mirror of
https://github.com/alchemy-fr/Phraseanet.git
synced 2025-10-17 06:53:15 +00:00
Remove some possible SQL injections by using IN (:parameter) prepared statements
This commit is contained in:
Benoît Burnichon
@@ -16,6 +16,7 @@ use Alchemy\Phrasea\Exception\InvalidArgumentException;
|
|||||||
use Alchemy\Phrasea\Model\Entities\User;
|
use Alchemy\Phrasea\Model\Entities\User;
|
||||||
use Alchemy\Phrasea\Notification\Mail\MailSuccessEmailUpdate;
|
use Alchemy\Phrasea\Notification\Mail\MailSuccessEmailUpdate;
|
||||||
use Alchemy\Phrasea\Notification\Receiver;
|
use Alchemy\Phrasea\Notification\Receiver;
|
||||||
|
use Doctrine\DBAL\Connection;
|
||||||
use Symfony\Component\HttpFoundation\Request;
|
use Symfony\Component\HttpFoundation\Request;
|
||||||
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
|
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
|
||||||
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
|
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
|
||||||
@@ -131,25 +132,39 @@ class Edit extends \Alchemy\Phrasea\Helper\Helper
|
|||||||
ON (bu.base_id = b.base_id AND u.id = bu.usr_id)
|
ON (bu.base_id = b.base_id AND u.id = bu.usr_id)
|
||||||
LEFT join sbasusr sbu
|
LEFT join sbasusr sbu
|
||||||
ON (sbu.sbas_id = b.sbas_id AND u.id = sbu.usr_id)
|
ON (sbu.sbas_id = b.sbas_id AND u.id = sbu.usr_id)
|
||||||
WHERE ( (u.id = " . implode(' OR u.id = ', $this->users) . " )
|
WHERE ( (u.id IN (:users) )
|
||||||
AND b.sbas_id = s.sbas_id
|
AND b.sbas_id = s.sbas_id
|
||||||
AND (b.base_id = '" . implode("' OR b.base_id = '", $list) . "'))
|
AND (b.base_id IN (:bases)))
|
||||||
GROUP BY b.base_id
|
GROUP BY b.base_id
|
||||||
ORDER BY s.ord, s.sbas_id, b.ord, b.base_id ";
|
ORDER BY s.ord, s.sbas_id, b.ord, b.base_id ";
|
||||||
|
|
||||||
$stmt = $this->app['phraseanet.appbox']->get_connection()->prepare($sql);
|
$rs = $this->app['phraseanet.appbox']->get_connection()->fetchAll(
|
||||||
$stmt->execute();
|
$sql,
|
||||||
$rs = $stmt->fetchAll(\PDO::FETCH_ASSOC);
|
[
|
||||||
$stmt->closeCursor();
|
'users' => $this->users,
|
||||||
|
'bases' => $list,
|
||||||
|
],
|
||||||
|
[
|
||||||
|
'users' => Connection::PARAM_INT_ARRAY,
|
||||||
|
'bases' => Connection::PARAM_INT_ARRAY,
|
||||||
|
]
|
||||||
|
);
|
||||||
|
|
||||||
$sql = 'SELECT base_id, sum(1) as access FROM basusr
|
$sql = 'SELECT base_id, sum(1) as access FROM basusr
|
||||||
WHERE (usr_id = ' . implode(' OR usr_id = ', $this->users) . ')
|
WHERE (usr_id IN (:users))
|
||||||
AND (base_id = ' . implode(' OR base_id = ', $list) . ')
|
AND (base_id IN (:bases))
|
||||||
GROUP BY base_id';
|
GROUP BY base_id';
|
||||||
$stmt = $this->app['phraseanet.appbox']->get_connection()->prepare($sql);
|
$access = $this->app['phraseanet.appbox']->get_connection()->fetchAll(
|
||||||
$stmt->execute();
|
$sql,
|
||||||
$access = $stmt->fetchAll(\PDO::FETCH_ASSOC);
|
[
|
||||||
$stmt->closeCursor();
|
'users' => $this->users,
|
||||||
|
'bases' => $list,
|
||||||
|
],
|
||||||
|
[
|
||||||
|
'users' => Connection::PARAM_INT_ARRAY,
|
||||||
|
'bases' => Connection::PARAM_INT_ARRAY,
|
||||||
|
]
|
||||||
|
);
|
||||||
|
|
||||||
$base_ids = [];
|
$base_ids = [];
|
||||||
foreach ($access as $acc) {
|
foreach ($access as $acc) {
|
||||||
@@ -194,14 +209,20 @@ class Edit extends \Alchemy\Phrasea\Helper\Helper
|
|||||||
|
|
||||||
$sql = "SELECT u.id, restrict_dwnld, remain_dwnld, month_dwnld_max
|
$sql = "SELECT u.id, restrict_dwnld, remain_dwnld, month_dwnld_max
|
||||||
FROM (Users u INNER JOIN basusr bu ON u.id = bu.usr_id)
|
FROM (Users u INNER JOIN basusr bu ON u.id = bu.usr_id)
|
||||||
WHERE (u.id = " . implode(' OR u.id = ', $this->users) . ")
|
WHERE (u.id IN (:users)) AND bu.base_id = :base_id";
|
||||||
AND bu.base_id = :base_id";
|
|
||||||
|
|
||||||
|
/** @var Connection $conn */
|
||||||
$conn = $this->app['phraseanet.appbox']->get_connection();
|
$conn = $this->app['phraseanet.appbox']->get_connection();
|
||||||
$stmt = $conn->prepare($sql);
|
$rs = $conn->fetchAll($sql,
|
||||||
$stmt->execute([':base_id' => $this->base_id]);
|
[
|
||||||
$rs = $stmt->fetchAll(\PDO::FETCH_ASSOC);
|
'base_id' => $this->base_id,
|
||||||
$stmt->closeCursor();
|
'users' => $this->users,
|
||||||
|
],
|
||||||
|
[
|
||||||
|
'base_id' => \PDO::PARAM_INT,
|
||||||
|
'users' => Connection::PARAM_INT_ARRAY,
|
||||||
|
]
|
||||||
|
);
|
||||||
|
|
||||||
$this->users_datas = $rs;
|
$this->users_datas = $rs;
|
||||||
|
|
||||||
@@ -220,14 +241,21 @@ class Edit extends \Alchemy\Phrasea\Helper\Helper
|
|||||||
|
|
||||||
$sql = "SELECT BIN(mask_and) AS mask_and, BIN(mask_xor) AS mask_xor
|
$sql = "SELECT BIN(mask_and) AS mask_and, BIN(mask_xor) AS mask_xor
|
||||||
FROM basusr
|
FROM basusr
|
||||||
WHERE usr_id IN (" . implode(',', $this->users) . ")
|
WHERE usr_id IN (:users)
|
||||||
AND base_id = :base_id";
|
AND base_id = :base_id";
|
||||||
|
|
||||||
|
/** @var Connection $conn */
|
||||||
$conn = $this->app['phraseanet.appbox']->get_connection();
|
$conn = $this->app['phraseanet.appbox']->get_connection();
|
||||||
$stmt = $conn->prepare($sql);
|
$rs = $conn->fetchAll($sql,
|
||||||
$stmt->execute([':base_id' => $this->base_id]);
|
[
|
||||||
$rs = $stmt->fetchAll(\PDO::FETCH_ASSOC);
|
'base_id' => $this->base_id,
|
||||||
$stmt->closeCursor();
|
'users' => $this->users,
|
||||||
|
],
|
||||||
|
[
|
||||||
|
'base_id' => \PDO::PARAM_INT,
|
||||||
|
'users' => Connection::PARAM_INT_ARRAY,
|
||||||
|
]
|
||||||
|
);
|
||||||
|
|
||||||
$tbits_and = [];
|
$tbits_and = [];
|
||||||
$tbits_xor = [];
|
$tbits_xor = [];
|
||||||
@@ -317,14 +345,20 @@ class Edit extends \Alchemy\Phrasea\Helper\Helper
|
|||||||
|
|
||||||
$sql = "SELECT u.id, time_limited, limited_from, limited_to
|
$sql = "SELECT u.id, time_limited, limited_from, limited_to
|
||||||
FROM (Users u INNER JOIN basusr bu ON u.id = bu.usr_id)
|
FROM (Users u INNER JOIN basusr bu ON u.id = bu.usr_id)
|
||||||
WHERE (u.id = " . implode(' OR u.id = ', $this->users) . ")
|
WHERE (u.id IN (:users)) AND bu.base_id = :base_id";
|
||||||
AND bu.base_id = :base_id";
|
|
||||||
|
|
||||||
|
/** @var Connection $conn */
|
||||||
$conn = $this->app['phraseanet.appbox']->get_connection();
|
$conn = $this->app['phraseanet.appbox']->get_connection();
|
||||||
$stmt = $conn->prepare($sql);
|
$rs = $conn->fetchAll($sql,
|
||||||
$stmt->execute([':base_id' => $this->base_id]);
|
[
|
||||||
$rs = $stmt->fetchAll(\PDO::FETCH_ASSOC);
|
'base_id' => $this->base_id,
|
||||||
$stmt->closeCursor();
|
'users' => $this->users,
|
||||||
|
],
|
||||||
|
[
|
||||||
|
'base_id' => \PDO::PARAM_INT,
|
||||||
|
'users' => Connection::PARAM_INT_ARRAY,
|
||||||
|
]
|
||||||
|
);
|
||||||
|
|
||||||
$time_limited = -1;
|
$time_limited = -1;
|
||||||
$limited_from = $limited_to = false;
|
$limited_from = $limited_to = false;
|
||||||
@@ -373,14 +407,20 @@ class Edit extends \Alchemy\Phrasea\Helper\Helper
|
|||||||
FROM (Users u
|
FROM (Users u
|
||||||
INNER JOIN basusr bu ON u.id = bu.usr_id
|
INNER JOIN basusr bu ON u.id = bu.usr_id
|
||||||
INNER JOIN bas b ON b.base_id = bu.base_id)
|
INNER JOIN bas b ON b.base_id = bu.base_id)
|
||||||
WHERE (u.id = " . implode(' OR u.id = ', $this->users) . ")
|
WHERE (u.id IN (:users)) AND b.sbas_id = :sbas_id";
|
||||||
AND b.sbas_id = :sbas_id";
|
|
||||||
|
|
||||||
|
/** @var Connection $conn */
|
||||||
$conn = $this->app['phraseanet.appbox']->get_connection();
|
$conn = $this->app['phraseanet.appbox']->get_connection();
|
||||||
$stmt = $conn->prepare($sql);
|
$rs = $conn->fetchAll($sql,
|
||||||
$stmt->execute([':sbas_id' => $sbas_id]);
|
[
|
||||||
$rs = $stmt->fetchAll(\PDO::FETCH_ASSOC);
|
'sbas_id' => $sbas_id,
|
||||||
$stmt->closeCursor();
|
'users' => $this->users,
|
||||||
|
],
|
||||||
|
[
|
||||||
|
'sbas_id' => \PDO::PARAM_INT,
|
||||||
|
'users' => Connection::PARAM_INT_ARRAY,
|
||||||
|
]
|
||||||
|
);
|
||||||
|
|
||||||
$time_limited = $limited_from = $limited_to = [];
|
$time_limited = $limited_from = $limited_to = [];
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user