Skip to content

Commit

Permalink
Filter XSS in search query in backend list views
Browse files Browse the repository at this point in the history
  • Loading branch information
@fevangelou
fevangelou committed Aug 2, 2016
1 parent fb34e15 commit c78f929
Show file tree
Hide file tree
Showing 12 changed files with 18 additions and 0 deletions.
2 changes: 2 additions & 0 deletions administrator/components/com_k2/models/categories.php
View file
Expand Up @@ -28,6 +28,7 @@ function getData()
$limitstart = $mainframe->getUserStateFromRequest($option.$view.'.limitstart', 'limitstart', 0, 'int');
$search = $mainframe->getUserStateFromRequest($option.$view.'search', 'search', '', 'string');
$search = JString::strtolower($search);
$search = trim(preg_replace('/[^a-zA-Z0-9\s\-_]/', '', $search));
$filter_order = $mainframe->getUserStateFromRequest($option.$view.'filter_order', 'filter_order', 'c.ordering', 'cmd');
$filter_order_Dir = $mainframe->getUserStateFromRequest($option.$view.'filter_order_Dir', 'filter_order_Dir', '', 'word');
$filter_trash = $mainframe->getUserStateFromRequest($option.$view.'filter_trash', 'filter_trash', 0, 'int');
Expand Down Expand Up @@ -149,6 +150,7 @@ function getTotal()
$limitstart = $mainframe->getUserStateFromRequest($option.'.limitstart', 'limitstart', 0, 'int');
$search = $mainframe->getUserStateFromRequest($option.$view.'search', 'search', '', 'string');
$search = JString::strtolower($search);
$search = trim(preg_replace('/[^a-zA-Z0-9\s\-_]/', '', $search));
$filter_trash = $mainframe->getUserStateFromRequest($option.$view.'filter_trash', 'filter_trash', 0, 'int');
$filter_state = $mainframe->getUserStateFromRequest($option.$view.'filter_state', 'filter_state', 1, 'int');
$language = $mainframe->getUserStateFromRequest($option.$view.'language', 'language', '', 'string');
Expand Down
2 changes: 2 additions & 0 deletions administrator/components/com_k2/models/comments.php
View file
Expand Up @@ -31,6 +31,7 @@ function getData() {
$filter_author = $mainframe->getUserStateFromRequest($option.$view.'filter_author', 'filter_author', 0, 'int');
$search = $mainframe->getUserStateFromRequest($option.$view.'search', 'search', '', 'string');
$search = JString::strtolower($search);
$search = trim(preg_replace('/[^a-zA-Z0-9\s\-_]/', '', $search));

$query = "SELECT c.*, i.title , i.catid, i.alias AS itemAlias, i.created_by, cat.alias AS catAlias, cat.name as catName FROM #__k2_comments AS c LEFT JOIN #__k2_items AS i ON c.itemID=i.id LEFT JOIN #__k2_categories AS cat ON cat.id=i.catid WHERE c.id>0";

Expand Down Expand Up @@ -74,6 +75,7 @@ function getTotal() {
$filter_author = $mainframe->getUserStateFromRequest($option.$view.'filter_author', 'filter_author', 0, 'int');
$search = $mainframe->getUserStateFromRequest($option.$view.'search', 'search', '', 'string');
$search = JString::strtolower($search);
$search = trim(preg_replace('/[^a-zA-Z0-9\s\-_]/', '', $search));

$query = "SELECT COUNT(*) FROM #__k2_comments AS c LEFT JOIN #__k2_items AS i ON c.itemID=i.id WHERE c.id>0";

Expand Down
2 changes: 2 additions & 0 deletions administrator/components/com_k2/models/extrafields.php
View file
Expand Up @@ -31,6 +31,7 @@ function getData()
$filter_state = $mainframe->getUserStateFromRequest($option.$view.'filter_state', 'filter_state', -1, 'int');
$search = $mainframe->getUserStateFromRequest($option.$view.'search', 'search', '', 'string');
$search = JString::strtolower($search);
$search = trim(preg_replace('/[^a-zA-Z0-9\s\-_]/', '', $search));
$filter_type = $mainframe->getUserStateFromRequest($option.$view.'filter_type', 'filter_type', '', 'string');
$filter_group = $mainframe->getUserStateFromRequest($option.$view.'filter_group', 'filter_group', 0, 'int');

Expand Down Expand Up @@ -88,6 +89,7 @@ function getTotal()
$filter_state = $mainframe->getUserStateFromRequest($option.$view.'filter_state', 'filter_state', 1, 'int');
$search = $mainframe->getUserStateFromRequest($option.$view.'search', 'search', '', 'string');
$search = JString::strtolower($search);
$search = trim(preg_replace('/[^a-zA-Z0-9\s\-_]/', '', $search));
$filter_type = $mainframe->getUserStateFromRequest($option.$view.'filter_type', 'filter_type', '', 'string');
$filter_group = $mainframe->getUserStateFromRequest($option.$view.'filter_group', 'filter_group', '', 'string');

Expand Down
2 changes: 2 additions & 0 deletions administrator/components/com_k2/models/items.php
View file
Expand Up @@ -36,6 +36,7 @@ function getData()
$filter_state = $mainframe->getUserStateFromRequest($option.$view.'filter_state', 'filter_state', -1, 'int');
$search = $mainframe->getUserStateFromRequest($option.$view.'search', 'search', '', 'string');
$search = JString::strtolower($search);
$search = trim(preg_replace('/[^a-zA-Z0-9\s\-_]/', '', $search));
$tag = $mainframe->getUserStateFromRequest($option.$view.'tag', 'tag', 0, 'int');
$language = $mainframe->getUserStateFromRequest($option.$view.'language', 'language', '', 'string');

Expand Down Expand Up @@ -145,6 +146,7 @@ function getTotal()
$filter_state = $mainframe->getUserStateFromRequest($option.$view.'filter_state', 'filter_state', -1, 'int');
$search = $mainframe->getUserStateFromRequest($option.$view.'search', 'search', '', 'string');
$search = JString::strtolower($search);
$search = trim(preg_replace('/[^a-zA-Z0-9\s\-_]/', '', $search));
$tag = $mainframe->getUserStateFromRequest($option.$view.'tag', 'tag', 0, 'int');
$language = $mainframe->getUserStateFromRequest($option.$view.'language', 'language', '', 'string');

Expand Down
2 changes: 2 additions & 0 deletions administrator/components/com_k2/models/tags.php
View file
Expand Up @@ -31,6 +31,7 @@ function getData()
$filter_state = $mainframe->getUserStateFromRequest($option.$view.'filter_state', 'filter_state', -1, 'int');
$search = $mainframe->getUserStateFromRequest($option.$view.'search', 'search', '', 'string');
$search = JString::strtolower($search);
$search = trim(preg_replace('/[^a-zA-Z0-9\s\-_]/', '', $search));

$query = "SELECT #__k2_tags.*, (SELECT COUNT(*) FROM #__k2_tags_xref WHERE #__k2_tags_xref.tagID = #__k2_tags.id) AS numOfItems FROM #__k2_tags";

Expand Down Expand Up @@ -75,6 +76,7 @@ function getTotal()
$filter_state = $mainframe->getUserStateFromRequest($option.$view.'filter_state', 'filter_state', 1, 'int');
$search = $mainframe->getUserStateFromRequest($option.$view.'search', 'search', '', 'string');
$search = JString::strtolower($search);
$search = trim(preg_replace('/[^a-zA-Z0-9\s\-_]/', '', $search));

$query = "SELECT COUNT(*) FROM #__k2_tags WHERE id>0";

Expand Down
2 changes: 2 additions & 0 deletions administrator/components/com_k2/models/users.php
View file
Expand Up @@ -33,6 +33,7 @@ function getData()
$filter_group_k2 = $mainframe->getUserStateFromRequest($option.$view.'filter_group_k2', 'filter_group_k2', '', 'string');
$search = $mainframe->getUserStateFromRequest($option.$view.'search', 'search', '', 'string');
$search = JString::strtolower($search);
$search = trim(preg_replace('/[^a-zA-Z0-9\s\-_]/', '', $search));

$query = "SELECT juser.*, k2user.group, k2group.name as groupname FROM #__users as juser "."LEFT JOIN #__k2_users as k2user ON juser.id=k2user.userID "."LEFT JOIN #__k2_user_groups as k2group ON k2user.group=k2group.id ";

Expand Down Expand Up @@ -138,6 +139,7 @@ function getTotal()
$filter_group_k2 = $mainframe->getUserStateFromRequest($option.$view.'filter_group_k2', 'filter_group_k2', '', 'string');
$search = $mainframe->getUserStateFromRequest($option.$view.'search', 'search', '', 'string');
$search = JString::strtolower($search);
$search = trim(preg_replace('/[^a-zA-Z0-9\s\-_]/', '', $search));

$query = "SELECT COUNT(DISTINCT juser.id) FROM #__users as juser "."LEFT JOIN #__k2_users as k2user ON juser.id=k2user.userID "."LEFT JOIN #__k2_user_groups as k2group ON k2user.group=k2group.id ";

Expand Down
1 change: 1 addition & 0 deletions administrator/components/com_k2/views/categories/view.html.php
View file
Expand Up @@ -32,6 +32,7 @@ function display($tpl = null)
$language = $mainframe->getUserStateFromRequest($option.$view.'language', 'language', '', 'string');
$search = $mainframe->getUserStateFromRequest($option.$view.'search', 'search', '', 'string');
$search = JString::strtolower($search);
$search = trim(preg_replace('/[^a-zA-Z0-9\s\-_]/', '', $search));
$model = $this->getModel();
$total = $model->getTotal();
$task = JRequest::getCmd('task');
Expand Down
1 change: 1 addition & 0 deletions administrator/components/com_k2/views/comments/view.html.php
View file
Expand Up @@ -31,6 +31,7 @@ function display($tpl = null)
$filter_author = $mainframe->getUserStateFromRequest($option.$view.'filter_author', 'filter_author', 0, 'int');
$search = $mainframe->getUserStateFromRequest($option.$view.'search', 'search', '', 'string');
$search = JString::strtolower($search);
$search = trim(preg_replace('/[^a-zA-Z0-9\s\-_]/', '', $search));
if ($mainframe->isSite())
{
$filter_author = $user->id;
Expand Down
1 change: 1 addition & 0 deletions administrator/components/com_k2/views/extrafields/view.html.php
View file
Expand Up @@ -29,6 +29,7 @@ function display($tpl = null)
$filter_state = $mainframe->getUserStateFromRequest($option.$view.'filter_state', 'filter_state', -1, 'int');
$search = $mainframe->getUserStateFromRequest($option.$view.'search', 'search', '', 'string');
$search = JString::strtolower($search);
$search = trim(preg_replace('/[^a-zA-Z0-9\s\-_]/', '', $search));
$filter_type = $mainframe->getUserStateFromRequest($option.$view.'filter_type', 'filter_type', '', 'string');
$filter_group = $mainframe->getUserStateFromRequest($option.$view.'filter_group', 'filter_group', '', 'string');

Expand Down
1 change: 1 addition & 0 deletions administrator/components/com_k2/views/items/view.html.php
View file
Expand Up @@ -33,6 +33,7 @@ function display($tpl = null)
$filter_state = $mainframe->getUserStateFromRequest($option.$view.'filter_state', 'filter_state', -1, 'int');
$search = $mainframe->getUserStateFromRequest($option.$view.'search', 'search', '', 'string');
$search = JString::strtolower($search);
$search = trim(preg_replace('/[^a-zA-Z0-9\s\-_]/', '', $search));
$tag = $mainframe->getUserStateFromRequest($option.$view.'tag', 'tag', 0, 'int');
$language = $mainframe->getUserStateFromRequest($option.$view.'language', 'language', '', 'string');
$params = JComponentHelper::getParams('com_k2');
Expand Down
1 change: 1 addition & 0 deletions administrator/components/com_k2/views/tags/view.html.php
View file
Expand Up @@ -28,6 +28,7 @@ function display($tpl = null)
$filter_state = $mainframe->getUserStateFromRequest($option.$view.'filter_state', 'filter_state', -1, 'int');
$search = $mainframe->getUserStateFromRequest($option.$view.'search', 'search', '', 'string');
$search = JString::strtolower($search);
$search = trim(preg_replace('/[^a-zA-Z0-9\s\-_]/', '', $search));
$model = $this->getModel();
$total = $model->getTotal();
$task = JRequest::getCmd('task');
Expand Down
1 change: 1 addition & 0 deletions administrator/components/com_k2/views/users/view.html.php
View file
Expand Up @@ -33,6 +33,7 @@ function display($tpl = null)
$filter_group_k2 = $mainframe->getUserStateFromRequest($option.$view.'filter_group_k2', 'filter_group_k2', '', 'string');
$search = $mainframe->getUserStateFromRequest($option.$view.'search', 'search', '', 'string');
$search = JString::strtolower($search);
$search = trim(preg_replace('/[^a-zA-Z0-9\s\-_]/', '', $search));
K2Model::addIncludePath(JPATH_COMPONENT_ADMINISTRATOR.DS.'models');
$model = K2Model::getInstance('Users', 'K2Model');
$total = $model->getTotal();
Expand Down

0 comments on commit c78f929

Please sign in to comment.