CRITICAL SECURITY UPDATE

sanasol · Apr 17, 2014 · d3155a1287d5a876575df715c543ab1bfb97f106 · d3155a1
1 parent b84ac2b
commit d3155a1287d5a876575df715c543ab1bfb97f106
Showing with 30 additions and 10 deletions.

+6 −1 merchant_db/index.php

+9 −4 merchant_db_flux/vending/modules/vending/index.php

+9 −4 merchant_db_flux_yommy/vending/modules/vending/index.php

+6 −1 merchant_db_yommy/index.php
diff --git a/merchant_db/index.php b/merchant_db/index.php
@@ -33,10 +33,15 @@
 
 		if(is_numeric($_POST['name']))
 		{
-			$item = $db->select("item_db","id=:itemid", array(":itemid"=> "{$name}"), "id");
+			$name = filter_var($name,FILTER_SANITIZE_NUMBER_INT);
+			if($name > 0)
+			{
+				$item = $db->select("item_db","id=:itemid", array(":itemid"=> "{$name}"), "id");
+			}
 		}
 		else
 		{
+			$name = preg_replace("/[^a-zA-Z0-9\s]+/", "", $name);
 			$item = $db->select("item_db","UPPER(name_japanese) LIKE :search", array(":search"=> "%{$name}%"), "id");
 		}
 

diff --git a/merchant_db_flux/vending/modules/vending/index.php b/merchant_db_flux/vending/modules/vending/index.php
@@ -39,13 +39,18 @@ function get_char_name($id, $server)
 	if ($iname) {
 		if(is_numeric($iname))
 		{
-			$sql  = "SELECT id  FROM {$server->charMapDatabase}.`item_db` where id='{$iname}'";
-			$sth  = $server->connection->getStatement($sql);
-			$sth->execute();
-			$item = $sth->fetchAll();
+			$iname = filter_var($iname,FILTER_SANITIZE_NUMBER_INT);
+			if($iname > 0)
+			{
+				$sql  = "SELECT id  FROM {$server->charMapDatabase}.`item_db` where id='{$iname}'";
+				$sth  = $server->connection->getStatement($sql);
+				$sth->execute();
+				$item = $sth->fetchAll();
+			}
 		}
 		else
 		{
+			$iname = preg_replace("/[^a-zA-Z0-9\s]+/", "", $iname);
 			$sql  = "SELECT id  FROM {$server->charMapDatabase}.`item_db` where UPPER(name_japanese) LIKE '%{$iname}%'";
 			$sth  = $server->connection->getStatement($sql);
 			$sth->execute();

diff --git a/merchant_db_flux_yommy/vending/modules/vending/index.php b/merchant_db_flux_yommy/vending/modules/vending/index.php
@@ -36,13 +36,18 @@ function get_char_name($id, $server)
 	if ($iname) {
 		if(is_numeric($iname))
 		{
-			$sql  = "SELECT id  FROM {$server->charMapDatabase}.`item_db` where id='{$iname}'";
-			$sth  = $server->connection->getStatement($sql);
-			$sth->execute();
-			$item = $sth->fetchAll();
+			$iname = filter_var($iname,FILTER_SANITIZE_NUMBER_INT);
+			if($iname > 0)
+			{
+				$sql  = "SELECT id  FROM {$server->charMapDatabase}.`item_db` where id='{$iname}'";
+				$sth  = $server->connection->getStatement($sql);
+				$sth->execute();
+				$item = $sth->fetchAll();
+			}
 		}
 		else
 		{
+			$iname = preg_replace("/[^a-zA-Z0-9\s]+/", "", $iname);
 			$sql  = "SELECT id  FROM {$server->charMapDatabase}.`item_db` where UPPER(name_japanese) LIKE '%{$iname}%'";
 			$sth  = $server->connection->getStatement($sql);
 			$sth->execute();

diff --git a/merchant_db_yommy/index.php b/merchant_db_yommy/index.php
@@ -33,10 +33,15 @@
 
 		if(is_numeric($_POST['name']))
 		{
-			$item = $db->select("item_db","id=:itemid", array(":itemid"=> "{$name}"), "id");
+			$name = filter_var($name,FILTER_SANITIZE_NUMBER_INT);
+			if($name > 0)
+			{
+				$item = $db->select("item_db","id=:itemid", array(":itemid"=> "{$name}"), "id");
+			}
 		}
 		else
 		{
+			$name = preg_replace("/[^a-zA-Z0-9\s]+/", "", $name);
 			$item = $db->select("item_db","UPPER(name_japanese) LIKE :search", array(":search"=> "%{$name}%"), "id");
 		}