claunia/qemudb
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Security fixes. Ensure that numeric values are actually numeric using is_numeric

Browse Source 
so users can't login as admin by passing in non-numeric values.
This commit is contained in:
Jonathan Ernst
2005-03-23 23:56:38 +00:00
committed by WineHQ
parent d4bde62c23
commit 06ea1b6d3d
6 changed files with 8 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
include/application.php
View File

@@ -31,7 +31,7 @@ class Application {
function Application($iAppId = null) function Application($iAppId = null)
{ {
// we are working on an existing application // we are working on an existing application
if($iAppId) if(is_numeric($iAppId))
{ {
/* /*
* We fetch application data and versionsIds. * We fetch application data and versionsIds.

2
include/comment.php
View File

@@ -25,7 +25,7 @@ class Comment {
*/ */
function Comment($iCommentId="") function Comment($iCommentId="")
{ {
if($iCommentId) if(is_numeric($iCommentId))
{ {
$sQuery = "SELECT appComments.*, appVersion.appId AS appId $sQuery = "SELECT appComments.*, appVersion.appId AS appId

2
include/screenshot.php
View File

@@ -28,7 +28,7 @@ class Screenshot {
function Screenshot($iScreenshotId = null) function Screenshot($iScreenshotId = null)
{ {
// we are working on an existing screenshot // we are working on an existing screenshot
if($iScreenshotId) if(is_numeric($iScreenshotId))
{ {
$sQuery = "SELECT appData.*, appVersion.appId AS appId $sQuery = "SELECT appData.*, appVersion.appId AS appId
FROM appData, appVersion FROM appData, appVersion

6
include/user.php
View File

@@ -22,7 +22,7 @@ class User {
function User($iUserId="") function User($iUserId="")
{ {
$this->sRealname = "an anonymous user"; $this->sRealname = "an anonymous user";
if($iUserId) if(is_numeric($iUserId))
{ {
$sQuery = "SELECT * $sQuery = "SELECT *
FROM user_list FROM user_list
@@ -47,8 +47,8 @@ class User {
{ {
$sQuery = "SELECT * $sQuery = "SELECT *
FROM user_list FROM user_list
WHERE email = '".$sEmail."' WHERE email = '".addslashes($sEmail)."'
AND password = password('".$sPassword."')"; AND password = password('".addslashes($sPassword)."')";
$hResult = query_appdb($sQuery); $hResult = query_appdb($sQuery);
$oRow = mysql_fetch_object($hResult); $oRow = mysql_fetch_object($hResult);
$this->iUserId = $oRow->userid; $this->iUserId = $oRow->userid;

2
include/vendor.php
View File

@@ -18,7 +18,7 @@ class Vendor {
function Vendor($iVendorId = null) function Vendor($iVendorId = null)
{ {
// we are working on an existing vendor // we are working on an existing vendor
if($iVendorId) if(is_numeric($iVendorId))
{ {
/* /*
* We fetch the data related to this vendor. * We fetch the data related to this vendor.

2
include/version.php
View File

@@ -32,7 +32,7 @@ class Version {
function Version($iVersionId = null) function Version($iVersionId = null)
{ {
// we are working on an existing version // we are working on an existing version
if($iVersionId) if(is_numeric($iVersionId))
{ {
/* /*
* We fetch the data related to this version. * We fetch the data related to this version.