Commit bd16374a authored by David Morley's avatar David Morley

Merge pull request #13 from votacom/master

SQL security fix
parents d061f628 55d101e7
......@@ -73,12 +73,8 @@ if (stristr($output, 'Set-Cookie: _diaspora_session=')) {
}
if ($valid=="1") {
$pingdomurl = pg_escape_string($_POST['url']);
$domain = pg_escape_string($_POST['domain']);
$email = pg_escape_string($_POST['email']);
$sql = "INSERT INTO pods (domain, pingdomurl, email) VALUES('$domain', '$pingdomurl', '$email')";
$result = pg_query($dbh, $sql);
$sql = "INSERT INTO pods (domain, pingdomurl, email) VALUES($1, $2, $3)";
$result = pg_query_params($dbh, $sql, array($_POST['domain'], $_POST['url'], $_POST['email']));
if (!$result) {
die("Error in SQL query: " . pg_last_error());
}
......@@ -97,4 +93,4 @@ if ($valid=="1") {
echo "Could not validate your pod on http or https, check your setup!";
}
?>
\ No newline at end of file
?>
......@@ -6,9 +6,8 @@
if (!$dbh) {
die("Error in connection: " . pg_last_error());
}
$domain = $_GET['url'];
$sql = "SELECT * FROM pods WHERE domain = '$domain'";
$result = pg_query($dbh, $sql);
$sql = "SELECT * FROM pods WHERE domain = $1";
$result = pg_query_params($dbh, $sql, array($_GET['url']));
if (!$result) {
die("Error in SQL query: " . pg_last_error());
}
......
......@@ -22,10 +22,17 @@ $debug = isset($argv[1])?1:0;
}
//foreach pod check it and update db
$domain = isset($_GET['domain'])?$_GET['domain']:null;
if ($domain) {$sql = "SELECT domain,pingdomurl,score,datecreated FROM pods WHERE domain = '$domain'";$sleep="0";}
else {$sql = "SELECT domain,pingdomurl,score,datecreated,adminrating FROM pods";$sleep="1";}
if ($domain) {
$sql = "SELECT domain,pingdomurl,score,datecreated FROM pods WHERE domain = $1";
$sleep="0";
$result = pg_query_params($dbh, $sql, array($domain));
}
else {
$sql = "SELECT domain,pingdomurl,score,datecreated,adminrating FROM pods";
$sleep="1";
$result = pg_query($dbh, $sql);
}
$result = pg_query($dbh, $sql);
if (!$result) {
die("Error in SQL query1: " . pg_last_error());
}
......@@ -38,8 +45,8 @@ $debug = isset($argv[1])?1:0;
$admindb = $row[$i]['adminrating'];
//get ratings
$userrate=0;$adminrate=0;$userratingavg = array();$adminratingavg = array();$userrating = array();$adminrating = array();
$sqlforr = "SELECT * FROM rating_comments WHERE domain = '$domain'";
$ratings = pg_query($dbh, $sqlforr);
$sqlforr = "SELECT * FROM rating_comments WHERE domain = $1";
$ratings = pg_query_params($dbh, $sqlforr, array($domain));
if (!$ratings) {
die("Error in SQL query2: " . pg_last_error());
}
......@@ -263,15 +270,14 @@ $pingdomdate = date('Y-m-d H:i:s');
}
//sql it
$timenow = date('Y-m-d H:i:s');
$city = pg_escape_string($city);
$sql = "UPDATE pods SET Hgitdate='$gitdate', Hencoding='$encoding', secure='$secure', hidden='$hidden', Hruntime='$runtime', Hgitref='$gitrev', ip='$ipnum', ipv6='$ipv6', monthsmonitored='$months',
uptimelast7='$uptime', status='$live', dateLaststats='$pingdomdate', dateUpdated='$timenow', responsetimelast7='$responsetime', score='$score', adminrating='$adminrating', country='$country', city='$city',
state='$state', lat='$lat', long='$long', postalcode='', connection='$dver', whois='$whois', userrating='$userrating', longversion='$xdver[1]', shortversion='$dver',
masterversion='$masterversion'
$sql = "UPDATE pods SET Hgitdate=$1, Hencoding=$2, secure=$3, hidden=$4, Hruntime=$5, Hgitref=$6, ip=$7, ipv6=$8, monthsmonitored=$9,
uptimelast7=$10, status$11', dateLaststats=$12, dateUpdated=$13, responsetimelast7=$14, score=$15, adminrating=$16, country=$17, city=$18,
state=$19, lat=$20, long=$21, postalcode='', connection=$22, whois=$23, userrating=$24, longversion=$25, shortversion=$26,
masterversion=$27
WHERE
domain='$domain'";
domain=$28";
if ($debug) {echo "SQL: ".$sql."<br>";}
$result = pg_query($dbh, $sql);
$result = pg_query_params($dbh, $sql, array($gitdate, $encoding, $secure, $hidden, $runtime, $gitrev, $ipnum, $ipv6, $months, $uptime, $live, $pingdomdate, $timenow, $responsetime, $score, $adminrating, $country, $city, $state, $lat, $long, $dver, $whois, $userrating, $xdver[1], $dver, $masterversion, $domain));
if (!$result) {
die("Error in SQL query3: " . pg_last_error());
}
......
......@@ -21,17 +21,12 @@ if (!$_POST['rating']){
die;
}
$domain = pg_escape_string($_POST['domain']);
$comment = pg_escape_string($_POST['comment']);
$rating = pg_escape_string($_POST['rating']);
$username = pg_escape_string($_POST['username']);
$userurl = pg_escape_string($_POST['userurl']);
$dbh = pg_connect("dbname=$pgdb user=$pguser password=$pgpass");
if (!$dbh) {
die("Error in connection: " . pg_last_error());
}
$sql = "INSERT INTO rating_comments (domain, comment, rating, username, userurl) VALUES('$domain', '$comment', '$rating', '$username', '$userurl')";
$result = pg_query($dbh, $sql);
$sql = "INSERT INTO rating_comments (domain, comment, rating, username, userurl) VALUES($1, $2, $3, $4, $5)";
$result = pg_query_params($dbh, $sql, array($_POST['domain'], $_POST['comment'], $_POST['rating'], $_POST['username'], $_POST['userurl']));
if (!$result) {
die("Error in SQL query: " . pg_last_error());
}
......
......@@ -40,11 +40,11 @@ $("#rating").prop( "value", value )
if (!$dbh) {
die("Error in connection: " . pg_last_error());
}
if ($_GET['domain']) {
$domain = $_GET['domain'];
$sql = "SELECT * FROM rating_comments WHERE domain = '$domain'";
}
$result = pg_query($dbh, $sql);
if (~ $_GET['domain']) {
die("domain not specified");
}
$sql = "SELECT * FROM rating_comments WHERE domain = $1";
$result = pg_query_params($dbh, $sql, array($_GET['domain']));
if (!$result) {
die("Error in SQL query: " . pg_last_error());
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment