Public_Tools/wavelog
2
0
Fork 0
mirror of https://github.com/wavelog/wavelog.git synced 2026-03-22 10:24:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix several potential SQL-Injections at Notes/OQRS

Browse Source
This commit is contained in:
int2001
2025-12-29 19:38:23 +00:00
parent 0be81bb4da
commit 7fa6edc03b
3 changed files with 22 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
application/controllers/Notes.php
View File

@@ -153,7 +153,10 @@ class Notes extends CI_Controller {
$per_page = (int)$this->input->post('per_page', TRUE); $per_page = (int)$this->input->post('per_page', TRUE);
$sort_col = $this->input->post('sort_col', TRUE); $sort_col = $this->input->post('sort_col', TRUE);
$sort_dir = $this->input->post('sort_dir', TRUE); $sort_dir = $this->input->post('sort_dir', TRUE);
if ($per_page < 1) $per_page = 15;
// Validate and sanitize pagination parameters
$max_per_page = 100; // Prevent denial of service
if ($per_page < 1 || $per_page > $max_per_page) $per_page = 15;
if ($page < 1) $page = 1; if ($page < 1) $page = 1;
// Get paginated, sorted notes // Get paginated, sorted notes
$result = $this->note->search_paginated($searchCriteria, $page, $per_page, $sort_col, $sort_dir); $result = $this->note->search_paginated($searchCriteria, $page, $per_page, $sort_col, $sort_dir);

23
application/models/Note.php
View File

@@ -186,6 +186,9 @@ class Note extends CI_Model {
// Search notes with pagination and sorting for the logged-in user // Search notes with pagination and sorting for the logged-in user
public function search_paginated($criteria = [], $page = 1, $per_page = 25, $sort_col = null, $sort_dir = null) { public function search_paginated($criteria = [], $page = 1, $per_page = 25, $sort_col = null, $sort_dir = null) {
$page = max(1, intval($page));
$per_page = max(1, min(100, intval($per_page))); // Enforce max limit
$user_id = $this->session->userdata('user_id'); $user_id = $this->session->userdata('user_id');
$params = array($user_id); $params = array($user_id);
$where_clause = "WHERE user_id = ?"; $where_clause = "WHERE user_id = ?";
@@ -216,15 +219,21 @@ class Note extends CI_Model {
// Build main query with sorting // Build main query with sorting
$sql = "SELECT id, cat, title, note, creation_date, last_modified FROM notes $where_clause"; $sql = "SELECT id, cat, title, note, creation_date, last_modified FROM notes $where_clause";
// Sorting // Sorting - use strict array key mapping to prevent SQL injection
$columns = ['cat', 'title', 'creation_date', 'last_modified']; $allowed_columns = [
if ($sort_col !== null && in_array($sort_col, $columns) && ($sort_dir === 'asc' || $sort_dir === 'desc')) { 'cat' => 'cat',
$sql .= " ORDER BY $sort_col $sort_dir"; 'title' => 'title',
} 'creation_date' => 'creation_date',
'last_modified' => 'last_modified'
];
$sort_column = isset($allowed_columns[$sort_col]) ? $allowed_columns[$sort_col] : 'creation_date';
$sort_direction = ($sort_dir === 'desc') ? 'DESC' : 'ASC';
$sql .= " ORDER BY $sort_column $sort_direction";
// Pagination
$offset = ($page - 1) * $per_page; $offset = ($page - 1) * $per_page;
$sql .= " LIMIT $per_page OFFSET $offset"; $limit = intval($per_page);
$offset_val = intval($offset);
$sql .= " LIMIT $limit OFFSET $offset_val";
$query = $this->db->query($sql, $params); $query = $this->db->query($sql, $params);
$notes = []; $notes = [];

4
application/models/Oqrs_model.php
View File

@@ -513,8 +513,8 @@ class Oqrs_model extends CI_Model {
"; ";
if ($searchCriteria['oqrsResults'] !== 'All') { if ($searchCriteria['oqrsResults'] !== 'All') {
$limit = $searchCriteria['oqrsResults']; $limit = max(1, min(1000, intval($searchCriteria['oqrsResults']))); // Sanitize and enforce max
$sql .= "LIMIT $limit"; $sql .= " LIMIT " . $limit;
} }
$data = $this->db->query($sql, $binding); $data = $this->db->query($sql, $binding);