lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

FIX #yogosha10825

Browse Source
This commit is contained in:
Laurent Destailleur 2022-06-07 16:05:01 +02:00
parent 20ec91308c
commit a9440c934d
2 changed files with 50 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
htdocs/core/lib/admin.lib.php
View File

@ -161,9 +161,10 @@ function versiondolibarrarray()
* @param int $nocommentremoval Do no try to remove comments (in such a case, we consider that each line is a request, so use also $linelengthlimit=0)
* @param int $offsetforchartofaccount Offset to use to load chart of account table to update sql on the fly to add offset to rowid and account_parent value
* @param int $colspan 2=Add a colspan=2 on td
* @param int $onlysqltoimportwebsite Only sql resquests used to import a website template is allowed
* @return int <=0 if KO, >0 if OK
*/
function run_sql($sqlfile, $silent = 1, $entity = '', $usesavepoint = 1, $handler = '', $okerror = 'default', $linelengthlimit = 32768, $nocommentremoval = 0, $offsetforchartofaccount = 0, $colspan = 0)
function run_sql($sqlfile, $silent = 1, $entity = '', $usesavepoint = 1, $handler = '', $okerror = 'default', $linelengthlimit = 32768, $nocommentremoval = 0, $offsetforchartofaccount = 0, $colspan = 0, $onlysqltoimportwebsite = 0)
{
global $db, $conf, $langs, $user;
@ -323,6 +324,52 @@ function run_sql($sqlfile, $silent = 1, $entity = '', $usesavepoint = 1, $handle
$keyforsql = md5($sqlfile);
foreach ($arraysql as $i => $sql) {
if ($sql) {
// Test if sql is allowed
if ($onlysqltoimportwebsite) {
$newsql = str_replace(array("\'"), '__BACKSLASHQUOTE__', $sql);
// Remove all strings contents
$l = strlen($newsql);
$is = 0;
$quoteopen = 0;
$newsqlclean = '';
while ($is < $l) {
$char = $newsql[$is];
if ($char == "'") {
if ($quoteopen) {
$quoteopen--;
} else {
$quoteopen++;
}
} elseif (empty($quoteopen)) {
$newsqlclean .= $char;
}
$is++;
}
$newsqlclean = str_replace(array("null"), '__000__', $newsqlclean);
//print $newsqlclean."<br>\n";
// A very small control. This can still by bypassed by adding a second SQL request concatenated
$qualified = 0;
if (preg_match('/^--/', $newsqlclean)) {
$qualified = 1;
} elseif (preg_match('/^UPDATE llx_website SET fk_default_home = \d+\+\d+ WHERE rowid = \d+;$/', $newsqlclean)) {
$qualified = 1;
} elseif (preg_match('/^INSERT INTO llx_website_page\([a-z0-9_\s,]+\) VALUES\([0-9_\s,\+]+\);$/', $newsqlclean)) {
// Insert must match
// INSERT INTO llx_website_page(rowid, fk_page, fk_website, pageurl, aliasalt, title, description, lang, image, keywords, status, date_creation, tms, import_key, grabbed_from, type_container, htmlheader, content, author_alias) VALUES(1+123, null, 17, , , , , , , , , , , null, , , , , );
$qualified = 1;
}
if (!$qualified) {
$error++;
//print 'Request '.($i + 1)." contains non allowed instructions.<br>\n";
//print "newsqlclean = ".$newsqlclean."<br>\n";
dol_syslog('Admin.lib::run_sql Request '.($i + 1)." contains non allowed instructions.", LOG_DEBUG);
dol_syslog('$newsqlclean='.$newsqlclean, LOG_DEBUG);
break;
}
}
// Replace the prefix tables
if (MAIN_DB_PREFIX != 'llx_') {
$sql = preg_replace('/llx_/i', MAIN_DB_PREFIX, $sql);
@ -365,7 +412,7 @@ function run_sql($sqlfile, $silent = 1, $entity = '', $usesavepoint = 1, $handle
$sqlmodified++;
}
// Replace __x__ with rowid of insert nb x
// Replace __x__ with the rowid of the result of the insert number x
while (preg_match('/__([0-9]+)__/', $newsql, $reg)) {
$cursor = $reg[1];
if (empty($listofinsertedrowid[$cursor])) {

2
htdocs/website/class/website.class.php
View File

@ -1209,7 +1209,7 @@ class Website extends CommonObject
}
// Load sql record
$runsql = run_sql($sqlfile, 1, '', 0, '', 'none', 0, 1); // The maxrowid of table is searched into this function two
$runsql = run_sql($sqlfile, 1, '', 0, '', 'none', 0, 1, 0, 0, 1); // The maxrowid of table is searched into this function two
if ($runsql <= 0) {
$this->errors[] = 'Failed to load sql file '.$sqlfile;
$error++;