Permalink
Browse files

Fix SQL Injection problem in store.php.

  • Loading branch information...
jeresig committed Nov 6, 2013
1 parent 124a0f8 commit 6351693126b7e26b1bdcfde232988f420b11d0df
Showing with 42 additions and 36 deletions.
  1. +2 −1 .gitignore
  2. +40 −35 dep/web/store.php
View
@@ -1,4 +1,5 @@
.DS_Store
results/
dep/run/
web/
web/
!dep/web/
View
@@ -25,59 +25,64 @@
OTHER DEALINGS IN THE SOFTWARE.
*/
$server = 'mysql.dromaeo.com';
$user = 'dromaeo';
$pass = 'dromaeo';
$server = 'mysql.dromaeo.com';
$user = 'dromaeo';
$pass = 'dromaeo';
require('JSON.php');
require('JSON.php');
$json = new Services_JSON();
$sql = mysql_connect( $server, $user, $pass );
$json = new Services_JSON();
$sql = mysql_connect( $server, $user, $pass );
mysql_select_db( 'dromaeo' );
mysql_select_db( 'dromaeo' );
$id = str_replace(';', "", $_REQUEST['id']);
$id = preg_replace('/[^\d,]/', '', $_REQUEST['id']);
if ( $id ) {
$sets = array();
$ids = split(",", $id);
if ( $id ) {
$sets = array();
$ids = split(",", $id);
foreach ($ids as $i) {
$query = mysql_query( "SELECT * FROM runs WHERE id=$i;" );
$data = mysql_fetch_assoc($query);
foreach ($ids as $i) {
$query = mysql_query( sprintf("SELECT * FROM runs WHERE id=%s;",
mysql_real_escape_string($i)));
$data = mysql_fetch_assoc($query);
$query = mysql_query( sprintf("SELECT * FROM results WHERE run_id=%s;",
mysql_real_escape_string($i)));
$results = array();
$query = mysql_query( "SELECT * FROM results WHERE run_id=$i;" );
$results = array();
while ( $row = mysql_fetch_assoc($query) ) {
array_push($results, $row);
}
while ( $row = mysql_fetch_assoc($query) ) {
array_push($results, $row);
}
$data['results'] = $results;
$data['ip'] = '';
$data['results'] = $results;
$data['ip'] = '';
array_push($sets, $data);
}
array_push($sets, $data);
}
echo $json->encode($sets);
} else {
$data = $json->decode(str_replace('\\"', '"', $_REQUEST['data']));
echo $json->encode($sets);
} else {
$data = $json->decode(str_replace('\\"', '"', $_REQUEST['data']));
if ( $data ) {
if ( $data ) {
mysql_query( sprintf("INSERT into runs VALUES(NULL,'%s','%s',NOW(),'%s');",
$_SERVER['HTTP_USER_AGENT'], $_SERVER['REMOTE_ADDR'], str_replace(';', "", $_REQUEST['style'])) );
mysql_real_escape_string($_SERVER['HTTP_USER_AGENT']),
mysql_real_escape_string($_SERVER['REMOTE_ADDR']),
mysql_real_escape_string(str_replace(';', "", $_REQUEST['style']))
));
$id = mysql_insert_id();
if ( $id ) {
foreach ($data as $row) {
mysql_query( sprintf("INSERT into results VALUES(NULL,'%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s');",
$id, $row->collection, $row->version, $row->name, $row->scale, $row->median, $row->min, $row->max, $row->mean, $row->deviation, $row->runs) );
}
foreach ($data as $row) {
mysql_query( sprintf("INSERT into results VALUES(NULL,'%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s');",
$id, $row->collection, $row->version, $row->name, $row->scale, $row->median, $row->min, $row->max, $row->mean, $row->deviation, $row->runs) );
}
echo $id;
}
echo $id;
}
}
}
?>

0 comments on commit 6351693

Please sign in to comment.