Skip to content

Commit d501af7

Browse files
jmontoyaajmontoyaa
committed
Fix queries: Add Database::escape_string + int casting
1 parent 4c36bbc commit d501af7

File tree

4 files changed

+11
-8
lines changed

4 files changed

+11
-8
lines changed

main/blog/blog.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@
77
*/
88
require_once __DIR__.'/../inc/global.inc.php';
99

10-
$blog_id = isset($_GET['blog_id']) ? $_GET['blog_id'] : 0;
10+
$blog_id = isset($_GET['blog_id']) ? (int) $_GET['blog_id'] : 0;
1111

1212
if (empty($blog_id)) {
1313
api_not_allowed(true);

main/forum/download.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -42,7 +42,7 @@
4242
WHERE
4343
f.c_id = '.$course_id.' AND
4444
a.c_id = '.$course_id.' AND
45-
path LIKE BINARY "'.$doc_url.'"';
45+
path LIKE BINARY "'.Database::escape_string($doc_url).'"';
4646

4747
$result = Database::query($sql);
4848
$row = Database::fetch_array($result);

main/inc/ajax/exercise.ajax.php

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -167,6 +167,10 @@
167167
$sidx = $_REQUEST['sidx']; //index to filter
168168
$sord = $_REQUEST['sord']; //asc or desc
169169

170+
if (!in_array($sidx, ['firstname', 'lastname', 'start_date'])) {
171+
$sidx = 1;
172+
}
173+
170174
if (!in_array($sord, ['asc', 'desc'])) {
171175
$sord = 'desc';
172176
}

main/session/session_category_list.php

Lines changed: 5 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -27,15 +27,15 @@ function selectAll(idCheck,numRows,action) {
2727

2828
$page = isset($_GET['page']) ? (int) $_GET['page'] : null;
2929
$action = isset($_REQUEST['action']) ? Security::remove_XSS($_REQUEST['action']) : null;
30-
$sort = isset($_GET['sort']) && in_array($_GET['sort'], ['name', 'nbr_session', 'date_start', 'date_end'])
31-
? Security::remove_XSS($_GET['sort'])
32-
: 'name';
30+
$columns = ['name', 'nbr_session', 'date_start', 'date_end'];
31+
$sort = isset($_GET['sort']) && in_array($_GET['sort'], $columns) ? Security::remove_XSS($_GET['sort']) : 'name';
3332
$idChecked = isset($_REQUEST['idChecked']) ? Security::remove_XSS($_REQUEST['idChecked']) : null;
34-
$order = isset($_REQUEST['order']) ? Security::remove_XSS($_REQUEST['order']) : 'ASC';
33+
$order = $_REQUEST['order'] ?? 'ASC';
34+
$order = $order === 'ASC' ? 'DESC' : 'ASC';
3535
$keyword = isset($_REQUEST['keyword']) ? Security::remove_XSS($_REQUEST['keyword']) : null;
3636

3737
if ($action === 'delete_on_session' || $action === 'delete_off_session') {
38-
$delete_session = $action == 'delete_on_session' ? true : false;
38+
$delete_session = $action === 'delete_on_session' ? true : false;
3939
SessionManager::delete_session_category($idChecked, $delete_session);
4040
Display::addFlash(Display::return_message(get_lang('SessionCategoryDelete')));
4141
header('Location: '.api_get_self().'?sort='.$sort);
@@ -91,7 +91,6 @@ function selectAll(idCheck,numRows,action) {
9191

9292
$query_rows = "SELECT count(*) as total_rows
9393
FROM $tbl_session_category sc $where ";
94-
$order = ($order == 'ASC') ? 'DESC' : 'ASC';
9594
$result_rows = Database::query($query_rows);
9695
$recorset = Database::fetch_array($result_rows);
9796
$num = $recorset['total_rows'];

0 commit comments

Comments
 (0)