Skip to content

Commit

Permalink
added sql escaping (#5356)
Browse files Browse the repository at this point in the history 
Co-authored-by: Markus Staab <47448731+clxmstaab@users.noreply.github.com>
  • Loading branch information
@staabm @clxmstaab
staabm and clxmstaab committed Oct 13, 2022
1 parent 4fcb101 commit 519286e
Show file tree
Hide file tree
Showing 9 changed files with 59 additions and 107 deletions.
71 changes: 4 additions & 67 deletions .tools/psalm/baseline.xml
View file
Expand Up @@ -383,66 +383,10 @@
<code>$from['before']</code>
<code>$to['before']</code>
</MixedArgumentTypeCoercion>
<MixedArrayAccess occurrences="26">
<code>$config['from']</code>
<code>$config['to']</code>
<code>$from['after']</code>
<code>$from['before']</code>
<code>$from['field']</code>
<code>$from['field']</code>
<code>$from['field']</code>
<code>$from['field']</code>
<code>$from['field']</code>
<code>$from['field']</code>
<code>$from['field']</code>
<code>$from['field']</code>
<code>$from['field']</code>
<code>$to['after']</code>
<code>$to['before']</code>
<code>$to['field']</code>
<code>$to['field']</code>
<code>$to['field']</code>
<code>$to['field']</code>
<code>$to['field']</code>
<code>$to['field']</code>
<code>$to['field']</code>
<code>$to['field']</code>
<code>$to['field']</code>
<code>$to['field']</code>
<code>$to['field']</code>
</MixedArrayAccess>
<MixedArrayAssignment occurrences="2">
<code>$from['before']</code>
<code>$to['before']</code>
</MixedArrayAssignment>
<MixedAssignment occurrences="6">
<code>$config</code>
<code>$field</code>
<code>$from</code>
<MixedAssignment occurrences="2">
<code>$status</code>
<code>$status</code>
<code>$to</code>
</MixedAssignment>
<MixedOperand occurrences="18">
<code>$field</code>
<code>$from['field']</code>
<code>$from['field']</code>
<code>$from['field']</code>
<code>$from['field']</code>
<code>$from['field']</code>
<code>$from['field']</code>
<code>$from['field']</code>
<code>$to['field']</code>
<code>$to['field']</code>
<code>$to['field']</code>
<code>$to['field']</code>
<code>$to['field']</code>
<code>$to['field']</code>
<code>$to['field']</code>
<code>$to['field']</code>
<code>$to['field']</code>
<code>$to['field']</code>
</MixedOperand>
<PossiblyNullOperand occurrences="1">
<code>$rows</code>
</PossiblyNullOperand>
Expand Down Expand Up @@ -1981,16 +1925,10 @@
</MixedReturnStatement>
</file>
<file src="redaxo/src/addons/metainfo/pages/content.metainfo.php">
<MixedArgument occurrences="5">
<code>$articleId</code>
<code>$articleId</code>
<code>$clang</code>
<code>$clang</code>
<MixedArgument occurrences="1">
<code>$ctypes</code>
</MixedArgument>
<MixedAssignment occurrences="3">
<code>$articleId</code>
<code>$clang</code>
<MixedAssignment occurrences="1">
<code>$ctypes</code>
</MixedAssignment>
<PossiblyNullOperand occurrences="2">
Expand Down Expand Up @@ -2724,11 +2662,10 @@
<MixedMethodCall occurrences="1">
<code>getId</code>
</MixedMethodCall>
<MixedOperand occurrences="4">
<MixedOperand occurrences="3">
<code>$content</code>
<code>$content</code>
<code>$content</code>
<code>$ep-&gt;getParam('clang')-&gt;getId()</code>
</MixedOperand>
<PossiblyNullReference occurrences="1">
<code>setIsActive</code>
Expand Down
51 changes: 31 additions & 20 deletions redaxo/src/addons/cronjob/plugins/article_status/lib/cronjob.php
View file
Expand Up @@ -12,19 +12,27 @@ class rex_cronjob_article_status extends rex_cronjob
{
public function execute()
{
$config = rex_plugin::get('cronjob', 'article_status')->getProperty('config');
$from = $config['from'];
$to = $config['to'];
$config = (array) rex_plugin::get('cronjob', 'article_status')->getProperty('config');
$from = (array) $config['from'];
$to = (array) $config['to'];
$from['before'] = (array) $from['before'];
$to['before'] = (array) $to['before'];

if (!is_string($from['field'])) {
throw new rex_exception('Invalid config for cronjob article_status: "from"-field is not a string!');
}
if (!is_string($to['field'])) {
throw new rex_exception('Invalid config for cronjob article_status: "to"-field is not a string!');
}

$sql = rex_sql::factory();
// $sql->setDebug();
$sql->setQuery('
SELECT name
FROM ' . rex::getTablePrefix() . 'metainfo_field
WHERE name="' . $from['field'] . '" OR name="' . $to['field'] . '"
');
WHERE name=? OR name=?',
[$from['field'], $to['field']]
);
$rows = $sql->getRows();
if ($rows < 2) {
if (0 == $rows) {
Expand All @@ -42,17 +50,18 @@ public function execute()
SELECT id, clang_id, status
FROM ' . rex::getTablePrefix() . 'article
WHERE
( ' . $from['field'] . ' > 0
AND ' . $from['field'] . ' < ' . $time . '
AND status IN (' . implode(',', $from['before']) . ')
AND (' . $to['field'] . ' > ' . $time . ' OR ' . $to['field'] . ' = 0 OR ' . $to['field'] . ' = "")
( ' . $sql->escapeIdentifier($from['field']) . ' > 0
AND ' . $sql->escapeIdentifier($from['field']) . ' < :time
AND status IN (' . $sql->in($from['before']) . ')
AND (' . $sql->escapeIdentifier($to['field']) . ' > :time OR ' . $sql->escapeIdentifier($to['field']) . ' = 0 OR ' . $sql->escapeIdentifier($to['field']) . ' = "")
)
OR
( ' . $to['field'] . ' > 0
AND ' . $to['field'] . ' < ' . $time . '
AND status IN (' . implode(',', $to['before']) . ')
)
');
( ' . $sql->escapeIdentifier($to['field']) . ' > 0
AND ' . $sql->escapeIdentifier($to['field']) . ' < :time
AND status IN (' . $sql->in($to['before']) . ')
)',
['time' => $time]
);
$rows = $sql->getRows();

for ($i = 0; $i < $rows; ++$i) {
Expand All @@ -70,15 +79,17 @@ public function execute()
if ($this->getParam('reset_date')) {
$sql->setQuery('
UPDATE ' . rex::getTablePrefix() . 'article
SET '.$from['field'].' = ""
WHERE ' . $from['field'] . ' > 0
AND ' . $from['field'] . ' < ' . $time
SET '.$sql->escapeIdentifier($from['field']).' = ""
WHERE ' . $sql->escapeIdentifier($from['field']) . ' > 0
AND ' . $sql->escapeIdentifier($from['field']) . ' < :time',
['time' => $time]
);
$sql->setQuery('
UPDATE ' . rex::getTablePrefix() . 'article
SET '.$to['field'].' = ""
WHERE ' . $to['field'] . ' > 0
AND ' . $to['field'] . ' < ' . $time
SET '.$sql->escapeIdentifier($to['field']).' = ""
WHERE ' . $sql->escapeIdentifier($to['field']) . ' > 0
AND ' . $sql->escapeIdentifier($to['field']) . ' < :time',
['time' => $time]
);
}
return true;
Expand Down
2 changes: 1 addition & 1 deletion redaxo/src/addons/mediapool/assets/mediapool.js
View file
Expand Up @@ -192,7 +192,7 @@ $(document).ready(function () {

if(value && value.length != 0 && $.inArray(value.split('.').pop(), rex.imageExtensions))
{
// img tag nur einmalig einf�gen, ggf erzeugen wenn nicht vorhanden
// img tag nur einmalig einfuegen, ggf erzeugen wenn nicht vorhanden
var img = $('img', div);
if(img.length == 0)
{
Expand Down
13 changes: 7 additions & 6 deletions redaxo/src/addons/metainfo/lib/table_expander.php
View file
Expand Up @@ -30,6 +30,8 @@ public function __construct(string $metaPrefix, string $metaTable, string $table

public function init()
{
$sql = rex_sql::factory();

// ----- EXTENSION POINT
// IDs aller Feldtypen bei denen das Parameter-Feld eingeblendet werden soll
$typeFields = rex_extension::registerPoint(new rex_extension_point('METAINFO_TYPE_FIELDS', [rex_metainfo_table_manager::FIELD_SELECT, rex_metainfo_table_manager::FIELD_RADIO, rex_metainfo_table_manager::FIELD_CHECKBOX, rex_metainfo_table_manager::FIELD_REX_MEDIA_WIDGET, rex_metainfo_table_manager::FIELD_REX_MEDIALIST_WIDGET, rex_metainfo_table_manager::FIELD_REX_LINK_WIDGET, rex_metainfo_table_manager::FIELD_REX_LINKLIST_WIDGET, rex_metainfo_table_manager::FIELD_DATE, rex_metainfo_table_manager::FIELD_DATETIME]));
Expand All @@ -46,15 +48,14 @@ public function init()
$select = $field->getSelect();
$select->setSize(1);
$select->addOption(rex_i18n::msg('minfo_field_first_priority'), 1);
// Im Edit Mode das Feld selbst nicht als Position einf�gen
$qry = 'SELECT name,priority FROM ' . $this->tableName . ' WHERE `name` LIKE :name';
// Im Edit Mode das Feld selbst nicht als Position einfuegen
$qry = 'SELECT name,priority FROM ' . $sql->escapeIdentifier($this->tableName) . ' WHERE `name` LIKE :name';
$params = ['name' => $this->metaPrefix . '%'];
if ($this->isEditMode()) {
$qry .= ' AND id != :id';
$params['id'] = $this->getParam('field_id');
}
$qry .= ' ORDER BY priority';
$sql = rex_sql::factory();
$sql->setQuery($qry, $params);
$value = 1;
for ($i = 0; $i < $sql->getRows(); ++$i) {
Expand Down Expand Up @@ -235,7 +236,7 @@ protected function validate()

// das meta-schema checken
$sql = rex_sql::factory();
$sql->setQuery('SELECT * FROM ' . $this->tableName . ' WHERE name = ? LIMIT 1', [$this->addPrefix($fieldName)]);
$sql->setQuery('SELECT * FROM ' . $sql->escapeIdentifier($this->tableName) . ' WHERE name = ? LIMIT 1', [$this->addPrefix($fieldName)]);
if (1 == $sql->getRows()) {
return rex_i18n::msg('minfo_field_error_unique_name');
}
Expand All @@ -253,7 +254,7 @@ protected function save()
// Dies muss hier geschehen, da in parent::save() die Werte fuer die DB mit den
// POST werten ueberschrieben werden!
$fieldOldName = '';
$fieldOldPriority = 9999999999999; // dirty, damit die prio richtig l�uft...
$fieldOldPriority = 9999999999999; // dirty, damit die prio richtig laeuft...
if (1 == $this->sql->getRows()) {
$fieldOldName = $this->sql->getValue('name');
$fieldOldPriority = (int) $this->sql->getValue('priority');
Expand Down Expand Up @@ -281,7 +282,7 @@ protected function save()
}

if ($this->isEditMode()) {
// Spalte in der Tabelle ver�ndern
// Spalte in der Tabelle veraendern
$tmRes = $this->tableManager->editColumn($fieldOldName, $fieldName, $fieldDbType, $fieldDbLength, $fieldDefault);
} else {
// Spalte in der Tabelle anlegen
Expand Down
4 changes: 2 additions & 2 deletions redaxo/src/addons/metainfo/pages/content.metainfo.php
View file
Expand Up @@ -4,8 +4,8 @@

$params = $ep->getParams();

$articleId = $params['article_id'];
$clang = $params['clang'];
$articleId = (int) $params['article_id'];
$clang = (int) $params['clang'];

$content = [];

Expand Down
2 changes: 1 addition & 1 deletion redaxo/src/addons/structure/plugins/content/boot.php
View file
Expand Up @@ -27,7 +27,7 @@

rex_extension::register('CLANG_DELETED', static function (rex_extension_point $ep) {
$del = rex_sql::factory();
$del->setQuery('delete from ' . rex::getTablePrefix() . "article_slice where clang_id='" . $ep->getParam('clang')->getId() . "'");
$del->setQuery('delete from ' . rex::getTablePrefix() . 'article_slice where clang_id=?', [$ep->getParam('clang')->getId()]);
});
} else {
rex_extension::register('FE_OUTPUT', static function (rex_extension_point $ep) {
Expand Down
4 changes: 2 additions & 2 deletions redaxo/src/addons/structure/plugins/content/lib/article_slice.php
View file
Expand Up @@ -310,7 +310,7 @@ public function getSlice()
}

/**
* @param string $where
* @param literal-string $where
* @psalm-param self::ORDER_* $orderDirection
*
* @return self|null
Expand All @@ -322,7 +322,7 @@ protected static function getSliceWhere($where, array $params = [], string $orde
}

/**
* @param string $where
* @param literal-string $where
* @psalm-param self::ORDER_* $orderDirection
*
* @return self[]
Expand Down
17 changes: 10 additions & 7 deletions redaxo/src/addons/structure/plugins/history/lib/article_slice_history.php
View file
Expand Up @@ -65,8 +65,9 @@ public static function makeSnapshot($articleId, $clangId, $historyType)
*/
public static function getSnapshots($articleId, $clangId)
{
return rex_sql::factory()->getArray(
'select distinct history_date, history_type, history_user from ' . self::getTable() . ' where article_id=? and clang_id=? and revision=? order by history_date desc',
$sql = rex_sql::factory();
return $sql->getArray(
'select distinct history_date, history_type, history_user from ' . $sql->escapeIdentifier(self::getTable()) . ' where article_id=? and clang_id=? and revision=? order by history_date desc',
[$articleId, $clangId, 0]
);
}
Expand All @@ -83,7 +84,7 @@ public static function restoreSnapshot($historyDate, $articleId, $clangId)
self::checkTables();

$sql = rex_sql::factory();
$slices = $sql->getArray('select id from ' . self::getTable() . ' where article_id=? and clang_id=? and revision=? and history_date=?', [$articleId, $clangId, 0, $historyDate]);
$slices = $sql->getArray('select id from ' . $sql->escapeIdentifier(self::getTable()) . ' where article_id=? and clang_id=? and revision=? and history_date=?', [$articleId, $clangId, 0, $historyDate]);

if (0 == count($slices)) {
return false;
Expand All @@ -94,10 +95,10 @@ public static function restoreSnapshot($historyDate, $articleId, $clangId)
$articleSlicesTable = rex_sql_table::get(rex::getTable('article_slice'));

$sql = rex_sql::factory();
$sql->setQuery('delete from ' . rex::getTable('article_slice') . ' where article_id=? and clang_id=? and revision=?', [$articleId, $clangId, 0]);
$sql->setQuery('delete from ' . $sql->escapeIdentifier(rex::getTable('article_slice')) . ' where article_id=? and clang_id=? and revision=?', [$articleId, $clangId, 0]);

$slices = rex_sql::factory();
$slices = $slices->getArray('select * from ' . self::getTable() . ' where article_id=? and clang_id=? and revision=? and history_date=?', [$articleId, $clangId, 0, $historyDate]);
$slices = $slices->getArray('select * from ' . $slices->escapeIdentifier(self::getTable()) . ' where article_id=? and clang_id=? and revision=? and history_date=?', [$articleId, $clangId, 0, $historyDate]);

foreach ($slices as $slice) {
$sql = rex_sql::factory();
Expand All @@ -122,12 +123,14 @@ public static function restoreSnapshot($historyDate, $articleId, $clangId)
*/
public static function clearAllHistory()
{
rex_sql::factory()->setQuery('delete from ' . self::getTable());
$sql = rex_sql::factory();
$sql->setQuery('delete from ' . $sql->escapeIdentifier(self::getTable()));
}

public static function clearHistoryByDate(DateTimeInterface $deleteDate): void
{
rex_sql::factory()->setQuery('delete from ' . self::getTable() .' where history_date < ?', [$deleteDate->format(rex_sql::FORMAT_DATETIME)]);
$sql = rex_sql::factory();
$sql->setQuery('delete from ' . $sql->escapeIdentifier(self::getTable()) .' where history_date < ?', [$deleteDate->format(rex_sql::FORMAT_DATETIME)]);
}

/**
Expand Down
2 changes: 1 addition & 1 deletion redaxo/src/core/assets/standard.js
View file
Expand Up @@ -201,7 +201,7 @@ function deleteREX(id, i_list, i_select)
source.options[position] = null;
sourcelength--;

// Wenn das erste gel�scht wurde
// Wenn das erste geloescht wurde
if(position == 0)
{
// Und es gibt noch weitere,
Expand Down

0 comments on commit 519286e

Please sign in to comment.