Insufficient sanitation of inputs on property pages

[FO-nTTaX]

Setup and configuration

• SMW version: 2.5.2
• MW version: 1.28.3
• PHP version: 5.6.30-0+deb8u1 (fpm-fcgi)
• DB system (MySQL, Blazegraph, etc.) and version: 10.2.9-MariaDB-10.2.9+maria~stretch

Issue

Insufficient sanitation of inputs on property pages (and possible other places)

On the URL http://wiki.teamliquid.net/dota2/index.php?title=Property:Has_position&limit=500&value=&from=&until=&offset=10102121121121212.1 I get a runtime exception due to a database error:

Error: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '10102121121121212.1,500' at line 1

Clearly this number "10102121121121212.1" shouldn't go into the query directly as it is not an integer, whilst SQL offset has to be an integer.

Stack trace

#0 /path/to/wiki/includes/libs/rdbms/database/Database.php(912): Database->reportQueryError('You have an err...', 1064, 'SELECT DISTINC...', 'SMWSQLStore3Rea...', false)
#1 /path/to/wiki/includes/libs/rdbms/database/Database.php(1254): Database->query('SELECT DISTINC...', 'SMWSQLStore3Rea...')
#2 /path/to/wiki/extensions/SemanticMediaWiki/src/MediaWiki/Database.php(224): Database->select('`wikidota_smw_o...', 'DISTINCT smw_ti...', 't1.p_id='144984...', 'SMWSQLStore3Rea...', Array, Array)
#3 /path/to/wiki/extensions/SemanticMediaWiki/includes/storage/SQLStore/SMW_SQLStore3_Readers.php(504): SMW\MediaWiki\Database->select('`wikidota_smw_o...', 'DISTINCT smw_ti...', 't1.p_id='144984...', 'SMWSQLStore3Rea...', Array)
#4 /path/to/wiki/extensions/SemanticMediaWiki/includes/storage/SQLStore/SMW_SQLStore3_Readers.php(592): SMWSQLStore3Readers->getPropertySubjects(Object(SMW\DIProperty), NULL, Object(SMW\RequestOptions))
#5 /path/to/wiki/extensions/SemanticMediaWiki/src/SQLStore/EntityStore/DirectEntityLookup.php(86): SMWSQLStore3Readers->getAllPropertySubjects(Object(SMW\DIProperty), Object(SMW\RequestOptions))
#6 /path/to/wiki/extensions/SemanticMediaWiki/includes/storage/SQLStore/SMW_SQLStore3.php(225): SMW\SQLStore\EntityStore\DirectEntityLookup->getAllPropertySubjects(Object(SMW\DIProperty), Object(SMW\RequestOptions))
#7 /path/to/wiki/extensions/SemanticMediaWiki/includes/articlepages/SMW_PropertyPage.php(246): SMWSQLStore3->getAllPropertySubjects(Object(SMW\DIProperty), Object(SMW\RequestOptions))
#8 /path/to/wiki/extensions/SemanticMediaWiki/includes/articlepages/SMW_PropertyPage.php(80): SMWPropertyPage->getPropertyValueList()
#9 /path/to/wiki/extensions/SemanticMediaWiki/includes/articlepages/SMW_OrderedListPage.php(186): SMWPropertyPage->getHtml()
#10 /path/to/wiki/extensions/SemanticMediaWiki/includes/articlepages/SMW_OrderedListPage.php(94): SMWOrderedListPage->showList()
#11 /path/to/wiki/includes/actions/ViewAction.php(71): SMWOrderedListPage->view()
#12 /path/to/wiki/includes/MediaWiki.php(495): ViewAction->show()
#13 /path/to/wiki/includes/MediaWiki.php(289): MediaWiki->performAction(Object(SMWPropertyPage), Object(Title))
#14 /path/to/wiki/includes/MediaWiki.php(851): MediaWiki->performRequest()
#15 /path/to/wiki/includes/MediaWiki.php(512): MediaWiki->main()
#16 /path/to/wiki/index.php(43): MediaWiki->run()
#17 {main}

Steps to reproduce

The error can be seen just by going to the page i linked above (stacktrace not publicly visible).

PS: The default fill for new issues here has a typo:
"Note that it is required to provide the setup and configruation information."

[mwjames]

- SMW version: 2.5.2

This version is outdated and it is expected that #2481 (reported by #2479) has addressed this issue. For other details and changes, please refer to [0]. [0] 2.5.2...2.5.x

…

On 12/8/17, Alex Winkler ***@***.***> wrote: ### Setup and configuration - SMW version: 2.5.2 - MW version: 1.28.3 - PHP version: 5.6.30-0+deb8u1 (fpm-fcgi) - DB system (MySQL, Blazegraph, etc.) and version: 10.2.9-MariaDB-10.2.9+maria~stretch ### Issue Insufficient sanitation of inputs on property pages (and possible other places) On the URL http://wiki.teamliquid.net/dota2/index.php?title=Property:Has_position&limit=500&value=&from=&until=&offset=10102121121121212.1 I get a runtime exception due to a database error: Error: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '10102121121121212.1,500' at line 1 Clearly this number "10102121121121212.1" shouldn't go into the query directly as it is not an integer, whilst SQL offset has to be an integer. ### Stack trace ``` #0 /path/to/wiki/includes/libs/rdbms/database/Database.php(912): Database->reportQueryError('You have an err...', 1064, 'SELECT DISTINC...', 'SMWSQLStore3Rea...', false) #1 /path/to/wiki/includes/libs/rdbms/database/Database.php(1254): Database->query('SELECT DISTINC...', 'SMWSQLStore3Rea...') #2 /path/to/wiki/extensions/SemanticMediaWiki/src/MediaWiki/Database.php(224): Database->select('`wikidota_smw_o...', 'DISTINCT smw_ti...', 't1.p_id='144984...', 'SMWSQLStore3Rea...', Array, Array) #3 /path/to/wiki/extensions/SemanticMediaWiki/includes/storage/SQLStore/SMW_SQLStore3_Readers.php(504): SMW\MediaWiki\Database->select('`wikidota_smw_o...', 'DISTINCT smw_ti...', 't1.p_id='144984...', 'SMWSQLStore3Rea...', Array) #4 /path/to/wiki/extensions/SemanticMediaWiki/includes/storage/SQLStore/SMW_SQLStore3_Readers.php(592): SMWSQLStore3Readers->getPropertySubjects(Object(SMW\DIProperty), NULL, Object(SMW\RequestOptions)) #5 /path/to/wiki/extensions/SemanticMediaWiki/src/SQLStore/EntityStore/DirectEntityLookup.php(86): SMWSQLStore3Readers->getAllPropertySubjects(Object(SMW\DIProperty), Object(SMW\RequestOptions)) #6 /path/to/wiki/extensions/SemanticMediaWiki/includes/storage/SQLStore/SMW_SQLStore3.php(225): SMW\SQLStore\EntityStore\DirectEntityLookup->getAllPropertySubjects(Object(SMW\DIProperty), Object(SMW\RequestOptions)) #7 /path/to/wiki/extensions/SemanticMediaWiki/includes/articlepages/SMW_PropertyPage.php(246): SMWSQLStore3->getAllPropertySubjects(Object(SMW\DIProperty), Object(SMW\RequestOptions)) #8 /path/to/wiki/extensions/SemanticMediaWiki/includes/articlepages/SMW_PropertyPage.php(80): SMWPropertyPage->getPropertyValueList() #9 /path/to/wiki/extensions/SemanticMediaWiki/includes/articlepages/SMW_OrderedListPage.php(186): SMWPropertyPage->getHtml() #10 /path/to/wiki/extensions/SemanticMediaWiki/includes/articlepages/SMW_OrderedListPage.php(94): SMWOrderedListPage->showList() #11 /path/to/wiki/includes/actions/ViewAction.php(71): SMWOrderedListPage->view() #12 /path/to/wiki/includes/MediaWiki.php(495): ViewAction->show() #13 /path/to/wiki/includes/MediaWiki.php(289): MediaWiki->performAction(Object(SMWPropertyPage), Object(Title)) #14 /path/to/wiki/includes/MediaWiki.php(851): MediaWiki->performRequest() #15 /path/to/wiki/includes/MediaWiki.php(512): MediaWiki->main() #16 /path/to/wiki/index.php(43): MediaWiki->run() #17 {main} ``` ### Steps to reproduce The error can be seen just by going to the page i linked above (stacktrace not publicly visible). PS: The default fill for new issues here has a typo: "Note that it is required to provide the setup and **configruation** information." -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: #2854

[FO-nTTaX]

Oh in this case I'm sorry, I didn't see that one.