Permalink
Browse files

Security: Fix SQL injection and likely future similar issues

  • Loading branch information...
ywarnier committed Dec 17, 2018
1 parent 40dd044 commit bfa1eccfabb457b800618d9d115f12dc614a55df
Showing with 6 additions and 2 deletions.
  1. +6 −2 main/inc/lib/CoursesAndSessionsCatalog.class.php
@@ -215,8 +215,8 @@ public static function getLimitFilterFromArray($limit)
{
$limitFilter = '';
if (!empty($limit) && is_array($limit)) {
$limitStart = isset($limit['start']) ? $limit['start'] : 0;
$limitLength = isset($limit['length']) ? $limit['length'] : 12;
$limitStart = isset($limit['start']) ? (int) $limit['start'] : 0;
$limitLength = isset($limit['length']) ? (int) $limit['length'] : 12;
$limitFilter = 'LIMIT '.$limitStart.', '.$limitLength;
}
@@ -470,11 +470,13 @@ public static function search_courses($search_term, $limit, $justVisible = false
* @param array $limit
*
* @return array The session list
* @throws Exception
*/
public static function browseSessions($date = null, $limit = [])
{
$em = Database::getManager();
$urlId = api_get_current_access_url_id();
$date = Database::escape_string($date);
$sql = "SELECT s.id FROM session s ";
$sql .= "
INNER JOIN access_url_rel_session ars
@@ -501,6 +503,8 @@ public static function browseSessions($date = null, $limit = [])
}
if (!empty($limit)) {
$limit['start'] = (int) $limit['start'];
$limit['length'] = (int) $limit['length'];
$sql .= "LIMIT {$limit['start']}, {$limit['length']} ";
}

0 comments on commit bfa1ecc

Please sign in to comment.