Skip to content

Commit

Permalink
Prevent SQL injections
Browse files Browse the repository at this point in the history
This escapes a bunch of variables used in SQL statements, which could
otherwise be used to perform SQL injection attacks.

This is part of MON-12841.

Signed-off-by: Petter Nyström <[email protected]>
  • Loading branch information
jimorie committed Sep 29, 2021
1 parent 985d206 commit 6da9080
Showing 1 changed file with 8 additions and 8 deletions.
16 changes: 8 additions & 8 deletions modules/reports/models/scheduled_reports.php
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ static function delete_all_scheduled_reports($type='avail',$id=false)

$row = $res->current();
$report_type_id = $row->id;
$sql = "DELETE FROM scheduled_reports WHERE report_type_id=".$report_type_id." AND report_id=".$id;
$sql = "DELETE FROM scheduled_reports WHERE report_type_id=".$db->escape($report_type_id)." AND report_id=".$db->escape($id);
try {
$db->query($sql);
} catch (Kohana_Database_Exception $e) {
Expand Down Expand Up @@ -74,7 +74,7 @@ public static function get_scheduled_reports($type)
scheduled_report_periods rp,
saved_reports r
WHERE
rt.identifier='".$type."' AND
rt.identifier=".$db->escape($type)." AND
sr.report_type_id=rt.id AND
rp.id=sr.period_id AND
sr.report_id=r.id".$sql_xtra."
Expand Down Expand Up @@ -205,9 +205,9 @@ static public function edit_report($id=false, $rep_type=false, $saved_report_id=

if ($id) {
// UPDATE
$sql = "UPDATE scheduled_reports SET ".self::USERFIELD."=".$db->escape($user).", report_type_id=".$rep_type.", report_id=".$saved_report_id.", recipients=".$db->escape($recipients).", period_id=".$period.", filename=".$db->escape($filename).", description=".$db->escape($description).", local_persistent_filepath = ".$db->escape($local_persistent_filepath).", attach_description = ".$db->escape($attach_description)." WHERE id=".$id;
$sql = "UPDATE scheduled_reports SET ".self::USERFIELD."=".$db->escape($user).", report_type_id=".$db->escape($rep_type).", report_id=".$db->escape($saved_report_id).", recipients=".$db->escape($recipients).", period_id=".$db->escape($period).", filename=".$db->escape($filename).", description=".$db->escape($description).", local_persistent_filepath = ".$db->escape($local_persistent_filepath).", attach_description = ".$db->escape($attach_description)." WHERE id=".$db->escape($id);
} else {
$sql = "INSERT INTO scheduled_reports (".self::USERFIELD.", report_type_id, report_id, recipients, period_id, filename, description, local_persistent_filepath, attach_description, report_time, report_on, report_period)VALUES(".$db->escape($user).", ".$rep_type.", ".$saved_report_id.", ".$db->escape($recipients).", ".$period.", ".$db->escape($filename).", ".$db->escape($description).", ".$db->escape($local_persistent_filepath).", ".$db->escape($attach_description).", '".$report_time."', '".$report_on."', '".$report_period."' )";
$sql = "INSERT INTO scheduled_reports (".self::USERFIELD.", report_type_id, report_id, recipients, period_id, filename, description, local_persistent_filepath, attach_description, report_time, report_on, report_period)VALUES(".$db->escape($user).", ".$db->escape($rep_type).", ".$db->escape($saved_report_id).", ".$db->escape($recipients).", ".$db->escape($period).", ".$db->escape($filename).", ".$db->escape($description).", ".$db->escape($local_persistent_filepath).", ".$db->escape($attach_description).", ".$db->escape($report_time).", ".$db->escape($report_on).", ".$db->escape($report_period).")";

}

Expand All @@ -234,11 +234,11 @@ static public function edit_report($id=false, $rep_type=false, $saved_report_id=
*/
static function update_report_field($id=false, $field=false, $value=false)
{
$id = (int)$id;
$field = trim($field);
$value = trim($value);
$db = Database::instance();
$sql = "UPDATE scheduled_reports SET ".$field."= ".$db->escape($value)." WHERE id=".$id;
$id = (int)$id;
$field = $db->escape_column(trim($field));
$value = $db->escape(trim($value));
$sql = "UPDATE scheduled_reports SET {$field}={$value} WHERE id={$id}";
try {
$res = $db->query($sql);
} catch (Kohana_Database_Exception $e) {
Expand Down

0 comments on commit 6da9080

Please sign in to comment.