Commit 1c969d0c authored by Francois Marier's avatar Francois Marier
Browse files

Merge branch 'sql_hardening'

parents e7fa2f90 fb4f7a7b
......@@ -42,8 +42,8 @@ $menuitems = get_records_sql_array('
FROM {site_menu} s
LEFT OUTER JOIN {artefact} a ON s.file = a.id
WHERE
s.public = ' . $public . '
ORDER BY s.displayorder', null);
s.public = ?
ORDER BY s.displayorder', array($public));
$rows = array();
if ($menuitems) {
foreach ($menuitems as $i) {
......
......@@ -77,7 +77,7 @@ function adminusers_submit(Pieform $form, $values) {
WHERE admin = 1');
execute_sql('UPDATE {usr}
SET admin = 1
WHERE id IN (' . join(',', $values['users']) . ')');
WHERE id IN (' . join(',', array_map('intval', $values['users'])) . ')');
activity_add_admin_defaults($values['users']);
db_commit();
$SESSION->add_ok_msg(get_string('adminusersupdated', 'admin'));
......
......@@ -94,7 +94,7 @@ function adminusers_submit(Pieform $form, $values) {
if ($values['users']) {
execute_sql('UPDATE {usr_institution}
SET admin = 1
WHERE usr IN (' . join(',', $values['users']) . ') AND institution = ' . db_quote($inst));
WHERE usr IN (' . join(',', array_map('intval', $values['users'])) . ') AND institution = ' . db_quote($inst));
}
require_once('activity.php');
activity_add_admin_defaults($values['users']);
......
......@@ -149,7 +149,7 @@ if ($institution || $add) {
foreach($authinstances as $key => $val) {
$authinstances[$key]->index = $key;
$authinstances[$key]->total = $c;
$instancearray[] = $val->id;
$instancearray[] = (int)$val->id;
}
$instancestring = implode(',',$instancearray);
......@@ -417,8 +417,8 @@ function institution_submit(Pieform $form, $values) {
$hostwwwroot = null;
foreach ($authinstances as $ai) {
if ($ai->id == $instanceid && $ai->authname == 'xmlrpc') {
$hostwwwroot = get_field_sql("SELECT value FROM {auth_instance_config} WHERE instance = ? AND field = 'wwwroot'", array($instanceid));
if ($hostwwwroot && count_records_select('auth_instance_config', "field = 'wwwroot' AND value = ?", array($hostwwwroot)) == 1) {
$hostwwwroot = get_field_sql("SELECT \"value\" FROM {auth_instance_config} WHERE \"instance\" = ? AND field = 'wwwroot'", array($instanceid));
if ($hostwwwroot && count_records_select('auth_instance_config', "field = 'wwwroot' AND \"value\" = ?", array($hostwwwroot)) == 1) {
// Unfortunately, it's possible that this host record could belong to a different institution,
// so specify the institution here.
delete_records('host', 'wwwroot', $hostwwwroot, 'institution', $institution);
......
......@@ -94,7 +94,7 @@ function staffusers_submit(Pieform $form, $values) {
if ($values['users']) {
execute_sql('UPDATE {usr_institution}
SET staff = 1
WHERE usr IN (' . join(',', $values['users']) . ') AND institution = ' . db_quote($inst));
WHERE usr IN (' . join(',', array_map('intval', $values['users'])) . ') AND institution = ' . db_quote($inst));
}
db_commit();
$SESSION->add_ok_msg(get_string('staffusersupdated', 'admin'));
......
......@@ -74,7 +74,7 @@ function staffusers_submit(Pieform $form, $values) {
if ($values['users']) {
execute_sql('UPDATE {usr}
SET staff = 1
WHERE id IN (' . join(',', $values['users']) . ')');
WHERE id IN (' . join(',', array_map('intval', $values['users'])) . ')');
}
db_commit();
$SESSION->add_ok_msg(get_string('staffusersupdated', 'admin'));
......
......@@ -183,15 +183,6 @@ class PluginBlocktypeBlog extends PluginBlocktype {
// return $artefact;
//}
/**
* Optional method. If specified, changes the order in which the artefacts are sorted in the artefact chooser.
*
* This is a valid SQL string for the ORDER BY clause. Fields you can sort on are as per the artefact table
*/
//public static function artefactchooser_get_sort_order() {
// return 'parent, ctime DESC';
//}
public static function default_copy_type() {
return 'nocopy';
}
......
......@@ -140,8 +140,6 @@ class PluginBlocktypeBlogpost extends PluginBlocktype {
}
public static function artefactchooser_element($default=null) {
$extrajoin = ' JOIN {artefact_blog_blogpost} ON {artefact_blog_blogpost}.blogpost = a.id ';
$element = array(
'name' => 'artefactid',
'type' => 'artefactchooser',
......@@ -151,8 +149,6 @@ class PluginBlocktypeBlogpost extends PluginBlocktype {
'limit' => 10,
'selectone' => true,
'artefacttypes' => array('blogpost'),
'extrajoin' => $extrajoin,
'extracols' => '1 - {artefact_blog_blogpost}.published AS draft',
'template' => 'artefact:blog:artefactchooser-element.tpl',
);
return $element;
......@@ -180,7 +176,8 @@ class PluginBlocktypeBlogpost extends PluginBlocktype {
* This is a valid SQL string for the ORDER BY clause. Fields you can sort on are as per the artefact table
*/
public static function artefactchooser_get_sort_order() {
return 'parent, ctime DESC';
return array(array('fieldname' => 'parent'),
array('fieldname' => 'ctime', 'order' => 'DESC'));
}
public static function default_copy_type() {
......
......@@ -55,7 +55,7 @@ class PluginBlocktypeRecentposts extends PluginBlocktype {
JOIN {artefact_blog_blogpost} ab ON (ab.blogpost = a.id AND ab.published = 1)
WHERE a.artefacttype = \'blogpost\'
AND a.parent IN ( ' . $artefactids . ' )
AND a.owner = (SELECT owner from {view} WHERE id = ?)
AND a.owner = (SELECT "owner" from {view} WHERE id = ?)
ORDER BY a.ctime DESC
LIMIT 10', array($instance->get('view')))) {
$mostrecent = array();
......@@ -98,15 +98,6 @@ class PluginBlocktypeRecentposts extends PluginBlocktype {
);
}
/**
* Optional method. If specified, changes the order in which the artefacts are sorted in the artefact chooser.
*
* This is a valid SQL string for the ORDER BY clause. Fields you can sort on are as per the artefact table
*/
public static function artefactchooser_get_sort_order() {
return 'title';
}
public static function default_copy_type() {
return 'nocopy';
}
......
......@@ -289,7 +289,7 @@ class ArtefactTypeBlog extends ArtefactType {
public static function get_blog_list($limit, $offset) {
global $USER;
($result = get_records_sql_array("
SELECT * FROM {artefact} WHERE owner = ? AND artefacttype = 'blog'
SELECT * FROM {artefact} WHERE \"owner\" = ? AND artefacttype = 'blog'
ORDER BY title LIMIT ? OFFSET ?", array($USER->get('id'), $limit, $offset)))
|| ($result = array());
......
......@@ -3,7 +3,7 @@
<td style="width: 20px;" rowspan="2">
{$formcontrols}
</td>
<th><label for="{$elementname}_{$artefact->id}">{if $artefact->blog}{$artefact->blog|escape}: {/if}{$artefact->title|escape}{if $artefact->draft} [{str tag=draft section=artefact.blog}]{/if}</label></th>
<th><label for="{$elementname}_{$artefact->id}">{if $artefact->blog}{$artefact->blog|escape}: {/if}{$artefact->title|escape}</label></th>
</tr>
<tr>
<td>{if $artefact->description}{$artefact->description}{/if}</td>
......
......@@ -39,7 +39,7 @@ $id = param_integer('id', null);
if (is_null($id)) {
if (!$records = get_records_select_array(
'artefact',
"artefacttype = 'blog' AND owner = ?",
"artefacttype = 'blog' AND \"owner\" = ?",
array($USER->get('id')),
'id ASC'
)) {
......
......@@ -29,8 +29,8 @@ defined('INTERNAL') || die();
class LeapExportElementComment extends LeapExportElement {
public static function setup_links(&$links, $viewids, $artefactids) {
$viewlist = join(',', $viewids);
$artefactlist = join(',', $artefactids);
$viewlist = join(',', array_map('intval', $viewids));
$artefactlist = join(',', array_map('intval', $artefactids));
$records = get_records_select_array(
'artefact_comment_comment',
......
......@@ -76,7 +76,7 @@ class PluginArtefactComment extends PluginArtefact {
if (!$artefacts = get_column_sql("
SELECT artefact
FROM {artefact_comment_comment}
WHERE deletedby IS NULL AND onview IN (" . join(',', $viewids) . ')', array())) {
WHERE deletedby IS NULL AND onview IN (" . join(',', array_map('intval', $viewids)) . ')', array())) {
return array();
}
if ($attachments = get_column_sql('
......@@ -180,7 +180,7 @@ class ArtefactTypeComment extends ArtefactType {
return;
}
$idstr = join(',', $artefactids);
$idstr = join(',', array_map('intval', $artefactids));
db_begin();
delete_records_select('artefact_comment_comment', 'artefact IN (' . $idstr . ')');
......@@ -236,10 +236,10 @@ class ArtefactTypeComment extends ArtefactType {
);
if (!empty($artefactid)) {
$where = 'c.onartefact = ' . $artefactid;
$where = 'c.onartefact = ' . (int)$artefactid;
}
else {
$where = 'c.onview = ' . $viewid;
$where = 'c.onview = ' . (int)$viewid;
}
if (!$canedit) {
$where .= ' AND (c.private = 0 OR a.author = ' . (int) $userid . ')';
......@@ -305,7 +305,7 @@ class ArtefactTypeComment extends ArtefactType {
return get_records_sql_assoc('
SELECT c.onview, COUNT(c.artefact) AS comments
FROM {artefact_comment_comment} c
WHERE c.onview IN (' . join(',', $viewids) . ') AND c.deletedby IS NULL
WHERE c.onview IN (' . join(',', array_map('intval', $viewids)) . ') AND c.deletedby IS NULL
GROUP BY c.onview',
array()
);
......@@ -314,7 +314,7 @@ class ArtefactTypeComment extends ArtefactType {
return get_records_sql_assoc('
SELECT c.onartefact, COUNT(c.artefact) AS comments
FROM {artefact_comment_comment} c
WHERE c.onartefact IN (' . join(',', $artefactids) . ') AND c.deletedby IS NULL
WHERE c.onartefact IN (' . join(',', array_map('intval', $artefactids)) . ') AND c.deletedby IS NULL
GROUP BY c.onartefact',
array()
);
......
......@@ -117,7 +117,7 @@ class PluginBlocktypeFolder extends PluginBlocktype {
}
public static function artefactchooser_get_sort_order() {
return 'parent, title';
return array(array('fieldname' => 'parent'), array('fieldname' => 'title'));
}
public static function filebrowser_element(&$instance, $default=array()) {
......
......@@ -93,9 +93,6 @@ class PluginBlocktypeHtml extends PluginBlocktype {
}
public static function artefactchooser_element($default=null) {
$extraselect = 'filetype IN (' . join(',', array_map('db_quote', self::get_allowed_mimetypes())) . ')';
$extrajoin = ' JOIN {artefact_file_files} ON {artefact_file_files}.artefact = a.id ';
return array(
'name' => 'artefactid',
'type' => 'artefactchooser',
......@@ -105,7 +102,6 @@ class PluginBlocktypeHtml extends PluginBlocktype {
'limit' => 10,
'artefacttypes' => array('file'),
'template' => 'artefact:file:artefactchooser-element.tpl',
'extraselect' => $extraselect,
);
}
......
......@@ -110,9 +110,6 @@ class PluginBlocktypeInternalmedia extends PluginBlocktype {
}
public static function artefactchooser_element($default=null) {
$extraselect = 'filetype IN (' . join(',', array_map('db_quote', self::get_allowed_mimetypes())) . ')';
$extrajoin = ' JOIN {artefact_file_files} ON {artefact_file_files}.artefact = a.id ';
return array(
'name' => 'artefactid',
'type' => 'artefactchooser',
......@@ -122,8 +119,6 @@ class PluginBlocktypeInternalmedia extends PluginBlocktype {
'limit' => 5,
'selectone' => true,
'artefacttypes' => array('file'),
'extraselect' => $extraselect,
'extrajoin' => $extrajoin,
'template' => 'artefact:file:artefactchooser-element.tpl',
);
}
......
......@@ -281,7 +281,7 @@ abstract class ArtefactTypeFileBase extends ArtefactType {
LEFT OUTER JOIN {artefact_file_files} f ON f.artefact = a.id
WHERE a.title = ?
AND a.' . $ownersql . '
AND a.parent ' . (empty($folder) ? ' IS NULL' : ' = ' . $folder) . '
AND a.parent ' . (empty($folder) ? ' IS NULL' : ' = ' . (int)$folder) . '
AND a.artefacttype IN ' . $filetypesql, array($title));
}
......@@ -635,7 +635,7 @@ abstract class ArtefactTypeFileBase extends ArtefactType {
$end = '';
}
$where = $parent ? "parent = $parent" : 'parent IS NULL';
$where = ($parent && is_int($parent)) ? "parent = $parent" : 'parent IS NULL';
$where .= ' AND ' . artefact_owner_sql($owner, $group, $institution);
$taken = get_column_sql("
......@@ -984,7 +984,7 @@ class ArtefactTypeFile extends ArtefactTypeFileBase {
return;
}
$idstr = join(',', $artefactids);
$idstr = join(',', array_map('intval', $artefactids));
db_begin();
// Get the size of all the files we're about to delete that belong to
......@@ -1345,7 +1345,7 @@ class ArtefactTypeFolder extends ArtefactTypeFileBase {
* @param array $artefactstoignore A list of IDs to not consider as the given folder. See {@link default_parent_for_copy()}
*/
public static function get_folder_by_name($name, $parentfolderid=null, $userid=null, $groupid=null, $institution=null, $artefactstoignore=array()) {
$parentclause = $parentfolderid ? 'parent = ' . $parentfolderid : 'parent IS NULL';
$parentclause = ($parentfolderid && is_int($parentfolderid)) ? 'parent = ' . $parentfolderid : 'parent IS NULL';
$ownerclause = artefact_owner_sql($userid, $groupid, $institution);
$ignoreclause = $artefactstoignore ? ' AND id NOT IN(' . implode(', ', array_map('db_quote', $artefactstoignore)) . ')' : '';
return get_record_sql('SELECT * FROM {artefact}
......@@ -1538,7 +1538,7 @@ class ArtefactTypeImage extends ArtefactTypeFile {
return;
}
db_begin();
delete_records_select('artefact_file_image', 'artefact IN (' . join(',', $artefactids) . ')');
delete_records_select('artefact_file_image', 'artefact IN (' . join(',', array_map('intval', $artefactids)) . ')');
parent::bulk_delete($artefactids);
db_commit();
}
......
......@@ -92,7 +92,7 @@ class PluginBlocktypeContactinfo extends PluginBlocktype {
FROM {artefact} a
WHERE artefacttype = \'email\'
AND a.owner = (
SELECT owner
SELECT "owner"
FROM {view}
WHERE id = ?
)
......@@ -151,7 +151,7 @@ class PluginBlocktypeContactinfo extends PluginBlocktype {
$artefacttypes = array_diff(PluginArtefactInternal::get_contactinfo_artefact_types(), array('email'));
$artefactids = get_column_sql('
SELECT id FROM {artefact}
WHERE owner = ? AND artefacttype IN (' . join(',', array_map('db_quote', $artefacttypes)) . ')', array($view->get('owner')));
WHERE \"owner\" = ? AND artefacttype IN (' . join(',', array_map('db_quote', $artefacttypes)) . ')', array($view->get('owner')));
$configdata['artefactids'] = $artefactids;
if (isset($configdata['email'])) {
if ($newemail = get_field('artefact_internal_profile_email', 'artefact', 'principal', 1, 'owner', $view->get('owner'))) {
......
......@@ -129,7 +129,7 @@ class PluginBlocktypeProfileinfo extends PluginBlocktype {
FROM {artefact} a
WHERE (artefacttype = \'profileicon\' OR artefacttype = \'email\')
AND a.owner = (
SELECT owner
SELECT "owner"
FROM {view}
WHERE id = ?
)
......@@ -226,7 +226,7 @@ class PluginBlocktypeProfileinfo extends PluginBlocktype {
$artefacttypes = array_diff(PluginArtefactInternal::get_artefact_types(), array('email'));
$artefactids = get_column_sql('
SELECT id FROM {artefact}
WHERE owner = ? AND artefacttype IN (' . join(',', array_map('db_quote', $artefacttypes)) . ')', array($view->get('owner')));
WHERE \"owner\" = ? AND artefacttype IN (' . join(',', array_map('db_quote', $artefacttypes)) . ')', array($view->get('owner')));
$configdata['artefactids'] = $artefactids;
if (isset($configdata['email'])) {
if ($newemail = get_field('artefact_internal_profile_email', 'artefact', 'principal', 1, 'owner', $view->get('owner'))) {
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment