[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Fmsystem-commits] [14868] some clean up
|
From: |
Sigurd Nes |
|
Subject: |
[Fmsystem-commits] [14868] some clean up |
|
Date: |
Sun, 27 Mar 2016 21:55:41 +0000 |
Revision: 14868
http://svn.sv.gnu.org/viewvc/?view=rev&root=fmsystem&revision=14868
Author: sigurdne
Date: 2016-03-27 21:55:41 +0000 (Sun, 27 Mar 2016)
Log Message:
-----------
some clean up
Modified Paths:
--------------
trunk/catch/templates/base/cat_filter.xsl
trunk/catch/templates/base/cat_select.xsl
trunk/hrm/templates/base/admin.xsl
trunk/hrm/templates/base/cat_filter.xsl
trunk/hrm/templates/base/cat_select.xsl
trunk/phpgwapi/inc/class.db.inc.php
trunk/phpgwapi/inc/class.phpgw.inc.php
trunk/phpgwapi/inc/class.xslttemplates.inc.php
trunk/preferences/templates/base/admin_acl.xsl
trunk/preferences/templates/base/cat_filter.xsl
trunk/sms/templates/base/cat_filter.xsl
trunk/sms/templates/base/cat_select.xsl
Modified: trunk/catch/templates/base/cat_filter.xsl
===================================================================
--- trunk/catch/templates/base/cat_filter.xsl 2016-03-26 16:04:41 UTC (rev
14867)
+++ trunk/catch/templates/base/cat_filter.xsl 2016-03-27 21:55:41 UTC (rev
14868)
@@ -24,7 +24,7 @@
<xsl:template match="cat_list">
<xsl:variable name="id"><xsl:value-of select="id"/></xsl:variable>
<xsl:choose>
- <xsl:when test="selected='selected'">
+ <xsl:when test="selected='selected' or selected = 1">
<option value="{$id}"
selected="selected"><xsl:value-of disable-output-escaping="yes"
select="name"/></option>
</xsl:when>
<xsl:otherwise>
Modified: trunk/catch/templates/base/cat_select.xsl
===================================================================
--- trunk/catch/templates/base/cat_select.xsl 2016-03-26 16:04:41 UTC (rev
14867)
+++ trunk/catch/templates/base/cat_select.xsl 2016-03-27 21:55:41 UTC (rev
14868)
@@ -12,7 +12,7 @@
<xsl:template match="cat_list">
<xsl:variable name="cat_id"><xsl:value-of
select="cat_id"/></xsl:variable>
<xsl:choose>
- <xsl:when test="selected='selected'">
+ <xsl:when test="selected='selected' or selected = 1">
<option value="{$cat_id}"
selected="selected"><xsl:value-of disable-output-escaping="yes"
select="name"/></option>
</xsl:when>
<xsl:otherwise>
Modified: trunk/hrm/templates/base/admin.xsl
===================================================================
--- trunk/hrm/templates/base/admin.xsl 2016-03-26 16:04:41 UTC (rev 14867)
+++ trunk/hrm/templates/base/admin.xsl 2016-03-27 21:55:41 UTC (rev 14868)
@@ -852,7 +852,7 @@
<xsl:template match="vendor_category">
<xsl:variable name="cat_id"><xsl:value-of
select="cat_id"/></xsl:variable>
<xsl:choose>
- <xsl:when test="selected='selected'">
+ <xsl:when test="selected='selected' or selected = 1">
<option value="{$cat_id}"
selected="selected"><xsl:value-of disable-output-escaping="yes"
select="name"/></option>
</xsl:when>
<xsl:otherwise>
Modified: trunk/hrm/templates/base/cat_filter.xsl
===================================================================
--- trunk/hrm/templates/base/cat_filter.xsl 2016-03-26 16:04:41 UTC (rev
14867)
+++ trunk/hrm/templates/base/cat_filter.xsl 2016-03-27 21:55:41 UTC (rev
14868)
@@ -24,7 +24,7 @@
<xsl:template match="cat_list">
<xsl:variable name="cat_id"><xsl:value-of
select="cat_id"/></xsl:variable>
<xsl:choose>
- <xsl:when test="selected='selected'">
+ <xsl:when test="selected='selected' or selected = 1">
<option value="{$cat_id}"
selected="selected"><xsl:value-of disable-output-escaping="yes"
select="name"/></option>
</xsl:when>
<xsl:otherwise>
Modified: trunk/hrm/templates/base/cat_select.xsl
===================================================================
--- trunk/hrm/templates/base/cat_select.xsl 2016-03-26 16:04:41 UTC (rev
14867)
+++ trunk/hrm/templates/base/cat_select.xsl 2016-03-27 21:55:41 UTC (rev
14868)
@@ -12,7 +12,7 @@
<xsl:template match="cat_list">
<xsl:variable name="cat_id"><xsl:value-of
select="cat_id"/></xsl:variable>
<xsl:choose>
- <xsl:when test="selected='selected'">
+ <xsl:when test="selected='selected' or selected = 1">
<option value="{$cat_id}"
selected="selected"><xsl:value-of disable-output-escaping="yes"
select="name"/></option>
</xsl:when>
<xsl:otherwise>
Modified: trunk/phpgwapi/inc/class.db.inc.php
===================================================================
--- trunk/phpgwapi/inc/class.db.inc.php 2016-03-26 16:04:41 UTC (rev 14867)
+++ trunk/phpgwapi/inc/class.db.inc.php 2016-03-27 21:55:41 UTC (rev 14868)
@@ -742,8 +742,17 @@
{
// return;
$sql_parts = preg_split('/where/i', $sql);
- if (is_array($sql_parts) && count($sql_parts) >1 )
+ if (is_array($sql_parts) && count($sql_parts) > 1 )
{
+ switch ( $this->Type )
+ {
+ case 'postgres':
+ $pattern =
"/((?=.*\bUNION\b)(?=.*\bALL\b)|\bPG_SLEEP\b|\bCHR\b|\bGENERATE_SERIES\b)/i";
+ break;
+ default:
+ $pattern =
"/((?=.*\bUNION\b)(?=.*\bALL\b)|\bCHR\b)/i";
+ }
+
$first_element = true;
foreach ($sql_parts as $sql_part)
{
@@ -752,7 +761,7 @@
$first_element = false;
continue;
}
-
if(preg_match("/((?=.*\bUNION\b)(?=.*\bALL\b)|\bPG_SLEEP\b|\bCHR\b|\bGENERATE_SERIES\b)/i",
$sql))
+ if(preg_match($pattern, $sql))
{
$this->transaction_abort();
trigger_error('Attempt on
SQL-injection', E_USER_ERROR);
Modified: trunk/phpgwapi/inc/class.phpgw.inc.php
===================================================================
--- trunk/phpgwapi/inc/class.phpgw.inc.php 2016-03-26 16:04:41 UTC (rev
14867)
+++ trunk/phpgwapi/inc/class.phpgw.inc.php 2016-03-27 21:55:41 UTC (rev
14868)
@@ -367,8 +367,41 @@
return self::clean_value($value, $value_type,
$default);
}
-
+
+ public static function get_ip_address() {
+ $ip_keys = array('HTTP_CLIENT_IP',
'HTTP_X_FORWARDED_FOR', 'HTTP_X_FORWARDED', 'HTTP_X_CLUSTER_CLIENT_IP',
'HTTP_FORWARDED_FOR', 'HTTP_FORWARDED', 'REMOTE_ADDR');
+ foreach ($ip_keys as $key)
+ {
+ if (array_key_exists($key, $_SERVER)
=== true)
+ {
+ foreach (explode(',',
$_SERVER[$key]) as $ip)
+ {
+ // trim for safety
measures
+ $ip = trim($ip);
+ // attempt to validate
IP
+ if
(self::validate_ip($ip))
+ {
+ return $ip;
+ }
+ }
+ }
+ }
+ return isset($_SERVER['REMOTE_ADDR']) ?
$_SERVER['REMOTE_ADDR'] : false;
+ }
+
/**
+ * Ensures an ip address is both a valid IP and does
not fall within
+ * a private network range.
+ */
+ public static function validate_ip($ip)
+ {
+ if (filter_var($ip, FILTER_VALIDATE_IP,
FILTER_FLAG_IPV4 | FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE) ===
false) {
+ return false;
+ }
+ return true;
+ }
+
+ /**
* Test (and sanitise) the value of a variable
*
* @param mixed $value the value to test
@@ -395,6 +428,16 @@
$value = stripslashes($value);
}
+ if(preg_match('/\'$/', $value))
+ {
+ $error = 'SQL-injection spottet.';
+ $error .= " <br/> Your IP is logged";
+ $ip_address = self::get_ip_address();
+ echo $error;
+ trigger_error("$error: {$ip_address}",
E_USER_ERROR);
+ $GLOBALS['phpgw']->common->phpgw_exit();
+ }
+
switch ( $value_type )
{
case 'string':
Modified: trunk/phpgwapi/inc/class.xslttemplates.inc.php
===================================================================
--- trunk/phpgwapi/inc/class.xslttemplates.inc.php 2016-03-26 16:04:41 UTC
(rev 14867)
+++ trunk/phpgwapi/inc/class.xslttemplates.inc.php 2016-03-27 21:55:41 UTC
(rev 14868)
@@ -257,12 +257,6 @@
<!DOCTYPE xsl:stylesheet [
<!ENTITY nl " ">
<!ENTITY nbsp " ">
- <!ENTITY AElig "Æ">
- <!ENTITY aelig "æ">
- <!ENTITY Oslash "Ø">
- <!ENTITY oslash "ø">
- <!ENTITY Aring "Å">
- <!ENTITY aring "å">
]>
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform";
version="1.0"
xmlns:phpgw="http://phpgroupware.org/functions";
Modified: trunk/preferences/templates/base/admin_acl.xsl
===================================================================
--- trunk/preferences/templates/base/admin_acl.xsl 2016-03-26 16:04:41 UTC
(rev 14867)
+++ trunk/preferences/templates/base/admin_acl.xsl 2016-03-27 21:55:41 UTC
(rev 14868)
@@ -899,7 +899,7 @@
<xsl:value-of select="cat_id"/>
</xsl:variable>
<xsl:choose>
- <xsl:when test="selected='selected'">
+ <xsl:when test="selected='selected' or selected = 1">
<option value="{$cat_id}" selected="selected">
<xsl:value-of disable-output-escaping="yes"
select="name"/>
</option>
Modified: trunk/preferences/templates/base/cat_filter.xsl
===================================================================
--- trunk/preferences/templates/base/cat_filter.xsl 2016-03-26 16:04:41 UTC
(rev 14867)
+++ trunk/preferences/templates/base/cat_filter.xsl 2016-03-27 21:55:41 UTC
(rev 14868)
@@ -24,7 +24,7 @@
<xsl:template match="cat_list">
<xsl:variable name="cat_id"><xsl:value-of
select="cat_id"/></xsl:variable>
<xsl:choose>
- <xsl:when test="selected='selected'">
+ <xsl:when test="selected='selected' or selected = 1">
<option value="{$cat_id}"
selected="selected"><xsl:value-of disable-output-escaping="yes"
select="name"/></option>
</xsl:when>
<xsl:otherwise>
Modified: trunk/sms/templates/base/cat_filter.xsl
===================================================================
--- trunk/sms/templates/base/cat_filter.xsl 2016-03-26 16:04:41 UTC (rev
14867)
+++ trunk/sms/templates/base/cat_filter.xsl 2016-03-27 21:55:41 UTC (rev
14868)
@@ -34,7 +34,7 @@
<xsl:value-of select="id"/>
</xsl:variable>
<xsl:choose>
- <xsl:when test="selected='selected'">
+ <xsl:when test="selected='selected' or selected = 1">
<option value="{$id}" selected="selected">
<xsl:value-of disable-output-escaping="yes"
select="name"/>
</option>
Modified: trunk/sms/templates/base/cat_select.xsl
===================================================================
--- trunk/sms/templates/base/cat_select.xsl 2016-03-26 16:04:41 UTC (rev
14867)
+++ trunk/sms/templates/base/cat_select.xsl 2016-03-27 21:55:41 UTC (rev
14868)
@@ -20,7 +20,7 @@
<xsl:value-of select="cat_id"/>
</xsl:variable>
<xsl:choose>
- <xsl:when test="selected='selected'">
+ <xsl:when test="selected='selected' or selected = 1">
<option value="{$cat_id}" selected="selected">
<xsl:value-of disable-output-escaping="yes"
select="name"/>
</option>
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Fmsystem-commits] [14868] some clean up,
Sigurd Nes <=