Changeset 30864


Ignore:
Timestamp:
Jan 8, 2015, 2:06:27 PM (9 years ago)
Author:
plg
Message:

bug 3186: improved security on search.php

Location:
trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • trunk/include/functions.inc.php

    r29665 r30864  
    18781878    }
    18791879
    1880     foreach ($param_value as $item_to_check)
    1881     {
    1882       if (!preg_match($pattern, $item_to_check))
     1880    foreach ($param_value as $key => $item_to_check)
     1881    {
     1882      if (!preg_match(PATTERN_ID, $key) or !preg_match($pattern, $item_to_check))
    18831883      {
    18841884        fatal_error('[Hacking attempt] an item is not valid in input parameter "'.$param_name.'"');

  • trunk/search.php

    r29554 r30864  
    4949  {
    5050    check_input_parameter('mode', $_POST, false, '/^(OR|AND)$/');
    51 
    52     $fields = array_intersect($_POST['fields'], array('name', 'comment', 'file'));
    53    
     51    check_input_parameter('fields', $_POST, true, '/^(name|comment|file)$/');
     52
    5453    $drop_char_match = array(
    5554      '-','^','$',';','#','&','(',')','<','>','`','\'','"','|',',','@','_',
     
    7271        ),
    7372      'mode' => $_POST['mode'],
    74       'fields' => $fields,
     73      'fields' => $_POST['fields'],
    7574      );
    7675  }
     
    113112
    114113  // dates
     114  check_input_parameter('date_type', $_POST, false, '/^date_(creation|available)$/');
     115 
    115116  $type_date = $_POST['date_type'];
    116117
     
    152153  (rules, last_seen)
    153154  VALUES
    154   (\''.serialize($search).'\', NOW())
     155  (\''.pwg_db_real_escape_string(serialize($search)).'\', NOW())
    155156;';
    156157    pwg_query($query);
Note: See TracChangeset for help on using the changeset viewer.