tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-09-29 20:59:23 +02:00
Code Issues Projects Releases Wiki Activity

[SS-2017-008] Fix SQL injection in full text search

Browse Source
This commit is contained in:
Damian Mooyman 2017-11-20 16:53:44 +13:00
parent d8ca223e15
commit 099a5a3c2d
No known key found for this signature in database
GPG Key ID: 78B823A10DE27D1A
2 changed files with 11 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
src/ORM/Connect/MySQLDatabase.php
View File

@ -2,6 +2,8 @@
namespace SilverStripe\ORM\Connect; namespace SilverStripe\ORM\Connect;
use SilverStripe\Assets\File;
use SilverStripe\CMS\Model\SiteTree;
use SilverStripe\Core\Config\Configurable; use SilverStripe\Core\Config\Configurable;
use SilverStripe\Core\Convert; use SilverStripe\Core\Convert;
use SilverStripe\ORM\PaginatedList; use SilverStripe\ORM\PaginatedList;
@ -144,7 +146,7 @@ class MySQLDatabase extends Database
* @param bool $booleanSearch * @param bool $booleanSearch
* @param string $alternativeFileFilter * @param string $alternativeFileFilter
* @param bool $invertedMatch * @param bool $invertedMatch
* @return \SilverStripe\ORM\PaginatedList * @return PaginatedList
* @throws Exception * @throws Exception
*/ */
public function searchEngine( public function searchEngine(
@ -158,10 +160,8 @@ class MySQLDatabase extends Database
$alternativeFileFilter = "", $alternativeFileFilter = "",
$invertedMatch = false $invertedMatch = false
) { ) {
$pageClass = 'SilverStripe\\CMS\\Model\\SiteTree'; $pageClass = SiteTree::class;
$fileClass = 'SilverStripe\\Assets\\File'; $fileClass = File::class;
$pageTable = DataObject::getSchema()->tableName($pageClass);
$fileTable = DataObject::getSchema()->tableName($fileClass);
if (!class_exists($pageClass)) { if (!class_exists($pageClass)) {
throw new Exception('MySQLDatabase->searchEngine() requires "SiteTree" class'); throw new Exception('MySQLDatabase->searchEngine() requires "SiteTree" class');
} }
@ -194,12 +194,13 @@ class MySQLDatabase extends Database
// File.ShowInSearch was added later, keep the database driver backwards compatible // File.ShowInSearch was added later, keep the database driver backwards compatible
// by checking for its existence first // by checking for its existence first
$fileTable = DataObject::getSchema()->tableName($fileClass);
$fields = $this->getSchemaManager()->fieldList($fileTable); $fields = $this->getSchemaManager()->fieldList($fileTable);
if (array_key_exists('ShowInSearch', $fields)) { if (array_key_exists('ShowInSearch', $fields)) {
$extraFilters[$fileClass] .= " AND ShowInSearch <> 0"; $extraFilters[$fileClass] .= " AND ShowInSearch <> 0";
} }
$limit = $start . ", " . (int) $pageLength; $limit = (int)$start . ", " . (int)$pageLength;
$notMatch = $invertedMatch $notMatch = $invertedMatch
? "NOT " ? "NOT "
@ -257,7 +258,6 @@ class MySQLDatabase extends Database
$queryParameters = array(); $queryParameters = array();
$totalCount = 0; $totalCount = 0;
foreach ($lists as $class => $list) { foreach ($lists as $class => $list) {
$table = DataObject::getSchema()->tableName($class);
/** @var SQLSelect $query */ /** @var SQLSelect $query */
$query = $list->dataQuery()->query(); $query = $list->dataQuery()->query();

8
src/ORM/PaginatedList.php
View File

@ -87,7 +87,7 @@ class PaginatedList extends ListDecorator
*/ */
public function setPageLength($length) public function setPageLength($length)
{ {
$this->pageLength = $length; $this->pageLength = (int)$length;
return $this; return $this;
} }
@ -99,7 +99,7 @@ class PaginatedList extends ListDecorator
*/ */
public function setCurrentPage($page) public function setCurrentPage($page)
{ {
$this->pageStart = ($page - 1) * $this->getPageLength(); $this->pageStart = ((int)$page - 1) * $this->getPageLength();
return $this; return $this;
} }
@ -134,7 +134,7 @@ class PaginatedList extends ListDecorator
*/ */
public function setPageStart($start) public function setPageStart($start)
{ {
$this->pageStart = $start; $this->pageStart = (int)$start;
return $this; return $this;
} }
@ -161,7 +161,7 @@ class PaginatedList extends ListDecorator
*/ */
public function setTotalItems($items) public function setTotalItems($items)
{ {
$this->totalItems = $items; $this->totalItems = (int)$items;
return $this; return $this;
} }