mirror of
https://github.com/Lastorder-DC/rhymix.git
synced 2026-01-08 03:01:43 +09:00
Issue 1627: SQL Injection vulnerability in insert / update queries
git-svn-id: http://xe-core.googlecode.com/svn/branches/1.5.0@10371 201d5d3c-b55e-5fd7-737f-ddc643e51545
This commit is contained in:
ucorina
parent
0748cccdad
commit
593fee7b9f
3 changed files with 57 additions and 4 deletions
|
|
@ -66,12 +66,14 @@
|
|||
}
|
||||
|
||||
function escapeValue($value){
|
||||
if($this->getType() == 'column_name'){
|
||||
$column_type = $this->getType();
|
||||
if($column_type == 'column_name'){
|
||||
$dbParser = DB::getParser();
|
||||
return $dbParser->parseExpression($value);
|
||||
}
|
||||
if(!isset($value)) return null;
|
||||
if(in_array($this->getType(), array('date', 'varchar', 'char','text', 'bigtext'))){
|
||||
}
|
||||
if(!isset($value)) return null;
|
||||
|
||||
if(in_array($column_type, array('date', 'varchar', 'char','text', 'bigtext'))){
|
||||
if(!is_array($value))
|
||||
$value = $this->_escapeStringValue ($value);
|
||||
else {
|
||||
|
|
@ -81,6 +83,9 @@
|
|||
//$value[$i] = '\''.$value[$i].'\'';
|
||||
}
|
||||
}
|
||||
if($column_type == 'number')
|
||||
$value = (int)$value;
|
||||
|
||||
return $value;
|
||||
}
|
||||
|
||||
|
|
|
|||
39
tests/classes/db/db/xml_query/mysql/MysqlInsertTest.php
Normal file
39
tests/classes/db/db/xml_query/mysql/MysqlInsertTest.php
Normal file
|
|
@ -0,0 +1,39 @@
|
|||
<?php
|
||||
|
||||
/**
|
||||
* @class MysqlInsertTest
|
||||
* @brief Constains all test method for insert statements, using Mysql SQL syntax
|
||||
* @developer Corina Udrescu (xe_dev@arnia.ro)
|
||||
*/
|
||||
class MysqlInsertTest extends MysqlTest
|
||||
{
|
||||
/**
|
||||
* @brief _test - local helper method
|
||||
* @developer Corina Udrescu (xe_dev@arnia.ro)
|
||||
* @access private
|
||||
* @param $xml_file string - Path to XML file containing the query to be tested
|
||||
* @param $argsString string - String containing PHP code that initializez the arguments that the query receives
|
||||
* @param $expected string - Expected SQL query as string
|
||||
* @param $columnList array - Array containing the column names that will be retrieved, in case only a part of the ones in the query file are needed
|
||||
* @return void
|
||||
*/
|
||||
function _test($xml_file, $argsString, $expected, $columnList = NULL)
|
||||
{
|
||||
$this->_testQuery($xml_file, $argsString, $expected, 'getInsertSql', $columnList);
|
||||
}
|
||||
|
||||
function testInsertIntoNumericColumnConvertsValue()
|
||||
{
|
||||
$xml_file = _TEST_PATH_ . "db/xml_query/mysql/data/member_insert_injection.xml";
|
||||
$argsString = '$args->member_srl = 7;
|
||||
$args->find_account_question = "1\'";
|
||||
';
|
||||
$expected = 'insert into `xe_member` (`member_srl`, `find_account_question`) values (7, 1)';
|
||||
$this->_test($xml_file, $argsString, $expected);
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
||||
/* End of file MysqlInsertTest.php */
|
||||
/* Location: ./tests/classes/db/db/xml_query/mysql/MysqlInsertTest.php */
|
||||
|
|
@ -0,0 +1,9 @@
|
|||
<query id="insertMember" action="insert">
|
||||
<tables>
|
||||
<table name="member" />
|
||||
</tables>
|
||||
<columns>
|
||||
<column name="member_srl" var="member_srl" filter="number" notnull="notnull" />
|
||||
<column name="find_account_question" var="find_account_question" />
|
||||
</columns>
|
||||
</query>
|
||||
Loading…
Add table
Add a link
Reference in a new issue