Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
fixed sql injection, readjust tabs (#14941)
  • Loading branch information
Corepex committed Apr 19, 2023
1 parent 5c4991b commit 21e35af
Showing 1 changed file with 17 additions and 10 deletions.
27 changes: 17 additions & 10 deletions bundles/AdminBundle/Controller/Admin/Asset/AssetController.php
Expand Up @@ -2109,10 +2109,10 @@ public function downloadAsZipJobsAction(Request $request)
$userIds = $this->getAdminUser()->getRoles();
$userIds[] = $this->getAdminUser()->getId();
$conditionFilters[] = ' (
(select list from users_workspaces_asset where userId in (' . implode(',', $userIds) . ') and LOCATE(CONCAT(path, filename),cpath)=1 ORDER BY LENGTH(cpath) DESC LIMIT 1)=1
OR
(select list from users_workspaces_asset where userId in (' . implode(',', $userIds) . ') and LOCATE(cpath,CONCAT(path, filename))=1 ORDER BY LENGTH(cpath) DESC LIMIT 1)=1
)';
(select list from users_workspaces_asset where userId in (' . implode(',', $userIds) . ') and LOCATE(CONCAT(path, filename),cpath)=1 ORDER BY LENGTH(cpath) DESC LIMIT 1)=1
OR
(select list from users_workspaces_asset where userId in (' . implode(',', $userIds) . ') and LOCATE(cpath,CONCAT(path, filename))=1 ORDER BY LENGTH(cpath) DESC LIMIT 1)=1
)';
}

$condition = implode(' AND ', $conditionFilters);
Expand Down Expand Up @@ -2177,23 +2177,30 @@ public function downloadAsZipAddFilesAction(Request $request)

$db = \Pimcore\Db::get();
$conditionFilters = [];

$selectedIds = $request->get('selectedIds', []);

if (!empty($selectedIds)) {
$selectedIds = explode(',', $selectedIds);

$quotedSelectedIds = [];
foreach ($selectedIds as $selectedId) {
if ($selectedId) {
$quotedSelectedIds[] = $db->quote($selectedId);
}
}

//add a condition if id numbers are specified
$conditionFilters[] = 'id IN (' . implode(',', $selectedIds) . ')';
$conditionFilters[] = 'id IN (' . implode(',', $quotedSelectedIds) . ')';
}
$conditionFilters[] = "type != 'folder' AND path LIKE " . $db->quote(Helper::escapeLike($parentPath) . '/%');
if (!$this->getAdminUser()->isAdmin()) {
$userIds = $this->getAdminUser()->getRoles();
$userIds[] = $this->getAdminUser()->getId();
$conditionFilters[] = ' (
(select list from users_workspaces_asset where userId in (' . implode(',', $userIds) . ') and LOCATE(CONCAT(path, filename),cpath)=1 ORDER BY LENGTH(cpath) DESC LIMIT 1)=1
OR
(select list from users_workspaces_asset where userId in (' . implode(',', $userIds) . ') and LOCATE(cpath,CONCAT(path, filename))=1 ORDER BY LENGTH(cpath) DESC LIMIT 1)=1
)';
(select list from users_workspaces_asset where userId in (' . implode(',', $userIds) . ') and LOCATE(CONCAT(path, filename),cpath)=1 ORDER BY LENGTH(cpath) DESC LIMIT 1)=1
OR
(select list from users_workspaces_asset where userId in (' . implode(',', $userIds) . ') and LOCATE(cpath,CONCAT(path, filename))=1 ORDER BY LENGTH(cpath) DESC LIMIT 1)=1
)';
}

$condition = implode(' AND ', $conditionFilters);
Expand Down

0 comments on commit 21e35af

Please sign in to comment.