mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 12:05:37 +00:00
Merge pull request #46 from silverstripe-security/pulls/4.0/escape-limit-args
[SS-2017-008] Fix SQL injection in full text search (4.0 branch)
This commit is contained in:
commit
e45921b293
@ -2,6 +2,8 @@
|
|||||||
|
|
||||||
namespace SilverStripe\ORM\Connect;
|
namespace SilverStripe\ORM\Connect;
|
||||||
|
|
||||||
|
use SilverStripe\Assets\File;
|
||||||
|
use SilverStripe\CMS\Model\SiteTree;
|
||||||
use SilverStripe\Core\Config\Configurable;
|
use SilverStripe\Core\Config\Configurable;
|
||||||
use SilverStripe\Core\Convert;
|
use SilverStripe\Core\Convert;
|
||||||
use SilverStripe\ORM\PaginatedList;
|
use SilverStripe\ORM\PaginatedList;
|
||||||
@ -144,7 +146,7 @@ class MySQLDatabase extends Database
|
|||||||
* @param bool $booleanSearch
|
* @param bool $booleanSearch
|
||||||
* @param string $alternativeFileFilter
|
* @param string $alternativeFileFilter
|
||||||
* @param bool $invertedMatch
|
* @param bool $invertedMatch
|
||||||
* @return \SilverStripe\ORM\PaginatedList
|
* @return PaginatedList
|
||||||
* @throws Exception
|
* @throws Exception
|
||||||
*/
|
*/
|
||||||
public function searchEngine(
|
public function searchEngine(
|
||||||
@ -158,10 +160,8 @@ class MySQLDatabase extends Database
|
|||||||
$alternativeFileFilter = "",
|
$alternativeFileFilter = "",
|
||||||
$invertedMatch = false
|
$invertedMatch = false
|
||||||
) {
|
) {
|
||||||
$pageClass = 'SilverStripe\\CMS\\Model\\SiteTree';
|
$pageClass = SiteTree::class;
|
||||||
$fileClass = 'SilverStripe\\Assets\\File';
|
$fileClass = File::class;
|
||||||
$pageTable = DataObject::getSchema()->tableName($pageClass);
|
|
||||||
$fileTable = DataObject::getSchema()->tableName($fileClass);
|
|
||||||
if (!class_exists($pageClass)) {
|
if (!class_exists($pageClass)) {
|
||||||
throw new Exception('MySQLDatabase->searchEngine() requires "SiteTree" class');
|
throw new Exception('MySQLDatabase->searchEngine() requires "SiteTree" class');
|
||||||
}
|
}
|
||||||
@ -194,12 +194,13 @@ class MySQLDatabase extends Database
|
|||||||
|
|
||||||
// File.ShowInSearch was added later, keep the database driver backwards compatible
|
// File.ShowInSearch was added later, keep the database driver backwards compatible
|
||||||
// by checking for its existence first
|
// by checking for its existence first
|
||||||
|
$fileTable = DataObject::getSchema()->tableName($fileClass);
|
||||||
$fields = $this->getSchemaManager()->fieldList($fileTable);
|
$fields = $this->getSchemaManager()->fieldList($fileTable);
|
||||||
if (array_key_exists('ShowInSearch', $fields)) {
|
if (array_key_exists('ShowInSearch', $fields)) {
|
||||||
$extraFilters[$fileClass] .= " AND ShowInSearch <> 0";
|
$extraFilters[$fileClass] .= " AND ShowInSearch <> 0";
|
||||||
}
|
}
|
||||||
|
|
||||||
$limit = $start . ", " . (int) $pageLength;
|
$limit = (int)$start . ", " . (int)$pageLength;
|
||||||
|
|
||||||
$notMatch = $invertedMatch
|
$notMatch = $invertedMatch
|
||||||
? "NOT "
|
? "NOT "
|
||||||
@ -257,7 +258,6 @@ class MySQLDatabase extends Database
|
|||||||
$queryParameters = array();
|
$queryParameters = array();
|
||||||
$totalCount = 0;
|
$totalCount = 0;
|
||||||
foreach ($lists as $class => $list) {
|
foreach ($lists as $class => $list) {
|
||||||
$table = DataObject::getSchema()->tableName($class);
|
|
||||||
/** @var SQLSelect $query */
|
/** @var SQLSelect $query */
|
||||||
$query = $list->dataQuery()->query();
|
$query = $list->dataQuery()->query();
|
||||||
|
|
||||||
|
@ -87,7 +87,7 @@ class PaginatedList extends ListDecorator
|
|||||||
*/
|
*/
|
||||||
public function setPageLength($length)
|
public function setPageLength($length)
|
||||||
{
|
{
|
||||||
$this->pageLength = $length;
|
$this->pageLength = (int)$length;
|
||||||
return $this;
|
return $this;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -99,7 +99,7 @@ class PaginatedList extends ListDecorator
|
|||||||
*/
|
*/
|
||||||
public function setCurrentPage($page)
|
public function setCurrentPage($page)
|
||||||
{
|
{
|
||||||
$this->pageStart = ($page - 1) * $this->getPageLength();
|
$this->pageStart = ((int)$page - 1) * $this->getPageLength();
|
||||||
return $this;
|
return $this;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -134,7 +134,7 @@ class PaginatedList extends ListDecorator
|
|||||||
*/
|
*/
|
||||||
public function setPageStart($start)
|
public function setPageStart($start)
|
||||||
{
|
{
|
||||||
$this->pageStart = $start;
|
$this->pageStart = (int)$start;
|
||||||
return $this;
|
return $this;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -161,7 +161,7 @@ class PaginatedList extends ListDecorator
|
|||||||
*/
|
*/
|
||||||
public function setTotalItems($items)
|
public function setTotalItems($items)
|
||||||
{
|
{
|
||||||
$this->totalItems = $items;
|
$this->totalItems = (int)$items;
|
||||||
return $this;
|
return $this;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
x
Reference in New Issue
Block a user