Skip to content
Snippets Groups Projects
Commit 70aca893 authored by Jared Hancock's avatar Jared Hancock
Browse files

Remove SQL injection vulnerabilities 

Map each of the inputs from $_POST['ids'] into a separate, sanitized
database input (via the db_input() function), then implode() the array with
commas and build the SQL statement.
parent 03a84301
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 60 additions and 28 deletions
include/class.team.php
+ 3
1
View file @ 70aca893
......@@ -126,7 +126,9 @@ class Team {
if($vars['remove']) {
$sql='DELETE FROM '.TEAM_MEMBER_TABLE
.' WHERE team_id='.db_input($this->getId())
.' AND staff_id IN('.implode(',',$_POST['remove']).')';
.' AND staff_id IN ('
.implode(',', array_map('db_input', $_POST['remove']))
.')';
db_query($sql);
}
......
scp/apikeys.php
+ 4
2
View file @ 70aca893
......@@ -45,7 +45,8 @@ if($_POST){
}else{
$count=count($_POST['ids']);
if($_POST['enable']){
$sql='UPDATE '.API_KEY_TABLE.' SET isactive=1 WHERE id IN ('.implode(',',$_POST['ids']).')';
$sql='UPDATE '.API_KEY_TABLE.' SET isactive=1 WHERE id IN ('.
implode(',', array_map('db_input', $_POST['ids'])).')';
if(db_query($sql) && ($num=db_affected_rows())){
if($num==$count)
$msg='Selected API keys enabled';
......@@ -55,7 +56,8 @@ if($_POST){
$errors['err']='Unable to enable selected API keys.';
}
}elseif($_POST['disable']){
$sql='UPDATE '.API_KEY_TABLE.' SET isactive=0 WHERE id IN ('.implode(',',$_POST['ids']).')';
$sql='UPDATE '.API_KEY_TABLE.' SET isactive=0 WHERE id IN ('.
implode(',', array_map('db_input', $_POST['ids'])).')';
if(db_query($sql) && ($num=db_affected_rows())) {
if($num==$count)
$msg='Selected API keys disabled';
......
scp/banlist.php
+ 8
4
View file @ 70aca893
......@@ -68,8 +68,10 @@ if($_POST && !$errors && $filter){
}else{
$count=count($_POST['ids']);
if($_POST['enable']){
$sql='UPDATE '.EMAIL_FILTER_RULE_TABLE.' SET isactive=1 WHERE filter_id='.db_input($filter->getId()).
' AND id IN ('.implode(',',$_POST['ids']).')';
$sql='UPDATE '.EMAIL_FILTER_RULE_TABLE.' SET isactive=1 WHERE filter_id='.
db_input($filter->getId()).
' AND id IN ('.
implode(',', array_map('db_input', $_POST['ids'])).')';
if(db_query($sql) && ($num=db_affected_rows())){
if($num==$count)
$msg='Selected emails ban status set to enabled';
......@@ -79,8 +81,10 @@ if($_POST && !$errors && $filter){
$errors['err']='Unable to enable selected emails';
}
}elseif($_POST['disable']){
$sql='UPDATE '.EMAIL_FILTER_RULE_TABLE.' SET isactive=0 WHERE filter_id='.db_input($filter->getId()).
' AND id IN ('.implode(',',$_POST['ids']).')';
$sql='UPDATE '.EMAIL_FILTER_RULE_TABLE.' SET isactive=0 WHERE filter_id='.
db_input($filter->getId()).
' AND id IN ('.
implode(',', array_map('db_input', $_POST['ids'])).')';
if(db_query($sql) && ($num=db_affected_rows())) {
if($num==$count)
$msg='Selected emails ban status set to disabled';
......
scp/canned.php
+ 4
2
View file @ 70aca893
......@@ -71,7 +71,8 @@ if($_POST && $thisstaff->canManageCannedResponses()) {
} else {
$count=count($_POST['ids']);
if($_POST['enable']) {
$sql='UPDATE '.CANNED_TABLE.' SET isenabled=1 WHERE canned_id IN ('.implode(',',$_POST['ids']).')';
$sql='UPDATE '.CANNED_TABLE.' SET isenabled=1 WHERE canned_id IN ('.
implode(',', array_map('db_input', $_POST['ids'])).')';
if(db_query($sql) && ($num=db_affected_rows())) {
if($num==$count)
$msg='Selected canned replies enabled';
......@@ -81,7 +82,8 @@ if($_POST && $thisstaff->canManageCannedResponses()) {
$errors['err']='Unable to enable selected canned replies.';
}
} elseif($_POST['disable']) {
$sql='UPDATE '.CANNED_TABLE.' SET isenabled=0 WHERE canned_id IN ('.implode(',',$_POST['ids']).')';
$sql='UPDATE '.CANNED_TABLE.' SET isenabled=0 WHERE canned_id IN ('.
implode(',', array_map('db_input', $_POST['ids'])).')';
if(db_query($sql) && ($num=db_affected_rows())) {
if($num==$count)
$msg='Selected canned replies disabled';
......
scp/categories.php
+ 4
2
View file @ 70aca893
......@@ -52,7 +52,8 @@ if($_POST){
} else {
$count=count($_POST['ids']);
if($_POST['public']) {
$sql='UPDATE '.FAQ_CATEGORY_TABLE.' SET ispublic=1 WHERE category_id IN ('.implode(',',$_POST['ids']).')';
$sql='UPDATE '.FAQ_CATEGORY_TABLE.' SET ispublic=1 WHERE category_id IN ('.
implode(',', array_map('db_input', $_POST['ids'])).')';
if(db_query($sql) && ($num=db_affected_rows())) {
if($num==$count)
$msg='Selected categories made PUBLIC';
......@@ -62,7 +63,8 @@ if($_POST){
$errors['err']='Unable to enable selected categories public.';
}
} elseif($_POST['private']) {
$sql='UPDATE '.FAQ_CATEGORY_TABLE.' SET ispublic=0 WHERE category_id IN ('.implode(',',$_POST['ids']).')';
$sql='UPDATE '.FAQ_CATEGORY_TABLE.' SET ispublic=0 WHERE category_id IN ('.
implode(',', array_map('db_input', $_POST['ids'])).')';
if(db_query($sql) && ($num=db_affected_rows())) {
if($num==$count)
$msg='Selected categories made PRIVATE';
......
scp/departments.php
+ 7
3
View file @ 70aca893
......@@ -45,7 +45,8 @@ if($_POST){
}else{
$count=count($_POST['ids']);
if($_POST['public']){
$sql='UPDATE '.DEPT_TABLE.' SET ispublic=1 WHERE dept_id IN ('.implode(',',$_POST['ids']).')';
$sql='UPDATE '.DEPT_TABLE.' SET ispublic=1 WHERE dept_id IN ('
.implode(',', array_map('db_input', $_POST['ids'])).')';
if(db_query($sql) && ($num=db_affected_rows())){
if($num==$count)
$msg='Selected departments made public';
......@@ -56,7 +57,9 @@ if($_POST){
}
}elseif($_POST['private']){
$sql='UPDATE '.DEPT_TABLE.' SET ispublic=0 '.
'WHERE dept_id IN ('.implode(',',$_POST['ids']).') AND dept_id!='.db_input($cfg->getDefaultDeptId());
'WHERE dept_id IN ('
.implode(',', array_map('db_input', $_POST['ids']))
.') AND dept_id!='.db_input($cfg->getDefaultDeptId());
if(db_query($sql) && ($num=db_affected_rows())) {
if($num==$count)
$msg='Selected departments made private';
......@@ -68,7 +71,8 @@ if($_POST){
}elseif($_POST['delete']){
//Deny all deletes if one of the selections has members in it.
$sql='SELECT count(staff_id) FROM '.STAFF_TABLE.' WHERE dept_id IN ('.implode(',',$_POST['ids']).')';
$sql='SELECT count(staff_id) FROM '.STAFF_TABLE.' WHERE dept_id IN ('
.implode(',', array_map('db_input', $_POST['ids'])).')';
list($members)=db_fetch_row(db_query($sql));
if($members)
$errors['err']='Dept. with users can not be deleted. Move staff first.';
......
scp/emails.php
+ 4
1
View file @ 70aca893
......@@ -46,7 +46,10 @@ if($_POST){
$count=count($_POST['ids']);
$sql='SELECT count(dept_id) FROM '.DEPT_TABLE.' dept '.
'WHERE email_id IN ('.implode(',',$_POST['ids']).') OR autoresp_email_id IN ('.implode(',',$_POST['ids']).')';
'WHERE email_id IN ('.
implode(',', array_map('db_input', $_POST['ids'])).
') OR autoresp_email_id IN ('.
implode(',', array_map('db_input', $_POST['ids'])).')';
list($depts)=db_fetch_row(db_query($sql));
if($depts>0){
$errors['err']='One or more of the selected emails is being used by a department. Remove association first!';
......
scp/filters.php
+ 4
2
View file @ 70aca893
......@@ -48,7 +48,8 @@ if($_POST){
}else{
$count=count($_POST['ids']);
if($_POST['enable']){
$sql='UPDATE '.EMAIL_FILTER_TABLE.' SET isactive=1 WHERE id IN ('.implode(',',$_POST['ids']).')';
$sql='UPDATE '.EMAIL_FILTER_TABLE.' SET isactive=1 WHERE id IN ('.
implode(',', array_map('db_input', $_POST['ids'])).')';
if(db_query($sql) && ($num=db_affected_rows())){
if($num==$count)
$msg='Selected filters enabled';
......@@ -58,7 +59,8 @@ if($_POST){
$errors['err']='Unable to enable selected filters';
}
}elseif($_POST['disable']){
$sql='UPDATE '.EMAIL_FILTER_TABLE.' SET isactive=0 WHERE id IN ('.implode(',',$_POST['ids']).')';
$sql='UPDATE '.EMAIL_FILTER_TABLE.' SET isactive=0 WHERE id IN ('.
implode(',', array_map('db_input', $_POST['ids'])).')';
if(db_query($sql) && ($num=db_affected_rows())) {
if($num==$count)
$msg='Selected filters disabled';
......
scp/groups.php
+ 4
2
View file @ 70aca893
......@@ -43,7 +43,8 @@ if($_POST){
}else{
$count=count($_POST['ids']);
if($_POST['enable']){
$sql='UPDATE '.GROUP_TABLE.' SET group_enabled=1, updated=NOW() WHERE group_id IN ('.implode(',',$_POST['ids']).')';
$sql='UPDATE '.GROUP_TABLE.' SET group_enabled=1, updated=NOW() WHERE group_id IN ('.
implode(',', array_map('db_input', $_POST['ids'])).')';
if(db_query($sql) && ($num=db_affected_rows())){
if($num==$count)
$msg='Selected groups activated';
......@@ -53,7 +54,8 @@ if($_POST){
$errors['err']='Unable to activate selected groups';
}
}elseif($_POST['disable']){
$sql='UPDATE '.GROUP_TABLE.' SET group_enabled=0, updated=NOW() WHERE group_id IN ('.implode(',',$_POST['ids']).')';
$sql='UPDATE '.GROUP_TABLE.' SET group_enabled=0, updated=NOW() WHERE group_id IN ('.
implode(',', array_map('db_input', $_POST['ids'])).')';
if(db_query($sql) && ($num=db_affected_rows())) {
if($num==$count)
$msg='Selected groups disabled';
......
scp/helptopics.php
+ 4
2
View file @ 70aca893
......@@ -45,7 +45,8 @@ if($_POST){
}else{
$count=count($_POST['ids']);
if($_POST['enable']){
$sql='UPDATE '.TOPIC_TABLE.' SET isactive=1 WHERE topic_id IN ('.implode(',',$_POST['ids']).')';
$sql='UPDATE '.TOPIC_TABLE.' SET isactive=1 WHERE topic_id IN ('.
implode(',', array_map('db_input', $_POST['ids'])).')';
if(db_query($sql) && ($num=db_affected_rows())){
if($num==$count)
$msg='Selected help topics enabled';
......@@ -55,7 +56,8 @@ if($_POST){
$errors['err']='Unable to enable selected help topics.';
}
}elseif($_POST['disable']){
$sql='UPDATE '.TOPIC_TABLE.' SET isactive=0 WHERE topic_id IN ('.implode(',',$_POST['ids']).')';
$sql='UPDATE '.TOPIC_TABLE.' SET isactive=0 WHERE topic_id IN ('.
implode(',', array_map('db_input', $_POST['ids'])).')';
if(db_query($sql) && ($num=db_affected_rows())) {
if($num==$count)
$msg='Selected help topics disabled';
......
scp/slas.php
+ 4
2
View file @ 70aca893
......@@ -45,7 +45,8 @@ if($_POST){
}else{
$count=count($_POST['ids']);
if($_POST['enable']){
$sql='UPDATE '.SLA_TABLE.' SET isactive=1 WHERE id IN ('.implode(',',$_POST['ids']).')';
$sql='UPDATE '.SLA_TABLE.' SET isactive=1 WHERE id IN ('.
implode(',', array_map('db_input', $_POST['ids'])).')';
if(db_query($sql) && ($num=db_affected_rows())){
if($num==$count)
$msg='Selected SLA plans enabled';
......@@ -55,7 +56,8 @@ if($_POST){
$errors['err']='Unable to enable selected SLA plans.';
}
}elseif($_POST['disable']){
$sql='UPDATE '.SLA_TABLE.' SET isactive=0 WHERE id IN ('.implode(',',$_POST['ids']).')';
$sql='UPDATE '.SLA_TABLE.' SET isactive=0 WHERE id IN ('.
implode(',', array_map('db_input', $_POST['ids'])).')';
if(db_query($sql) && ($num=db_affected_rows())) {
if($num==$count)
$msg='Selected SLA plans disabled';
......
scp/staff.php
+ 2
1
View file @ 70aca893
......@@ -45,7 +45,8 @@ if($_POST){
}else{
$count=count($_POST['ids']);
if($_POST['enable']){
$sql='UPDATE '.STAFF_TABLE.' SET isactive=1 WHERE staff_id IN ('.implode(',',$_POST['ids']).')';
$sql='UPDATE '.STAFF_TABLE.' SET isactive=1 WHERE staff_id IN ('.
implode(',', array_map('db_input', $_POST['ids'])).')';
if(db_query($sql) && ($num=db_affected_rows())){
if($num==$count)
$msg='Selected staff activated';
......
scp/syslogs.php
+ 2
1
View file @ 70aca893
......@@ -23,7 +23,8 @@ if($_POST){
}else{
$count=count($_POST['ids']);
if($_POST['delete']){
$sql='DELETE FROM '.SYSLOG_TABLE.' WHERE log_id IN ('.implode(',',$_POST['ids']).')';
$sql='DELETE FROM '.SYSLOG_TABLE.' WHERE log_id IN ('
.implode(',', array_map('db_input', $_POST['ids'])).')';
if(db_query($sql) && ($num=db_affected_rows())){
if($num==$count)
$msg='Selected logs deleted successfully';
......
scp/teams.php
+ 4
2
View file @ 70aca893
......@@ -43,7 +43,8 @@ if($_POST){
}else{
$count=count($_POST['ids']);
if($_POST['enable']){
$sql='UPDATE '.TEAM_TABLE.' SET isenabled=1 WHERE team_id IN ('.implode(',',$_POST['ids']).')';
$sql='UPDATE '.TEAM_TABLE.' SET isenabled=1 WHERE team_id IN ('.
implode(',', array_map('db_input', $_POST['ids'])).')';
if(db_query($sql) && ($num=db_affected_rows())){
if($num==$count)
$msg='Selected teams activated';
......@@ -53,7 +54,8 @@ if($_POST){
$errors['err']='Unable to activate selected teams';
}
}elseif($_POST['disable']){
$sql='UPDATE '.TEAM_TABLE.' SET isenabled=0 WHERE team_id IN ('.implode(',',$_POST['ids']).')';
$sql='UPDATE '.TEAM_TABLE.' SET isenabled=0 WHERE team_id IN ('.
implode(',', array_map('db_input', $_POST['ids'])).')';
if(db_query($sql) && ($num=db_affected_rows())) {
if($num==$count)
$msg='Selected teams disabled';
......
scp/templates.php
+ 2
1
View file @ 70aca893
......@@ -54,7 +54,8 @@ if($_POST){
}else{
$count=count($_POST['ids']);
if($_POST['enable']){
$sql='UPDATE '.EMAIL_TEMPLATE_TABLE.' SET isactive=1 WHERE tpl_id IN ('.implode(',',$_POST['ids']).')';
$sql='UPDATE '.EMAIL_TEMPLATE_TABLE.' SET isactive=1 WHERE tpl_id IN ('.
implode(',', array_map('db_input', $_POST['ids'])).')';
if(db_query($sql) && ($num=db_affected_rows())){
if($num==$count)
$msg='Selected templates enabled';
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment