From fefb39ad143caad021ad496427617db79c42aff2 Mon Sep 17 00:00:00 2001 From: Sweepr Date: Sun, 20 Dec 2020 13:46:25 +0100 Subject: [PATCH] Update Dao_Base_Spot.php Fix for issue: https://github.com/spotweb/spotweb/issues/629 - Sanitize query string to prevent time based and other possible SQL injections. --- lib/dao/Base/Dao_Base_Spot.php | 49 +++++++++++++++++++++++++++++++++- 1 file changed, 48 insertions(+), 1 deletion(-) diff --git a/lib/dao/Base/Dao_Base_Spot.php b/lib/dao/Base/Dao_Base_Spot.php index 355d2a0cf..6c5c612c7 100644 --- a/lib/dao/Base/Dao_Base_Spot.php +++ b/lib/dao/Base/Dao_Base_Spot.php @@ -29,8 +29,55 @@ public function getSpots($ourUserId, $pageNr, $limit, $parsedSearch) * which are always available in the query */ $criteriaFilter = ' WHERE (bl.spotterid IS NULL) '; - if (!empty($parsedSearch['filter'])) { + if (!empty($parsedSearch['filter'])) { $criteriaFilter .= ' AND '.$parsedSearch['filter']; + + /* Blacklisted SQL commands */ + + $notAllowedCommands = array( + 'DELETE', + 'TRUNCATE', + 'AS', + 'DROP', + 'USE', + 'SELECT', + 'SLEEP', + 'UPDATE', + 'ALTER', + 'CREATE', + 'RENAME', + 'GRANT', + 'REVOKE', + 'BETWEEN', + 'COMMIT', + 'SAVEPOINT', + 'EXISTS', + 'GROUP', + 'HAVING', + 'IN', + 'INTO', + 'INSERT', + 'ORDER', + 'BY', + 'UNION', + 'LEFT', + 'RIGHT', + 'FULL' + ); + + /* Check $criteriaFilter for blacklisted SQL commands */ + + if(preg_match('[' . implode(' |', $notAllowedCommands ) . ']i', $criteriaFilter) == true) { + + echo ''; + echo ''; + exit(); + + } } // if /*