From 1241a4283bad6f641dec63fb23ef9b2e58035e4c Mon Sep 17 00:00:00 2001 From: niekt0 Date: Thu, 13 Jan 2011 19:26:12 +0100 Subject: [PATCH] Security cleanup (sqli) --- doc/TODO | 2 +- .../inc/eventz => trash}/executorlist.inc | 3 +- {scripts => trash}/savelib.php | 0 wwwroot/backend/mysql/test.sql | 48 +++++++++++++++++++ 4 files changed, 51 insertions(+), 2 deletions(-) rename {wwwroot/inc/eventz => trash}/executorlist.inc (91%) rename {scripts => trash}/savelib.php (100%) create mode 100644 wwwroot/backend/mysql/test.sql diff --git a/doc/TODO b/doc/TODO index 6dcc374..5103e1c 100644 --- a/doc/TODO +++ b/doc/TODO @@ -7,7 +7,7 @@ - User mail -> can't delete the mails... Anyway move whole mail handling out of nodes.php (?) -- SQL injections (many fixed, but some should be still there) +- SQL injections (many fixed, but some are still there) - remove absolute paths from all source files (!) - convert to some more inteligent path system... eg.: diff --git a/wwwroot/inc/eventz/executorlist.inc b/trash/executorlist.inc similarity index 91% rename from wwwroot/inc/eventz/executorlist.inc rename to trash/executorlist.inc index 04231bb..86ac7c7 100644 --- a/wwwroot/inc/eventz/executorlist.inc +++ b/trash/executorlist.inc @@ -8,7 +8,8 @@ function executorlist() { return false; } - $executors=explode(";",$_POST['executorlist']); // XXX sqli + $executors=explode(";",$_POST['executorlist']); + $executors=array_map('mysql_real_escape_string', $executors); $db->query("update node_access set node_permission='' where node_id=$node_id and node_permission='exec'"); foreach ($executors as $execitpr) { diff --git a/scripts/savelib.php b/trash/savelib.php similarity index 100% rename from scripts/savelib.php rename to trash/savelib.php diff --git a/wwwroot/backend/mysql/test.sql b/wwwroot/backend/mysql/test.sql new file mode 100644 index 0000000..1d2b754 --- /dev/null +++ b/wwwroot/backend/mysql/test.sql @@ -0,0 +1,48 @@ +drop procedure if exists k_neurons; +drop function if exists k_get_node_weigth; + +delimiter // + +create function k_get_node_weigth (node INT, user INT) returns DOUBLE +BEGIN + declare vector,node2,len,n_owner,offset int; + declare final,n_weight,o_weight,s_weight double; + + select node_vector into vector from nodes where node_id = node; + + set final = 1; + /* select k from nodes into final where node_id = node;*/ + + set len = length(vector); + set offset = 1; + WHILE offset < len DO + + /* XXX node length is hardcoded */ + set node2 = substring(node2,offset,8); + set offset = offset + 8; + /* weigths from user to: + - all nodes from node to root node + - all node owners from node to root node + - all nodes between themselves (safe?) + */ + select node_weight,node_creator into n_weight,n_owner from nodes where node_id=node2; + select synapse_weight into s_weight from neurons where src=user and dst=node2; + select synapse_weight into o_weight from neurons where src=user and dst=n_owner; + + if o_weight = NULL then set o_weight=1; end if; + if s_weight = NULL then set s_weight=1; end if; + if n_weight = NULL then set n_weight=1; end if; + + set final = final * s_weight * o_weight * n_weight; + END WHILE; + + RETURN final; +END// + +create procedure k_neurons () +begin + select k,node_id,node_name from nodes where k>0 + and node_created>now()-interval 20 day order by k_get_node_weigth(node_id,904) desc; +end// + +delimiter ; -- 2.30.2