mirror of
https://github.com/silverstripe/silverstripe-restfulserver
synced 2024-10-22 14:05:58 +02:00
[CVE-2019-12149] Fixed potential SQL injection vulnerability in RestfulServer
This commit is contained in:
parent
a737f67a13
commit
65239cd54d
@ -177,16 +177,22 @@ class RestfulServer extends Controller
|
|||||||
*/
|
*/
|
||||||
protected function getHandler($className, $id, $relationName)
|
protected function getHandler($className, $id, $relationName)
|
||||||
{
|
{
|
||||||
$sort = '';
|
$sort = array('ID' => 'ASC');
|
||||||
|
|
||||||
if ($this->request->getVar('sort')) {
|
if ($sortQuery = $this->request->getVar('sort')) {
|
||||||
$dir = $this->request->getVar('dir');
|
/** @var DataObject $singleton */
|
||||||
$sort = array($this->request->getVar('sort') => ($dir ? $dir : 'ASC'));
|
$singleton = singleton($className);
|
||||||
|
// Only apply a sort filter if it is a valid field on the DataObject
|
||||||
|
if ($singleton && $singleton->hasDatabaseField($sortQuery)) {
|
||||||
|
$sort = array(
|
||||||
|
$sortQuery => $this->request->getVar('dir') === 'DESC' ? 'DESC' : 'ASC',
|
||||||
|
);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
$limit = array(
|
$limit = array(
|
||||||
'start' => $this->request->getVar('start'),
|
'start' => (int) $this->request->getVar('start'),
|
||||||
'limit' => $this->request->getVar('limit')
|
'limit' => (int) $this->request->getVar('limit'),
|
||||||
);
|
);
|
||||||
|
|
||||||
$params = $this->request->getVars();
|
$params = $this->request->getVars();
|
||||||
|
@ -492,6 +492,43 @@ class RestfulServerTest extends SapphireTest
|
|||||||
unset($_SERVER['PHP_AUTH_USER']);
|
unset($_SERVER['PHP_AUTH_USER']);
|
||||||
unset($_SERVER['PHP_AUTH_PW']);
|
unset($_SERVER['PHP_AUTH_PW']);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/** @group wip */
|
||||||
|
public function testGetWithSortDescending()
|
||||||
|
{
|
||||||
|
$url = '/api/v1/RestfulServerTest_Author?sort=FirstName&dir=DESC&fields=FirstName';
|
||||||
|
$response = Director::test($url);
|
||||||
|
$results = Convert::xml2array($response->getBody());
|
||||||
|
$this->assertSame('Author 4', $results['RestfulServerTest_Author'][0]['FirstName']);
|
||||||
|
$this->assertSame('Author 3', $results['RestfulServerTest_Author'][1]['FirstName']);
|
||||||
|
$this->assertSame('Author 2', $results['RestfulServerTest_Author'][2]['FirstName']);
|
||||||
|
$this->assertSame('Author 1', $results['RestfulServerTest_Author'][3]['FirstName']);
|
||||||
|
}
|
||||||
|
|
||||||
|
/** @group wip */
|
||||||
|
public function testGetWithSortAscending()
|
||||||
|
{
|
||||||
|
$url = '/api/v1/RestfulServerTest_Author?sort=FirstName&dir=ASC&fields=FirstName';
|
||||||
|
$response = Director::test($url);
|
||||||
|
$results = Convert::xml2array($response->getBody());
|
||||||
|
$this->assertSame('Author 1', $results['RestfulServerTest_Author'][0]['FirstName']);
|
||||||
|
$this->assertSame('Author 2', $results['RestfulServerTest_Author'][1]['FirstName']);
|
||||||
|
$this->assertSame('Author 3', $results['RestfulServerTest_Author'][2]['FirstName']);
|
||||||
|
$this->assertSame('Author 4', $results['RestfulServerTest_Author'][3]['FirstName']);
|
||||||
|
}
|
||||||
|
|
||||||
|
/** @group wip */
|
||||||
|
public function testGetSortsByIdWhenInvalidSortColumnIsProvided()
|
||||||
|
{
|
||||||
|
$url = '/api/v1/RestfulServerTest_Author?sort=Surname&dir=DESC&fields=FirstName';
|
||||||
|
$response = Director::test($url);
|
||||||
|
$results = Convert::xml2array($response->getBody());
|
||||||
|
$this->assertSame('Author 1', $results['RestfulServerTest_Author'][0]['FirstName']);
|
||||||
|
$this->assertSame('Author 2', $results['RestfulServerTest_Author'][1]['FirstName']);
|
||||||
|
$this->assertSame('Author 3', $results['RestfulServerTest_Author'][2]['FirstName']);
|
||||||
|
$this->assertSame('Author 4', $results['RestfulServerTest_Author'][3]['FirstName']);
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -591,7 +628,7 @@ class RestfulServerTest_Author extends DataObject implements TestOnly
|
|||||||
public static $api_access = true;
|
public static $api_access = true;
|
||||||
|
|
||||||
public static $db = array(
|
public static $db = array(
|
||||||
'Name' => 'Text',
|
'FirstName' => 'Text',
|
||||||
);
|
);
|
||||||
|
|
||||||
public static $many_many = array(
|
public static $many_many = array(
|
||||||
|
@ -46,7 +46,7 @@ RestfulServerTest_Author:
|
|||||||
author2:
|
author2:
|
||||||
FirstName: Author 2
|
FirstName: Author 2
|
||||||
author3:
|
author3:
|
||||||
Firstname: Author 3
|
FirstName: Author 3
|
||||||
author4:
|
author4:
|
||||||
FirstName: Author 4
|
FirstName: Author 4
|
||||||
RelatedAuthors: =>RestfulServerTest_Author.author2,=>RestfulServerTest_Author.author3
|
RelatedAuthors: =>RestfulServerTest_Author.author2,=>RestfulServerTest_Author.author3
|
||||||
|
Loading…
Reference in New Issue
Block a user