Changeset 13812 for trunk/modules/boonex/spy/classes/BxSpyDb.php

Timestamp:

03/20/10 04:28:57 (2 years ago)

Author:

Alexander Ermashev

Message:

fix possible mysql injections in spy module

File:

• trunk/modules/boonex/spy/classes/BxSpyDb.php (modified) (17 diffs)

trunk/modules/boonex/spy/classes/BxSpyDb.php

@@ -58 +58 @@
         function getActivityCount($sType = '')
         {
+            $sType = $this -> escape($sType);
+
             $sWhere = null;
             if($sType && $sType != 'all'){
@@ -77 +79 @@
         function getLastActivityId($sType = '')
         {
+            $sType = $this -> escape($sType);
             $sWhere     = null;
 
@@ -98 +101 @@
         function getLastFriendsActivityId($iProfileId, $sType = '')
         {
+            $iProfileId = (int) $iProfileId;
+            $sType = $this -> escape($sType);
+
             $sWhere = null;
 
@@ -136 +142 @@
         function getFriendsActivityCount($iProfileId, $sType = '')
         {
+            $iProfileId = (int) $iProfileId;
+            $sType = $this -> escape($sType);
+
             $sWhere = null;
 
@@ -170 +179 @@
         function getSettingsCategory($sValueName)
         {
+            $sValueName = process_db_input($sValueName, BX_TAGS_STRIP);
             return $this -> getOne('SELECT `kateg` FROM `sys_options` WHERE `Name` = "' . $sValueName . '"');
         }
@@ -181 +191 @@
         function setViewed($iActivityId)
         {
+            $iActivityId = (int) $iActivityId;
             $sQuery = "UPDATE `{$this->sTablePrefix}data` SET `viewed` = 1";
             $this -> query($sQuery);
@@ -193 +204 @@
         function setViewedProfileActivity($iProfileId)
         {
+            $iProfileId = (int) $iProfileId;
             $sQuery = "UPDATE `{$this->sTablePrefix}data` SET `viewed` = 1 WHERE `recipient_id` = {$iProfileId}";
             $this -> query($sQuery);
@@ -201 +213 @@
             //--- Update Spy Handlers ---//
             foreach($aData['handlers'] as $aHandler)
-            {          
+            {
+                $aHandler['alert_unit']     = process_db_input($aHandler['alert_unit'], BX_TAGS_STRIP);
+                $aHandler['alert_action']   = process_db_input($aHandler['alert_action'], BX_TAGS_STRIP);
+                $aHandler['module_uri']     = process_db_input($aHandler['module_uri'], BX_TAGS_STRIP);
+                $aHandler['module_class']   = process_db_input($aHandler['module_class'], BX_TAGS_STRIP);
+                $aHandler['module_method']  = process_db_input($aHandler['module_method'], BX_TAGS_STRIP);
+
                 $sQuery = 
                 "
@@ -217 +235 @@
             }
 
-            $sAlertName = $this -> _oConfig -> getAlertSystemName();
+            $sAlertName = $this -> escape($this -> _oConfig -> getAlertSystemName());
 
             //--- Update System Alerts ---//
@@ -235 +253 @@
             foreach($aData['alerts'] as $aAlert) 
             {
+                $aAlert['unit']     = process_db_input($aAlert['unit'], BX_TAGS_STRIP);
+                $aAlert['action']   = process_db_input($aAlert['action'], BX_TAGS_STRIP);
+
                 $sQuery = 
                 "
@@ -252 +273 @@
         {
             //--- Update Wall Handlers ---//
-            foreach($aData['handlers'] as $aHandler) {
+            foreach($aData['handlers'] as $aHandler) 
+            {
+                $aHandler['alert_unit']     = process_db_input($aHandler['alert_unit'], BX_TAGS_STRIP);
+                $aHandler['alert_action']   = process_db_input($aHandler['alert_action'], BX_TAGS_STRIP);
+                $aHandler['module_uri']     = process_db_input($aHandler['module_uri'], BX_TAGS_STRIP);
+                $aHandler['module_class']   = process_db_input($aHandler['module_class'], BX_TAGS_STRIP);
+                $aHandler['module_method']  = process_db_input($aHandler['module_method'], BX_TAGS_STRIP);
+
                 $sQuery = 
                 "
@@ -274 +302 @@
 
             // define system alert name;
-            $sAlertName = $this -> _oConfig -> getAlertSystemName();
+            $sAlertName = $this -> escape($this -> _oConfig -> getAlertSystemName());
 
             //--- Update System Alerts ---//
@@ -291 +319 @@
             foreach($aData['alerts'] as $aAlert) 
             {
+                $aAlert['unit']     = process_db_input($aAlert['unit'], BX_TAGS_STRIP);
+                $aAlert['action']   = process_db_input($aAlert['action'], BX_TAGS_STRIP);
+
                 $sQuery = 
                 "
@@ -321 +352 @@
         function createActivity($iSenderId, $iRecipientId, $aActivityInfo)
         {
+            $iSenderId = (int) $iSenderId;
+            $iRecipientId = (int) $iRecipientId;
+
             // -- procces recived parameters -- //
-            $aParameters = $this->escape(serialize($aActivityInfo['params']));
+            $aParameters = isset($aActivityInfo['params'])
+                ?  process_db_input(serialize($aActivityInfo['params']), BX_TAGS_STRIP)
+                : '';
 
             // if isset activity's types will uset it;
@@ -328 +364 @@
                 ? $aActivityInfo['spy_type']
                 : 'content_activity';
+
+            //procces activity data
+            foreach($aActivityInfo as $sKey => $sValue)
+            {
+                $aActivityInfo[$sKey] = process_db_input($sValue, BX_TAGS_STRIP);
+            }
 
             // execute query;
@@ -358 +400 @@
         function attachFriendEvent($iEventId, $iSenderId, $iFriendId)
         {
-            $sQuery = 
+            $iEventId  = (int) $iEventId;
+            $iSenderId = (int) $iSenderId;
+            $iFriendId = (int) $iFriendId;
+
+            $sQuery = 
             "
                 INSERT INTO 
@@ -379 +425 @@
         function deleteUselessData($iCount = 0) 
         {
+            $iCount = (int) $iCount;
+
             $sQuery = "SELECT `id` FROM `{$this->sTablePrefix}data` ORDER BY `date` LIMIT {$iCount}";
             $aRows  = $this -> getAll($sQuery);