took additional measures to prevent sql injection
This commit is contained in:
JT Smith
parent
045997bc93
commit
a293678acd
10 changed files with 29 additions and 32 deletions
|
|
@ -9,12 +9,15 @@
|
||||||
Manager and USS to the standard pagination variables.
|
Manager and USS to the standard pagination variables.
|
||||||
- A very special thanks to Len Kranendonk for the following security
|
- A very special thanks to Len Kranendonk for the following security
|
||||||
improvements.
|
improvements.
|
||||||
- Disabled anonymous registration by default for better security.
|
- Disabled anonymous registration by default.
|
||||||
- Set session timeout to 1 hour by default for better security.
|
- Set session timeout to 1 hour by default.
|
||||||
- Sessions now auto end themselves if they are used after their
|
- Sessions now auto end themselves if they are used after their
|
||||||
expires timeout and before the scheduler has cleaned them up.
|
expires timeout and before the scheduler has cleaned them up.
|
||||||
- Macros are now negated on user profile fields and authentication
|
- Macros are now negated on user profile fields and authentication
|
||||||
fields.
|
fields.
|
||||||
|
- Sessions are now validated against IP address to help prevent
|
||||||
|
session theft.
|
||||||
|
- Took additional measures to prevent SQL injection.
|
||||||
- Bugfix [ 930425 ] Bug in EventsCalender, causing other wobjects to fail.
|
- Bugfix [ 930425 ] Bug in EventsCalender, causing other wobjects to fail.
|
||||||
- Bugfix [ 925586 ] HttpProxy ignores javascript in <HEAD> (thanks to
|
- Bugfix [ 925586 ] HttpProxy ignores javascript in <HEAD> (thanks to
|
||||||
Nicklous Roberts).
|
Nicklous Roberts).
|
||||||
|
|
|
||||||
|
|
@ -109,21 +109,15 @@ sub _setupSessionVars {
|
||||||
tie %vars, 'Tie::CPHash';
|
tie %vars, 'Tie::CPHash';
|
||||||
if ($_[0] ne "") {
|
if ($_[0] ne "") {
|
||||||
%vars = WebGUI::SQL->quickHash("select * from userSession where sessionId='$_[0]'");
|
%vars = WebGUI::SQL->quickHash("select * from userSession where sessionId='$_[0]'");
|
||||||
if ($vars{expires} < _time()) {
|
if ($vars{expires} < _time() || $vars{lastIP} ne $session{env}{REMOTE_ADDR}) {
|
||||||
|
%vars = ();
|
||||||
WebGUI::Session::end($_[0]);
|
WebGUI::Session::end($_[0]);
|
||||||
}
|
}
|
||||||
if ($vars{sessionId} ne "") {
|
if ($vars{sessionId} ne "") {
|
||||||
$session{scratch} = WebGUI::SQL->buildHashRef("select name,value from userSessionScratch
|
$session{scratch} = WebGUI::SQL->buildHashRef("select name,value from userSessionScratch
|
||||||
where sessionId=".quote($_[0]));
|
where sessionId=".quote($_[0]));
|
||||||
if (($session{setting}{proxiedClientAddress} eq "1") && ($ENV{HTTP_X_FORWARDED_FOR} ne "")) {
|
WebGUI::SQL->write("update userSession set lastPageView="._time().", lastIP='$session{env}{REMOTE_ADDR}',
|
||||||
WebGUI::SQL->write("update userSession set lastPageView="._time().",
|
expires=".(_time()+$session{setting}{sessionTimeout})." where sessionId='$_[0]'");
|
||||||
lastIP='$ENV{HTTP_X_FORWARDED_FOR}',
|
|
||||||
expires=".(_time()+$session{setting}{sessionTimeout})
|
|
||||||
." where sessionId='$_[0]'");
|
|
||||||
} else {
|
|
||||||
WebGUI::SQL->write("update userSession set lastPageView="._time().", lastIP='$ENV{REMOTE_ADDR}',
|
|
||||||
expires=".(_time()+$session{setting}{sessionTimeout})." where sessionId='$_[0]'");
|
|
||||||
}
|
|
||||||
} else {
|
} else {
|
||||||
start(1,$_[0]);
|
start(1,$_[0]);
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -1479,7 +1479,7 @@ sub www_paste {
|
||||||
."templatePosition=1, "
|
."templatePosition=1, "
|
||||||
."sequenceNumber=". $nextSeq .", "
|
."sequenceNumber=". $nextSeq .", "
|
||||||
."bufferUserId=NULL, bufferDate=NULL, bufferPrevId=NULL "
|
."bufferUserId=NULL, bufferDate=NULL, bufferPrevId=NULL "
|
||||||
."WHERE wobjectId=". $session{form}{wid} );
|
."WHERE wobjectId=".$_[0]->get("wobjectId"));
|
||||||
return "";
|
return "";
|
||||||
} else {
|
} else {
|
||||||
return WebGUI::Privilege::insufficient();
|
return WebGUI::Privilege::insufficient();
|
||||||
|
|
|
||||||
|
|
@ -452,7 +452,7 @@ sub uiLevel {
|
||||||
sub www_deleteEntry {
|
sub www_deleteEntry {
|
||||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
|
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
|
||||||
my $entryId = $session{form}{entryId};
|
my $entryId = $session{form}{entryId};
|
||||||
WebGUI::SQL->write("delete from DataForm_entry where DataForm_entryId=".$entryId);
|
WebGUI::SQL->write("delete from DataForm_entry where DataForm_entryId=".quote($entryId));
|
||||||
$session{form}{entryId} = 'list';
|
$session{form}{entryId} = 'list';
|
||||||
return $_[0]->www_view();
|
return $_[0]->www_view();
|
||||||
}
|
}
|
||||||
|
|
@ -880,7 +880,7 @@ sub www_process {
|
||||||
$var->{error_loop} = \@errors;
|
$var->{error_loop} = \@errors;
|
||||||
$var = $_[0]->getRecordTemplateVars($var);
|
$var = $_[0]->getRecordTemplateVars($var);
|
||||||
if ($hadErrors && !$updating) {
|
if ($hadErrors && !$updating) {
|
||||||
WebGUI::SQL->write("delete from DataForm_entryData where DataForm_entryId=".$entryId);
|
WebGUI::SQL->write("delete from DataForm_entryData where DataForm_entryId=".quote($entryId));
|
||||||
$_[0]->deleteCollateral("DataForm_entry","DataForm_entryId",$entryId);
|
$_[0]->deleteCollateral("DataForm_entry","DataForm_entryId",$entryId);
|
||||||
$_[0]->www_view($var);
|
$_[0]->www_view($var);
|
||||||
} else {
|
} else {
|
||||||
|
|
|
||||||
|
|
@ -353,7 +353,7 @@ sub www_editEventSave {
|
||||||
} else {
|
} else {
|
||||||
WebGUI::SQL->write("update EventsCalendar_event set name=".quote($session{form}{name}).",
|
WebGUI::SQL->write("update EventsCalendar_event set name=".quote($session{form}{name}).",
|
||||||
description=".quote($session{form}{description}).", startDate=".$startDate[0].",
|
description=".quote($session{form}{description}).", startDate=".$startDate[0].",
|
||||||
endDate=".$endDate[0]." where EventsCalendar_eventId=$session{form}{eid}");
|
endDate=".$endDate[0]." where EventsCalendar_eventId=".quote($session{form}{eid}));
|
||||||
}
|
}
|
||||||
if ($session{form}{proceed} eq "addEvent") {
|
if ($session{form}{proceed} eq "addEvent") {
|
||||||
$session{form}{eid} = "new";
|
$session{form}{eid} = "new";
|
||||||
|
|
|
||||||
|
|
@ -150,7 +150,7 @@ sub www_deleteForumConfirm {
|
||||||
my $forum = WebGUI::Forum->new($session{form}{forumId});
|
my $forum = WebGUI::Forum->new($session{form}{forumId});
|
||||||
$forum->purge;
|
$forum->purge;
|
||||||
}
|
}
|
||||||
WebGUI::SQL->write("delete from MessageBoard_forums where forumId=".$session{form}{forumId}." and wobjectId=".$_[0]->get("wobjectId"));
|
WebGUI::SQL->write("delete from MessageBoard_forums where forumId=".quote($session{form}{forumId})." and wobjectId=".$_[0]->get("wobjectId"));
|
||||||
return "";
|
return "";
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -205,11 +205,11 @@ sub www_editForumSave {
|
||||||
my ($seq) = WebGUI::SQL->quickArray("select max(sequenceNumber) from MessageBoard_forums where wobjectId=".$_[0]->get("wobjectId"));
|
my ($seq) = WebGUI::SQL->quickArray("select max(sequenceNumber) from MessageBoard_forums where wobjectId=".$_[0]->get("wobjectId"));
|
||||||
$seq++;
|
$seq++;
|
||||||
WebGUI::SQL->write("insert into MessageBoard_forums (wobjectId, forumId, title, description, sequenceNumber) values ("
|
WebGUI::SQL->write("insert into MessageBoard_forums (wobjectId, forumId, title, description, sequenceNumber) values ("
|
||||||
.$_[0]->get("wobjectId").", ".$forumId.", ".quote($session{form}{title}).", ".quote($session{form}{description})
|
.$_[0]->get("wobjectId").", ".quote($forumId).", ".quote($session{form}{title}).", ".quote($session{form}{description})
|
||||||
.", ".$seq.")");
|
.", ".$seq.")");
|
||||||
} else {
|
} else {
|
||||||
WebGUI::SQL->write("update MessageBoard_forums set title=".quote($session{form}{title}).", description="
|
WebGUI::SQL->write("update MessageBoard_forums set title=".quote($session{form}{title}).", description="
|
||||||
.quote($session{form}{description})." where forumId=".$forumId." and wobjectId=".$_[0]->get("wobjectId"));
|
.quote($session{form}{description})." where forumId=".quote($forumId)." and wobjectId=".$_[0]->get("wobjectId"));
|
||||||
}
|
}
|
||||||
return "";
|
return "";
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -279,7 +279,7 @@ sub www_vote {
|
||||||
my $u;
|
my $u;
|
||||||
if ($session{form}{answer} ne "" && WebGUI::Privilege::isInGroup($_[0]->get("voteGroup"),$session{user}{userId}) && !($_[0]->_hasVoted())) {
|
if ($session{form}{answer} ne "" && WebGUI::Privilege::isInGroup($_[0]->get("voteGroup"),$session{user}{userId}) && !($_[0]->_hasVoted())) {
|
||||||
WebGUI::SQL->write("insert into Poll_answer values (".$_[0]->get("wobjectId").",
|
WebGUI::SQL->write("insert into Poll_answer values (".$_[0]->get("wobjectId").",
|
||||||
'$session{form}{answer}', $session{user}{userId}, '$session{env}{REMOTE_ADDR}')");
|
".quote($session{form}{answer}).", $session{user}{userId}, '$session{env}{REMOTE_ADDR}')");
|
||||||
if ($session{setting}{useKarma}) {
|
if ($session{setting}{useKarma}) {
|
||||||
$u = WebGUI::User->new($session{user}{userId});
|
$u = WebGUI::User->new($session{user}{userId});
|
||||||
$u->karma($_[0]->get("karmaPerVote"),$_[0]->get("namespace")." (".$_[0]->get("wobjectId").")","Voted on this poll.");
|
$u->karma($_[0]->get("karmaPerVote"),$_[0]->get("namespace")." (".$_[0]->get("wobjectId").")","Voted on this poll.");
|
||||||
|
|
|
||||||
|
|
@ -191,7 +191,7 @@ sub www_addAccessorySave {
|
||||||
($seq) = WebGUI::SQL->quickArray("select max(sequenceNumber) from Product_accessory
|
($seq) = WebGUI::SQL->quickArray("select max(sequenceNumber) from Product_accessory
|
||||||
where wobjectId=".$_[0]->get("wobjectId"));
|
where wobjectId=".$_[0]->get("wobjectId"));
|
||||||
WebGUI::SQL->write("insert into Product_accessory (wobjectId,accessoryWobjectId,sequenceNumber) values
|
WebGUI::SQL->write("insert into Product_accessory (wobjectId,accessoryWobjectId,sequenceNumber) values
|
||||||
(".$_[0]->get("wobjectId").",$session{form}{accessoryWobjectId},".($seq+1).")");
|
(".$_[0]->get("wobjectId").",".quote($session{form}{accessoryWobjectId}).",".($seq+1).")");
|
||||||
if ($session{form}{proceed}) {
|
if ($session{form}{proceed}) {
|
||||||
return $_[0]->www_addAccessory();
|
return $_[0]->www_addAccessory();
|
||||||
} else {
|
} else {
|
||||||
|
|
@ -227,7 +227,7 @@ sub www_addRelatedSave {
|
||||||
($seq) = WebGUI::SQL->quickArray("select max(sequenceNumber) from Product_related
|
($seq) = WebGUI::SQL->quickArray("select max(sequenceNumber) from Product_related
|
||||||
where wobjectId=".$_[0]->get("wobjectId"));
|
where wobjectId=".$_[0]->get("wobjectId"));
|
||||||
WebGUI::SQL->write("insert into Product_related (wobjectId,relatedWobjectId,sequenceNumber) values
|
WebGUI::SQL->write("insert into Product_related (wobjectId,relatedWobjectId,sequenceNumber) values
|
||||||
(".$_[0]->get("wobjectId").",$session{form}{relatedWobjectId},".($seq+1).")");
|
(".$_[0]->get("wobjectId").",".quote($session{form}{relatedWobjectId}).",".($seq+1).")");
|
||||||
if ($session{form}{proceed}) {
|
if ($session{form}{proceed}) {
|
||||||
return $_[0]->www_addRelated();
|
return $_[0]->www_addRelated();
|
||||||
} else {
|
} else {
|
||||||
|
|
@ -247,7 +247,7 @@ sub www_deleteAccessory {
|
||||||
#-------------------------------------------------------------------
|
#-------------------------------------------------------------------
|
||||||
sub www_deleteAccessoryConfirm {
|
sub www_deleteAccessoryConfirm {
|
||||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
|
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
|
||||||
WebGUI::SQL->write("delete from Product_accessory where wobjectId=$session{form}{wid} and accessoryWobjectId=$session{form}{aid}");
|
WebGUI::SQL->write("delete from Product_accessory where wobjectId=".$_[0]->get("wobjectId")." and accessoryWobjectId=".quote($session{form}{aid}));
|
||||||
$_[0]->reorderCollateral("Product_accessory","accessoryWobjectId");
|
$_[0]->reorderCollateral("Product_accessory","accessoryWobjectId");
|
||||||
return "";
|
return "";
|
||||||
}
|
}
|
||||||
|
|
@ -298,7 +298,7 @@ sub www_deleteRelated {
|
||||||
#-------------------------------------------------------------------
|
#-------------------------------------------------------------------
|
||||||
sub www_deleteRelatedConfirm {
|
sub www_deleteRelatedConfirm {
|
||||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
|
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
|
||||||
WebGUI::SQL->write("delete from Product_related where wobjectId=$session{form}{wid} and relatedWobjectId=$session{form}{rid}");
|
WebGUI::SQL->write("delete from Product_related where wobjectId=".$_[0]->get("wobjectId")." and relatedWobjectId=".quote($session{form}{rid}));
|
||||||
$_[0]->reorderCollateral("Product_related","relatedWobjectId");
|
$_[0]->reorderCollateral("Product_related","relatedWobjectId");
|
||||||
return "";
|
return "";
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -436,7 +436,7 @@ sub www_deleteAnswer {
|
||||||
#-------------------------------------------------------------------
|
#-------------------------------------------------------------------
|
||||||
sub www_deleteAnswerConfirm {
|
sub www_deleteAnswerConfirm {
|
||||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
|
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
|
||||||
WebGUI::SQL->write("delete from Survey_response where Survey_answerId=$session{form}{aid}");
|
WebGUI::SQL->write("delete from Survey_response where Survey_answerId=".quote($session{form}{aid}));
|
||||||
$_[0]->deleteCollateral("Survey_answer","Survey_answerId",$session{form}{aid});
|
$_[0]->deleteCollateral("Survey_answer","Survey_answerId",$session{form}{aid});
|
||||||
$_[0]->reorderCollateral("Survey_answer","Survey_answerId","Survey_id");
|
$_[0]->reorderCollateral("Survey_answer","Survey_answerId","Survey_id");
|
||||||
return $_[0]->www_editQuestion;
|
return $_[0]->www_editQuestion;
|
||||||
|
|
@ -452,8 +452,8 @@ sub www_deleteQuestion {
|
||||||
#-------------------------------------------------------------------
|
#-------------------------------------------------------------------
|
||||||
sub www_deleteQuestionConfirm {
|
sub www_deleteQuestionConfirm {
|
||||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
|
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
|
||||||
WebGUI::SQL->write("delete from Survey_answer where Survey_questionId=$session{form}{qid}");
|
WebGUI::SQL->write("delete from Survey_answer where Survey_questionId=".quote($session{form}{qid}));
|
||||||
WebGUI::SQL->write("delete from Survey_response where Survey_questionId=$session{form}{qid}");
|
WebGUI::SQL->write("delete from Survey_response where Survey_questionId=".quote($session{form}{qid}));
|
||||||
$_[0]->deleteCollateral("Survey_question","Survey_questionId",$session{form}{qid});
|
$_[0]->deleteCollateral("Survey_question","Survey_questionId",$session{form}{qid});
|
||||||
$_[0]->reorderCollateral("Survey_question","Survey_questionId","Survey_id");
|
$_[0]->reorderCollateral("Survey_question","Survey_questionId","Survey_id");
|
||||||
return $_[0]->www_edit;
|
return $_[0]->www_edit;
|
||||||
|
|
@ -469,8 +469,8 @@ sub www_deleteResponse {
|
||||||
#-------------------------------------------------------------------
|
#-------------------------------------------------------------------
|
||||||
sub www_deleteResponseConfirm {
|
sub www_deleteResponseConfirm {
|
||||||
return "" unless (WebGUI::Privilege::isInGroup($_[0]->get("groupToViewReports")));
|
return "" unless (WebGUI::Privilege::isInGroup($_[0]->get("groupToViewReports")));
|
||||||
WebGUI::SQL->write("delete from Survey_response where Survey_responseId=".$session{form}{responseId});
|
WebGUI::SQL->write("delete from Survey_response where Survey_responseId=".quote($session{form}{responseId}));
|
||||||
WebGUI::SQL->write("delete from Survey_questionResponse where Survey_responseId=".$session{form}{responseId});
|
WebGUI::SQL->write("delete from Survey_questionResponse where Survey_responseId=".quote($session{form}{responseId}));
|
||||||
return $_[0]->www_viewGradebook;
|
return $_[0]->www_viewGradebook;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -238,7 +238,7 @@ sub www_approveSubmission {
|
||||||
tie %submission, 'Tie::CPHash';
|
tie %submission, 'Tie::CPHash';
|
||||||
if (WebGUI::Privilege::isInGroup(4,$session{user}{userId}) || WebGUI::Privilege::isInGroup(3,$session{user}{userId})) {
|
if (WebGUI::Privilege::isInGroup(4,$session{user}{userId}) || WebGUI::Privilege::isInGroup(3,$session{user}{userId})) {
|
||||||
%submission = WebGUI::SQL->quickHash("select * from USS_submission where USS_submissionId=$session{form}{sid}");
|
%submission = WebGUI::SQL->quickHash("select * from USS_submission where USS_submissionId=$session{form}{sid}");
|
||||||
WebGUI::SQL->write("update USS_submission set status='Approved' where USS_submissionId=$session{form}{sid}");
|
WebGUI::SQL->write("update USS_submission set status='Approved' where USS_submissionId=".quote($session{form}{sid}));
|
||||||
WebGUI::MessageLog::addInternationalizedEntry($submission{userId},'',WebGUI::URL::page('func=viewSubmission&wid='.
|
WebGUI::MessageLog::addInternationalizedEntry($submission{userId},'',WebGUI::URL::page('func=viewSubmission&wid='.
|
||||||
$session{form}{wid}.'&sid='.$session{form}{sid}),4,$_[0]->get("namespace"));
|
$session{form}{wid}.'&sid='.$session{form}{sid}),4,$_[0]->get("namespace"));
|
||||||
WebGUI::MessageLog::completeEntry($session{form}{mlog});
|
WebGUI::MessageLog::completeEntry($session{form}{mlog});
|
||||||
|
|
@ -297,7 +297,7 @@ sub www_denySubmission {
|
||||||
tie %submission, 'Tie::CPHash';
|
tie %submission, 'Tie::CPHash';
|
||||||
if (WebGUI::Privilege::isInGroup(4,$session{user}{userId}) || WebGUI::Privilege::isInGroup(3,$session{user}{userId})) {
|
if (WebGUI::Privilege::isInGroup(4,$session{user}{userId}) || WebGUI::Privilege::isInGroup(3,$session{user}{userId})) {
|
||||||
%submission = WebGUI::SQL->quickHash("select * from USS_submission where USS_submissionId=$session{form}{sid}");
|
%submission = WebGUI::SQL->quickHash("select * from USS_submission where USS_submissionId=$session{form}{sid}");
|
||||||
WebGUI::SQL->write("update USS_submission set status='Denied' where USS_submissionId=$session{form}{sid}");
|
WebGUI::SQL->write("update USS_submission set status='Denied' where USS_submissionId=".quote($session{form}{sid}));
|
||||||
WebGUI::MessageLog::addInternationalizedEntry($submission{userId},'',WebGUI::URL::page('func=viewSubmission&wid='.
|
WebGUI::MessageLog::addInternationalizedEntry($submission{userId},'',WebGUI::URL::page('func=viewSubmission&wid='.
|
||||||
$session{form}{wid}.'&sid='.$session{form}{sid}),5,$_[0]->get("namespace"));
|
$session{form}{wid}.'&sid='.$session{form}{sid}),5,$_[0]->get("namespace"));
|
||||||
WebGUI::MessageLog::completeEntry($session{form}{mlog});
|
WebGUI::MessageLog::completeEntry($session{form}{mlog});
|
||||||
|
|
@ -815,7 +815,7 @@ sub www_viewSubmission {
|
||||||
forumId=>$submission->{forumId}
|
forumId=>$submission->{forumId}
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
WebGUI::SQL->write("update USS_submission set views=views+1 where USS_submissionId=$session{form}{sid}");
|
WebGUI::SQL->write("update USS_submission set views=views+1 where USS_submissionId=".quote($session{form}{sid}));
|
||||||
$var{title} = $submission->{title};
|
$var{title} = $submission->{title};
|
||||||
$var{content} = WebGUI::HTML::filter($submission->{content},$_[0]->get("filterContent"));
|
$var{content} = WebGUI::HTML::filter($submission->{content},$_[0]->get("filterContent"));
|
||||||
$var{content} =~ s/\^\-\;//g;
|
$var{content} =~ s/\^\-\;//g;
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue