http://www.mediawiki.org/wiki/Special:Code/MediaWiki/91369
Revision: 91369
Author: yuvipanda
Date: 2011-07-03 09:47:58 +0000 (Sun, 03 Jul 2011)
Log Message:
-----------
Fixed an SQL Injection hole
Modified Paths:
--------------
trunk/extensions/GPoC/models/Rating.php
Modified: trunk/extensions/GPoC/models/Rating.php
===================================================================
--- trunk/extensions/GPoC/models/Rating.php 2011-07-02 20:52:25 UTC (rev
91368)
+++ trunk/extensions/GPoC/models/Rating.php 2011-07-03 09:47:58 UTC (rev
91369)
@@ -52,7 +52,6 @@
$this->saveAll();
}
- // Note: Huge sql injection vector ahead. FIXME
private function updateAggregateStats( $is_new_rating ) {
if(! $is_new_rating && empty($this->old_importance) &&
empty($this->old_quality) ) {
return;
@@ -61,8 +60,10 @@
// Rating has just been detected.
// So we can ignore $old_importance and $old_quality
$importance_column = Rating::getImportanceColumn(
$this->importance );
+ $project = $dbw->addQuotes($this->project);
+ $quality = $dbw->addQuotes($this->quality);
$query = "INSERT INTO project_stats (ps_project, ps_quality,
$importance_column) ";
- $query .= "VALUES ('$this->project', '$this->quality', 1) ";
+ $query .= "VALUES ($project, $quality, 1) ";
$query .= "ON DUPLICATE KEY ";
$query .= "UPDATE $importance_column = $importance_column + 1 ";
if(! $is_new_rating && ! empty( $this->old_importance ) ) {
@@ -75,6 +76,7 @@
if(! isset($old_importance_column) ) {
$old_importance_column = $importance_column;
}
+
$query = "UPDATE project_stats SET
$old_importance_column = $old_importance_column - 1 ";
$query .= "WHERE ps_project = '$this->project' and
ps_quality = '$this->old_quality';";
$dbw->query($query);
_______________________________________________
MediaWiki-CVS mailing list
MediaWiki-CVS@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-cvs
