From 7cd3b35caf61bd1b0799b70f4d75ba7cae707e50 Mon Sep 17 00:00:00 2001 From: hecht Date: Thu, 7 May 2015 19:54:56 +0000 Subject: [PATCH] Hotfix for sql injection vulnerability. --- ag/clan/add.php | 4 ++-- ag/include/parse.inc.php | 5 +++++ ag/info/attacken.php | 4 ++-- ag/markt.php | 2 +- ag/ranglist.php | 2 +- 5 files changed, 11 insertions(+), 6 deletions(-) diff --git a/ag/clan/add.php b/ag/clan/add.php index 2710d45..1f399ff 100644 --- a/ag/clan/add.php +++ b/ag/clan/add.php @@ -14,8 +14,8 @@ include_once (ROOT_PATH . '/include/clan.inc.php'); // GET-Section // Kritisch (SQL-Injections) $clanid = validateUnsignedInteger($_GET['clanid'], null); -$poll1 = validateString($_GET['poll1']); -$poll2 = validateString('ASC'); +$poll1 = validateStringCritical($_GET['poll1']); +$poll2 = validateStringCritical($_GET['poll2']); $pagenum = validateUnsignedInteger($_GET['pagenum'], null); // Unkritisch diff --git a/ag/include/parse.inc.php b/ag/include/parse.inc.php index 9e008a8..dbe9568 100644 --- a/ag/include/parse.inc.php +++ b/ag/include/parse.inc.php @@ -302,6 +302,11 @@ function validateStringArray($value){ return $value; } +function validateStringCritical($value) { + $value = validateString($value); + return preg_replace('#[()\]\[\s]#', '', $value); +} + function validateEmailAddress($mail){ return validateString($mail); } diff --git a/ag/info/attacken.php b/ag/info/attacken.php index 373be6a..a8130bf 100644 --- a/ag/info/attacken.php +++ b/ag/info/attacken.php @@ -395,8 +395,8 @@ $fruchttyp= validateString($_GET['fruchttyp']); $rassen = validateUnsignedInteger($_GET['rassen']); $tf = validateUnsignedInteger($_GET['tf']); $search = validateString($_GET['search']); -$order = validateString($_GET['order']); -$order_art = validateString($_GET['order_art']); +$order = validateStringCritical($_GET['order']); +$order_art = validateStringCritical($_GET['order_art']); $pagenum = validateUnsignedInteger($_GET['pagenum']); $seiten = validateUnsignedInteger($_GET['seiten']); $last_klick1 = validateString($_GET['last_klick1']); diff --git a/ag/markt.php b/ag/markt.php index 5db2b25..1f9745c 100644 --- a/ag/markt.php +++ b/ag/markt.php @@ -40,7 +40,7 @@ $item_9 = validateUnsignedInteger($_GET['item_9'], null); $item_10 = validateUnsignedInteger($_GET['item_10'], null); $pagenum = validateUnsignedInteger($_GET['pagenum'], null); $oder = validateString($_GET['oder']); -$ords = validateString($_GET['ords']); +$ords = validateStringCritical($_GET['ords']); $charm = validateString($_GET['charm']); // Unkritisch diff --git a/ag/ranglist.php b/ag/ranglist.php index 99e7792..117ccb0 100644 --- a/ag/ranglist.php +++ b/ag/ranglist.php @@ -15,7 +15,7 @@ include_once(ROOT_PATH.'/include/char.inc.php'); // GET-Section // Kritisch (SQL-Injections) -$wahl = validateString($_GET['wahl']); +$wahl = validateStringCritical($_GET['wahl']); $char_name = validateName($_GET['char_name']); $char_vorhanden = mysql_num_rows(mysql_query('SELECT id FROM chars WHERE name like \''.$char_name.'%\' LIMIT 1'));