Permalink
Browse files

Accept SQL query only from POST requests

Signed-off-by: Michal Čihař <michal@cihar.com>
  • Loading branch information...
nijel committed Dec 7, 2017
1 parent 7292598 commit 72f109a99c82b14c07dcb19946ba9b76efc32a1b
@@ -10,9 +10,9 @@
require_once 'libraries/common.inc.php';
if (isset($_REQUEST['sql_query'])) {
if (isset($_POST['sql_query'])) {
MultiTableQuery::displayResults(
$_REQUEST['sql_query'],
$_POST['sql_query'],
$_REQUEST['db'],
$pmaThemeImage
);
@@ -742,7 +742,7 @@
$cfgBookmark = Bookmark::getParams($GLOBALS['cfg']['Server']['user']);
Sql::storeTheQueryAsBookmark(
$db, $cfgBookmark['user'],
$_REQUEST['sql_query'], $_POST['bkm_label'],
$_POST['sql_query'], $_POST['bkm_label'],
isset($_POST['bkm_replace']) ? $_POST['bkm_replace'] : null
);
}
@@ -757,7 +757,7 @@
$cfgBookmark = Bookmark::getParams($GLOBALS['cfg']['Server']['user']);
Sql::storeTheQueryAsBookmark(
$db, $cfgBookmark['user'],
$_REQUEST['sql_query'], $_POST['bkm_label'],
$_POST['sql_query'], $_POST['bkm_label'],
isset($_POST['bkm_replace']) ? $_POST['bkm_replace'] : null
);
}
@@ -87,8 +87,8 @@ class Core
* <code>
* // $_REQUEST['db'] not set
* echo Core::ifSetOr($_REQUEST['db'], ''); // ''
* // $_REQUEST['sql_query'] not set
* echo Core::ifSetOr($_REQUEST['sql_query']); // null
* // $_POST['sql_query'] not set
* echo Core::ifSetOr($_POST['sql_query']); // null
* // $cfg['EnableFoo'] not set
* echo Core::ifSetOr($cfg['EnableFoo'], false, 'boolean'); // false
* echo Core::ifSetOr($cfg['EnableFoo']); // null
@@ -44,7 +44,7 @@ public static function getFormParametersForInsertForm($db, $table, $where_clause
'table' => $table,
'goto' => $GLOBALS['goto'],
'err_url' => $err_url,
'sql_query' => $_REQUEST['sql_query'],
'sql_query' => $_POST['sql_query'],
);
if (isset($where_clauses)) {
foreach ($where_clause_array as $key_id => $where_clause) {
@@ -204,8 +204,8 @@ public static function urlParamsInEditMode(array $url_params, array $where_claus
$url_params['where_clause'] = trim($where_clause);
}
}
if (! empty($_REQUEST['sql_query'])) {
$url_params['sql_query'] = $_REQUEST['sql_query'];
if (! empty($_POST['sql_query'])) {
$url_params['sql_query'] = $_POST['sql_query'];
}
return $url_params;
}
@@ -1458,7 +1458,7 @@ public static function getContinueInsertionForm($table, $db, array $where_clause
. '<input type="hidden" name="err_url"'
. ' value="' . htmlspecialchars($err_url) . '" />'
. '<input type="hidden" name="sql_query"'
. ' value="' . htmlspecialchars($_REQUEST['sql_query']) . '" />';
. ' value="' . htmlspecialchars($_POST['sql_query']) . '" />';
if (isset($_REQUEST['where_clause'])) {
foreach ($where_clause_array as $key_id => $where_clause) {
@@ -2626,7 +2626,7 @@ public static function getUrlParameters($db, $table)
*/
$url_params = array(
'db' => $db,
'sql_query' => $_REQUEST['sql_query']
'sql_query' => $_POST['sql_query']
);
if (preg_match('@^tbl_@', $GLOBALS['goto'])) {
@@ -234,8 +234,8 @@
* @global string $GLOBALS['sql_query']
*/
$GLOBALS['sql_query'] = '';
if (Core::isValid($_REQUEST['sql_query'])) {
$GLOBALS['sql_query'] = $_REQUEST['sql_query'];
if (Core::isValid($_POST['sql_query'])) {
$GLOBALS['sql_query'] = $_POST['sql_query'];
}
//$_REQUEST['set_theme'] // checked later in this file LABEL_theme_setup
@@ -69,7 +69,7 @@ public function testGetFormParametersForInsertForm()
{
$where_clause = array('foo' => 'bar ', '1' => ' test');
$_REQUEST['clause_is_unique'] = false;
$_REQUEST['sql_query'] = 'SELECT a';
$_POST['sql_query'] = 'SELECT a';
$GLOBALS['goto'] = 'index.php';
$result = InsertEdit::getFormParametersForInsertForm(
@@ -259,7 +259,7 @@ public function testLoadFirstRow()
public function testUrlParamsInEditMode()
{
$where_clause_array = array('foo=1', 'bar=2');
$_REQUEST['sql_query'] = 'SELECT 1';
$_POST['sql_query'] = 'SELECT 1';
$result = InsertEdit::urlParamsInEditMode(array(1), $where_clause_array, '');
@@ -1431,7 +1431,7 @@ public function testGetContinueInsertionForm()
$GLOBALS['cfg']['ServerDefault'] = 1;
$GLOBALS['goto'] = "index.php";
$_REQUEST['where_clause'] = true;
$_REQUEST['sql_query'] = "SELECT 1";
$_POST['sql_query'] = "SELECT 1";
$result = InsertEdit::getContinueInsertionForm(
"tbl", "db", $where_clause_array, "localhost"
@@ -2817,7 +2817,7 @@ public function testGetCommentsMap()
*/
public function testGetUrlParameters()
{
$_REQUEST['sql_query'] = 'SELECT';
$_POST['sql_query'] = 'SELECT';
$GLOBALS['goto'] = 'tbl_change.php';
$this->assertEquals(

0 comments on commit 72f109a

Please sign in to comment.