Skip to content
Permalink
Browse files Browse the repository at this point in the history
Added additional protection against an sql injection fixed in previou…
…s commit.
  • Loading branch information
anuko committed Oct 21, 2021
1 parent 94fda0c commit 0cf32f1
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 2 deletions.
6 changes: 5 additions & 1 deletion WEB-INF/lib/ttGroupHelper.class.php
Expand Up @@ -27,9 +27,13 @@ static function getGroupName($group_id) {
static function getParentGroup($group_id) {
global $user;

// Checking parameters for sanity is normally done in access check blocks on pages.
// This cast below is just in case we forgot to check $group_id to be an integer.
$groupId = (int) $group_id; // Protection against sql injection.

$mdb2 = getConnection();

$sql = "select parent_id from tt_groups where id = $group_id and org_id = $user->org_id and status = 1";
$sql = "select parent_id from tt_groups where id = $groupId and org_id = $user->org_id and status = 1";
$res = $mdb2->query($sql);

if (!is_a($res, 'PEAR_Error')) {
Expand Down
2 changes: 1 addition & 1 deletion initialize.php
Expand Up @@ -12,7 +12,7 @@
// Disable displaying errors on screen.
ini_set('display_errors', 'Off');

define("APP_VERSION", "1.19.31.5602");
define("APP_VERSION", "1.19.31.5603");
define("APP_DIR", dirname(__FILE__));
define("LIBRARY_DIR", APP_DIR."/WEB-INF/lib");
define("TEMPLATE_DIR", APP_DIR."/WEB-INF/templates");
Expand Down

0 comments on commit 0cf32f1

Please sign in to comment.