gitlabFork/ISPConfig3.git - Solinfo Gitblit

			@@ -121,6 +121,53 @@
			parent::query( 'SET NAMES '.$this->dbCharset);
			parent::query( "SET character_set_results = '".$this->dbCharset."', character_set_client = '".$this->dbCharset."', character_set_connection = '".$this->dbCharset."', character_set_database = '".$this->dbCharset."', character_set_server = '".$this->dbCharset."'");
			}

			private function securityScan($string) {
			global $app, $conf;

			// get security config
			if(isset($app)) {
			$app->uses('getconf');
			$ids_config = $app->getconf->get_security_config('ids');

			if($ids_config['sql_scan_enabled'] == 'yes') {

			$string_orig = $string;

			//echo $string;
			$chars = array(';', '#', '/', '/', '--', '\\\'', '\\"');

			$string = str_replace('\\\\', '', $string);
			$string = preg_replace('/(^\|[^\\\])([\'"])\\2/is', '$1', $string);
			$string = preg_replace('/(^\|[^\\\])([\'"])(.*?[^\\\])\\2/is', '$1', $string);
			$ok = true;

			if(substr_count($string, "`") % 2 != 0 \|\| substr_count($string, "'") % 2 != 0 \|\| substr_count($string, '"') % 2 != 0) {
			$app->log("SQL injection warning (" . $string_orig . ")",2);
			$ok = false;
			} else {
			foreach($chars as $char) {
			if(strpos($string, $char) !== false) {
			$ok = false;
			$app->log("SQL injection warning (" . $string_orig . ")",2);
			break;
			}
			}
			}
			if($ok == true) {
			return true;
			} else {
			if($ids_config['sql_scan_action'] == 'warn') {
			// we return false in warning level.
			return false;
			} else {
			// if sql action = 'block' or anything else then stop here.
			$app->error('Possible SQL injection. All actions have been logged.');
			}
			}
			}
			}
			}

			public function query($queryString) {
			global $conf;
			@@ -143,6 +190,7 @@
			}
			}
			} while($ok == false);
			$this->securityScan($queryString);
			$this->queryId = parent::query($queryString);
			$this->updateError('DB::query('.$queryString.') -> mysqli_query');
			if($this->errorNumber && $conf['demo_mode'] === false) debug_print_backtrace();
			@@ -262,12 +310,12 @@
			public function datalogSave($db_table, $action, $primary_field, $primary_id, $record_old, $record_new, $force_update = false) {
			global $app, $conf;

			// Insert backticks only for incomplete table names.
			if(stristr($db_table, '.')) {
			$escape = '';
			} else {
			$escape = '`';
			}
			// Check fields
			if(!preg_match('/^[a-zA-Z0-9\-\_\.]{1,64}$/',$db_table)) $app->error('Invalid table name '.$db_table);
			if(!preg_match('/^[a-zA-Z0-9\-\_]{1,64}$/',$primary_field)) $app->error('Invalid primary field '.$primary_field.' in table '.$db_table);

			$primary_field = $this->quote($primary_field);
			$primary_id = intval($primary_id);

			if($force_update == true) {
			//* We force a update even if no record has changed
			@@ -284,7 +332,7 @@
			// Insert the server_id, if the record has a server_id
			$server_id = (isset($record_old['server_id']) && $record_old['server_id'] > 0)?$record_old['server_id']:0;
			if(isset($record_new['server_id'])) $server_id = $record_new['server_id'];

			$server_id = intval($server_id);

			if($diff_num > 0) {
			//print_r($diff_num);
			@@ -306,6 +354,18 @@
			//** Inserts a record and saves the changes into the datalog
			public function datalogInsert($tablename, $insert_data, $index_field) {
			global $app;

			// Check fields
			if(!preg_match('/^[a-zA-Z0-9\-\_\.]{1,64}$/',$tablename)) $app->error('Invalid table name '.$tablename);
			if(!preg_match('/^[a-zA-Z0-9\-\_]{1,64}$/',$index_field)) $app->error('Invalid index field '.$index_field.' in table '.$tablename);

			if(strpos($tablename, '.') !== false) {
			$tablename_escaped = preg_replace('/^(.+)\.(.+)$/', '`$1`.`$2`', $tablename);
			} else {
			$tablename_escaped = '`' . $tablename . '`';
			}

			$index_field = $this->quote($index_field);

			if(is_array($insert_data)) {
			$key_str = '';
			@@ -322,9 +382,9 @@
			}

			$old_rec = array();
			$this->query("INSERT INTO $tablename $insert_data_str");
			$this->query("INSERT INTO $tablename_escaped $insert_data_str");
			$index_value = $this->insertID();
			$new_rec = $this->queryOneRecord("SELECT * FROM $tablename WHERE $index_field = '$index_value'");
			$new_rec = $this->queryOneRecord("SELECT * FROM $tablename_escaped WHERE $index_field = '$index_value'");
			$this->datalogSave($tablename, 'INSERT', $index_field, $index_value, $old_rec, $new_rec);

			return $index_value;
			@@ -333,8 +393,21 @@
			//** Updates a record and saves the changes into the datalog
			public function datalogUpdate($tablename, $update_data, $index_field, $index_value, $force_update = false) {
			global $app;

			// Check fields
			if(!preg_match('/^[a-zA-Z0-9\-\_\.]{1,64}$/',$tablename)) $app->error('Invalid table name '.$tablename);
			if(!preg_match('/^[a-zA-Z0-9\-\_]{1,64}$/',$index_field)) $app->error('Invalid index field '.$index_field.' in table '.$tablename);

			if(strpos($tablename, '.') !== false) {
			$tablename_escaped = preg_replace('/^(.+)\.(.+)$/', '`$1`.`$2`', $tablename);
			} else {
			$tablename_escaped = '`' . $tablename . '`';
			}

			$index_field = $this->quote($index_field);
			$index_value = $this->quote($index_value);

			$old_rec = $this->queryOneRecord("SELECT * FROM $tablename WHERE $index_field = '$index_value'");
			$old_rec = $this->queryOneRecord("SELECT * FROM $tablename_escaped WHERE $index_field = '$index_value'");

			if(is_array($update_data)) {
			$update_data_str = '';
			@@ -346,8 +419,8 @@
			$update_data_str = $update_data;
			}

			$this->query("UPDATE $tablename SET $update_data_str WHERE $index_field = '$index_value'");
			$new_rec = $this->queryOneRecord("SELECT * FROM $tablename WHERE $index_field = '$index_value'");
			$this->query("UPDATE $tablename_escaped SET $update_data_str WHERE $index_field = '$index_value'");
			$new_rec = $this->queryOneRecord("SELECT * FROM $tablename_escaped WHERE $index_field = '$index_value'");
			$this->datalogSave($tablename, 'UPDATE', $index_field, $index_value, $old_rec, $new_rec, $force_update);

			return true;
			@@ -356,9 +429,22 @@
			//** Deletes a record and saves the changes into the datalog
			public function datalogDelete($tablename, $index_field, $index_value) {
			global $app;

			// Check fields
			if(!preg_match('/^[a-zA-Z0-9\-\_\.]{1,64}$/',$tablename)) $app->error('Invalid table name '.$tablename);
			if(!preg_match('/^[a-zA-Z0-9\-\_]{1,64}$/',$index_field)) $app->error('Invalid index field '.$index_field.' in table '.$tablename);

			if(strpos($tablename, '.') !== false) {
			$tablename_escaped = preg_replace('/^(.+)\.(.+)$/', '`$1`.`$2`', $tablename);
			} else {
			$tablename_escaped = '`' . $tablename . '`';
			}

			$index_field = $this->quote($index_field);
			$index_value = $this->quote($index_value);

			$old_rec = $this->queryOneRecord("SELECT * FROM $tablename WHERE $index_field = '$index_value'");
			$this->query("DELETE FROM $tablename WHERE $index_field = '$index_value'");
			$old_rec = $this->queryOneRecord("SELECT * FROM $tablename_escaped WHERE $index_field = '$index_value'");
			$this->query("DELETE FROM $tablename_escaped WHERE $index_field = '$index_value'");
			$new_rec = array();
			$this->datalogSave($tablename, 'DELETE', $index_field, $index_value, $old_rec, $new_rec);

			@@ -653,6 +739,9 @@
			case 'blob':
			return 'blob';
			break;
			case 'date':
			return 'date';
			break;
			}
			}