Skip to content

Commit 476e492

Browse files
committed
Fix potential security holes reported by Mavituna Security.
1 parent 569b4bf commit 476e492

File tree

2 files changed

+9
-9
lines changed

2 files changed

+9
-9
lines changed

Diff for: symphony/content/content.publish.php

+8-9
Original file line numberDiff line numberDiff line change
@@ -75,15 +75,15 @@ public function __viewIndex(){
7575
}
7676

7777
foreach($filters as $handle => $value) {
78-
79-
$field_id = Symphony::Database()->fetchVar('id', 0, sprintf(
80-
"SELECT `f`.`id`
81-
FROM `tbl_fields` AS `f`, `tbl_sections` AS `s`
82-
WHERE `s`.`id` = `f`.`parent_section`
83-
AND f.`element_name` = '%s'
78+
$field_id = Symphony::Database()->fetchVar('id', 0, sprintf("
79+
SELECT `f`.`id`
80+
FROM `tbl_fields` AS `f`
81+
LEFT JOIN `tbl_sections` AS `s` ON (`s`.`id` = `f`.`parent_section`)
82+
WHERE f.`element_name` = '%s'
8483
AND `s`.`handle` = '%s'
85-
LIMIT 1",
86-
$handle,
84+
LIMIT 1
85+
",
86+
Symphony::Database()->cleanValue($handle),
8787
$section->get('handle'))
8888
);
8989

@@ -98,7 +98,6 @@ public function __viewIndex(){
9898
} else {
9999
unset($filters[$i]);
100100
}
101-
102101
}
103102

104103
$filter_querystring = preg_replace("/&$/", '', $filter_querystring);

Diff for: symphony/lib/toolkit/class.devkit.php

+1
Original file line numberDiff line numberDiff line change
@@ -258,6 +258,7 @@ public function prepare(XSLTPage $page, Array $pagedata, $xml, Array $param, $ou
258258
*/
259259
public function build() {
260260
$this->buildIncludes();
261+
$this->_view = General::sanitize($this->_view);
261262

262263
$header = new XMLElement('div');
263264
$header->setAttribute('id', 'header');

0 commit comments

Comments
 (0)