Context Navigation

← Previous Changeset
Next Changeset →

Changeset 725

Timestamp:

01/06/10 22:48:56 (2 years ago)

Author:

brieb

Message:

Fixed more path disclosure and possible SQL injection bugs in the load search class

Location:

trunk/phpbms

Files:

: 3 modified

include/common_functions.php (modified) (1 diff)
loadsearch.php (modified) (3 diffs)
modules/bms/include/invoices.php (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

trunk/phpbms/include/common_functions.php

r703	r725
304	304	`".$tablerecord["maintable"]."`
305	305	WHERE
306		`id` = ".~~$id~~;
	306	`id` = ".((int) $id);
307	307
308	308	$queryresult = $db->query($querystatement);

trunk/phpbms/loadsearch.php

r702	r725
66	66
67	67	$uuid = getUuid($this->db, "tbld:5c9d645f-26ab-5003-b98e-89e9049f8ac3", $tabledefid);
68
	68
69	69	$querystatement = "
70	70	SELECT
…	…
75	75	`uuid` = '".$uuid."'
76	76	";
77
	77
78	78	$queryresult = $this->db->query($querystatement);
79
	79
80	80	$therecord = $this->db->fetchArray($queryresult);
81	81	$prefix = $therecord["prefix"];
…	…
265	265
266	266
267		if(isset($_GET["cmd"])){
268
269		$thesearch = new savedSearch($db);
270
271		switch($_GET["cmd"]){
272		case "show":
273		$securitywhere = "";
274
275		if ($_SESSION["userinfo"]["admin"]!=1 && count($_SESSION["userinfo"]["roles"])>0){
276
277		$securitywhere = "";
278
279		foreach($_SESSION["userinfo"]["roles"] as $role)
280		$securitywhere .= ", '".$role."'";
281
282		$securitywhere = " AND (`roleid` IN (''".$securitywhere.") OR `roleid` IS NULL)";
283
284		}//endif
285
286		$thesearch->showLoad($_GET["tid"], $_SESSION["userinfo"]["uuid"], $securitywhere);
287		break;
288
289		case "getsearch":
290		$thesearch->get($_GET["id"]);
291		break;
292		case "savesearch":
293		$thesearch->save($_GET["name"],$_GET["tid"],$_SESSION["userinfo"]["uuid"]);
294		break;
295		case "deletesearch":
296		$thesearch->delete($_GET["id"]);
297		break;
298		}//end switch
299		}?>
	267	if(isset($_GET["cmd"])){
	268
	269	$thesearch = new savedSearch($db);
	270
	271	switch($_GET["cmd"]){
	272
	273	case "show":
	274
	275	$securitywhere = "";
	276
	277	if ($_SESSION["userinfo"]["admin"]!=1 && count($_SESSION["userinfo"]["roles"])>0){
	278
	279	$securitywhere = "";
	280
	281	foreach($_SESSION["userinfo"]["roles"] as $role)
	282	$securitywhere .= ", '".$role."'";
	283
	284	$securitywhere = " AND (`roleid` IN (''".$securitywhere.") OR `roleid` IS NULL)";
	285
	286	}//endif
	287
	288	if(!isset($_GET["tid"]))
	289	$error = new appError(200, "passed parameters not set");
	290
	291	$thesearch->showLoad($_GET["tid"], $_SESSION["userinfo"]["uuid"], $securitywhere);
	292	break;
	293
	294	case "getsearch":
	295
	296	if(!isset($_GET["id"]))
	297	$error = new appError(200, "passed parameters not set");
	298
	299	$thesearch->get($_GET["id"]);
	300	break;
	301
	302	case "savesearch":
	303
	304	if(!isset($_GET["tid"]) \|\| !isset($_GET["name"]))
	305	$error = new appError(200, "passed parameters not set");
	306
	307	$thesearch->save($_GET["name"] ,$_GET["tid"], $_SESSION["userinfo"]["uuid"]);
	308	break;
	309
	310	case "deletesearch":
	311
	312	if(!isset($_GET["id"]))
	313	$error = new appError(200, "passed parameters not set");
	314
	315	$thesearch->delete($_GET["id"]);
	316	break;
	317
	318	}//end switch
	319
	320	}//endif
	321	?>

trunk/phpbms/modules/bms/include/invoices.php

r720	r725
649	649	$therecord = parent::getRecord($id, $useUuid);
650	650
	651	if(!$therecord["id"])
	652	$error = new appError(430, "Sales Order record '".$id."' does not exist", "No Record Available", true, true);
	653
651	654	/**
652	655	* If `type` is not an order and not a quote and payment information is being

phpBMS

Context Navigation

Changeset 725

Legend:

trunk/phpbms/include/common_functions.php

trunk/phpbms/loadsearch.php

trunk/phpbms/modules/bms/include/invoices.php

Download in other formats: