[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Noalyss-commit] [noalyss] 03/04: Security : fix potential problem for S
|
From: |
Dany De Bontridder |
|
Subject: |
[Noalyss-commit] [noalyss] 03/04: Security : fix potential problem for SQL injection |
|
Date: |
Wed, 15 Feb 2017 16:13:24 -0500 (EST) |
sparkyx pushed a commit to branch master
in repository noalyss.
commit 48f0c1f885f60309d0e62a300fcf124708eb8092
Author: Dany De Bontridder <address@hidden>
Date: Wed Feb 15 22:06:10 2017 +0100
Security : fix potential problem for SQL injection
---
include/class/class_acc_account_ledger.php | 18 +++++++++++-------
include/class/class_acc_ledger.php | 6 +++---
include/class/class_fiche.php | 4 ++--
include/class/class_periode.php | 8 +++++---
include/class/class_user.php | 6 ++----
include/export/export_ledger_csv.php | 2 +-
include/lib/ac_common.php | 22 ++++++++++++++--------
include/template/letter_prop.php | 2 +-
8 files changed, 39 insertions(+), 29 deletions(-)
diff --git a/include/class/class_acc_account_ledger.php
b/include/class/class_acc_account_ledger.php
index 507bb90..ccd682b 100644
--- a/include/class/class_acc_account_ledger.php
+++ b/include/class/class_acc_account_ledger.php
@@ -552,7 +552,7 @@ class Acc_Account_Ledger
*/
function belong_ledger($p_jrn)
{
- $filter=$this->db->get_value("select jrn_def_class_cred from jrn_def
where jrn_def_id=$p_jrn");
+ $filter=$this->db->get_value("select jrn_def_class_cred from jrn_def
where jrn_def_id=$1", array($p_jrn));
if ( trim ($filter) == '')
return 0;
@@ -560,27 +560,31 @@ class Acc_Account_Ledger
$sql="select count(*) as poste from tmp_pcmn where ";
// Creation query
$or="";
- $SqlFilter="";
+ $SqlFilter="";
+ $SqlArray = array();
+ $SqlArrayN = 1;
foreach ( $valid_cred as $item_cred)
{
if ( strlen (trim($item_cred)))
{
if ( strstr($item_cred,"*") == true )
{
- $item_cred=strtr($item_cred,"*","%");
- $SqlItem="$or pcm_val::text like
'".sql_string($item_cred)."'";
+ $SqlItem=$or . 'pcm_val::text like $' . $SqlArrayN++;
+ array_push($SqlArray, strtr($item_cred,"*","%"));
$or=" or ";
}
else
{
- $SqlItem="$or pcm_val::text = '".sql_string($item_cred)."'
";
+ $SqlItem=$or . 'pcm_val::text = $' . $SqlArrayN++;
+ array_push($SqlArray, $item_cred);
$or=" or ";
}
$SqlFilter=$SqlFilter.$SqlItem;
}
}//foreach
- $sql.=$SqlFilter." and pcm_val::text='".sql_string($this->id)."'";
- $max=$this->db->get_value($sql);
+ $sql.=$SqlFilter . ' and pcm_val::text=$' . $SqlArrayN++;
+ array_push($SqlArray, $this->id);
+ $max=$this->db->get_value($sql, $SqlArray);
if ($max > 0 )
return 0;
else
diff --git a/include/class/class_acc_ledger.php
b/include/class/class_acc_ledger.php
index b28b522..d12287d 100644
--- a/include/class/class_acc_ledger.php
+++ b/include/class/class_acc_ledger.php
@@ -756,7 +756,7 @@ class Acc_Ledger extends jrn_def_sql
$operation = new
Acc_Operation($this->db);
$operation->jr_id = $element;
$l_amount =
$this->db->get_value("select jr_montant from jrn " .
- " where
jr_id=$element");
+ " where
jr_id=$1",array($element));
$r.= "<A class=\"detail\"
HREF=\"javascript:modifyOperation('" . $element . "'," . $gDossier . ")\" > " .
$operation->get_internal() . "[" . nbm($l_amount) . "]</A>";
}//for
}// if ( $a != null ) {
@@ -987,7 +987,7 @@ class Acc_Ledger extends jrn_def_sql
$operation = new
Acc_Operation($this->db);
$operation->jr_id = $element;
$l_amount =
$this->db->get_value("select jr_montant from jrn " .
- " where
jr_id=$element");
+ " where
jr_id=$1",array($element));
$r.= "<A class=\"detail\"
HREF=\"javascript:modifyOperation('" . $element . "'," . $gDossier . ")\" > " .
$operation->get_internal() . "[" . nbm($l_amount) . "]</A>";
}//for
}// if ( $a != null ) {
@@ -4010,4 +4010,4 @@ class Acc_Ledger extends jrn_def_sql
echo '</FORM>';
}
}
-?>
\ No newline at end of file
+?>
diff --git a/include/class/class_fiche.php b/include/class/class_fiche.php
index 8d7fa99..9a4b381 100644
--- a/include/class/class_fiche.php
+++ b/include/class/class_fiche.php
@@ -1682,8 +1682,8 @@ class Fiche
function get_categorie()
{
if ( $this->id == 0 ) throw new Exception('class_fiche : f_id = 0 ');
- $sql='select fd_id from fiche where f_id='.$this->id;
- $R=$this->cn->get_value($sql);
+ $sql='select fd_id from fiche where f_id=$1';
+ $R=$this->cn->get_value($sql, array($this->id));
if ( $R == "" )
$this->fd_id=0;
else
diff --git a/include/class/class_periode.php b/include/class/class_periode.php
index 54000f7..8f05c77 100644
--- a/include/class/class_periode.php
+++ b/include/class/class_periode.php
@@ -547,7 +547,7 @@ class Periode
for ($i=1;$i < 12;$i++)
{
$date_start=sprintf('01.%02d.%d',$i,$p_exercice);
- $date_end=$this->cn->get_value("select
to_char(to_date('$date_start','DD.MM.YYYY')+interval '1 month'-interval '1
day','DD.MM.YYYY')");
+ $date_end=$this->cn->get_value("select
to_char(to_date($1,'DD.MM.YYYY')+interval '1 month'-interval '1
day','DD.MM.YYYY')",array($date_start));
if ( $this->insert($date_start,$date_end,$p_exercice) != 0)
{
throw new Exception('Erreur insertion période');
@@ -559,8 +559,10 @@ class Periode
}
if ( $nb_periode==13)
{
- if
($this->insert('01.12.'.$p_exercice,'30.12.'.$p_exercice,$p_exercice) != 0 )
throw new Exception('Erreur insertion période');
- if
($this->insert('31.12.'.$p_exercice,'31.12.'.$p_exercice,$p_exercice) != 0 )
throw new Exception('Erreur insertion période');
+ if
($this->insert('01.12.'.$p_exercice,'30.12.'.$p_exercice,$p_exercice) != 0 )
+ throw new Exception('Erreur insertion période');
+ if
($this->insert('31.12.'.$p_exercice,'31.12.'.$p_exercice,$p_exercice) != 0 )
+ throw new Exception('Erreur insertion période');
}
diff --git a/include/class/class_user.php b/include/class/class_user.php
index 5b2c49a..7a880e6 100644
--- a/include/class/class_user.php
+++ b/include/class/class_user.php
@@ -943,8 +943,7 @@ class User
* \brief Show all the available folder for the users
* at the login page. For the special case 'E'
* go directly to extension and bypasse the dashboard
- * \param $p_user user
- * \param $p_admin 1 if admin
+ * \param $p_filtre user
*
* \return table in HTML
*
@@ -1011,8 +1010,7 @@ class User
* \brief Get all the available folders
* for the users, checked with the security
*
- * \param $p_user user login
- * \param $p_admin 1 if admin
+ * \param $p_filter
* \return array containing
* - ac_dossier.dos_id
* - ac_dossier.dos_name
diff --git a/include/export/export_ledger_csv.php
b/include/export/export_ledger_csv.php
index 7ff9888..aa11270 100644
--- a/include/export/export_ledger_csv.php
+++ b/include/export/export_ledger_csv.php
@@ -211,7 +211,7 @@ if ($get_option == 1)
// Get the jrn type
if ( $line['jrn_def_type'] == 'FIN' ) {
$positive = $cn->get_value("select qf_amount from quant_fin ".
- " where jr_id=".$line['jr_id']);
+ " where
jr_id=$1",array($line['jr_id']));
$export->add($positive,"number");
$export->add("");
diff --git a/include/lib/ac_common.php b/include/lib/ac_common.php
index 347b5fc..bf3ff46 100644
--- a/include/lib/ac_common.php
+++ b/include/lib/ac_common.php
@@ -561,10 +561,13 @@ function echo_warning($p_string)
function getPeriodeName($p_cn, $p_id, $pos='p_start')
{
- if ($pos != 'p_start' and
- $pos != 'p_end')
- echo_error('lib/ac_common.php' . "-" . __LINE__ . ' UNDEFINED
PERIODE');
- $ret = $p_cn->get_value("select to_char($pos,'Mon YYYY') as t from
parm_periode where p_id=$p_id");
+ if ($pos != 'p_start' && $pos != 'p_end')
+ {
+ echo_error('lib/ac_common.php' . "-" . __LINE__ . ' UNDEFINED
PERIODE');
+ throw new Exception(_("paramètre invalide"));
+ }
+ $ret = $p_cn->get_value("select to_char($pos,'Mon YYYY') as t from
parm_periode where p_id=$1",
+ array( $p_id));
return $ret;
}
@@ -582,7 +585,7 @@ function getPeriodeName($p_cn, $p_id, $pos='p_start')
function getPeriodeFromMonth($p_cn, $p_date)
{
$R = $p_cn->get_value("select p_id from parm_periode where
- to_char(p_start,'DD.MM.YYYY') = '01.$p_date'");
+ to_char(p_start,'DD.MM.YYYY') = $1",
array('01.'.$p_date));
if ($R == "")
return -1;
return $R;
@@ -620,6 +623,9 @@ function sql_filter_per($p_cn, $p_from, $p_to,
$p_form='p_id', $p_field='jr_tech
echo_error(__FILE__, __LINE__, 'Mauvais parametres ');
exit(-1);
}
+ $p_from= sql_string($p_from);
+ $p_to= sql_string($p_to);
+ $p_field= sql_string($p_field);
if ($p_form == 'p_id')
{
// retrieve the date
@@ -1223,9 +1229,9 @@ function get_array_column($p_array,$key)
*/
function factory_Ledger(Database &$p_cn, $ledger_id)
{
- include_once 'class/class_acc_ledger_sold.php';
- include_once 'class/class_acc_ledger_purchase.php';
- include_once 'class/class_acc_ledger_fin.php';
+ include_once NOALYSS_INCLUDE.'/class/class_acc_ledger_sold.php';
+ include_once NOALYSS_INCLUDE.'/class/class_acc_ledger_purchase.php';
+ include_once NOALYSS_INCLUDE.'/class/class_acc_ledger_fin.php';
$ledger=new Acc_Ledger($p_cn, $ledger_id);
$type=$ledger->get_type();
diff --git a/include/template/letter_prop.php b/include/template/letter_prop.php
index 3422e89..939e316 100644
--- a/include/template/letter_prop.php
+++ b/include/template/letter_prop.php
@@ -170,4 +170,4 @@ $delta = abs($delta);
<?php endif;?>
<?php echo HtmlInput::button('check_all',_('Sélectionner tout'),'
onclick="select_checkbox(\'letter_form\')"');?>
-<?php echo HtmlInput::button('check_none',_('Tout Désélectionner'),'
onclick="unselect_checkbox(\'letter_form\')"');?>
\ No newline at end of file
+<?php echo HtmlInput::button('check_none',_('Tout Désélectionner'),'
onclick="unselect_checkbox(\'letter_form\')"');?>
- [Noalyss-commit] [noalyss] branch master updated (b781c15 -> d3e2cd4), Dany De Bontridder, 2017/02/15
- [Noalyss-commit] [noalyss] 02/04: For saving space , the temp PDF are unlinked after sending, Dany De Bontridder, 2017/02/15
- [Noalyss-commit] [noalyss] 01/04: warning for exporting ANC_RECEIPT , it lasts a few minutes , depending of the number of documents to export, Dany De Bontridder, 2017/02/15
- [Noalyss-commit] [noalyss] 04/04: Merge branch 'master' of ns3:/srv/git/noalyss, Dany De Bontridder, 2017/02/15
- [Noalyss-commit] [noalyss] 03/04: Security : fix potential problem for SQL injection,
Dany De Bontridder <=