From 099a5a3c2d99ed39bdd8815e1e2790bb9351770b Mon Sep 17 00:00:00 2001 From: Damian Mooyman Date: Mon, 20 Nov 2017 16:53:44 +1300 Subject: [PATCH] [SS-2017-008] Fix SQL injection in full text search --- src/ORM/Connect/MySQLDatabase.php | 14 +++++++------- src/ORM/PaginatedList.php | 8 ++++---- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/src/ORM/Connect/MySQLDatabase.php b/src/ORM/Connect/MySQLDatabase.php index ad9730709..051ab965f 100644 --- a/src/ORM/Connect/MySQLDatabase.php +++ b/src/ORM/Connect/MySQLDatabase.php @@ -2,6 +2,8 @@ namespace SilverStripe\ORM\Connect; +use SilverStripe\Assets\File; +use SilverStripe\CMS\Model\SiteTree; use SilverStripe\Core\Config\Configurable; use SilverStripe\Core\Convert; use SilverStripe\ORM\PaginatedList; @@ -144,7 +146,7 @@ class MySQLDatabase extends Database * @param bool $booleanSearch * @param string $alternativeFileFilter * @param bool $invertedMatch - * @return \SilverStripe\ORM\PaginatedList + * @return PaginatedList * @throws Exception */ public function searchEngine( @@ -158,10 +160,8 @@ class MySQLDatabase extends Database $alternativeFileFilter = "", $invertedMatch = false ) { - $pageClass = 'SilverStripe\\CMS\\Model\\SiteTree'; - $fileClass = 'SilverStripe\\Assets\\File'; - $pageTable = DataObject::getSchema()->tableName($pageClass); - $fileTable = DataObject::getSchema()->tableName($fileClass); + $pageClass = SiteTree::class; + $fileClass = File::class; if (!class_exists($pageClass)) { throw new Exception('MySQLDatabase->searchEngine() requires "SiteTree" class'); } @@ -194,12 +194,13 @@ class MySQLDatabase extends Database // File.ShowInSearch was added later, keep the database driver backwards compatible // by checking for its existence first + $fileTable = DataObject::getSchema()->tableName($fileClass); $fields = $this->getSchemaManager()->fieldList($fileTable); if (array_key_exists('ShowInSearch', $fields)) { $extraFilters[$fileClass] .= " AND ShowInSearch <> 0"; } - $limit = $start . ", " . (int) $pageLength; + $limit = (int)$start . ", " . (int)$pageLength; $notMatch = $invertedMatch ? "NOT " @@ -257,7 +258,6 @@ class MySQLDatabase extends Database $queryParameters = array(); $totalCount = 0; foreach ($lists as $class => $list) { - $table = DataObject::getSchema()->tableName($class); /** @var SQLSelect $query */ $query = $list->dataQuery()->query(); diff --git a/src/ORM/PaginatedList.php b/src/ORM/PaginatedList.php index 7df431e5a..548861eae 100644 --- a/src/ORM/PaginatedList.php +++ b/src/ORM/PaginatedList.php @@ -87,7 +87,7 @@ class PaginatedList extends ListDecorator */ public function setPageLength($length) { - $this->pageLength = $length; + $this->pageLength = (int)$length; return $this; } @@ -99,7 +99,7 @@ class PaginatedList extends ListDecorator */ public function setCurrentPage($page) { - $this->pageStart = ($page - 1) * $this->getPageLength(); + $this->pageStart = ((int)$page - 1) * $this->getPageLength(); return $this; } @@ -134,7 +134,7 @@ class PaginatedList extends ListDecorator */ public function setPageStart($start) { - $this->pageStart = $start; + $this->pageStart = (int)$start; return $this; } @@ -161,7 +161,7 @@ class PaginatedList extends ListDecorator */ public function setTotalItems($items) { - $this->totalItems = $items; + $this->totalItems = (int)$items; return $this; }