[geeklog-cvs] geeklog: Fixed sql injection exploit with the listfactory class
geeklog-cvs at lists.geeklog.net
geeklog-cvs at lists.geeklog.net
Mon Mar 30 19:32:14 EDT 2009
details: http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/5bd37d01b2d5
changeset: 6879:5bd37d01b2d5
user: Sami Barakat
date: Tue Mar 31 00:30:44 2009 +0100
description:
Fixed sql injection exploit with the listfactory class
diffstat:
1 file changed, 6 insertions(+), 2 deletions(-)
system/classes/listfactory.class.php | 8 ++++++--
diffs (25 lines):
diff -r f0fc9736cfc6 -r 5bd37d01b2d5 system/classes/listfactory.class.php
--- a/system/classes/listfactory.class.php Mon Mar 30 13:14:42 2009 +0200
+++ b/system/classes/listfactory.class.php Tue Mar 31 00:30:44 2009 +0100
@@ -354,7 +354,11 @@
{
// Get the details for sorting the list
$this->_sort_arr['field'] = isset($_REQUEST['order']) ? COM_applyFilter($_REQUEST['order']) : $this->_def_sort_arr['field'];
- $this->_sort_arr['direction'] = isset($_REQUEST['direction']) ? COM_applyFilter($_REQUEST['direction']) : $this->_def_sort_arr['direction'];
+ if (isset($_REQUEST['direction']))
+ $this->_sort_arr['direction'] = $_REQUEST['direction'] == 'asc' ? 'asc' : 'desc';
+ else
+ $this->_sort_arr['direction'] = $this->_def_sort_arr['direction'];
+
if (is_numeric($this->_sort_arr['field']))
{
$ord = $this->_def_sort_arr['field'];
@@ -364,7 +368,7 @@
{
$ord = $this->_sort_arr['field'];
}
- $order_sql = ' ORDER BY ' . $ord . ' ' . strtoupper($this->_sort_arr['direction']);
+ $order_sql = ' ORDER BY "' . addslashes($ord) . '" ' . strtoupper($this->_sort_arr['direction']);
$this->_page = isset($_REQUEST['page']) ? COM_applyFilter($_REQUEST['page'], true) : 1;
if (isset($_REQUEST['results'])) {
More information about the geeklog-cvs
mailing list