY_UPLOADTIME_ASC'));
$picorder[] = JHTML::_('select.option','imgdate DESC', JText::_('COM_JOOMGALLERY_COMMON_OPTION_ORDERBY_UPLOADTIME_DESC'));
$picorder[] = JHTML::_('select.option','imgtitle ASC', JText::_('COM_JOOMGALLERY_COMMON_OPTION_ORDERBY_IMGTITLE_ASC'));
$picorder[] = JHTML::_('select.option','imgtitle DESC', JText::_('COM_JOOMGALLERY_COMMON_OPTION_ORDERBY_IMGTITLE_DESC'));
$picorder[] = JHTML::_('select.option', JoomConfig::getValidImageSortingOrderByClauses(0), JText::_('COM_JOOMGALLERY_COMMON_OPTION_ORDERBY_ORDERING_ASC'));
$picorder[] = JHTML::_('select.option', JoomConfig::getValidImageSortingOrderByClauses(1), JText::_('COM_JOOMGALLERY_COMMON_OPTION_ORDERBY_ORDERING_DESC'));
$picorder[] = JHTML::_('select.option', JoomConfig::getValidImageSortingOrderByClauses(2), JText::_('COM_JOOMGALLERY_COMMON_OPTION_ORDERBY_UPLOADTIME_ASC'));
$picorder[] = JHTML::_('select.option', JoomConfig::getValidImageSortingOrderByClauses(3), JText::_('COM_JOOMGALLERY_COMMON_OPTION_ORDERBY_UPLOADTIME_DESC'));
$picorder[] = JHTML::_('select.option', JoomConfig::getValidImageSortingOrderByClauses(4), JText::_('COM_JOOMGALLERY_COMMON_OPTION_ORDERBY_IMGTITLE_ASC'));
$picorder[] = JHTML::_('select.option', JoomConfig::getValidImageSortingOrderByClauses(5), JText::_('COM_JOOMGALLERY_COMMON_OPTION_ORDERBY_IMGTITLE_DESC'));
$mc_jg_firstorder = JHTML::_('select.genericlist',$picorder, 'jg_firstorder', 'class="inputbox" size="1"', 'value', 'text', $this->_config->jg_firstorder);
JHTML::_('joomconfig.row', 'jg_firstorder', 'custom', 'COM_JOOMGALLERY_CONFIG_FS_IO_FIRST', $mc_jg_firstorder);
array_unshift($picorder, JHTML::_('select.option','', JText::_('COM_JOOMGALLERY_CONFIG_FS_IO_EMPTY')));
Expand Down

0 comments on commit dc414ee

Please sign in to comment.