From aeeac308bb33af06b6881ba4ffd02080aa1452f9 Mon Sep 17 00:00:00 2001 From: jekkos Date: Tue, 28 Sep 2021 00:10:58 +0200 Subject: [PATCH] Blind sql injection fixes rework (#3284) --- application/controllers/Attributes.php | 2 +- application/controllers/Cashups.php | 2 +- application/controllers/Customers.php | 2 +- application/controllers/Employees.php | 2 +- application/controllers/Expenses.php | 2 +- application/controllers/Expenses_categories.php | 2 +- application/controllers/Giftcards.php | 2 +- application/controllers/Item_kits.php | 2 +- application/controllers/Items.php | 2 +- application/controllers/Sales.php | 2 +- application/controllers/Suppliers.php | 2 +- application/controllers/Tax_categories.php | 3 +-- application/controllers/Tax_codes.php | 2 +- application/controllers/Tax_jurisdictions.php | 2 +- application/controllers/Taxes.php | 2 +- application/models/Attribute.php | 5 +++++ application/models/Cashup.php | 6 ++++++ application/models/Customer.php | 7 +++++++ application/models/Employee.php | 7 +++++++ application/models/Expense.php | 6 ++++++ application/models/Expense_category.php | 6 ++++++ application/models/Giftcard.php | 7 +++++++ application/models/Item.php | 7 +++++++ application/models/Item_kit.php | 6 ++++++ application/models/Item_taxes.php | 6 ++++++ application/models/Sale.php | 6 ++++++ application/models/Supplier.php | 6 ++++++ application/models/Tax.php | 6 ++++++ application/models/Tax_category.php | 6 ++++++ application/models/Tax_code.php | 6 ++++++ application/models/Tax_jurisdiction.php | 6 ++++++ 31 files changed, 114 insertions(+), 16 deletions(-) diff --git a/application/controllers/Attributes.php b/application/controllers/Attributes.php index 8a07a32f09..b561ac01c8 100644 --- a/application/controllers/Attributes.php +++ b/application/controllers/Attributes.php @@ -24,7 +24,7 @@ public function search() $search = $this->input->get('search'); $limit = $this->input->get('limit'); $offset = $this->input->get('offset'); - $sort = $this->input->get('sort'); + $sort = $this->Attribute->sort_column($this->input->get('sort')); $order = $this->input->get('order'); $attributes = $this->Attribute->search($search, $limit, $offset, $sort, $order); diff --git a/application/controllers/Cashups.php b/application/controllers/Cashups.php index fe295bc971..366b1d99d6 100644 --- a/application/controllers/Cashups.php +++ b/application/controllers/Cashups.php @@ -25,7 +25,7 @@ public function search() $search = $this->input->get('search'); $limit = $this->input->get('limit'); $offset = $this->input->get('offset'); - $sort = $this->input->get('sort'); + $sort = $this->Cashup->sort_column($this->input->get('sort')); $order = $this->input->get('order'); $filters = array( 'start_date' => $this->input->get('start_date'), diff --git a/application/controllers/Customers.php b/application/controllers/Customers.php index 5f446da762..beaede8bc2 100644 --- a/application/controllers/Customers.php +++ b/application/controllers/Customers.php @@ -58,7 +58,7 @@ public function search() $search = $this->input->get('search'); $limit = $this->input->get('limit'); $offset = $this->input->get('offset'); - $sort = $this->input->get('sort'); + $sort = $this->Customer->sort_column($this->input->get('sort')); $order = $this->input->get('order'); $customers = $this->Customer->search($search, $limit, $offset, $sort, $order); diff --git a/application/controllers/Employees.php b/application/controllers/Employees.php index d101dc75ca..d7960d9448 100644 --- a/application/controllers/Employees.php +++ b/application/controllers/Employees.php @@ -17,7 +17,7 @@ public function search() $search = $this->input->get('search'); $limit = $this->input->get('limit'); $offset = $this->input->get('offset'); - $sort = $this->input->get('sort'); + $sort = $this->Employee->sort_column($this->input->get('sort')); $order = $this->input->get('order'); $employees = $this->Employee->search($search, $limit, $offset, $sort, $order); diff --git a/application/controllers/Expenses.php b/application/controllers/Expenses.php index f419bf6225..c0d994ced1 100644 --- a/application/controllers/Expenses.php +++ b/application/controllers/Expenses.php @@ -30,7 +30,7 @@ public function search() $search = $this->input->get('search'); $limit = $this->input->get('limit'); $offset = $this->input->get('offset'); - $sort = $this->input->get('sort'); + $sort = $this->Expense->sort_column($this->input->get('sort')); $order = $this->input->get('order'); $filters = array( 'start_date' => $this->input->get('start_date'), diff --git a/application/controllers/Expenses_categories.php b/application/controllers/Expenses_categories.php index e7af652608..949eb896a4 100644 --- a/application/controllers/Expenses_categories.php +++ b/application/controllers/Expenses_categories.php @@ -24,7 +24,7 @@ public function search() $search = $this->input->get('search'); $limit = $this->input->get('limit'); $offset = $this->input->get('offset'); - $sort = $this->input->get('sort'); + $sort = $this->Expense_category->sort_column($this->input->get('sort')); $order = $this->input->get('order'); $expense_categories = $this->Expense_category->search($search, $limit, $offset, $sort, $order); diff --git a/application/controllers/Giftcards.php b/application/controllers/Giftcards.php index a988361b8e..6884573758 100644 --- a/application/controllers/Giftcards.php +++ b/application/controllers/Giftcards.php @@ -24,7 +24,7 @@ public function search() $search = $this->input->get('search'); $limit = $this->input->get('limit'); $offset = $this->input->get('offset'); - $sort = $this->input->get('sort'); + $sort = $this->Giftcard->sort_column($this->input->get('sort')); $order = $this->input->get('order'); $giftcards = $this->Giftcard->search($search, $limit, $offset, $sort, $order); diff --git a/application/controllers/Item_kits.php b/application/controllers/Item_kits.php index 3349a14f79..8b6851df79 100644 --- a/application/controllers/Item_kits.php +++ b/application/controllers/Item_kits.php @@ -59,7 +59,7 @@ public function search() $search = $this->input->get('search'); $limit = $this->input->get('limit'); $offset = $this->input->get('offset'); - $sort = $this->input->get('sort'); + $sort = $this->Item_kit->sort_column($this->input->get('sort')); $order = $this->input->get('order'); $item_kits = $this->Item_kit->search($search, $limit, $offset, $sort, $order); diff --git a/application/controllers/Items.php b/application/controllers/Items.php index c955306866..51135edd4b 100644 --- a/application/controllers/Items.php +++ b/application/controllers/Items.php @@ -40,7 +40,7 @@ public function search() $search = $this->input->get('search'); $limit = $this->input->get('limit'); $offset = $this->input->get('offset'); - $sort = $this->input->get('sort'); + $sort = $this->Item->sort_column($this->input->get('sort')); $order = $this->input->get('order'); $this->item_lib->set_item_location($this->input->get('stock_location')); diff --git a/application/controllers/Sales.php b/application/controllers/Sales.php index 2bdf80a907..efd4aab83d 100644 --- a/application/controllers/Sales.php +++ b/application/controllers/Sales.php @@ -56,7 +56,7 @@ public function search() $search = $this->input->get('search'); $limit = $this->input->get('limit'); $offset = $this->input->get('offset'); - $sort = $this->input->get('sort'); + $sort = $this->Sale->sort_column($this->input->get('sort')); $order = $this->input->get('order'); $filters = array('sale_type' => 'all', diff --git a/application/controllers/Suppliers.php b/application/controllers/Suppliers.php index 36b6f58ee2..03c0fe7c7b 100644 --- a/application/controllers/Suppliers.php +++ b/application/controllers/Suppliers.php @@ -35,7 +35,7 @@ public function search() $search = $this->input->get('search'); $limit = $this->input->get('limit'); $offset = $this->input->get('offset'); - $sort = $this->input->get('sort'); + $sort = $this->Supplier->sort_column($this->input->get('sort')); $order = $this->input->get('order'); $suppliers = $this->Supplier->search($search, $limit, $offset, $sort, $order); diff --git a/application/controllers/Tax_categories.php b/application/controllers/Tax_categories.php index 952b166dfc..ada2529a3d 100644 --- a/application/controllers/Tax_categories.php +++ b/application/controllers/Tax_categories.php @@ -9,7 +9,6 @@ public function __construct() parent::__construct('tax_categories'); } - public function index() { $data['tax_categories_table_headers'] = $this->xss_clean(get_tax_categories_table_headers()); @@ -25,7 +24,7 @@ public function search() $search = $this->input->get('search'); $limit = $this->input->get('limit'); $offset = $this->input->get('offset'); - $sort = $this->input->get('sort'); + $sort = $this->Tax_category->sort_column($this->input->get('sort')); $order = $this->input->get('order'); $tax_categories = $this->Tax_category->search($search, $limit, $offset, $sort, $order); diff --git a/application/controllers/Tax_codes.php b/application/controllers/Tax_codes.php index af21db6968..1cbc2486e3 100644 --- a/application/controllers/Tax_codes.php +++ b/application/controllers/Tax_codes.php @@ -29,7 +29,7 @@ public function search() $search = $this->input->get('search'); $limit = $this->input->get('limit'); $offset = $this->input->get('offset'); - $sort = $this->input->get('sort'); + $sort = $this->Tax_code->sort_column($this->input->get('sort')); $order = $this->input->get('order'); $tax_codes = $this->Tax_code->search($search, $limit, $offset, $sort, $order); diff --git a/application/controllers/Tax_jurisdictions.php b/application/controllers/Tax_jurisdictions.php index 7059f7bcf7..1044d070a2 100644 --- a/application/controllers/Tax_jurisdictions.php +++ b/application/controllers/Tax_jurisdictions.php @@ -25,7 +25,7 @@ public function search() $search = $this->input->get('search'); $limit = $this->input->get('limit'); $offset = $this->input->get('offset'); - $sort = $this->input->get('sort'); + $sort = $this->Tax_jurisdiction->sort_column($this->input->get('sort')); $order = $this->input->get('order'); $tax_jurisdictions = $this->Tax_jurisdiction->search($search, $limit, $offset, $sort, $order); diff --git a/application/controllers/Taxes.php b/application/controllers/Taxes.php index c4adc08d87..c1115ce822 100644 --- a/application/controllers/Taxes.php +++ b/application/controllers/Taxes.php @@ -57,7 +57,7 @@ public function search() $search = $this->input->get('search'); $limit = $this->input->get('limit'); $offset = $this->input->get('offset'); - $sort = $this->input->get('sort'); + $sort = $this->Tax->sort_column($this->input->get('sort')); $order = $this->input->get('order'); $tax_rates = $this->Tax->search($search, $limit, $offset, $sort, $order); diff --git a/application/models/Attribute.php b/application/models/Attribute.php index 504251504f..8ae36fc094 100644 --- a/application/models/Attribute.php +++ b/application/models/Attribute.php @@ -16,6 +16,11 @@ public static function get_definition_flags() return array_flip($class->getConstants()); } + public function sort_column($field) + { + return in_array($field, $this->db->list_fields('attribute_definitions')) ? $field : 'definition_id'; + } + /* Determines if a given definition_id is an attribute */ diff --git a/application/models/Cashup.php b/application/models/Cashup.php index de03509b97..0f9205b4f6 100644 --- a/application/models/Cashup.php +++ b/application/models/Cashup.php @@ -6,6 +6,12 @@ class Cashup extends CI_Model { + + public function sort_column($field) + { + return in_array($field, $this->db->list_fields('cash_up')) ? $field : 'cashup_id'; + } + /* Determines if a given Cashup_id is an Cashup */ diff --git a/application/models/Customer.php b/application/models/Customer.php index d5b8127180..0b88760003 100644 --- a/application/models/Customer.php +++ b/application/models/Customer.php @@ -6,6 +6,13 @@ class Customer extends Person { + + public function sort_column($field) + { + $allowed_columns = array_merge($this->db->list_fields('customers'), $this->db->list_fields('people')); + return in_array($field, $allowed_columns) ? $field : 'people.person_id'; + } + /* Determines if a given person_id is a customer */ diff --git a/application/models/Employee.php b/application/models/Employee.php index 160f017097..99c0b25c5a 100644 --- a/application/models/Employee.php +++ b/application/models/Employee.php @@ -6,6 +6,13 @@ class Employee extends Person { + + public function sort_column($field) + { + $allowed_columns = array_merge($this->db->list_fields('employees'), $this->db->list_fields('people')); + return in_array($field, $allowed_columns) ? $field : 'people.person_id'; + } + /* Determines if a given person_id is an employee */ diff --git a/application/models/Expense.php b/application/models/Expense.php index 035e256c5d..7a71a1dbe4 100644 --- a/application/models/Expense.php +++ b/application/models/Expense.php @@ -6,6 +6,12 @@ class Expense extends CI_Model { + + public function sort_column($field) + { + return in_array($field, $this->db->list_fields('expenses')) ? $field : 'expense_id'; + } + /* Determines if a given Expense_id is an Expense */ diff --git a/application/models/Expense_category.php b/application/models/Expense_category.php index 2aaa76853a..494d2aedfe 100644 --- a/application/models/Expense_category.php +++ b/application/models/Expense_category.php @@ -6,6 +6,12 @@ class Expense_category extends CI_Model { + + public function sort_column($field) + { + return in_array($field, $this->db->list_fields('expense_categories')) ? $field : 'expense_category_id'; + } + /* Determines if a given Expense_id is an Expense category */ diff --git a/application/models/Giftcard.php b/application/models/Giftcard.php index 281ed52198..69899e86a5 100644 --- a/application/models/Giftcard.php +++ b/application/models/Giftcard.php @@ -6,6 +6,13 @@ class Giftcard extends CI_Model { + + public function sort_column($field) + { + $allowed_columns = array_merge($this->db->list_fields('people'), $this->db->list_fields('giftcards')); + return in_array($field, $allowed_columns) ? $field : 'giftcard_id'; + } + /* Determines if a given giftcard_id is a giftcard */ diff --git a/application/models/Item.php b/application/models/Item.php index dfd586fb92..6fee5e076b 100644 --- a/application/models/Item.php +++ b/application/models/Item.php @@ -5,6 +5,13 @@ class Item extends CI_Model { + + public function sort_column($field) + { + $allowed_columns = array_merge($this->db->list_fields('items'), $this->db->list_fields('item_quantities')); + return in_array($field, $allowed_columns) ? $field : 'item_id'; + } + /* Determines if a given item_id is an item */ diff --git a/application/models/Item_kit.php b/application/models/Item_kit.php index 41bfdcabd4..0e052ac7e1 100644 --- a/application/models/Item_kit.php +++ b/application/models/Item_kit.php @@ -6,6 +6,12 @@ class Item_kit extends CI_Model { + + public function sort_column($field) + { + return in_array($field, $this->db->list_fields('item_kits')) ? $field : 'item_kit_id'; + } + /* Determines if a given item_id is an item kit */ diff --git a/application/models/Item_taxes.php b/application/models/Item_taxes.php index 49e6598f3c..b66865ee92 100644 --- a/application/models/Item_taxes.php +++ b/application/models/Item_taxes.php @@ -6,6 +6,12 @@ class Item_taxes extends CI_Model { + + public function sort_column($field) + { + return in_array($field, $this->db->list_fields('items_taxes')) ? $field : 'item_id'; + } + /* Gets tax info for a particular item */ diff --git a/application/models/Sale.php b/application/models/Sale.php index 02ffb5aa3c..5b8dd69655 100644 --- a/application/models/Sale.php +++ b/application/models/Sale.php @@ -4,6 +4,12 @@ */ class Sale extends CI_Model { + + public function sort_column($field) + { + return in_array($field, $this->db->list_fields('sales')) ? $field : 'sale_id'; + } + /** * Get sale info */ diff --git a/application/models/Supplier.php b/application/models/Supplier.php index 05ef4d458e..2b2bf8f247 100644 --- a/application/models/Supplier.php +++ b/application/models/Supplier.php @@ -9,6 +9,12 @@ class Supplier extends Person const GOODS_SUPPLIER = 0; const COST_SUPPLIER = 1; + public function sort_column($field) + { + $allowed_columns = array_merge($this->db->list_fields('suppliers'), $this->db->list_fields('people')); + return in_array($field, $allowed_columns) ? $field : 'people.person_id'; + } + /* Determines if a given person_id is a customer */ diff --git a/application/models/Tax.php b/application/models/Tax.php index 92391aa8ae..e61fd42aea 100644 --- a/application/models/Tax.php +++ b/application/models/Tax.php @@ -6,6 +6,12 @@ class Tax extends CI_Model { + + public function sort_column($field) + { + return in_array($field, $this->db->list_fields('tax_codes')) ? $field : 'tax_code_id'; + } + /** * Determines if a given row is on file */ diff --git a/application/models/Tax_category.php b/application/models/Tax_category.php index f2ad826ed9..929e74314a 100644 --- a/application/models/Tax_category.php +++ b/application/models/Tax_category.php @@ -6,6 +6,12 @@ class Tax_category extends CI_Model { + + public function sort_column($field) + { + return in_array($field, $this->db->list_fields('tax_categories')) ? $field : 'tax_category_id'; + } + /** * Determines if it exists in the table */ diff --git a/application/models/Tax_code.php b/application/models/Tax_code.php index 16b09b0252..ecebfef255 100644 --- a/application/models/Tax_code.php +++ b/application/models/Tax_code.php @@ -6,6 +6,12 @@ class Tax_code extends CI_Model { + + public function sort_column($field) + { + return in_array($field, $this->db->list_fields('tax_codes')) ? $field : 'tax_code_id'; + } + /** * Determines if it exists in the table */ diff --git a/application/models/Tax_jurisdiction.php b/application/models/Tax_jurisdiction.php index af5bde8a2f..ef410a57ca 100644 --- a/application/models/Tax_jurisdiction.php +++ b/application/models/Tax_jurisdiction.php @@ -6,6 +6,12 @@ class Tax_jurisdiction extends CI_Model { + + public function sort_column($field) + { + return in_array($field, $this->db->list_fields('tax_jurisdictions')) ? $field : 'jurisdiction_id'; + } + /** * Determines if it exists in the table */