2007-10-03 Sancho Lerena <slerena@gmail.com>

* Security fix has been included in ver_agente.php, using a new function to validate
        GET variables (checking for numeric data). This security isse was a SQL Blind URL Attack. This
        is described in mailing list with more depth, including the patch.



git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@670 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f

pandora_console/ChangeLog

@@ -1,5 +1,9 @@
 2007-10-03  Sancho Lerena <slerena@gmail.com>
 
+	* Security fix has been included in ver_agente.php, using a new function to validate
+	GET variables (checking for numeric data). This security isse was a SQL Blind URL Attack. This
+	is described in mailing list with more depth, including the patch.
+
 	* include/functions_db.php: Insert_event is now capable to store events already validated.
 
 	* operation/events/events.php: Adjusted column width.

pandora_console/include/functions.php

@@ -414,6 +414,28 @@ function give_parameter_post ( $name, $default = "" ){
 	return $output;
 }
 
+function give_parameter_get_numeric ( $name, $default = "-1" ){
+	$output = $default;
+	if (isset ($_GET[$name])){
+		$output = $_GET[$name];
+	}
+	if (is_numeric($output))
+		return $output;
+	else
+		return -1;
+}
+
+function give_parameter_post_numeric ( $name, $default = "" ){
+	$output = $default;
+	if (isset ($_POST[$name])){
+		$output = $_POST[$name];
+	}
+	if (is_numeric($output))
+		return $output;
+	else
+		return -1;
+}
+
 function human_time_comparation ( $timestamp ){
 	global $lang_label;
 	if ($timestamp != ""){

pandora_console/operation/agentes/ver_agente.php

@@ -25,8 +25,8 @@
 require("include/config.php");
 
 if (comprueba_login() == 0) {
-	if (isset($_GET["id_agente"])){
-		$id_agente = $_GET["id_agente"];
+	$id_agente = give_parameter_get_numeric("id_agente");
+	if ($id_agente != -1){
 		// get group for this id_agente
 		$query="SELECT * FROM tagente WHERE id_agente = ".$id_agente;
 		$res=mysql_query($query);