tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fixed a SQL injection vulnerability

This commit is contained in:
Alejandro Gallardo Escobar 2018-05-21 15:19:25 +02:00
parent 1f3e09ae14
commit 2e96c2bbd1
3 changed files with 7 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
pandora_console/mobile/include/system.class.php
View File

@ -32,6 +32,9 @@ class System {
} }
$this->session = $_SESSION; $this->session = $_SESSION;
session_write_close(); session_write_close();
require_once($this->getConfig('homedir') . '/include/functions.php');
require_once($this->getConfig('homedir') . '/include/functions_io.php');
} }
public static function getInstance() { public static function getInstance() {
@ -51,29 +54,14 @@ class System {
} }
public function getRequest($name, $default = null) { public function getRequest($name, $default = null) {
$return = $default; return get_parameter($name, $default);
if (isset($_POST[$name])) {
$return = $_POST[$name];
}
else {
if (isset($_GET[$name])) {
$return = $_GET[$name];
}
}
return $return;
} }
public function safeOutput($value) { public function safeOutput($value) {
require_once($this->getConfig('homedir') . '/include/functions_io.php');
return io_safe_output($value); return io_safe_output($value);
} }
public function safeInput($value) { public function safeInput($value) {
require_once($this->getConfig('homedir') . '/include/functions_io.php');
return io_safe_input($value); return io_safe_input($value);
} }

2
pandora_console/mobile/include/user.class.php
View File

@ -74,7 +74,6 @@ class User {
if (($user == null) && ($password == null)) { if (($user == null) && ($password == null)) {
$user = $system->getRequest('user', null); $user = $system->getRequest('user', null);
$user = $system->safeInput($user);
$password = $system->getRequest('password', null); $password = $system->getRequest('password', null);
} }
@ -141,6 +140,7 @@ class User {
} }
if (empty($code)) { if (empty($code)) {
$code = $system->getRequest('auth_code', null); $code = $system->getRequest('auth_code', null);
$code = $system->safeOutput($code);
} }
if (!empty($user) && !empty($code)) { if (!empty($user) && !empty($code)) {

2
pandora_console/mobile/operation/tactical.php
View File

@ -49,7 +49,9 @@ class Tactical {
switch ($parameter2) { switch ($parameter2) {
case 'render_status_pie': case 'render_status_pie':
$links = $system->getRequest('links', ''); $links = $system->getRequest('links', '');
$links = $system->safeOutput($links);
$data = $system->getRequest('data', ''); $data = $system->getRequest('data', '');
$data = $system->safeOutput($data);
$data = str_replace('\\','',$data); $data = str_replace('\\','',$data);
$links = str_replace('\\','',$links); $links = str_replace('\\','',$links);
$width = $system->getRequest('width', 230); $width = $system->getRequest('width', 230);