[evolvis-commits] r8306: Audit: escape special characters before inserting into database. ↵

mirabilos at evolvis.org mirabilos at evolvis.org
Thu Feb 24 16:38:53 CET 2011


Author: mirabilos
Date: 2011-02-24 16:38:53 +0100 (Thu, 24 Feb 2011)
New Revision: 8306

Modified:
   trunk/gforge_base/evolvisforge-5.1/gforge/ChangeLog
   trunk/gforge_base/evolvisforge-5.1/gforge/common/frs/FRSPackage.class
   trunk/gforge_base/evolvisforge-5.1/gforge/common/frs/FRSRelease.class
   trunk/gforge_base/evolvisforge-5.1/gforge/www/project/admin/editrelease.php
Log:
Audit: escape special characters before inserting into database.


Modified: trunk/gforge_base/evolvisforge-5.1/gforge/ChangeLog
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/gforge/ChangeLog	2011-02-24 15:38:50 UTC (rev 8305)
+++ trunk/gforge_base/evolvisforge-5.1/gforge/ChangeLog	2011-02-24 15:38:53 UTC (rev 8306)
@@ -3,7 +3,14 @@
 	* www/people/editjob.php: Audit: escape special characters from
 	user input before submitting to database.
 
+	* common/frs/FRSPackage.class: ditto.
 
+	* common/frs/FRSRelease.class: ditto, plus re-fetch data on
+	update.
+
+	* www/project/admin/editrelease.php: ditto, plus fix bogus
+	warning about "file upload attack".
+
 2003-01-17  Reinhard Spisser   <reinhard at spisser.it>
 
 	* www/forum/*: there were still a lot of unlocalized strings.

Modified: trunk/gforge_base/evolvisforge-5.1/gforge/common/frs/FRSPackage.class
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/gforge/common/frs/FRSPackage.class	2011-02-24 15:38:50 UTC (rev 8305)
+++ trunk/gforge_base/evolvisforge-5.1/gforge/common/frs/FRSPackage.class	2011-02-24 15:38:53 UTC (rev 8306)
@@ -88,7 +88,7 @@
 		}
 
 		$sql="INSERT INTO frs_package(group_id,name,status_id)
-			VALUES ('".$this->Group->getId()."','$name','1')";
+			VALUES ('".$this->Group->getId()."','".htmlspecialchars($name)."','1')";
 
 		db_begin();
 		$result=db_query($sql);
@@ -173,7 +173,7 @@
 			return false;
 		}
 		$sql="SELECT * FROM filemodule_monitor
-			WHERE user_id='".user_getid()."' 
+			WHERE user_id='".user_getid()."'
 			AND filemodule_id='".$this->getID()."';";
 		$result = db_query($sql);
 
@@ -207,7 +207,7 @@
 			return false;
 		}
 		$sql="DELETE FROM filemodule_monitor
-			WHERE user_id='".user_getid()."' 
+			WHERE user_id='".user_getid()."'
 			AND filemodule_id='".$this->getID()."';";
 		return db_query($sql);
 	}
@@ -222,7 +222,7 @@
 			return false;
 		}
 		$sql="SELECT * FROM filemodule_monitor
-			WHERE user_id='".user_getid()."' 
+			WHERE user_id='".user_getid()."'
 			AND filemodule_id='".$this->getID()."';";
 
 		$result = db_query($sql);
@@ -240,8 +240,8 @@
 	 *  @return	array	The array of user_id's.
 	 */
 	function &getMonitorIDs() {
-		$res=db_query("SELECT user_id 
-			FROM filemodule_monitor 
+		$res=db_query("SELECT user_id
+			FROM filemodule_monitor
 			WHERE filemodule_id='".$this->getID()."'");
 		return util_result_column_to_array($res);
 	}
@@ -272,7 +272,7 @@
 		}
 
 		$res=db_query("UPDATE frs_package SET
-			name='$name',
+			name='".htmlspecialchars($name)."',
 			status_id='$status'
 			WHERE group_id='".$this->Group->getID()."'
 			AND package_id='".$this->getID()."'");
@@ -281,6 +281,9 @@
 			$this->setError('FRSPackage::update() Error On Update: '.db_error());
 			return false;
 		}
+
+		$this->fetchData($this->getID());
+
 		return true;
 
 	}

Modified: trunk/gforge_base/evolvisforge-5.1/gforge/common/frs/FRSRelease.class
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/gforge/common/frs/FRSRelease.class	2011-02-24 15:38:50 UTC (rev 8305)
+++ trunk/gforge_base/evolvisforge-5.1/gforge/common/frs/FRSRelease.class	2011-02-24 15:38:53 UTC (rev 8306)
@@ -103,8 +103,8 @@
 
 		$sql="INSERT INTO frs_release(package_id,notes,changes,
 				preformatted,name,release_date,released_by,status_id)
-			VALUES ('".$this->FRSPackage->getId()."','$notes','$changes',
-				'$preformatted','$name','$release_date','".user_getid()."','1')";
+			VALUES ('".$this->FRSPackage->getId()."','".htmlspecialchars($notes)."','".htmlspecialchars($changes)."',
+				'$preformatted','".htmlspecialchars($name)."','$release_date','".user_getid()."','1')";
 
 		db_begin();
 		$result=db_query($sql);
@@ -272,12 +272,18 @@
 			return false;
 		}
 
+		if ($preformatted) {
+			$preformatted = 1;
+		} else {
+			$preformatted = 0;
+		}
+
 		$res=db_query("UPDATE frs_release
 			SET
-			name='$name',
+			name='".htmlspecialchars($name)."',
 			status_id='$status',
-			notes='$notes',
-			changes='$changes',
+			notes='".htmlspecialchars($notes)."',
+			changes='".htmlspecialchars($changes)."',
 			preformatted='$preformatted',
 			release_date='$release_date',
 			released_by='". user_getid() ."'
@@ -289,6 +295,8 @@
 			return false;
 		}
 
+		$this->fetchData($this->getID());
+
 		return true;
 
 	}

Modified: trunk/gforge_base/evolvisforge-5.1/gforge/www/project/admin/editrelease.php
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/gforge/www/project/admin/editrelease.php	2011-02-24 15:38:50 UTC (rev 8305)
+++ trunk/gforge_base/evolvisforge-5.1/gforge/www/project/admin/editrelease.php	2011-02-24 15:38:53 UTC (rev 8306)
@@ -1,7 +1,7 @@
 <?php
 /**
  * Project Admin: Edit Releases of Packages
- * 
+ *
  * SourceForge: Breaking Down the Barriers to Open Source Development
  * Copyright 1999-2001 (c) VA Linux Systems
  * http://sourceforge.net
@@ -10,7 +10,7 @@
  */
 
 
-require_once('pre.php');	
+require_once('pre.php');
 require_once('common/frs/FRSPackage.class');
 require_once('common/frs/FRSRelease.class');
 require_once('common/frs/FRSFile.class');
@@ -62,11 +62,11 @@
  */
 
 // Edit release info
-if ($step1) {	
+if ($step1) {
 	$exec_changes = true;
 
 	// Check for uploaded release notes
-	if ($uploaded_notes != "none") {
+	if ($uploaded_notes != "") {
 		if (!is_uploaded_file($uploaded_notes)) {
 			exit_error('Error','Attempted File Upload Attack');
 		}
@@ -80,7 +80,7 @@
 	}
 
 	// Check for uplaoded change logs
-	if ($uploaded_changes != "none") {
+	if ($uploaded_changes != "") {
 		if (!is_uploaded_file($uploaded_changes)) {
 			exit_error('Error','Attempted File Upload Attack');
 		}
@@ -103,10 +103,10 @@
 			$feedback .= " Data Saved ";
 		}
 	}
-} 
+}
 
 // Add file(s) to the release
-if ($step2) {	
+if ($step2) {
 	// Build a Unix time value from the supplied Y-m-d value
 	$group_unix_name=group_getunixname($group_id);
 
@@ -130,7 +130,7 @@
 }
 
 // Edit/Delete files in a release
-if ($step3) {	
+if ($step3) {
 	// If the user chose to delete the file and he's sure then delete the file
 	if( $step3 == "Delete File" && $im_sure ) {
 		$frsf = new FRSFile($frsr,$file_id);
@@ -186,8 +186,8 @@
 <tr>
 	<td><strong>Status:</strong></td>
 	<td>
-		<?php 
-			echo frs_show_status_popup('status_id',$frsr->getStatus()); 
+		<?php
+			echo frs_show_status_popup('status_id',$frsr->getStatus());
 		?>
 	</td>
 </tr>
@@ -209,13 +209,13 @@
 <tr>
 	<td colspan="2">
 		<strong>Paste The Notes In:</strong><br />
-		<textarea name="release_notes" rows="10" cols="60" wrap="soft"><?php echo htmlspecialchars($frsr->getNotes()); ?></textarea>
+		<textarea name="release_notes" rows="10" cols="60" wrap="soft"><?php echo $frsr->getNotes(); ?></textarea>
 	</td>
 </tr>
 <tr>
 	<td colspan="2">
 		<strong>Paste The Change Log In:</strong><br />
-		<textarea name="release_changes" rows="10" cols="60" wrap="soft"><?php echo htmlspecialchars($frsr->getChanges()); ?></textarea>
+		<textarea name="release_changes" rows="10" cols="60" wrap="soft"><?php echo $frsr->getChanges(); ?></textarea>
 	</td>
 </tr>
 <tr>



More information about the evolvis-commits mailing list