From 931089a92411985263da9d7d8411291cf8f53a8b Mon Sep 17 00:00:00 2001 From: appchecker Date: Thu, 7 Jul 2016 20:19:05 +0300 Subject: [PATCH 1/6] prevent SQLi --- htdocs/societe/notify/card.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/societe/notify/card.php b/htdocs/societe/notify/card.php index 9e412f1a7f0..dd754103ba3 100644 --- a/htdocs/societe/notify/card.php +++ b/htdocs/societe/notify/card.php @@ -125,7 +125,7 @@ if (empty($reshook)) // Remove a notification if ($action == 'delete') { - $sql = "DELETE FROM ".MAIN_DB_PREFIX."notify_def where rowid=".$_GET["actid"]; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."notify_def where rowid=".intval($_GET["actid"]); $db->query($sql); } } From 9895084627f9c4ac1f3a5bfec9659113c9b59e7f Mon Sep 17 00:00:00 2001 From: appchecker Date: Thu, 7 Jul 2016 20:23:38 +0300 Subject: [PATCH 2/6] prevent SQLi --- htdocs/admin/menus/edit.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/admin/menus/edit.php b/htdocs/admin/menus/edit.php index b299a1f18fe..47d77e380c6 100644 --- a/htdocs/admin/menus/edit.php +++ b/htdocs/admin/menus/edit.php @@ -243,7 +243,7 @@ if ($action == 'confirm_delete' && $_POST["confirm"] == 'yes') { $this->db->begin(); - $sql = "DELETE FROM ".MAIN_DB_PREFIX."menu WHERE rowid = ".$_GET['menuId']; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."menu WHERE rowid = ".intval($_GET['menuId']); $db->query($sql); if ($result == 0) @@ -312,7 +312,7 @@ if ($action == 'create') $parent_rowid = $_GET['menuId']; if ($_GET['menuId']) { - $sql = "SELECT m.rowid, m.mainmenu, m.leftmenu, m.level, m.langs FROM ".MAIN_DB_PREFIX."menu as m WHERE m.rowid = ".$_GET['menuId']; + $sql = "SELECT m.rowid, m.mainmenu, m.leftmenu, m.level, m.langs FROM ".MAIN_DB_PREFIX."menu as m WHERE m.rowid = ".intval($_GET['menuId']); $res = $db->query($sql); if ($res) { From 2c297bbcc8fb5e093f2645d7b440c61ee3fc29c2 Mon Sep 17 00:00:00 2001 From: appchecker Date: Thu, 7 Jul 2016 20:25:15 +0300 Subject: [PATCH 3/6] prevent SQLi --- htdocs/compta/bank/ligne.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/compta/bank/ligne.php b/htdocs/compta/bank/ligne.php index 873d71de81b..d426ace2636 100644 --- a/htdocs/compta/bank/ligne.php +++ b/htdocs/compta/bank/ligne.php @@ -83,13 +83,13 @@ if ($action == 'confirm_delete_categ' && $confirm == "yes" && $user->rights->ban if ($user->rights->banque->modifier && $action == 'class') { - $sql = "DELETE FROM ".MAIN_DB_PREFIX."bank_class WHERE lineid = ".$rowid." AND fk_categ = ".$_POST["cat1"]; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."bank_class WHERE lineid = ".$rowid." AND fk_categ = ".intval($_POST["cat1"]); if (! $db->query($sql)) { dol_print_error($db); } - $sql = "INSERT INTO ".MAIN_DB_PREFIX."bank_class (lineid, fk_categ) VALUES (".$rowid.", ".$_POST["cat1"].")"; + $sql = "INSERT INTO ".MAIN_DB_PREFIX."bank_class (lineid, fk_categ) VALUES (".$rowid.", ".intval($_POST["cat1"]).")"; if (! $db->query($sql)) { dol_print_error($db); From 4b1dfbc2fb3895c44e8d3b0d24f1e9b06d34b321 Mon Sep 17 00:00:00 2001 From: appchecker Date: Mon, 11 Jul 2016 12:56:05 +0300 Subject: [PATCH 4/6] replace intval with GETPOST --- htdocs/admin/menus/edit.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/admin/menus/edit.php b/htdocs/admin/menus/edit.php index 47d77e380c6..de8a299cece 100644 --- a/htdocs/admin/menus/edit.php +++ b/htdocs/admin/menus/edit.php @@ -243,7 +243,7 @@ if ($action == 'confirm_delete' && $_POST["confirm"] == 'yes') { $this->db->begin(); - $sql = "DELETE FROM ".MAIN_DB_PREFIX."menu WHERE rowid = ".intval($_GET['menuId']); + $sql = "DELETE FROM ".MAIN_DB_PREFIX."menu WHERE rowid = ".GETPOST('menuId', 'int'); $db->query($sql); if ($result == 0) @@ -312,7 +312,7 @@ if ($action == 'create') $parent_rowid = $_GET['menuId']; if ($_GET['menuId']) { - $sql = "SELECT m.rowid, m.mainmenu, m.leftmenu, m.level, m.langs FROM ".MAIN_DB_PREFIX."menu as m WHERE m.rowid = ".intval($_GET['menuId']); + $sql = "SELECT m.rowid, m.mainmenu, m.leftmenu, m.level, m.langs FROM ".MAIN_DB_PREFIX."menu as m WHERE m.rowid = ".GETPOST('menuId', 'int'); $res = $db->query($sql); if ($res) { From 7facaac9731b77204adeadac59443c694eee0b52 Mon Sep 17 00:00:00 2001 From: appchecker Date: Mon, 11 Jul 2016 12:58:59 +0300 Subject: [PATCH 5/6] replace intval with GETPOST --- htdocs/societe/notify/card.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/societe/notify/card.php b/htdocs/societe/notify/card.php index dd754103ba3..40120948a3d 100644 --- a/htdocs/societe/notify/card.php +++ b/htdocs/societe/notify/card.php @@ -125,7 +125,7 @@ if (empty($reshook)) // Remove a notification if ($action == 'delete') { - $sql = "DELETE FROM ".MAIN_DB_PREFIX."notify_def where rowid=".intval($_GET["actid"]); + $sql = "DELETE FROM ".MAIN_DB_PREFIX."notify_def where rowid=".GETPOST('actid', 'int'); $db->query($sql); } } From f618f330b3500bb20cda6f9a374b79ebe763e0af Mon Sep 17 00:00:00 2001 From: appchecker Date: Mon, 11 Jul 2016 13:01:16 +0300 Subject: [PATCH 6/6] replace intval with GETPOST --- htdocs/compta/bank/ligne.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/compta/bank/ligne.php b/htdocs/compta/bank/ligne.php index d426ace2636..f6709c4d1c5 100644 --- a/htdocs/compta/bank/ligne.php +++ b/htdocs/compta/bank/ligne.php @@ -83,13 +83,13 @@ if ($action == 'confirm_delete_categ' && $confirm == "yes" && $user->rights->ban if ($user->rights->banque->modifier && $action == 'class') { - $sql = "DELETE FROM ".MAIN_DB_PREFIX."bank_class WHERE lineid = ".$rowid." AND fk_categ = ".intval($_POST["cat1"]); + $sql = "DELETE FROM ".MAIN_DB_PREFIX."bank_class WHERE lineid = ".$rowid." AND fk_categ = ".GETPOST('cat1', 'int'); if (! $db->query($sql)) { dol_print_error($db); } - $sql = "INSERT INTO ".MAIN_DB_PREFIX."bank_class (lineid, fk_categ) VALUES (".$rowid.", ".intval($_POST["cat1"]).")"; + $sql = "INSERT INTO ".MAIN_DB_PREFIX."bank_class (lineid, fk_categ) VALUES (".$rowid.", ".GETPOST('cat1', 'int').")"; if (! $db->query($sql)) { dol_print_error($db);