From 17c6d55fd62f007c2b0d8ac65f242f8b63f302ec Mon Sep 17 00:00:00 2001
From: mdtrooper <tres.14159@gmail.com>
Date: Mon, 20 Jan 2014 12:05:03 +0000
Subject: [PATCH] 2014-01-20  Miguel de Dios <miguel.dedios@artica.es>

	* mobile/include/user.class.php,
	mobile/include/system.class.php: fixed SQL injection.

	Issue found by Lincoln, a member of Corelan Team




git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@9344 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
---
 pandora_console/ChangeLog                       |  7 +++++++
 pandora_console/mobile/include/system.class.php | 12 ++++++++++++
 pandora_console/mobile/include/user.class.php   |  3 +++
 3 files changed, 22 insertions(+)

diff --git a/pandora_console/ChangeLog b/pandora_console/ChangeLog
index 8520a2f171..66f2c8489b 100644
--- a/pandora_console/ChangeLog
+++ b/pandora_console/ChangeLog
@@ -1,3 +1,10 @@
+2014-01-20  Miguel de Dios <miguel.dedios@artica.es>
+	
+	* mobile/include/user.class.php,
+	mobile/include/system.class.php: fixed SQL injection.
+	
+	Issue found by Lincoln, a member of Corelan Team
+
 2014-01-17 Juan Manuel Ramon Vigo <juanmanuel.ramon@artica.es>
 
 	* godmode/reporting/reporting_builder.php: Fixed group filter in report
diff --git a/pandora_console/mobile/include/system.class.php b/pandora_console/mobile/include/system.class.php
index 94a4c23a89..8f837a468b 100644
--- a/pandora_console/mobile/include/system.class.php
+++ b/pandora_console/mobile/include/system.class.php
@@ -62,6 +62,18 @@ class System {
 		return $return;
 	}
 	
+	public function safeOutput($value) {
+		require_once($this->getConfig('homedir') . '/include/functions_io.php');
+		
+		return io_safe_output($value);
+	}
+	
+	public function safeInput($value) {
+		require_once($this->getConfig('homedir') . '/include/functions_io.php');
+		
+		return io_safe_input($value);
+	}
+	
 	public function getConfig($name, $default = null) {
 		if (!isset($this->config[$name])) {
 			return $default;
diff --git a/pandora_console/mobile/include/user.class.php b/pandora_console/mobile/include/user.class.php
index f630d8e7c1..0bdb8f1b1b 100644
--- a/pandora_console/mobile/include/user.class.php
+++ b/pandora_console/mobile/include/user.class.php
@@ -87,16 +87,19 @@ class User {
 		
 		if (($user == null) && ($password == null)) {
 			$user = $system->getRequest('user', null);
+			$user = $system->safeInput($user);
 			$password = $system->getRequest('password', null);
 		}
 		
 		if (!empty($user) && !empty($password)) {
 			if (process_user_login($user, $password) !== false) {
+				
 				$this->logged = true;
 				$this->user = $user;
 				$this->errorLogin = false;
 			}
 			else {
+				
 				$this->logged = false;
 				$this->errorLogin = true;
 			}