Security cleanup (sqli)

Kyberia · Jan 13, 2011 · 1241a42 · 1241a42
1 parent 0f3e30b
commit 1241a42
Show file tree

Hide file tree

Showing 4 changed files with 51 additions and 2 deletions.
diff --git a/doc/TODO b/doc/TODO
@@ -7,7 +7,7 @@
 - User mail -> can't delete the mails...
   Anyway move whole mail handling out of nodes.php (?)
 
-- SQL injections (many fixed, but some should be still there)
+- SQL injections (many fixed, but some are still there)
 
 - remove absolute paths from all source files (!)
 - convert to some more inteligent path system... eg.:

diff --git a/wwwroot/inc/eventz/executorlist.inc → trash/executorlist.inc b/wwwroot/inc/eventz/executorlist.inc → trash/executorlist.inc
@@ -8,7 +8,8 @@ function executorlist() {
                 return false;
         }
 
-        $executors=explode(";",$_POST['executorlist']); // XXX sqli
+        $executors=explode(";",$_POST['executorlist']);
+	$executors=array_map('mysql_real_escape_string', $executors); 
         $db->query("update node_access set node_permission='' where
 		node_id=$node_id and node_permission='exec'");
         foreach ($executors as $execitpr) {

diff --git a/scripts/savelib.php → trash/savelib.php b/scripts/savelib.php → trash/savelib.php
diff --git a/wwwroot/backend/mysql/test.sql b/wwwroot/backend/mysql/test.sql
@@ -0,0 +1,48 @@
+drop procedure if exists k_neurons;
+drop function if exists k_get_node_weigth;
+
+delimiter //
+
+create function k_get_node_weigth (node INT, user INT) returns DOUBLE
+BEGIN
+	declare vector,node2,len,n_owner,offset int;
+	declare final,n_weight,o_weight,s_weight double;
+
+	select node_vector into vector from nodes where node_id = node;
+
+	set final = 1;
+	/* select k from nodes into final where node_id = node;*/
+
+	set len = length(vector);
+	set offset = 1;
+	WHILE offset < len DO
+
+		/* XXX node length is hardcoded */
+		set node2 = substring(node2,offset,8);
+		set offset = offset + 8;
+		/* weigths from user to: 
+			- all nodes from node to root node
+			- all node owners from node to root node
+			- all nodes between themselves (safe?)
+		*/
+		select node_weight,node_creator into n_weight,n_owner from nodes where node_id=node2;
+		select synapse_weight into s_weight from neurons where src=user and dst=node2;
+		select synapse_weight into o_weight from neurons where src=user and dst=n_owner;
+
+		if o_weight = NULL then set o_weight=1; end if;
+		if s_weight = NULL then set s_weight=1; end if;
+		if n_weight = NULL then set n_weight=1; end if;
+
+		set final = final * s_weight * o_weight * n_weight;
+	END WHILE;
+
+	RETURN final;
+END//
+
+create procedure k_neurons ()
+begin
+	select k,node_id,node_name from nodes where k>0 
+		and node_created>now()-interval 20 day order by k_get_node_weigth(node_id,904) desc;
+end//
+
+delimiter ;