Skip to content

Commit c9785f9

Browse files
committed
fix(SQL query): use in all case escape to format query
1 parent 6095a40 commit c9785f9

File tree

5 files changed

+28
-28
lines changed

5 files changed

+28
-28
lines changed

Diff for: actions/listpages.php

+8-8
Original file line numberDiff line numberDiff line change
@@ -115,7 +115,7 @@
115115
$links[$tree] = array();
116116
} // switch
117117
if ($sort != 'tag') {
118-
$sql .= ' WHERE a.tag = "' . AddSlashes($tree) . '" AND a.latest = "Y" LIMIT 1';
118+
$sql .= ' WHERE a.tag = "' . $this->services->get(\YesWiki\Core\Service\DbService::class)->escape($tree) . '" AND a.latest = "Y" LIMIT 1';
119119
if (!$rootData = $this->LoadSingle($sql)) {
120120
echo '<div class="alert alert-danger"><strong>'._t('ERROR').' '._t('ACTION').' ListPages</strong> : '._('THE_PAGE').' ' . htmlspecialchars($tree, ENT_COMPAT, YW_CHARSET) . ' '._t('DOESNT_EXIST').' !</div>';
121121
return;
@@ -132,8 +132,8 @@
132132

133133
// to avoid many loops and computing several time the lists needed for the request,
134134
// we store them into variables
135-
$from = '"' . AddSlashes($tree) . '"';
136-
$exclude[] = AddSlashes($tree);
135+
$from = '"' . $this->services->get(\YesWiki\Core\Service\DbService::class)->escape($tree) . '"';
136+
$exclude[] = $this->services->get(\YesWiki\Core\Service\DbService::class)->escape($tree);
137137
$exclude_str = '"' . implode('", "', $exclude) . '"';
138138
for ($i = 1; $i <= $levels; $i++) {
139139
if ($from) {
@@ -151,7 +151,7 @@
151151
$sql .= ' WHERE from_tag IN (' . $from . ')'
152152
. ' AND to_tag NOT IN (' . $from . ')'
153153
. ' AND to_tag = a.tag'
154-
. ' AND a.owner = "' . AddSlashes($owner) . '"'
154+
. ' AND a.owner = "' . $this->services->get(\YesWiki\Core\Service\DbService::class)->escape($owner) . '"'
155155
. ' AND a.latest = "Y"';
156156
} else {
157157
$sql = 'SELECT from_tag, to_tag, a.tag IS NOT NULL page_exists';
@@ -208,7 +208,7 @@
208208
$from = '';
209209
$newworkingon = array();
210210
foreach ($pages as $page) {
211-
$to_tag = '"' . AddSlashes($page['to_tag']) . '"';
211+
$to_tag = '"' . $this->services->get(\YesWiki\Core\Service\DbService::class)->escape($page['to_tag']) . '"';
212212
$workingon[$page['from_tag']][$page['to_tag']] = array('page_exists' => $page['page_exists'], 'haslinksto' => array());
213213
if ($sort != 'tag') {
214214
$workingon[$page['from_tag']][$page['to_tag']][$sort] = $page[$sort];
@@ -316,9 +316,9 @@ function ShowPageTree($tree, &$wiki, $show = 'tag', $indent = 0)
316316
LEFT JOIN ' . $prefix . 'users ON b.user = name
317317
LEFT JOIN ' . $prefix . 'pages user_page ON name = user_page.tag AND user_page.latest = "Y"'
318318
. ($owner ? '' : ' LEFT JOIN ' . $prefix . 'pages owner_page ON b.owner = owner_page.tag AND owner_page.latest = "Y"')
319-
. ' WHERE a.user = "' . AddSlashes($user) . '"'
319+
. ' WHERE a.user = "' . $this->services->get(\YesWiki\Core\Service\DbService::class)->escape($user) . '"'
320320
. ' AND a.tag = b.tag AND b.latest = "Y"'
321-
. ($owner ? ' AND b.owner = "' . AddSlashes($owner) . '"' : '');
321+
. ($owner ? ' AND b.owner = "' . $this->services->get(\YesWiki\Core\Service\DbService::class)->escape($owner) . '"' : '');
322322
} elseif ($owner) {
323323
if ($sort == 'user') {
324324
$sql = 'SELECT a.tag, a.time,
@@ -329,7 +329,7 @@ function ShowPageTree($tree, &$wiki, $show = 'tag', $indent = 0)
329329
} else {
330330
$sql = 'SELECT tag, time FROM ' . $prefix . 'pages a';
331331
}
332-
$sql .= ' WHERE a.owner = "' . AddSlashes($owner) . '" AND a.latest = "Y"';
332+
$sql .= ' WHERE a.owner = "' . $this->services->get(\YesWiki\Core\Service\DbService::class)->escape($owner) . '" AND a.latest = "Y"';
333333
} else {
334334
if ($sort == 'user') {
335335
$sql = 'SELECT a.tag, a.owner,

Diff for: actions/newtextsearch.php

+1-1
Original file line numberDiff line numberDiff line change
@@ -148,7 +148,7 @@ function displayNewSearchResult($string, $phrase, $needles = [])
148148

149149
// Modification de caractère spéciaux
150150
$phraseFormatted= str_replace(array('*', '?'), array('%', '_'), $phrase);
151-
$phraseFormatted = addslashes($phraseFormatted);
151+
$phraseFormatted = $this->services->get(\YesWiki\Core\Service\DbService::class)->escape($phraseFormatted);
152152

153153
// Blablabla SQL
154154
$requestfull = 'SELECT body, tag FROM '.$prefixe.'pages

Diff for: includes/User.class.php

+1-1
Original file line numberDiff line numberDiff line change
@@ -1000,7 +1000,7 @@ protected function emailExistsInDB($email)
10001000
{
10011001
/* Build sql query*/
10021002
$sql = 'SELECT * FROM '.$this->usersTable;
1003-
$sql .= ' WHERE email = "'.$email.'";';
1003+
$sql .= ' WHERE email = "'.mysqli_real_escape_string($this->wiki->dblink,$email).'";';
10041004
/* Execute query */
10051005
$results = $this->wiki->loadAll($sql);
10061006
return $results; // If the password does not already exist in DB, $result is an empty table => false

Diff for: tools/bazar/services/FormManager.php

+17-17
Original file line numberDiff line numberDiff line change
@@ -46,7 +46,7 @@ public function getOne($formId): ?array
4646
return $this->cachedForms[$formId];
4747
}
4848

49-
$form = $this->dbService->loadSingle('SELECT * FROM ' . $this->dbService->prefixTable('nature') . 'WHERE bn_id_nature=\'' . $formId . '\'');
49+
$form = $this->dbService->loadSingle('SELECT * FROM ' . $this->dbService->prefixTable('nature') . 'WHERE bn_id_nature=\'' . $this->dbService->escape($formId) . '\'');
5050

5151
if (!$form) {
5252
return null;
@@ -105,13 +105,13 @@ public function create($data)
105105
return $this->dbService->query('INSERT INTO ' . $this->dbService->prefixTable('nature')
106106
. '(`bn_id_nature` ,`bn_ce_i18n` ,`bn_label_nature` ,`bn_template` ,`bn_description` ,`bn_sem_context` ,`bn_sem_type` ,`bn_sem_use_template` ,`bn_condition`)'
107107
. ' VALUES (' . $data['bn_id_nature'] . ', "fr-FR", "'
108-
. addslashes(_convert($data['bn_label_nature'], YW_CHARSET, true)) . '","'
109-
. addslashes(_convert($data['bn_template'], YW_CHARSET, true)) . '", "'
110-
. addslashes(_convert($data['bn_description'], YW_CHARSET, true)) . '", "'
111-
. addslashes(_convert($data['bn_sem_context'], YW_CHARSET, true)) . '", "'
112-
. addslashes(_convert($data['bn_sem_type'], YW_CHARSET, true)) . '", '
108+
. $this->dbService->escape(_convert($data['bn_label_nature'], YW_CHARSET, true)) . '","'
109+
. $this->dbService->escape(_convert($data['bn_template'], YW_CHARSET, true)) . '", "'
110+
. $this->dbService->escape(_convert($data['bn_description'], YW_CHARSET, true)) . '", "'
111+
. $this->dbService->escape(_convert($data['bn_sem_context'], YW_CHARSET, true)) . '", "'
112+
. $this->dbService->escape(_convert($data['bn_sem_type'], YW_CHARSET, true)) . '", '
113113
. (isset($data['bn_sem_use_template']) ? '1' : '0') . ', "'
114-
. addslashes(_convert($data['bn_condition'], YW_CHARSET, true)) . '")');
114+
. $this->dbService->escape(_convert($data['bn_condition'], YW_CHARSET, true)) . '")');
115115
}
116116

117117
public function update($data)
@@ -120,14 +120,14 @@ public function update($data)
120120
throw new \Exception(_t('WIKI_IN_HIBERNATION'));
121121
}
122122
return $this->dbService->query('UPDATE' . $this->dbService->prefixTable('nature') . 'SET '
123-
. '`bn_label_nature`="' . addslashes(_convert($data['bn_label_nature'], YW_CHARSET, true)) . '" ,'
124-
. '`bn_template`="' . addslashes(_convert($data['bn_template'], YW_CHARSET, true)) . '" ,'
125-
. '`bn_description`="' . addslashes(_convert($data['bn_description'], YW_CHARSET, true)) . '" ,'
126-
. '`bn_sem_context`="' . addslashes(_convert($data['bn_sem_context'], YW_CHARSET, true)) . '" ,'
127-
. '`bn_sem_type`="' . addslashes(_convert($data['bn_sem_type'], YW_CHARSET, true)) . '" ,'
123+
. '`bn_label_nature`="' . $this->dbService->escape(_convert($data['bn_label_nature'], YW_CHARSET, true)) . '" ,'
124+
. '`bn_template`="' . $this->dbService->escape(_convert($data['bn_template'], YW_CHARSET, true)) . '" ,'
125+
. '`bn_description`="' . $this->dbService->escape(_convert($data['bn_description'], YW_CHARSET, true)) . '" ,'
126+
. '`bn_sem_context`="' . $this->dbService->escape(_convert($data['bn_sem_context'], YW_CHARSET, true)) . '" ,'
127+
. '`bn_sem_type`="' . $this->dbService->escape(_convert($data['bn_sem_type'], YW_CHARSET, true)) . '" ,'
128128
. '`bn_sem_use_template`=' . (isset($data['bn_sem_use_template']) ? '1' : '0') . ' ,'
129-
. '`bn_condition`="' . addslashes(_convert($data['bn_condition'], YW_CHARSET, true)) . '"'
130-
. ' WHERE `bn_id_nature`=' . $data['bn_id_nature']);
129+
. '`bn_condition`="' . $this->dbService->escape(_convert($data['bn_condition'], YW_CHARSET, true)) . '"'
130+
. ' WHERE `bn_id_nature`=' . $this->dbService->escape($data['bn_id_nature']));
131131
}
132132

133133
public function clone($id)
@@ -155,7 +155,7 @@ public function delete($id)
155155
}
156156

157157
$this->clear($id);
158-
return $this->dbService->query('DELETE FROM ' . $this->dbService->prefixTable('nature') . 'WHERE bn_id_nature=' . $id);
158+
return $this->dbService->query('DELETE FROM ' . $this->dbService->prefixTable('nature') . 'WHERE bn_id_nature=' . $this->dbService->escape($id));
159159
}
160160

161161
public function clear($id)
@@ -167,14 +167,14 @@ public function clear($id)
167167
'DELETE FROM' . $this->dbService->prefixTable('acls') .
168168
'WHERE page_tag IN (SELECT tag FROM ' . $this->dbService->prefixTable('pages') .
169169
'WHERE tag IN (SELECT resource FROM ' . $this->dbService->prefixTable('triples') .
170-
'WHERE property="http://outils-reseaux.org/_vocabulary/type" AND value="fiche_bazar") AND body LIKE \'%"id_typeannonce":"' . $id . '"%\' );'
170+
'WHERE property="http://outils-reseaux.org/_vocabulary/type" AND value="fiche_bazar") AND body LIKE \'%"id_typeannonce":"' . $this->dbService->escape($id) . '"%\' );'
171171
);
172172

173173
// TODO use PageManager
174174
$this->dbService->query(
175175
'DELETE FROM' . $this->dbService->prefixTable('pages') .
176176
'WHERE tag IN (SELECT resource FROM ' . $this->dbService->prefixTable('triples') .
177-
'WHERE property="http://outils-reseaux.org/_vocabulary/type" AND value="fiche_bazar") AND body LIKE \'%"id_typeannonce":"' . $id . '"%\';'
177+
'WHERE property="http://outils-reseaux.org/_vocabulary/type" AND value="fiche_bazar") AND body LIKE \'%"id_typeannonce":"' . $this->dbService->escape($id) . '"%\';'
178178
);
179179

180180
// TODO use TripleStore

Diff for: tools/security/actions/despam.php

+1-1
Original file line numberDiff line numberDiff line change
@@ -62,7 +62,7 @@
6262
"select *
6363
from ".$this->config["table_prefix"]."pages
6464
where
65-
time > date_sub(now(), interval " . addslashes($_POST['from']) . " hour)
65+
time > date_sub(now(), interval " . $this->services->get(\YesWiki\Core\Service\DbService::class)->escape($_POST['from']) . " hour)
6666
and latest = 'Y'
6767
order by `time` desc";
6868
$title =

0 commit comments

Comments
 (0)