Prevent SQL injections in the file manager search (see CVE-2019-11512)

contao · Apr 30, 2019 · 87d92f8 · 87d92f8
1 parent a3e46b9
commit 87d92f8
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 4 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,7 @@
 
 ## DEV
 
+ * Prevent SQL injections in the file manager search (see CVE-2019-11512).
  * Correctly handle dates in the news bundle (see #436).
  * Also show future news items if the "show all news items" option is selected (see #419).
 

diff --git a/core-bundle/src/Resources/contao/drivers/DC_Folder.php b/core-bundle/src/Resources/contao/drivers/DC_Folder.php
@@ -2769,15 +2769,14 @@ protected function searchMenu()
 		// Store search value in the current session
 		if (\Input::post('FORM_SUBMIT') == 'tl_filters')
 		{
-			$strField = \Input::post('tl_field', true);
 			$strKeyword = ltrim(\Input::postRaw('tl_value'), '*');
 
 			// Make sure the regular expression is valid
-			if ($strKeyword != '')
+			if ($strKeyword)
 			{
 				try
 				{
-					$this->Database->prepare("SELECT * FROM " . $this->strTable . " WHERE " . $strField . " REGEXP ?")
+					$this->Database->prepare("SELECT * FROM " . $this->strTable . " WHERE name REGEXP ?")
 								   ->limit(1)
 								   ->execute($strKeyword);
 				}
@@ -2787,7 +2786,6 @@ protected function searchMenu()
 				}
 			}
 
-			$session['search'][$this->strTable]['field'] = $strField;
 			$session['search'][$this->strTable]['value'] = $strKeyword;
 
 			$objSessionBag->replace($session);