Commit 6516c8a3 authored by thomas's avatar thomas
Browse files

Escape all values interpolated in SQL queries in the Perso controller

One of the parameters was correctly escaped with \Utils::asl() (a wrapper
around addslashes()), but not in the right context: it is only effective when
the value is interpolated in a SQL string.
parent 93430d92
......@@ -46,7 +46,7 @@ class Perso extends Controller
$db = $f3->get('DB');
$user = $f3->get('container')['user_finder']->findById($f3->get('SESSION.id'));
$f3->set('infos', $user);
$result = $db->query("SELECT id, pdf, decimale FROM dons WHERE user_id='".$user['id']."' and pdf!='' ");
$result = $db->query("SELECT id, pdf, decimale FROM dons WHERE user_id='".\Utils::asl($user['id'])."' and pdf!='' ");
$pdfs = array();
foreach ($result->fetchAll(\PDO::FETCH_ASSOC) as $row) {
$pdfs[$row['pdf']] = $row;
......@@ -220,7 +220,7 @@ class Perso extends Controller
$hash = hash('sha256', $f3->get('password'));
// On recherche le montant cumulé jusqu'à présent. On fait la somme depuis le
// premier janvier 2013 en se basant sur l'adresse mail
$res = $db->query("SELECT sum(dons.somme) as somme FROM dons INNER JOIN users WHERE dons.user_id = users.id AND users.email='".$f3->get('email')."' and dons.status in (1, 4, 102) and dons.datec>'2013-01-01';");
$res = $db->query("SELECT sum(dons.somme) as somme FROM dons INNER JOIN users WHERE dons.user_id = users.id AND users.email='".\Utils::asl($f3->get('email'))."' and dons.status in (1, 4, 102) and dons.datec>'2013-01-01';");
$total = $res->fetch(\PDO::FETCH_ASSOC);
$total = (int) $total['somme'];
// Création de l'utilisateur
......@@ -250,7 +250,7 @@ class Perso extends Controller
$hash = hash('sha256', $f3->get('password'));
$sql .= ", hash='".$hash."'";
}
$sql .= " WHERE id='".$f3->get('SESSION.id')."'";
$sql .= " WHERE id='".\Utils::asl($f3->get('SESSION.id'))."'";
$db->query($sql);
}
} else {
......@@ -405,7 +405,7 @@ class Perso extends Controller
FROM dons
INNER JOIN users ON users.id = dons.user_id
LEFT OUTER JOIN adresses ON adresses.user_id = users.id
WHERE users.id=".$f3->get('SESSION.id')." AND dons.id=".\Utils::asl($id).";";
WHERE users.id='".\Utils::asl($f3->get('SESSION.id'))."' AND dons.id='".\Utils::asl($id)."';";
$result = $db->query($query);
$logger->write($query);
$don = $result->fetch(\PDO::FETCH_ASSOC);
......@@ -494,7 +494,7 @@ class Perso extends Controller
$f3->reroute('/login');
}
$db = $f3->get('DB');
$result = $db->query("SELECT identifier, user_id from identifiers where identifier like '".$params['id']."' and user_id='".\Utils::asl($f3->get('SESSION.id'))."'");
$result = $db->query("SELECT identifier, user_id from identifiers where identifier like '".\Utils::asl($params['id'])."' and user_id='".\Utils::asl($f3->get('SESSION.id'))."'");
$result = $result->fetch(\PDO::FETCH_ASSOC);
if ($result) {
$identifier = $result['identifier'];
......@@ -526,8 +526,8 @@ class Perso extends Controller
status = '103',
datec = NOW(),
somme = 0,
user_id = '".$user_id."',
identifier = '".$identifier."',
user_id = '".\Utils::asl($user_id)."',
identifier = '".\Utils::asl($identifier)."',
cumul = 0;");
$f3->push('SESSION.message', _("Don récurrent supprimé."));
$f3->reroute('/perso');
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment