Commit a62cb836 authored by Francois Marier's avatar Francois Marier
Browse files

Extra validation for inline parameters (e.g. intval)


Signed-off-by: default avatarFrancois Marier <francois@catalyst.net.nz>
parent 408afd36
......@@ -77,7 +77,7 @@ function adminusers_submit(Pieform $form, $values) {
WHERE admin = 1');
execute_sql('UPDATE {usr}
SET admin = 1
WHERE id IN (' . join(',', $values['users']) . ')');
WHERE id IN (' . join(',', array_map('intval', $values['users'])) . ')');
activity_add_admin_defaults($values['users']);
db_commit();
$SESSION->add_ok_msg(get_string('adminusersupdated', 'admin'));
......
......@@ -94,7 +94,7 @@ function adminusers_submit(Pieform $form, $values) {
if ($values['users']) {
execute_sql('UPDATE {usr_institution}
SET admin = 1
WHERE usr IN (' . join(',', $values['users']) . ') AND institution = ' . db_quote($inst));
WHERE usr IN (' . join(',', array_map('intval', $values['users'])) . ') AND institution = ' . db_quote($inst));
}
require_once('activity.php');
activity_add_admin_defaults($values['users']);
......
......@@ -94,7 +94,7 @@ function staffusers_submit(Pieform $form, $values) {
if ($values['users']) {
execute_sql('UPDATE {usr_institution}
SET staff = 1
WHERE usr IN (' . join(',', $values['users']) . ') AND institution = ' . db_quote($inst));
WHERE usr IN (' . join(',', array_map('intval', $values['users'])) . ') AND institution = ' . db_quote($inst));
}
db_commit();
$SESSION->add_ok_msg(get_string('staffusersupdated', 'admin'));
......
......@@ -74,7 +74,7 @@ function staffusers_submit(Pieform $form, $values) {
if ($values['users']) {
execute_sql('UPDATE {usr}
SET staff = 1
WHERE id IN (' . join(',', $values['users']) . ')');
WHERE id IN (' . join(',', array_map('intval', $values['users'])) . ')');
}
db_commit();
$SESSION->add_ok_msg(get_string('staffusersupdated', 'admin'));
......
......@@ -29,8 +29,8 @@ defined('INTERNAL') || die();
class LeapExportElementComment extends LeapExportElement {
public static function setup_links(&$links, $viewids, $artefactids) {
$viewlist = join(',', $viewids);
$artefactlist = join(',', $artefactids);
$viewlist = join(',', array_map('intval', $viewids));
$artefactlist = join(',', array_map('intval', $artefactids));
$records = get_records_select_array(
'artefact_comment_comment',
......
......@@ -76,7 +76,7 @@ class PluginArtefactComment extends PluginArtefact {
if (!$artefacts = get_column_sql("
SELECT artefact
FROM {artefact_comment_comment}
WHERE deletedby IS NULL AND onview IN (" . join(',', $viewids) . ')', array())) {
WHERE deletedby IS NULL AND onview IN (" . join(',', array_map('intval', $viewids)) . ')', array())) {
return array();
}
if ($attachments = get_column_sql('
......@@ -180,7 +180,7 @@ class ArtefactTypeComment extends ArtefactType {
return;
}
$idstr = join(',', $artefactids);
$idstr = join(',', array_map('intval', $artefactids));
db_begin();
delete_records_select('artefact_comment_comment', 'artefact IN (' . $idstr . ')');
......@@ -305,7 +305,7 @@ class ArtefactTypeComment extends ArtefactType {
return get_records_sql_assoc('
SELECT c.onview, COUNT(c.artefact) AS comments
FROM {artefact_comment_comment} c
WHERE c.onview IN (' . join(',', $viewids) . ') AND c.deletedby IS NULL
WHERE c.onview IN (' . join(',', array_map('intval', $viewids)) . ') AND c.deletedby IS NULL
GROUP BY c.onview',
array()
);
......@@ -314,7 +314,7 @@ class ArtefactTypeComment extends ArtefactType {
return get_records_sql_assoc('
SELECT c.onartefact, COUNT(c.artefact) AS comments
FROM {artefact_comment_comment} c
WHERE c.onartefact IN (' . join(',', $artefactids) . ') AND c.deletedby IS NULL
WHERE c.onartefact IN (' . join(',', array_map('intval', $artefactids)) . ') AND c.deletedby IS NULL
GROUP BY c.onartefact',
array()
);
......
......@@ -635,7 +635,7 @@ abstract class ArtefactTypeFileBase extends ArtefactType {
$end = '';
}
$where = $parent ? "parent = $parent" : 'parent IS NULL';
$where = ($parent && is_int($parent)) ? "parent = $parent" : 'parent IS NULL';
$where .= ' AND ' . artefact_owner_sql($owner, $group, $institution);
$taken = get_column_sql("
......@@ -984,7 +984,7 @@ class ArtefactTypeFile extends ArtefactTypeFileBase {
return;
}
$idstr = join(',', $artefactids);
$idstr = join(',', array_map('intval', $artefactids));
db_begin();
// Get the size of all the files we're about to delete that belong to
......@@ -1345,7 +1345,7 @@ class ArtefactTypeFolder extends ArtefactTypeFileBase {
* @param array $artefactstoignore A list of IDs to not consider as the given folder. See {@link default_parent_for_copy()}
*/
public static function get_folder_by_name($name, $parentfolderid=null, $userid=null, $groupid=null, $institution=null, $artefactstoignore=array()) {
$parentclause = $parentfolderid ? 'parent = ' . $parentfolderid : 'parent IS NULL';
$parentclause = ($parentfolderid && is_int($parentfolderid)) ? 'parent = ' . $parentfolderid : 'parent IS NULL';
$ownerclause = artefact_owner_sql($userid, $groupid, $institution);
$ignoreclause = $artefactstoignore ? ' AND id NOT IN(' . implode(', ', array_map('db_quote', $artefactstoignore)) . ')' : '';
return get_record_sql('SELECT * FROM {artefact}
......@@ -1538,7 +1538,7 @@ class ArtefactTypeImage extends ArtefactTypeFile {
return;
}
db_begin();
delete_records_select('artefact_file_image', 'artefact IN (' . join(',', $artefactids) . ')');
delete_records_select('artefact_file_image', 'artefact IN (' . join(',', array_map('intval', $artefactids)) . ')');
parent::bulk_delete($artefactids);
db_commit();
}
......
......@@ -520,7 +520,7 @@ abstract class ArtefactType {
$records = get_records_select_assoc(
'artefact',
'id IN (' . join(',', $artefactids) . ')',
'id IN (' . join(',', array_map('intval', $artefactids)) . ')',
null, 'artefacttype', 'id,parent,artefacttype,container'
);
......@@ -591,7 +591,7 @@ abstract class ArtefactType {
return;
}
$idstr = '(' . join(',', $artefactids) . ')';
$idstr = '(' . join(',', array_map('intval', $artefactids)) . ')';
db_begin();
......@@ -984,7 +984,7 @@ abstract class ArtefactType {
FROM {artefact_attachment} aa
INNER JOIN {artefact} a ON aa.attachment = a.id
LEFT JOIN {artefact_file_files} f ON a.id = f.artefact
WHERE aa.artefact IN (' . join(', ', $artefactids) . ')', '');
WHERE aa.artefact IN (' . join(', ', array_map('intval', $artefactids)) . ')', '');
if (!$attachments) {
return array();
}
......@@ -1197,7 +1197,7 @@ function artefact_get_parents_for_cache($artefactids, &$parentids=false) {
if (!is_array($artefactids)) {
$artefactids = array($artefactids);
}
$current = $artefactids;
$current = array_map('intval', $artefactids);
if (empty($parentids)) { // first call
$parentids = array();
}
......@@ -1311,7 +1311,7 @@ function artefact_instance_from_type($artefact_type, $user_id=null) {
function artefact_watchlist_notification($artefactids) {
// gets all the views containing this artefact or a parent of this artefact and creates a watchlist activity for each view
if ($views = get_column_sql('SELECT DISTINCT "view" FROM {view_artefact} WHERE artefact IN (' . implode(',', array_merge(array_keys(artefact_get_parents_for_cache($artefactids)), $artefactids)) . ')')) {
if ($views = get_column_sql('SELECT DISTINCT "view" FROM {view_artefact} WHERE artefact IN (' . implode(',', array_merge(array_keys(artefact_get_parents_for_cache($artefactids)), array_map('intval', $artefactids))) . ')')) {
require_once('activity.php');
foreach ($views as $view) {
activity_occurred('watchlist', (object)array('view' => $view));
......@@ -1329,7 +1329,7 @@ function artefact_get_descendants($new) {
$children = get_column_sql('
SELECT id
FROM {artefact}
WHERE parent IN (' . implode(',', $new) . ') AND id NOT IN (' . implode(',', $seen) . ')', array());
WHERE parent IN (' . implode(',', array_map('intval', $new)) . ') AND id NOT IN (' . implode(',', array_map('intval', $seen)) . ')', array());
if ($children) {
$new = array_diff($children, $seen);
$new = array_combine($new, $new);
......@@ -1378,7 +1378,7 @@ function artefact_get_references_in_html($html) {
function artefact_get_records_by_id($ids) {
if (!empty($ids)) {
if ($records = get_records_select_assoc('artefact', 'id IN (' . join(',', $ids) . ')')) {
if ($records = get_records_select_assoc('artefact', 'id IN (' . join(',', array_map('intval', $ids)) . ')')) {
return $records;
}
}
......
......@@ -843,7 +843,7 @@ class BlockInstance {
// Get list of allowed artefacts
require_once('view.php');
$searchdata = array(
'extraselect' => 'id IN (' . join(',', $artefacts) . ')',
'extraselect' => 'id IN (' . join(',', array_map('intval', $artefacts)) . ')',
'userartefactsallowed' => true, // If this is a group view, the user can add personally owned artefacts
);
list($allowed, $count) = View::get_artefactchooser_artefacts(
......
......@@ -365,7 +365,7 @@ class PluginInteractionForum extends PluginInteraction {
public static function interaction_forum_new_post($postnow=null) {
if (is_array($postnow) && !empty($postnow)) {
$values = array();
$postswhere = 'id IN (' . join(',', $postnow) . ')';
$postswhere = 'id IN (' . join(',', array_map('intval', $postnow)) . ')';
}
else {
$currenttime = time();
......
......@@ -85,7 +85,7 @@ $moderators = get_column_sql(
// updates the selected topics as subscribed/closed/sticky
if ($membership && isset($_POST['checked'])) {
$checked = array_keys($_POST['checked']);
$checked = array_map('intval', array_keys($_POST['checked']));
// get type based on which button was pressed
if (isset($_POST['updatetopics'])) {
$type = $_POST['type'];
......
......@@ -49,7 +49,7 @@ function pieform_element_userlist(Pieform $form, $element) {
if (is_array($value) && count($value)) {
$orderby = (isset($element['searchparams']['orderby']) && $element['searchparams']['orderby'] == 'lastname') ? 'lastname,firstname,id' : 'firstname,lastname,id';
$members = get_records_select_assoc('usr','id IN (' . join(',',$value) . ')', null, $orderby, 'id,username,firstname,lastname,preferredname,staff');
$members = get_records_select_assoc('usr','id IN (' . join(',',array_map('intval', $value)) . ')', null, $orderby, 'id,username,firstname,lastname,preferredname,staff');
foreach($members as &$member) {
$member = display_name($member);
......
......@@ -340,7 +340,7 @@ class Institution {
public function removeMembers($userids) {
// Remove self last.
global $USER;
$users = get_records_select_array('usr', 'id IN (' . join(',', $userids) . ')');
$users = get_records_select_array('usr', 'id IN (' . join(',', array_map('intval', $userids)) . ')');
$removeself = false;
foreach ($users as $user) {
if ($user->id == $USER->id) {
......
......@@ -1253,6 +1253,7 @@ function get_new_username($desired) {
*/
function get_users_data($userlist, $getviews=true) {
global $USER;
// $userlist is only used by build_userlist_html() in this file and is sanitised there
$sql = 'SELECT u.id, u.username, u.preferredname, u.firstname, u.lastname, u.admin, u.staff, u.deleted,
u.profileicon, u.email,
0 AS pending, ap.value AS hidenamepref,
......@@ -1389,7 +1390,7 @@ function get_users_data($userlist, $getviews=true) {
function build_userlist_html(&$data, $page, $admingroups) {
if ($data['data']) {
$userlist = join(',', array_map(create_function('$u','return $u[\'id\'];'), $data['data']));
$userlist = join(',', array_map(create_function('$u','return (int)$u[\'id\'];'), $data['data']));
$userdata = get_users_data($userlist, $page == 'myfriends');
}
$smarty = smarty_core();
......
......@@ -2521,7 +2521,7 @@ class View {
}
}
$viewidlist = join(',', array_keys($viewdata));
$viewidlist = join(',', array_map('intval', array_keys($viewdata)));
if ($getartefacts) {
$artefacts = get_records_sql_array('SELECT va.view, va.artefact, a.title, a.artefacttype, t.plugin
FROM {view_artefact} va
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment