Skip to content
Permalink
Browse files Browse the repository at this point in the history
important security update
- SQL Injection found in login page via x-forwarded-for header
  • Loading branch information
Administrator authored and Administrator committed Feb 13, 2021
1 parent 2d432f7 commit 29e1ead
Show file tree
Hide file tree
Showing 8 changed files with 818 additions and 699 deletions.
4 changes: 3 additions & 1 deletion bin/Assets.php
Expand Up @@ -83,7 +83,9 @@ public function getAssetNames() {
if (count($checklist) > 0) {
for ($i = 0; $i < count($checklist) / $MAX_IDS; $i++) { //fix for #85 - can only ask about 1000 names in one batch
if ($this->ESI->getDEBUG()) inform(get_class(), "Getting page $i");
$names = array_merge($names, $this->post('',json_encode(array_slice($checklist, $i * $MAX_IDS, $MAX_IDS))));
$tmp = $this->post('',json_encode(array_slice($checklist, $i * $MAX_IDS, $MAX_IDS)));
if ($this->ESI->getDEBUG()) inform(get_class(), "ESI respondend: ". print_r($tmp, TRUE));
$names = array_merge($names, $tmp);
}
}
} else {
Expand Down
1,105 changes: 556 additions & 549 deletions include/db.php

Large diffs are not rendered by default.

14 changes: 7 additions & 7 deletions include/dbcatalog.php
Expand Up @@ -214,7 +214,7 @@ function esiUpdateApicorps() {
$table = db_asocquery("DESCRIBE `apicorps`;");
$found = FALSE;
foreach ($table as $column) {
if ($column['Field']=='tokenID' && $column['Type']=='int(11)') {
if ($column['Field']=='tokenID' && ($column['Type']=='int(11)' || $column['Type']=='int')) {
$found = TRUE;
}
}
Expand All @@ -241,7 +241,7 @@ function esiUpdateApiAssets() {
$table = db_asocquery("DESCRIBE `apiassets`;");
$found = FALSE;
foreach ($table as $column) {
if ($column['Field']=='is_blueprint_copy' && $column['Type']=='int(11)') {
if ($column['Field']=='is_blueprint_copy' && ($column['Type']=='int(11)' || $column['Type']=='int')) {
$found = TRUE;
}
}
Expand Down Expand Up @@ -289,7 +289,7 @@ function esiUpdateApimarketorders() {

$found = FALSE;
foreach ($table as $column) {
if ($column['Field']=='range' && $column['Type']=='int(11)') {
if ($column['Field']=='range' && ($column['Type']=='int(11)' || $column['Type']=='int')) {
$found = TRUE;
}
}
Expand All @@ -299,7 +299,7 @@ function esiUpdateApimarketorders() {

$found = FALSE;
foreach ($table as $column) {
if ($column['Field']=='stationID' && $column['Type']=='int(11)') {
if ($column['Field']=='stationID' && ($column['Type']=='int(11)' || $column['Type']=='int')) {
$found = TRUE;
}
}
Expand All @@ -319,7 +319,7 @@ function esiUpdateApiContractItems() {
$table = db_asocquery("DESCRIBE `apicontractitems`;");
$found = FALSE;
foreach ($table as $column) {
if ($column['Field']=='rawQuantity' && $column['Type']=='int(11)') {
if ($column['Field']=='rawQuantity' && ($column['Type']=='int(11)' || $column['Type']=='int')) {
$found = TRUE;
}
}
Expand All @@ -338,7 +338,7 @@ function esiUpdateApiIndustryJobsCrius() {
$table = db_asocquery("DESCRIBE `apiindustryjobscrius`;");
$found = FALSE;
foreach ($table as $column) {
if ($column['Field']=='status' && $column['Type']=='int(11)') {
if ($column['Field']=='status' && ($column['Type']=='int(11)' || $column['Type']=='int')) {
$found = TRUE;
}
}
Expand Down Expand Up @@ -410,7 +410,7 @@ function esiUpdateApiCorpMembers() {
($column['Field']=='logonDateTime' && $column['Type']=='datetime')
|| ($column['Field']=='logoffDateTime' && $column['Type']=='datetime')
|| ($column['Field']=='solarSystemID' && $column['Type']=='bigint(11)')
|| ($column['Field']=='shipID' && $column['Type']=='int(11)')
|| ($column['Field']=='shipID' && ($column['Type']=='int(11)' || $column['Type']=='int'))
) {
$found = TRUE;
}
Expand Down
2 changes: 1 addition & 1 deletion include/errorhandler.php
Expand Up @@ -89,7 +89,7 @@ function get_caller_info() {
$trace = preg_replace ('/^#0\s+' . __FUNCTION__ . "[^\n]*\n/", '', $trace, 1);

// Renumber backtrace items.
$trace = preg_replace ('/^#(\d+)/me', '\'#\' . ($1 - 1)', $trace);
$trace = preg_replace ('/^#(\d+)/m', '\'#\' . ($1 - 1)', $trace);

return $trace;
}
Expand Down
102 changes: 102 additions & 0 deletions include/validator.php
@@ -0,0 +1,102 @@
<?php

/*
* To change this license header, choose License Headers in Project Properties.
* To change this template file, choose Tools | Templates
* and open the template in the editor.
*/

class Validator {
static function phone($input) {
return preg_match('/^(\d{9,9}|\+48\d{9,9})$/',$input);
}

static function email($input) {
return preg_match('/^([\-\_\.\w\d]+)\@(.+\.\w+)$/',$input);
}

static function ipv4($input) {
return preg_match('/^(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9][0-9]|[0-9])\.(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9][0-9]|[0-9])\.(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9][0-9]|[0-9])\.(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9][0-9]|[0-9])$/',$input);
}

static function postCode($input) {
return preg_match('/^(\d{2,2})\-(\d{3,3})$/',$input);
}

static function password($input) {
return preg_match('/[a-z]/',$input) && preg_match('/[A-Z]/',$input) && preg_match('/[0-9]/',$input);
}

static function nip($input) {
if(!empty($input)) {
$weights = array(6, 5, 7, 2, 3, 4, 5, 6, 7);
$nip = preg_replace('/[\s-]/', '', $input);
if (strlen($nip) == 10 && is_numeric($nip)) {
$sum = 0;
for($i = 0; $i < 9; $i++)
$sum += $nip[$i] * $weights[$i];
return ($sum % 11) == $nip[9];
}
}
return false;
}

static function regon($input) {
return (Validator::regon9($input) || Validator::regon14($input));
}

static function regon9($input) {
if(!empty($input)) {
$weights = array(8, 9, 2, 3, 4, 5, 6, 7);
$regon = preg_replace('/[\s-]/', '', $input);
if (strlen($regon) == 9 && is_numeric($regon)) {
$sum = 0;
for($i = 0; $i < 8; $i++)
$sum += $regon[$i] * $weights[$i];
return ($sum % 11) == $regon[8];
}
}
return false;
}

static function regon14($input) {
if(!empty($input)) {
$weights = array(2, 4, 8, 5, 0, 9, 7, 3, 6, 1, 2, 4, 8 );
$regon = preg_replace('/[\s-]/', '', $input);
if (strlen($regon) == 14 && is_numeric($regon)) {
$sum = 0;
for($i = 0; $i < 13; $i++)
$sum += $regon[$i] * $weights[$i];
return ($sum % 11) == $regon[13];
}
}
return false;
}

static function notEmpty($input) {
if (strlen($input) > 0) { return TRUE; } else { return FALSE; }
}

static function filterScriptTags($html) {
$dom = new DOMDocument();

$dom->loadHTML(mb_convert_encoding($html, 'HTML-ENTITIES', 'UTF-8'), LIBXML_HTML_NOIMPLIED | LIBXML_HTML_NODEFDTD);

$script = $dom->getElementsByTagName('script');
$remove = [];
foreach($script as $item)
{
$remove[] = $item;
}
foreach ($remove as $item)
{
$item->parentNode->removeChild($item);
}
$html = $dom->saveHTML();
return $html;
}

static function filterNonAlphanum($input) {
return preg_replace("/[^a-z0-9_\-.:!?;ąćęłńóśźżĄĆĘŁŃÓŚŹŻ ]/is", "", $input);
}
}
6 changes: 5 additions & 1 deletion wwwroot/api.php
Expand Up @@ -44,8 +44,11 @@
if ($LM_STATGATHERING === TRUE && $endpoint == "STATS") {
$seven = secureGETnum('sevenDayStats');
$thirty = secureGETnum('thirtyDayStats');
if (empty($seven)) $seven = 0;
if (empty($thirty)) $thirty = 0;

$ip = get_remote_addr();
if ($seven >= 0 && $thirty >= 0) {
if ($seven > 0 && $thirty > 0) {
//insert in db
db_uquery("CREATE TABLE IF NOT EXISTS `lmglobalstats` (
`statID` INT NOT NULL AUTO_INCREMENT PRIMARY KEY ,
Expand All @@ -57,6 +60,7 @@
) ENGINE = MYISAM ;");
db_uquery("INSERT INTO `lmglobalstats` VALUES(DEFAULT, $seven, $thirty, '$ip', NOW())");
}
//always return OK
$ret = new stdClass();
$ret->result = "ok";
echo(encode($ret));
Expand Down
Empty file.

0 comments on commit 29e1ead

Please sign in to comment.