Fixed an sql injection vulnerability in groups.php.

anuko · Oct 20, 2021 · 94fda0c · 94fda0c
1 parent 8f78ea2
commit 94fda0c
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 4 deletions.
diff --git a/groups.php b/groups.php
@@ -11,9 +11,16 @@
   header('Location: access_denied.php');
   exit();
 }
-if ($request->isPost() && !$user->isGroupValid($request->getParameter('group'))) {
-  header('Location: access_denied.php'); // Wrong group id in post.
-  exit();
+if ($request->isPost()) {
+  $group_id = $request->getParameter('group');
+  if (!ttValidInteger($group_id)) {
+    header('Location: access_denied.php'); // Protection against sql injection.
+    exit();
+  }
+  if (!$user->isGroupValid($group_id)) {
+    header('Location: access_denied.php'); // Wrong group id in post.
+    exit();
+  }
 }
 // End of access checks.
 

diff --git a/initialize.php b/initialize.php
@@ -12,7 +12,7 @@
 // Disable displaying errors on screen.
 ini_set('display_errors', 'Off');
 
-define("APP_VERSION", "1.19.30.5601");
+define("APP_VERSION", "1.19.31.5602");
 define("APP_DIR", dirname(__FILE__));
 define("LIBRARY_DIR", APP_DIR."/WEB-INF/lib");
 define("TEMPLATE_DIR", APP_DIR."/WEB-INF/templates");