From 9c79079e9cd5c53b61209bed6754ac6c06bbbda2 Mon Sep 17 00:00:00 2001
From: Marius Cramer <m.cramer@pixcept.de>
Date: Thu, 07 May 2015 07:52:47 -0400
Subject: [PATCH] Backported password generator patch
---
interface/lib/classes/db_mysql.inc.php | 93 +++++++++++++++++++++++++++++++++++-----------
1 files changed, 70 insertions(+), 23 deletions(-)
diff --git a/interface/lib/classes/db_mysql.inc.php b/interface/lib/classes/db_mysql.inc.php
index ccf4a84..7331463 100644
--- a/interface/lib/classes/db_mysql.inc.php
+++ b/interface/lib/classes/db_mysql.inc.php
@@ -121,6 +121,58 @@
parent::query( 'SET NAMES '.$this->dbCharset);
parent::query( "SET character_set_results = '".$this->dbCharset."', character_set_client = '".$this->dbCharset."', character_set_connection = '".$this->dbCharset."', character_set_database = '".$this->dbCharset."', character_set_server = '".$this->dbCharset."'");
}
+
+ private function securityScan($string) {
+ global $app, $conf;
+
+ // get security config
+ if(isset($app)) {
+ $app->uses('getconf');
+ $ids_config = $app->getconf->get_security_config('ids');
+
+ if($ids_config['sql_scan_enabled'] == 'yes') {
+
+ // Remove whitespace
+ $string = trim($string);
+ if(substr($string,-1) == ';') $string = substr($string,0,-1);
+
+ // Save original string
+ $string_orig = $string;
+
+ //echo $string;
+ $chars = array(';', '#', '/*', '*/', '--', '\\\'', '\\"');
+
+ $string = str_replace('\\\\', '', $string);
+ $string = preg_replace('/(^|[^\\\])([\'"])\\2/is', '$1', $string);
+ $string = preg_replace('/(^|[^\\\])([\'"])(.*?[^\\\])\\2/is', '$1', $string);
+ $ok = true;
+
+ if(substr_count($string, "`") % 2 != 0 || substr_count($string, "'") % 2 != 0 || substr_count($string, '"') % 2 != 0) {
+ $app->log("SQL injection warning (" . $string_orig . ")",2);
+ $ok = false;
+ } else {
+ foreach($chars as $char) {
+ if(strpos($string, $char) !== false) {
+ $ok = false;
+ $app->log("SQL injection warning (" . $string_orig . ")",2);
+ break;
+ }
+ }
+ }
+ if($ok == true) {
+ return true;
+ } else {
+ if($ids_config['sql_scan_action'] == 'warn') {
+ // we return false in warning level.
+ return false;
+ } else {
+ // if sql action = 'block' or anything else then stop here.
+ $app->error('Possible SQL injection. All actions have been logged.');
+ }
+ }
+ }
+ }
+ }
public function query($queryString) {
global $conf;
@@ -143,6 +195,7 @@
}
}
} while($ok == false);
+ $this->securityScan($queryString);
$this->queryId = parent::query($queryString);
$this->updateError('DB::query('.$queryString.') -> mysqli_query');
if($this->errorNumber && $conf['demo_mode'] === false) debug_print_backtrace();
@@ -263,14 +316,8 @@
global $app, $conf;
// Check fields
- if(!preg_match('/^[a-zA-Z0-9\.\-\_]{1,64}$/',$db_table)) $app->error('Invalid table name '.$db_table);
+ if(!preg_match('/^[a-zA-Z0-9\-\_\.]{1,64}$/',$db_table)) $app->error('Invalid table name '.$db_table);
if(!preg_match('/^[a-zA-Z0-9\-\_]{1,64}$/',$primary_field)) $app->error('Invalid primary field '.$primary_field.' in table '.$db_table);
-
- if(strpos($db_table, '.') !== false) {
- $db_table = preg_replace('/^(.+)\.(.+)$/', '`$1`.`$2`', $db_table);
- } else {
- $db_table = '`' . $db_table . '`';
- }
$primary_field = $this->quote($primary_field);
$primary_id = intval($primary_id);
@@ -314,13 +361,13 @@
global $app;
// Check fields
- if(!preg_match('/^[a-zA-Z0-9\.\-\_]{1,64}$/',$tablename)) $app->error('Invalid table name '.$tablename);
+ if(!preg_match('/^[a-zA-Z0-9\-\_\.]{1,64}$/',$tablename)) $app->error('Invalid table name '.$tablename);
if(!preg_match('/^[a-zA-Z0-9\-\_]{1,64}$/',$index_field)) $app->error('Invalid index field '.$index_field.' in table '.$tablename);
if(strpos($tablename, '.') !== false) {
- $tablename = preg_replace('/^(.+)\.(.+)$/', '`$1`.`$2`', $tablename);
+ $tablename_escaped = preg_replace('/^(.+)\.(.+)$/', '`$1`.`$2`', $tablename);
} else {
- $tablename = '`' . $tablename . '`';
+ $tablename_escaped = '`' . $tablename . '`';
}
$index_field = $this->quote($index_field);
@@ -340,9 +387,9 @@
}
$old_rec = array();
- $this->query("INSERT INTO $tablename $insert_data_str");
+ $this->query("INSERT INTO $tablename_escaped $insert_data_str");
$index_value = $this->insertID();
- $new_rec = $this->queryOneRecord("SELECT * FROM $tablename WHERE $index_field = '$index_value'");
+ $new_rec = $this->queryOneRecord("SELECT * FROM $tablename_escaped WHERE $index_field = '$index_value'");
$this->datalogSave($tablename, 'INSERT', $index_field, $index_value, $old_rec, $new_rec);
return $index_value;
@@ -353,19 +400,19 @@
global $app;
// Check fields
- if(!preg_match('/^[a-zA-Z0-9\.\-\_]{1,64}$/',$tablename)) $app->error('Invalid table name '.$tablename);
+ if(!preg_match('/^[a-zA-Z0-9\-\_\.]{1,64}$/',$tablename)) $app->error('Invalid table name '.$tablename);
if(!preg_match('/^[a-zA-Z0-9\-\_]{1,64}$/',$index_field)) $app->error('Invalid index field '.$index_field.' in table '.$tablename);
if(strpos($tablename, '.') !== false) {
- $tablename = preg_replace('/^(.+)\.(.+)$/', '`$1`.`$2`', $tablename);
+ $tablename_escaped = preg_replace('/^(.+)\.(.+)$/', '`$1`.`$2`', $tablename);
} else {
- $tablename = '`' . $tablename . '`';
+ $tablename_escaped = '`' . $tablename . '`';
}
$index_field = $this->quote($index_field);
$index_value = $this->quote($index_value);
- $old_rec = $this->queryOneRecord("SELECT * FROM $tablename WHERE $index_field = '$index_value'");
+ $old_rec = $this->queryOneRecord("SELECT * FROM $tablename_escaped WHERE $index_field = '$index_value'");
if(is_array($update_data)) {
$update_data_str = '';
@@ -377,8 +424,8 @@
$update_data_str = $update_data;
}
- $this->query("UPDATE $tablename SET $update_data_str WHERE $index_field = '$index_value'");
- $new_rec = $this->queryOneRecord("SELECT * FROM $tablename WHERE $index_field = '$index_value'");
+ $this->query("UPDATE $tablename_escaped SET $update_data_str WHERE $index_field = '$index_value'");
+ $new_rec = $this->queryOneRecord("SELECT * FROM $tablename_escaped WHERE $index_field = '$index_value'");
$this->datalogSave($tablename, 'UPDATE', $index_field, $index_value, $old_rec, $new_rec, $force_update);
return true;
@@ -389,20 +436,20 @@
global $app;
// Check fields
- if(!preg_match('/^[a-zA-Z0-9\.\-\_]{1,64}$/',$tablename)) $app->error('Invalid table name '.$tablename);
+ if(!preg_match('/^[a-zA-Z0-9\-\_\.]{1,64}$/',$tablename)) $app->error('Invalid table name '.$tablename);
if(!preg_match('/^[a-zA-Z0-9\-\_]{1,64}$/',$index_field)) $app->error('Invalid index field '.$index_field.' in table '.$tablename);
if(strpos($tablename, '.') !== false) {
- $tablename = preg_replace('/^(.+)\.(.+)$/', '`$1`.`$2`', $tablename);
+ $tablename_escaped = preg_replace('/^(.+)\.(.+)$/', '`$1`.`$2`', $tablename);
} else {
- $tablename = '`' . $tablename . '`';
+ $tablename_escaped = '`' . $tablename . '`';
}
$index_field = $this->quote($index_field);
$index_value = $this->quote($index_value);
- $old_rec = $this->queryOneRecord("SELECT * FROM $tablename WHERE $index_field = '$index_value'");
- $this->query("DELETE FROM $tablename WHERE $index_field = '$index_value'");
+ $old_rec = $this->queryOneRecord("SELECT * FROM $tablename_escaped WHERE $index_field = '$index_value'");
+ $this->query("DELETE FROM $tablename_escaped WHERE $index_field = '$index_value'");
$new_rec = array();
$this->datalogSave($tablename, 'DELETE', $index_field, $index_value, $old_rec, $new_rec);
--
Gitblit v1.9.1