tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-06-26 06:29:24 +02:00
Code Issues Projects Releases Wiki Activity

BUGFIX Fixed SQL injection in Folder::findOrMake() parameter. Exploitable through Upload::, although unlikely to be set via user input.

Browse Source
This commit is contained in:
Ingo Schommer 2011-03-21 16:12:37 +13:00
parent 28084243d3
commit c6b7b1dc28
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
filesystem/Folder.php
View File

@ -52,7 +52,14 @@ class Folder extends File {
$item = null;
foreach($parts as $part) {
if(!$part) continue; // happens for paths with a trailing slash
$item = DataObject::get_one("Folder", "\"Name\" = '$part' AND \"ParentID\" = $parentID");
$item = DataObject::get_one(
"Folder",
sprintf(
"\"Name\" = '%s' AND \"ParentID\" = %d",
Convert::raw2sql($part),
(int)$parentID
)
);
if(!$item) {
$item = new Folder();
$item->ParentID = $parentID;