Context Navigation

← Previous Change
Next Change →

search.php

Timestamp:

01/07/10 12:45:17 (2 years ago)

Author:

brieb

Message:

Fixed possible security loopholes in search screen (SQL Manipulation)

Files:

: 1 modified

trunk/phpbms/search.php (modified) (4 diffs)

Legend:

: Unmodified
: Added
: Removed

trunk/phpbms/search.php

r720	r728
41	41
42	42	if(!isset($_GET["id"]))
43		$error = new appError(100,"Passed Parameter not present.");
44
45		$_GET["id"]= mysql_real_escape_string($_GET["id"]);
	43	$error = new appError(100,"Passed Parameter not present.");
	44
	45	$_GET["id"] = mysql_real_escape_string($_GET["id"]);
46	46
47	47	$displayTable= new displaySearchTable($db);
…	…
109	109	$querystatement = "
110	110	SELECT
111		name
	111	name,
	112	roleid
112	113	FROM
113	114	tableoptions
…	…
169	170	// omit selected from current query
170	171	//=====================================================================================================
171		$displayTable->recordoffset=0;
172		$tempwhere="";
173		$theids=explode(",",$_POST["theids"]);
174		foreach($theids as $theid){
175		$tempwhere.=" or ".$displayTable->thetabledef["maintable"].".id=".$theid;
176		}
177		$tempwhere=substr($tempwhere,3);
178		$displayTable->querywhereclause="(".$displayTable->querywhereclause.") and not (".$tempwhere.")";
	172	$displayTable->recordoffset = 0;
	173	$tempwhere = "";
	174	$theids = explode(",",$_POST["theids"]);
	175
	176	foreach($theids as $theid)
	177	$tempwhere.=" OR ".$displayTable->thetabledef["maintable"].".id=".((int) $theid);
	178
	179	$tempwhere = substr($tempwhere,3);
	180
	181	$displayTable->querywhereclause="(".$displayTable->querywhereclause.") AND NOT (".$tempwhere.")";
179	182	break;
180	183
…	…
182	185	// keep only those ids
183	186	//=====================================================================================================
184		$displayTable->recordoffset=0;
185		$tempwhere="";
186		$theids=explode(",",$_POST["theids"]);
187		foreach($theids as $theid){
188		$tempwhere.=" or ".$displayTable->thetabledef["maintable"].".id=".$theid;
189		}
	187	$displayTable->recordoffset = 0;
	188	$tempwhere = "";
	189	$theids = explode(",",$_POST["theids"]);
	190
	191	foreach($theids as $theid)
	192	$tempwhere.=" or ".$displayTable->thetabledef["maintable"].".id=".((int) $theid);
	193
190	194	$tempwhere=substr($tempwhere,3);
191		$displayTable->querywhereclause=$tempwhere;
	195
	196	$displayTable->querywhereclause = $tempwhere;
	197
192	198	break;
193	199
194	200	case "advanced search":
	201
	202	if(!hasRights($displayTable->thetabledef["advsearchroleid"]))
	203	goURL(APP_PATH."noaccess.php");
	204
195	205	$displayTable->recordoffset=0;
196	206	$displayTable->querywhereclause=stripslashes($_POST["advancedsearch"]);
197	207	$displayTable->querytype="advanced search";
198	208	break;
	209
	210	case "run search":
	211	/**
	212	* Run a loaded search
	213	*/
	214
	215	if(!hasRights($displayTable->thetabledef["advsearchroleid"])){
	216	/**
	217	* Need to load search from id, because the
	218	* person does not have rights to override loaded
	219	* searches
	220	*/
	221
	222	$querystatement="
	223	SELECT
	224	sqlclause
	225	FROM
	226	usersearches
	227	WHERE id=".((int) $_POST["LSList"]);
	228
	229	$queryresult = $db->query($querystatement);
	230
	231	$therecord = $db->fetchArray($queryresult);
	232
	233	$_POST["LSSQL"] = $therecord["sqlclause"];
	234
	235	}//endif
	236
	237	$displayTable->recordoffset=0;
	238	$displayTable->querywhereclause=stripslashes($_POST["LSSQL"]);
	239	$displayTable->querytype="advanced search";
	240	break;
	241	break;
199	242
200	243	case "advanced sort":
201	244	$displayTable->showGroupings = 0;
202	245	$displayTable->recordoffset = 0;
203		$displayTable->querysortorder=$_POST["advancedsort"];
	246	$displayTable->querysortorder = $_POST["advancedsort"];
204	247	break;
205	248

phpBMS

Context Navigation

Changeset 728 for trunk/phpbms/search.php

Legend:

trunk/phpbms/search.php

Download in other formats: