Skip to content
Permalink
Browse files Browse the repository at this point in the history
[Security] SQL Injection in Data Hub GraphQL (#12444)
* [Security] SQL Injection in Data Hub GraphQL (AbstractListing)

* Update lib/Model/Listing/AbstractListing.php

Co-authored-by: Jacob Dreesen <j.dreesen@neusta.de>

* Update lib/Model/Listing/AbstractListing.php

Co-authored-by: mcop1 <89011527+mcop1@users.noreply.github.com>

Co-authored-by: Jacob Dreesen <j.dreesen@neusta.de>
Co-authored-by: Bernhard Rusch <brusch@users.noreply.github.com>
  • Loading branch information
3 people committed Jun 20, 2022
1 parent 4c66ac7 commit 21559c6
Showing 1 changed file with 16 additions and 3 deletions.
19 changes: 16 additions & 3 deletions lib/Model/Listing/AbstractListing.php
Expand Up @@ -235,7 +235,7 @@ public function setOrderKey($orderKey, $quote = true)
if ($quote === false) {
$this->orderKey[] = $o;
} elseif ($this->isValidOrderKey($o)) {
$this->orderKey[] = '`' . $o . '`';
$this->orderKey[] = $this->quoteIdentifier($o);
}
}
}
Expand Down Expand Up @@ -411,8 +411,14 @@ public function setGroupBy($groupBy, $qoute = true)
if ($groupBy) {
$this->groupBy = $groupBy;

if ($qoute && strpos($groupBy, '`') !== 0) {
$this->groupBy = '`' . $this->groupBy . '`';
if ($qoute) {
$quotedParts = [];
$parts = explode(",", trim($groupBy, '`'));
foreach($parts as $part) {
$quotedParts[] = $this->quoteIdentifier(trim($part));
}

$this->groupBy = implode(", ", $quotedParts);
}
}

Expand All @@ -431,6 +437,13 @@ public function setValidOrders($validOrders)
return $this;
}

public function quoteIdentifier(string $value): string
{
$db = Db::get();

return $db->quoteIdentifier($value);
}

/**
* @param mixed $value
* @param int|null $type
Expand Down

0 comments on commit 21559c6

Please sign in to comment.