Skip to content

Commit

Permalink
Fix #249 CSRF to CREATE TABLE query
Browse files Browse the repository at this point in the history 
Signed-off-by: Madhura Jayaratne <madhura.cj@gmail.com>
  • Loading branch information
@madhuracj @MauricioFauth
madhuracj authored and MauricioFauth committed Nov 10, 2018
1 parent 5d78142 commit d6e04ca
Show file tree
Hide file tree
Showing 3 changed files with 80 additions and 80 deletions.
130 changes: 65 additions & 65 deletions libraries/classes/CreateAddField.php
View file
Expand Up @@ -42,12 +42,12 @@ public function __construct(DatabaseInterface $dbi)
*/ */
private function getIndexedColumns() private function getIndexedColumns()
{ {
$fieldCount = count($_REQUEST['field_name']); $fieldCount = count($_POST['field_name']);
$fieldPrimary = json_decode($_REQUEST['primary_indexes'], true); $fieldPrimary = json_decode($_POST['primary_indexes'], true);
$fieldIndex = json_decode($_REQUEST['indexes'], true); $fieldIndex = json_decode($_POST['indexes'], true);
$fieldUnique = json_decode($_REQUEST['unique_indexes'], true); $fieldUnique = json_decode($_POST['unique_indexes'], true);
$fieldFullText = json_decode($_REQUEST['fulltext_indexes'], true); $fieldFullText = json_decode($_POST['fulltext_indexes'], true);
$fieldSpatial = json_decode($_REQUEST['spatial_indexes'], true); $fieldSpatial = json_decode($_POST['spatial_indexes'], true);


return [ return [
$fieldCount, $fieldCount,
Expand Down Expand Up @@ -78,35 +78,35 @@ private function buildColumnCreationStatement(
$previousField = -1; $previousField = -1;
for ($i = 0; $i < $fieldCount; ++$i) { for ($i = 0; $i < $fieldCount; ++$i) {
// '0' is also empty for php :-( // '0' is also empty for php :-(
if (strlen($_REQUEST['field_name'][$i]) === 0) { if (strlen($_POST['field_name'][$i]) === 0) {
continue; continue;
} }


$definition = $this->getStatementPrefix($isCreateTable) . $definition = $this->getStatementPrefix($isCreateTable) .
Table::generateFieldSpec( Table::generateFieldSpec(
trim($_REQUEST['field_name'][$i]), trim($_POST['field_name'][$i]),
$_REQUEST['field_type'][$i], $_POST['field_type'][$i],
$_REQUEST['field_length'][$i], $_POST['field_length'][$i],
$_REQUEST['field_attribute'][$i], $_POST['field_attribute'][$i],
isset($_REQUEST['field_collation'][$i]) isset($_POST['field_collation'][$i])
? $_REQUEST['field_collation'][$i] ? $_POST['field_collation'][$i]
: '', : '',
isset($_REQUEST['field_null'][$i]) isset($_POST['field_null'][$i])
? $_REQUEST['field_null'][$i] ? $_POST['field_null'][$i]
: 'NOT NULL', : 'NOT NULL',
$_REQUEST['field_default_type'][$i], $_POST['field_default_type'][$i],
$_REQUEST['field_default_value'][$i], $_POST['field_default_value'][$i],
isset($_REQUEST['field_extra'][$i]) isset($_POST['field_extra'][$i])
? $_REQUEST['field_extra'][$i] ? $_POST['field_extra'][$i]
: false, : false,
isset($_REQUEST['field_comments'][$i]) isset($_POST['field_comments'][$i])
? $_REQUEST['field_comments'][$i] ? $_POST['field_comments'][$i]
: '', : '',
isset($_REQUEST['field_virtuality'][$i]) isset($_POST['field_virtuality'][$i])
? $_REQUEST['field_virtuality'][$i] ? $_POST['field_virtuality'][$i]
: '', : '',
isset($_REQUEST['field_expression'][$i]) isset($_POST['field_expression'][$i])
? $_REQUEST['field_expression'][$i] ? $_POST['field_expression'][$i]
: '' : ''
); );


Expand Down Expand Up @@ -139,22 +139,22 @@ private function setColumnCreationStatementSuffix(
return $sqlSuffix; return $sqlSuffix;
} }


if ((string) $_REQUEST['field_where'] === 'last') { if ((string) $_POST['field_where'] === 'last') {
return $sqlSuffix; return $sqlSuffix;
} }


// Only the first field can be added somewhere other than at the end // Only the first field can be added somewhere other than at the end
if ($previousField == -1) { if ($previousField == -1) {
if ((string) $_REQUEST['field_where'] === 'first') { if ((string) $_POST['field_where'] === 'first') {
$sqlSuffix .= ' FIRST'; $sqlSuffix .= ' FIRST';
} else { } else {
$sqlSuffix .= ' AFTER ' $sqlSuffix .= ' AFTER '
. Util::backquote($_REQUEST['after_field']); . Util::backquote($_POST['after_field']);
} }
} else { } else {
$sqlSuffix .= ' AFTER ' $sqlSuffix .= ' AFTER '
. Util::backquote( . Util::backquote(
$_REQUEST['field_name'][$previousField] $_POST['field_name'][$previousField]
); );
} }


Expand Down Expand Up @@ -192,7 +192,7 @@ private function buildIndexStatements(
$indexFields = []; $indexFields = [];
foreach ($index['columns'] as $key => $column) { foreach ($index['columns'] as $key => $column) {
$indexFields[$key] = Util::backquote( $indexFields[$key] = Util::backquote(
$_REQUEST['field_name'][$column['col_index']] $_POST['field_name'][$column['col_index']]
); );
if ($column['size']) { if ($column['size']) {
$indexFields[$key] .= '(' . $column['size'] . ')'; $indexFields[$key] .= '(' . $column['size'] . ')';
Expand Down Expand Up @@ -358,30 +358,30 @@ private function getColumnCreationStatements($isCreateTable = true)
public function getPartitionsDefinition() public function getPartitionsDefinition()
{ {
$sqlQuery = ""; $sqlQuery = "";
if (! empty($_REQUEST['partition_by']) if (! empty($_POST['partition_by'])
&& ! empty($_REQUEST['partition_expr']) && ! empty($_POST['partition_expr'])
&& ! empty($_REQUEST['partition_count']) && ! empty($_POST['partition_count'])
&& $_REQUEST['partition_count'] > 1 && $_POST['partition_count'] > 1
) { ) {
$sqlQuery .= " PARTITION BY " . $_REQUEST['partition_by'] $sqlQuery .= " PARTITION BY " . $_POST['partition_by']
. " (" . $_REQUEST['partition_expr'] . ")" . " (" . $_POST['partition_expr'] . ")"
. " PARTITIONS " . $_REQUEST['partition_count']; . " PARTITIONS " . $_POST['partition_count'];
} }


if (! empty($_REQUEST['subpartition_by']) if (! empty($_POST['subpartition_by'])
&& ! empty($_REQUEST['subpartition_expr']) && ! empty($_POST['subpartition_expr'])
&& ! empty($_REQUEST['subpartition_count']) && ! empty($_POST['subpartition_count'])
&& $_REQUEST['subpartition_count'] > 1 && $_POST['subpartition_count'] > 1
) { ) {
$sqlQuery .= " SUBPARTITION BY " . $_REQUEST['subpartition_by'] $sqlQuery .= " SUBPARTITION BY " . $_POST['subpartition_by']
. " (" . $_REQUEST['subpartition_expr'] . ")" . " (" . $_POST['subpartition_expr'] . ")"
. " SUBPARTITIONS " . $_REQUEST['subpartition_count']; . " SUBPARTITIONS " . $_POST['subpartition_count'];
} }


if (! empty($_REQUEST['partitions'])) { if (! empty($_POST['partitions'])) {
$i = 0; $i = 0;
$partitions = []; $partitions = [];
foreach ($_REQUEST['partitions'] as $partition) { foreach ($_POST['partitions'] as $partition) {
$partitions[] = $this->getPartitionDefinition($partition); $partitions[] = $this->getPartitionDefinition($partition);
$i++; $i++;
} }
Expand Down Expand Up @@ -471,24 +471,24 @@ public function getTableCreationQuery($db, $table)
. Util::backquote(trim($table)) . ' (' . $sqlStatement . ')'; . Util::backquote(trim($table)) . ' (' . $sqlStatement . ')';


// Adds table type, character set, comments and partition definition // Adds table type, character set, comments and partition definition
if (!empty($_REQUEST['tbl_storage_engine']) if (!empty($_POST['tbl_storage_engine'])
&& ($_REQUEST['tbl_storage_engine'] != 'Default') && ($_POST['tbl_storage_engine'] != 'Default')
) { ) {
$sqlQuery .= ' ENGINE = ' . $_REQUEST['tbl_storage_engine']; $sqlQuery .= ' ENGINE = ' . $_POST['tbl_storage_engine'];
} }
if (!empty($_REQUEST['tbl_collation'])) { if (!empty($_POST['tbl_collation'])) {
$sqlQuery .= Util::getCharsetQueryPart($_REQUEST['tbl_collation']); $sqlQuery .= Util::getCharsetQueryPart($_POST['tbl_collation']);
} }
if (! empty($_REQUEST['connection']) if (! empty($_POST['connection'])
&& ! empty($_REQUEST['tbl_storage_engine']) && ! empty($_POST['tbl_storage_engine'])
&& $_REQUEST['tbl_storage_engine'] == 'FEDERATED' && $_POST['tbl_storage_engine'] == 'FEDERATED'
) { ) {
$sqlQuery .= " CONNECTION = '" $sqlQuery .= " CONNECTION = '"
. $this->dbi->escapeString($_REQUEST['connection']) . "'"; . $this->dbi->escapeString($_POST['connection']) . "'";
} }
if (!empty($_REQUEST['comment'])) { if (!empty($_POST['comment'])) {
$sqlQuery .= ' COMMENT = \'' $sqlQuery .= ' COMMENT = \''
. $this->dbi->escapeString($_REQUEST['comment']) . '\''; . $this->dbi->escapeString($_POST['comment']) . '\'';
} }
$sqlQuery .= $this->getPartitionsDefinition(); $sqlQuery .= $this->getPartitionsDefinition();
$sqlQuery .= ';'; $sqlQuery .= ';';
Expand All @@ -506,14 +506,14 @@ public function getNumberOfFieldsFromRequest()
// Limit to 4096 fields (MySQL maximal value) // Limit to 4096 fields (MySQL maximal value)
$mysqlLimit = 4096; $mysqlLimit = 4096;


if (isset($_REQUEST['submit_num_fields'])) { // adding new fields if (isset($_POST['submit_num_fields'])) { // adding new fields
$numberOfFields = intval($_REQUEST['orig_num_fields']) + intval($_REQUEST['added_fields']); $numberOfFields = intval($_POST['orig_num_fields']) + intval($_POST['added_fields']);
} elseif (isset($_REQUEST['orig_num_fields'])) { // retaining existing fields } elseif (isset($_POST['orig_num_fields'])) { // retaining existing fields
$numberOfFields = intval($_REQUEST['orig_num_fields']); $numberOfFields = intval($_POST['orig_num_fields']);
} elseif (isset($_REQUEST['num_fields']) } elseif (isset($_POST['num_fields'])
&& intval($_REQUEST['num_fields']) > 0 && intval($_POST['num_fields']) > 0
) { // new table with specified number of fields ) { // new table with specified number of fields
$numberOfFields = intval($_REQUEST['num_fields']); $numberOfFields = intval($_POST['num_fields']);
} else { // new table with unspecified number of fields } else { // new table with unspecified number of fields
$numberOfFields = 4; $numberOfFields = 4;
} }
Expand Down Expand Up @@ -548,7 +548,7 @@ public function tryColumnCreationQuery($db, $table, $errorUrl)
$sqlQuery = 'ALTER TABLE ' . $sqlQuery = 'ALTER TABLE ' .
Util::backquote($table) . ' ' . $sqlStatement . ';'; Util::backquote($table) . ' ' . $sqlStatement . ';';
// If there is a request for SQL previewing. // If there is a request for SQL previewing.
if (isset($_REQUEST['preview_sql'])) { if (isset($_POST['preview_sql'])) {
Core::previewSQL($sqlQuery); Core::previewSQL($sqlQuery);
} }
return [$this->dbi->tryQuery($sqlQuery), $sqlQuery]; return [$this->dbi->tryQuery($sqlQuery), $sqlQuery];
Expand Down
24 changes: 12 additions & 12 deletions tbl_create.php
View file
Expand Up @@ -61,33 +61,33 @@
/** /**
* The form used to define the structure of the table has been submitted * The form used to define the structure of the table has been submitted
*/ */
if (isset($_REQUEST['do_save_data'])) { if (isset($_POST['do_save_data'])) {
$sql_query = $createAddField->getTableCreationQuery($db, $table); $sql_query = $createAddField->getTableCreationQuery($db, $table);


// If there is a request for SQL previewing. // If there is a request for SQL previewing.
if (isset($_REQUEST['preview_sql'])) { if (isset($_POST['preview_sql'])) {
Core::previewSQL($sql_query); Core::previewSQL($sql_query);
} }
// Executes the query // Executes the query
$result = $GLOBALS['dbi']->tryQuery($sql_query); $result = $GLOBALS['dbi']->tryQuery($sql_query);


if ($result) { if ($result) {
// Update comment table for mime types [MIME] // Update comment table for mime types [MIME]
if (isset($_REQUEST['field_mimetype']) if (isset($_POST['field_mimetype'])
&& is_array($_REQUEST['field_mimetype']) && is_array($_POST['field_mimetype'])
&& $cfg['BrowseMIME'] && $cfg['BrowseMIME']
) { ) {
foreach ($_REQUEST['field_mimetype'] as $fieldindex => $mimetype) { foreach ($_POST['field_mimetype'] as $fieldindex => $mimetype) {
if (isset($_REQUEST['field_name'][$fieldindex]) if (isset($_POST['field_name'][$fieldindex])
&& strlen($_REQUEST['field_name'][$fieldindex]) > 0 && strlen($_POST['field_name'][$fieldindex]) > 0
) { ) {
Transformations::setMIME( Transformations::setMIME(
$db, $table, $db, $table,
$_REQUEST['field_name'][$fieldindex], $mimetype, $_POST['field_name'][$fieldindex], $mimetype,
$_REQUEST['field_transformation'][$fieldindex], $_POST['field_transformation'][$fieldindex],
$_REQUEST['field_transformation_options'][$fieldindex], $_POST['field_transformation_options'][$fieldindex],
$_REQUEST['field_input_transformation'][$fieldindex], $_POST['field_input_transformation'][$fieldindex],
$_REQUEST['field_input_transformation_options'][$fieldindex] $_POST['field_input_transformation_options'][$fieldindex]
); );
} }
} }
Expand Down
6 changes: 3 additions & 3 deletions test/classes/CreateAddFieldTest.php
View file
Expand Up @@ -44,7 +44,7 @@ protected function setUp()
*/ */
public function testGetPartitionsDefinition($expected, $request) public function testGetPartitionsDefinition($expected, $request)
{ {
$_REQUEST = $request; $_POST = $request;
$actual = $this->createAddField->getPartitionsDefinition(); $actual = $this->createAddField->getPartitionsDefinition();
$this->assertEquals($expected, $actual); $this->assertEquals($expected, $actual);
} }
Expand Down Expand Up @@ -80,7 +80,7 @@ public function providerGetPartitionsDefinition()
*/ */
public function testGetTableCreationQuery($expected, $db, $table, $request) public function testGetTableCreationQuery($expected, $db, $table, $request)
{ {
$_REQUEST = $request; $_POST = $request;
$actual = $this->createAddField->getTableCreationQuery($db, $table); $actual = $this->createAddField->getTableCreationQuery($db, $table);
$this->assertEquals($expected, $actual); $this->assertEquals($expected, $actual);
} }
Expand Down Expand Up @@ -116,7 +116,7 @@ public function providerGetTableCreationQuery()
*/ */
public function testGetNumberOfFieldsFromRequest($expected, $request) public function testGetNumberOfFieldsFromRequest($expected, $request)
{ {
$_REQUEST = $request; $_POST = $request;
$actual = $this->createAddField->getNumberOfFieldsFromRequest(); $actual = $this->createAddField->getNumberOfFieldsFromRequest();
$this->assertEquals($expected, $actual); $this->assertEquals($expected, $actual);
} }
Expand Down

0 comments on commit d6e04ca

Please sign in to comment.