Browse files

Se soluciona una posible SQL injection en el formulario de soporte.

Ahora comprueba el tipo antes de introducirlo en la base de datos. La inyección era inofensiva, más allá de causar problemas de visualización con los lenguajes.
  • Loading branch information...
1 parent 7acff42 commit 7bfe1b989b33dcb0e02ca9cb0ddcc1015c20ae20 @Razican committed Feb 19, 2012
View
9 space-settler/controllers/support.php
@@ -32,11 +32,18 @@ public function new_ticket()
if($this->input->server('REQUEST_METHOD') === 'POST')
{
- //Hay que comprobar si type está dentro de los parámetros posibles
if( ! $this->input->post('type') OR
! $this->input->post('title') OR
! $this->input->post('text'))
+ {
message(lang('support.no_data'), 'support/new_ticket', TRUE);
+ }
+ else if ($this->input->post('type') > 3 OR $this->input->post('type') < 1)
+ {
+ log_message('error', 'User with ID '.$this->session->userdata('id').
+ ' and IP '.$this->input->ip_address().' has tried to send an invalid type at support/new_ticket.');
+ message(lang('overal.hacking_attempt'), 'support/new_ticket', TRUE);
+ }
else
{
$this->load->model('support_m');
View
1 space-settler/language/spanish/overal_lang.php
@@ -6,6 +6,7 @@
$lang['overal.go_back'] = 'Volver';
$lang['overal.of'] = 'de';
$lang['overal.server_time'] = 'Hora del servidor';
+$lang['overal.hacking_attempt'] = 'Hemos detectado un intento de hacking. Los administradores han sido avisados y tomarán las medidas oportunas.';
/* End of file overal_lang.php */
View
6 space-settler/models/support_m.php
@@ -12,7 +12,7 @@ class Support_m extends CI_Model {
public function load_all_tickets($id = NULL)
{
- if($id) $this->db->where('id', $id);
+ if($id) $this->db->where('user_id', $id);
$query = $this->db->get('support');
if($query->num_rows() > 0)
@@ -55,15 +55,13 @@ public function load_all_tickets($id = NULL)
* Create a new support ticket
*
* @access public
- * @param int
+ * @param int|string (numeric)
* @param string
* @param string
* @return boolean
*/
public function new_ticket($type, $title, $text)
{
- settype($type, 'integer');
-
$text = serialize(array(array(
'user_id' => $this->session->userdata('id'),
'text' => $text

0 comments on commit 7bfe1b9

Please sign in to comment.