Skip to content
This repository
Browse code

BUGFIX Fixed SQL injection in Folder::findOrMake() parameter. Exploit…

…able through Upload::, although unlikely to be set via user input.
  • Loading branch information...
commit fef7c325357b2fbaccba7f2fd9bc4ed979ba6156 1 parent 551bc5d
Ingo Schommer authored March 21, 2011

Showing 1 changed file with 8 additions and 1 deletion. Show diff stats Hide diff stats

  1. 9  filesystem/Folder.php
9  filesystem/Folder.php
@@ -42,7 +42,14 @@ static function findOrMake($folderPath) {
42 42
 		$item = null;
43 43
 		foreach($parts as $part) {
44 44
 			if(!$part) continue; // happens for paths with a trailing slash
45  
-			$item = DataObject::get_one("Folder", "\"Name\" = '$part' AND \"ParentID\" = $parentID");
  45
+			$item = DataObject::get_one(
  46
+				"Folder", 
  47
+				sprintf(
  48
+					"\"Name\" = '%s' AND \"ParentID\" = %d",
  49
+					Convert::raw2sql($part), 
  50
+					(int)$parentID
  51
+				)
  52
+			);
46 53
 			if(!$item) {
47 54
 				$item = new Folder();
48 55
 				$item->ParentID = $parentID;

0 notes on commit fef7c32

Please sign in to comment.
Something went wrong with that request. Please try again.