Changeset 586 for trunk


Ignore:
Timestamp:
Oct 7, 2013, 11:52:11 PM (11 years ago)
Author:
chronos
Message:
  • Fixed: SQL injection protection was not applied because of new dynamic URL handling.
  • Fixed: HTML entities encodin for search input string.
Location:
trunk
Files:
8 edited

Legend:

Unmodified
Added
Removed
  • trunk/Modules/Dictionary/Dictionary.php

    r577 r586  
    213213       
    214214  $Output .= '<tr><td>
    215     <input type="text" value="'.$Search.'" name="search" size="30" />
     215    <input type="text" value="'.htmlentities($Search).'" name="search" size="30" />
    216216    <input type="submit" value="Vyhledat" />';
    217217  if($this->System->User->Licence(LICENCE_USER))
  • trunk/Modules/Log/Log.php

    r581 r586  
    7979    if(array_key_exists('type', $_GET)) $Where = ' WHERE `Type` = "'.($_GET['type'] * 1).'"';
    8080      else $Where = '';
    81     $sql = 'SELECT *, UNIX_TIMESTAMP(`Date`) AS `TimeCreate`, (SELECT `User`.`Name` FROM `User` WHERE `User`.`ID` = `Log`.`User`) AS `UserName` FROM `Log`'.$Where.' ORDER BY `Date` DESC LIMIT 100';
     81    $sql = 'SELECT *, UNIX_TIMESTAMP(`Date`) AS `TimeCreate`, (SELECT `User`.`Name` FROM `User` WHERE `User`.`ID` = `Log`.`User`) AS `UserName` FROM `Log`'.
     82      $Where.' ORDER BY `Date` DESC LIMIT 100';
    8283    $DbResult = $this->System->Database->query($sql);
    8384    while($Line = $DbResult->fetch_assoc())
     
    9394        'Title' => $LogType['Name'].' ('.$Line['UserName'].', '.$Line['IP'].')',
    9495        'Link' => 'http://'.$this->System->Config['Web']['Host'].$this->System->Link('/log.php'),
    95         'Description' => $LogType['Name'].': '.$Line['Text'].' ('.$Line['UserName'].', '.$Line['IP'].')',
     96        'Description' => $LogType['Name'].': '.$Line['Text'].' ('.$Line['UserName'].', '.$Line['IP'].', '.$Line['TimeCreate'].')',
    9697        'Time' => $Line['TimeCreate'],
    9798      );
  • trunk/Modules/Search/Search.php

    r577 r586  
    4141                else if(array_key_exists('text', $_POST)) $Search = $_POST['text'];
    4242                else $Search = '';
     43                $SearchHTML = htmlentities($Search);
    4344       
    4445                $Output = '<table class="BaseTable"><tr><th>Skupina</th><th>Výsledků</th></tr>';
     
    5253                        foreach($Group['Items'] as $Item)
    5354                        {
    54                                 if($Item['Column'] != '') $sql .= ' OR `'.$Item['Column'].'` LIKE "%'.$Search.'%"';
     55                                if($Item['Column'] != '') $sql .= ' OR (`'.$Item['Column'].'` LIKE "%'.$Search.'%")';
    5556                        }
    5657                        $DbResult = $this->Database->query($sql);
    5758                        $Line = $DbResult->fetch_row();
    58                         $Output .= '<tr><td><a href="'.$this->System->Link('/TranslationList.php?group='.$Group['Id'].'&amp;user=0&amp;state=0&amp;text='.$Search.'&amp;entry=').'">'.$Group['Name'].'</a></td><td>'.$Line[0].'</td></tr>';
     59                        $Output .= '<tr><td><a href="'.$this->System->Link('/TranslationList.php?group='.
     60                          $Group['Id'].'&amp;user=0&amp;state=0&amp;text='.$SearchHTML.'&amp;entry=').'">'.
     61                          $Group['Name'].'</a></td><td>'.$Line[0].'</td></tr>';
    5962                }
    6063       
    6164                $DbResult = $this->Database->query('SELECT count(*) FROM `User` WHERE `Name` LIKE "%'.$Search.'%"');
    6265                $Line = $DbResult->fetch_row();
    63                 $Output .= '<tr><td><a href="'.$this->System->Link('/userlist.php?search='.$Search).'">Uživatelé</a></td><td>'.$Line[0].'</td></tr>';
     66                $Output .= '<tr><td><a href="'.$this->System->Link('/userlist.php?search='.$SearchHTML).'">Uživatelé</a></td><td>'.$Line[0].'</td></tr>';
    6467       
    6568                $DbResult = $this->Database->query('SELECT count(*) FROM `Team` WHERE `Name` LIKE "%'.$Search.'%" OR `Description` LIKE "%'.$Search.'%"');
    6669                $Line = $DbResult->fetch_row();
    67                 $Output .= '<tr><td><a href="'.$this->System->Link('/team/?search='.$Search).'">Týmy</a></td><td>'.$Line[0].'</td></tr>';
     70                $Output .= '<tr><td><a href="'.$this->System->Link('/team/?search='.$SearchHTML).'">Týmy</a></td><td>'.$Line[0].'</td></tr>';
    6871       
    6972                $DbResult = $this->Database->query('SELECT count(*) FROM `CzWoWPackageVersion` WHERE `Text` LIKE "%'.$Search.'%"');
    7073                $Line = $DbResult->fetch_row();
    7174                $Output .= '<tr><td><a href="'.$this->System->Link('/download.php?addon').'">Čeština pro klienta</a></td><td>'.$Line[0].'</td></tr>';
    72                 $Output .= '<tr><td><a href="'.$this->System->Link('/aowow/?search='.$Search).'">Vyhledávací databáze AoWoW</a></td></tr>';
     75                $Output .= '<tr><td><a href="'.$this->System->Link('/aowow/?search='.$SearchHTML).'">Vyhledávací databáze AoWoW</a></td></tr>';
    7376       
    7477                $DbResult = $this->Database->query('SELECT count(*) FROM `Dictionary` WHERE '.
    7578                        '(`Text` LIKE "%'.$Search.'%" OR `Description` LIKE "%'.$Search.'%") AND `Language` = '.$this->System->Config['OriginalLanguage']);
    7679                $Line = $DbResult->fetch_row();
    77                 $Output .= '<tr><td><a href="'.$this->System->Link('/dictionary/?search='.$Search).'">Slovníček</a></td><td>'.$Line[0].'</td></tr>';
     80                $Output .= '<tr><td><a href="'.$this->System->Link('/dictionary/?search='.$SearchHTML).
     81      '">Slovníček</a></td><td>'.$Line[0].'</td></tr>';
    7882       
    7983                $Output .= '</table>';
  • trunk/Modules/Translation/TranslationList.php

    r577 r586  
    131131                // Words
    132132                $Filter['Text'] = GetParameter('text', '', false, true);
    133                 $Output .= '<td><input name="text" type="text" style="width: 60px;" value="'.$Filter['Text'].'"></td>';
     133                $Output .= '<td><input name="text" type="text" style="width: 60px;" value="'.htmlentities($Filter['Text']).'"></td>';
    134134                if($Filter['Text'] != '')
    135135                {
     
    144144                // Entry
    145145                $Filter['Entry'] = GetParameter('entry', '', false, true);
    146                 $Output .= '<td><input name="entry" type="text" style="width: 60px;" value="'.$Filter['Entry'].'"></td>';
     146                $Output .= '<td><input name="entry" type="text" style="width: 60px;" value="'.htmlentities($Filter['Entry']).'"></td>';
    147147                if($Filter['Entry'] != '')
    148148                {
  • trunk/img_level.php

    r553 r586  
    33require_once('includes/global.php');
    44
    5 // Nastavení
     5// Settings
    66$xp_from_word = 1;
    77$index_level = 100;
    8 $from_diakrit = 3; // zvýšené xp za slovo s diakritikou
     8$from_diakrit = 3; // higher xp for word with diacritics
    99$FontFile = 'images/FRIZQT__.ttf';
    1010
     
    9494          }
    9595        }       
    96         if($translated) $xp = $xp + $xp_translation;   // Přičítání XP za celý překlad, pokud je celý přeložený
     96        if($translated) $xp = $xp + $xp_translation;   // XP addition for entire translation if complete translated
    9797      }
    9898    }
     
    133133  while($LineTeam = $DbResult->fetch_array())
    134134  {
    135     CreateImg('team', $LineTeam['Name'], substr($LineTeam['Average'], 0, strpos($LineTeam['Average'],'.')));  //vytváření obrázku
     135    CreateImg('team', $LineTeam['Name'], substr($LineTeam['Average'], 0, strpos($LineTeam['Average'],'.')));  //image creation
    136136  }
    137137  $System->Database->query('UPDATE `User` SET `NeedUpdate` = 0');
  • trunk/includes/Page.php

    r577 r586  
    2020 
    2121  function GetOutput()
    22   {
     22  {     
    2323        $Output = $this->Show();
    2424        return($Output);
  • trunk/includes/Version.php

    r585 r586  
    11<?php
    22
    3 $Revision = 585; // Subversion revision
     3$Revision = 586; // Subversion revision
    44$DatabaseRevision = 585; // Database structure revision
    5 $ReleaseTime = '2013-09-13';
     5$ReleaseTime = '2013-10-07';
  • trunk/includes/global.php

    r581 r586  
    633633        else $_SERVER['QUERY_STRING'] = '';
    634634        parse_str($_SERVER['QUERY_STRING'], $_GET);
     635  // SQL injection hack protection
     636  foreach($_GET as $Index => $Item) $_GET[$Index] = addslashes($_GET[$Index]);
    635637        return($PathItems);
    636638}
Note: See TracChangeset for help on using the changeset viewer.