Skip to content
Permalink
Browse files Browse the repository at this point in the history
#19727459 SQL Injection fixed in Update Query
git-svn-id: http://xe-core.googlecode.com/svn/branches/1.4.5@8350 201d5d3c-b55e-5fd7-737f-ddc643e51545
  • Loading branch information
ovclas@gmail.com committed May 2, 2011
1 parent 0c9b6df commit c6e9444
Show file tree
Hide file tree
Showing 6 changed files with 10 additions and 10 deletions.
5 changes: 2 additions & 3 deletions classes/db/DBCubrid.class.php
Expand Up @@ -733,9 +733,8 @@ function _executeUpdateAct ($output)
$check_column = false;
$value = "'".$this->addQuotes ($value)."'";
}
elseif (!$value || is_numeric ($value)) {
$value = (int) $value;
}
// sql injection 문제로 xml 선언이 number인 경우이면서 넘어온 값이 숫자형이 아니면 숫자형으로 강제 형변환
else $value = (int)$value;

$column_list[] = sprintf ("\"%s\" = %s", $name, $value);
}
Expand Down
2 changes: 0 additions & 2 deletions classes/db/DBMssql.class.php
Expand Up @@ -595,8 +595,6 @@ function _executeUpdateAct($output) {
if(!$value) $value = '';
$column_list[] = sprintf("[%s] = %s", $name, $value);
}


}
}

Expand Down
3 changes: 2 additions & 1 deletion classes/db/DBMysql.class.php
Expand Up @@ -485,7 +485,8 @@ function _executeUpdateAct($output) {
if(strpos($name,'.')!==false&&strpos($value,'.')!==false) $column_list[] = $name.' = '.$value;
else {
if($output->column_type[$name]!='number') $value = "'".$this->addQuotes($value)."'";
elseif(!$value || is_numeric($value)) $value = (int)$value;
// sql injection 문제로 xml 선언이 number인 경우이면서 넘어온 값이 숫자형이 아니면 숫자형으로 강제 형변환
else $value = (int)$value;

$column_list[] = sprintf("`%s` = %s", $name, $value);
}
Expand Down
4 changes: 2 additions & 2 deletions classes/db/DBPostgresql.class.php
Expand Up @@ -617,8 +617,8 @@ function _executeUpdateAct($output)
else {
if ($output->column_type[$name] != 'number')
$value = "'" . $this->addQuotes($value) . "'";
elseif (!$value || is_numeric($value))
$value = (int)$value;
// sql injection 문제로 xml 선언이 number인 경우이면서 넘어온 값이 숫자형이 아니면 숫자형으로 강제 형변환
else $value = (int)$value;

$column_list[] = sprintf("%s = %s", $name, $value);
}
Expand Down
3 changes: 2 additions & 1 deletion classes/db/DBSqlite2.class.php
Expand Up @@ -463,7 +463,8 @@ function _executeUpdateAct($output) {
if(strpos($name,'.')!==false&&strpos($value,'.')!==false) $column_list[] = $name.' = '.$value;
else {
if($output->column_type[$name]!='number') $value = "'".$this->addQuotes($value)."'";
elseif(!$value || is_numeric($value)) $value = (int)$value;
// sql injection 문제로 xml 선언이 number인 경우이면서 넘어온 값이 숫자형이 아니면 숫자형으로 강제 형변환
else $value = (int)$value;

$column_list[] = sprintf("%s = %s", $name, $value);
}
Expand Down
3 changes: 2 additions & 1 deletion classes/db/DBSqlite3_pdo.class.php
Expand Up @@ -500,7 +500,8 @@ function _executeUpdateAct($output) {
if(strpos($name,'.')!==false&&strpos($value,'.')!==false) $column_list[] = $name.' = '.$value;
else {
if($output->column_type[$name]!='number') $value = "'".$this->addQuotes($value)."'";
elseif(!$value || is_numeric($value)) $value = (int)$value;
// sql injection 문제로 xml 선언이 number인 경우이면서 넘어온 값이 숫자형이 아니면 숫자형으로 강제 형변환
else $value = (int)$value;

$column_list[] = sprintf("%s = %s", $name, $value);
}
Expand Down

0 comments on commit c6e9444

Please sign in to comment.