kienan
/
AlternC
mirror of https://github.com/kienanstewart/AlternC.git
1
0
Fork 0
Code Issues Releases Wiki Activity

[wip] Passing mysql request params into array arguments for the query method (part 4)

This commit is contained in:
Emmanuel Monbroussou 2016-05-18 12:51:03 +02:00
parent 61b07a257d
commit 4e558e5e7c
7 changed files with 96 additions and 77 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
bureau/class/db_mysql.php
View File

@ -271,6 +271,15 @@ class DB_Sql {
return $this->pdo_instance->lastInsertId(); return $this->pdo_instance->lastInsertId();
} }
/**
* Escape a string to use it into a SQL PDO query
* @param string string to escape
* @return string escaped string
*/
function quote($string) {
return $this->pdo_instance->quote($string);
}
/* public: sequence numbers */ /* public: sequence numbers */
function nextid($seq_name) { function nextid($seq_name) {
if (!$this->is_connected()) if (!$this->is_connected())

43
bureau/class/m_admin.php
View File

@ -752,32 +752,29 @@ EOF;
function update_mem($uid, $mail, $nom, $prenom, $pass, $enabled, $canpass, $type = 'default', $duration = 0, $notes = "", $reset_quotas = false) { function update_mem($uid, $mail, $nom, $prenom, $pass, $enabled, $canpass, $type = 'default', $duration = 0, $notes = "", $reset_quotas = false) {
global $err, $db, $quota; global $err, $db, $quota;
$notes = addslashes($notes);
$err->log("admin", "update_mem", $uid); $err->log("admin", "update_mem", $uid);
if (!$this->enabled) { if (!$this->enabled) {
$err->raise("admin", _("-- Only administrators can access this page! --")); $err->raise("admin", _("-- Only administrators can access this page! --"));
return false; return false;
} }
$db = new DB_System(); $db = new DB_System();
// @TODO:EM: this has to be escaped
if ($pass) { if ($pass) {
$pass = _md5cr($pass); $pass = _md5cr($pass);
$ssq = " ,pass='$pass' "; $second_query = "UPDATE membres SET mail= ?, canpass= ?, enabled= ?, `type`= ?, notes= ? , pass = ? WHERE uid= ?;";
$second_query_args = array($mail, $canpass, $enabled, $type, $notes, $pass, $uid);
} else { } else {
$ssq = ""; $second_query = "UPDATE membres SET mail= ?, canpass= ?, enabled= ?, `type`= ?, notes= ? WHERE uid= ?;";
$second_query_args = array($mail, $canpass, $enabled, $type, $notes, $uid);
} }
$old_mem = $this->get($uid); $old_mem = $this->get($uid);
if( if(
($db->query( ($db->query("UPDATE local SET nom= ?, prenom= ? WHERE uid=?;", array($nom, $prenom, $uid))) &&
"UPDATE local SET nom= ?, prenom= ? WHERE uid=?;", ($db->query($second_query, $second_query_args))
array($nom, $prenom, $uid) ){
)) &&
($db->query(
"UPDATE membres SET mail= ?, canpass= ?, enabled= ?, `type`= ?, notes= ? $ssq WHERE uid= ?;",
array($mail, $canpass, $enabled, $type, $notes, $uid)))) {
if ($reset_quotas == "on" || $type != $old_mem['type']) { if ($reset_quotas == "on" || $type != $old_mem['type']) {
$quota->addquotas(); $quota->addquotas();
$quota->synchronise_user_profile(); $quota->synchronise_user_profile();
@ -1105,9 +1102,14 @@ EOF;
} }
} }
// @TODO:EM: this has to be escaped $query = "SELECT m.uid,m.login,d.domaine,d.gesdns,d.gesmx,d.noerase FROM domaines d LEFT JOIN membres m ON m.uid=d.compte ";
$filter=($hosting_tld=variable_get("hosting_tld")) ? " WHERE domaine not like '%.$hosting_tld'" : ""; $query_args = array();
$db->query("SELECT m.uid,m.login,d.domaine,d.gesdns,d.gesmx,d.noerase FROM domaines d LEFT JOIN membres m ON m.uid=d.compte $filter ORDER BY domaine;"); if($hosting_tld = variable_get("hosting_tld")){
$query .= " WHERE domaine not like ?";
array_push($query_args, "%.".$hosting_tld);
}
$query .= " ORDER BY domaine;";
$db->query($query, $query_args);
$c = array(); $c = array();
while ($db->next_record()) { while ($db->next_record()) {
$tmp = $db->Record; $tmp = $db->Record;
@ -1134,9 +1136,14 @@ EOF;
global $db, $L_NS1, $L_NS2, $L_MX, $L_PUBLIC_IP; global $db, $L_NS1, $L_NS2, $L_MX, $L_PUBLIC_IP;
$checked = array(); $checked = array();
// @TODO:EM: this has to be escaped $query = "SELECT * FROM domaines ";
$filter=($hosting_tld=variable_get("hosting_tld")) ? " WHERE domaine not like '%.$hosting_tld'" : ""; $query_args = array();
$db->query("SELECT * FROM domaines $filter ORDER BY domaine"); if($hosting_tld = variable_get("hosting_tld")){
$query .= " WHERE domaine not like ?";
array_push($query_args, "%.".$hosting_tld);
}
$query .= " ORDER BY domaine";
$db->query($query, $query_args);
$dl = array(); $dl = array();
while ($db->next_record()) { while ($db->next_record()) {
$dl[$db->Record["domaine"]] = $db->Record; $dl[$db->Record["domaine"]] = $db->Record;

4
bureau/class/m_authip.php
View File

@ -249,7 +249,7 @@ class m_authip {
foreach ($list_affected as $k => $v) { foreach ($list_affected as $k => $v) {
$this->call_hooks("authip_on_delete", $k); $this->call_hooks("authip_on_delete", $k);
} }
if (!$db->query("update authorised_ip set ip= ?, subnet= ?, infos= ? where id= ? and uid=? ;", array($id, $subnetn $infos, $id, $cuid)) { if (!$db->query("update authorised_ip set ip= ?, subnet= ?, infos= ? where id= ? and uid=? ;", array($id, $subnetn, $infos, $id, $cuid))) {
echo "query failed: " . $db->Error; echo "query failed: " . $db->Error;
return false; return false;
} }
@ -329,7 +329,7 @@ class m_authip {
echo "query failed: " . $db->Error; echo "query failed: " . $db->Error;
return false; return false;
} }
$this->call_hooks("authip_on_create", PDO::lastInsertId()); // @TODO:EM: To test $this->call_hooks("authip_on_create", $db->lastid());
} }
return true; return true;
} }

1
bureau/class/m_bro.php
View File

@ -839,7 +839,6 @@ class m_bro {
$beg = $dir; $beg = $dir;
$tofind = true; $tofind = true;
while ($tofind) { while ($tofind) {
// @TODO:EM: be careful with this one!
$db->query("SELECT sub,domaine FROM sub_domaines WHERE compte= ? AND type=0 AND (valeur= ? or valeur= ?);", array($cuid, "/".$beg."/", "/".$beg)); $db->query("SELECT sub,domaine FROM sub_domaines WHERE compte= ? AND type=0 AND (valeur= ? or valeur= ?);", array($cuid, "/".$beg."/", "/".$beg));
$db->next_record(); $db->next_record();
if ($db->num_rows()) { if ($db->num_rows()) {

49
bureau/class/m_dom.php
View File

@ -1682,17 +1682,21 @@ class m_dom {
/* ----------------------------------------------------------------- */ /* ----------------------------------------------------------------- */
/** Returns the complete hosted domain list : /** Returns the complete hosted domain list :
* @TODO:EM: this has to be escaped
*/ */
function get_domain_list($uid = -1) { function get_domain_list($uid = -1) {
global $db; global $db;
$uid = intval($uid); $uid = intval($uid);
$res = array(); $res = array();
$sql = ""; $sql = "";
$query = "SELECT domaine FROM domaines WHERE gesdns=1 ";
$query_args = array();
if ($uid != -1) { if ($uid != -1) {
$sql .= " AND compte='$uid' "; $query .= " AND compte= ? ";
array_push($query_args, $uid);
} }
$db->query("SELECT domaine FROM domaines WHERE gesdns=1 $sql ORDER BY domaine"); $query .= " ORDER BY domaine;";
$db->query($query, $query_args);
while ($db->next_record()) { while ($db->next_record()) {
$res[] = $db->f("domaine"); $res[] = $db->f("domaine");
} }
@ -1964,24 +1968,16 @@ class m_dom {
* of a vhost. * of a vhost.
* If no parameters, return the parameters for ALL the vhost. * If no parameters, return the parameters for ALL the vhost.
* Optionnal parameters: id of the sub_domaines * Optionnal parameters: id of the sub_domaines
*
* @TODO:EM: This has to be escaped
* */ * */
function generation_parameters($id = null, $only_apache = true) { function generation_parameters($id = null, $only_apache = true) {
global $db, $err; global $db, $err;
$err->log("dom", "generation_parameters"); $err->log("dom", "generation_parameters");
$params = ""; $params = "";
if (!is_null($id) && intval($id) == $id) { /** 2016_05_18 : this comments was here before escaping the request... is there still something to do here ?
$id = intval($id); * // BUG BUG BUG FIXME
$params = " AND sd.id = $id "; * // Suppression de comptes -> membres existe pas -> domaines a supprimer ne sont pas lister
} */
if ($only_apache) { $query = "
$params.=" and dt.only_dns is false ";
}
// BUG BUG BUG FIXME
// Suppression de comptes -> membres existe pas -> domaines a supprimer ne sont pas lister
$db->query("
select select
sd.id as sub_id, sd.id as sub_id,
lower(sd.type) as type, lower(sd.type) as type,
@ -1996,13 +1992,26 @@ from
domaines_type dt domaines_type dt
where where
v.name='mailname_bounce' v.name='mailname_bounce'
and lower(dt.name) = lower(sd.type) and lower(dt.name) = lower(sd.type)";
$params $query_args = array();
if (!is_null($id) && intval($id) == $id) {
$query .= " AND sd.id = ? ";
array_push($query_args, intval($id));
}
if ($only_apache) {
$query .=" and dt.only_dns is false ";
}
$query .= "
order by order by
m.login, m.login,
sd.domaine, sd.domaine,
sd.sub sd.sub;";
;");
$db->query($query, $query_args);
$r = array(); $r = array();
while ($db->next_record()) { while ($db->next_record()) {
$r[$db->Record['sub_id']] = $db->Record; $r[$db->Record['sub_id']] = $db->Record;

14
bureau/class/m_mail.php
View File

@ -290,33 +290,35 @@ ORDER BY
* @param $offset integer skip THAT much emails in the result. * @param $offset integer skip THAT much emails in the result.
* @param $count integer return no more than THAT much emails. -1 for ALL. Offset is ignored then. * @param $count integer return no more than THAT much emails. -1 for ALL. Offset is ignored then.
* @result an array of each mail hosted under the domain. * @result an array of each mail hosted under the domain.
* @TODO:EM: It has to be escaped
*/ */
function enum_domain_mails($dom_id = null, $search = "", $offset = 0, $count = 30, $show_systemmails = false) { function enum_domain_mails($dom_id = null, $search = "", $offset = 0, $count = 30, $show_systemmails = false) {
global $db, $err, $hooks; global $db, $err, $hooks;
$err->log("mail", "enum_domains_mail"); $err->log("mail", "enum_domains_mail");
$query_args = array($dom_id);
$search = trim($search); $search = trim($search);
$where = " a.domain_id = ? ";
$where = "a.domain_id=$dom_id";
if ($search) { if ($search) {
$where.=" AND (a.address LIKE '%" . addslashes($search) . "%' OR r.recipients LIKE '%" . addslashes($search) . "%')"; $where .= " AND (a.address LIKE ? OR r.recipients LIKE ? )";
array_push($query_args, "%" . $search . "%", "%" . $search . "%");
} }
if (!$show_systemmails) { if (!$show_systemmails) {
$where .= " AND type='' "; $where .= " AND type='' ";
} }
$db->query("SELECT count(a.id) AS total FROM address a LEFT JOIN recipient r ON r.address_id=a.id WHERE $where;"); $db->query("SELECT count(a.id) AS total FROM address a LEFT JOIN recipient r ON r.address_id=a.id WHERE " . $where . ";", $query_args);
$db->next_record(); $db->next_record();
$this->total = $db->f("total"); $this->total = $db->f("total");
if ($count != -1) { if ($count != -1) {
$limit = "LIMIT $offset,$count"; $limit = " LIMIT ?, ? ";
array_push($query_args, $offset, $count);
} else { } else {
$limit = ""; $limit = "";
} }
$db->query("SELECT a.id, a.address, a.password, a.`enabled`, a.mail_action, d.domaine AS domain, m.quota, m.quota*1024*1024 AS quotabytes, m.bytes AS used, NOT ISNULL(m.id) AS islocal, a.type, r.recipients, m.lastlogin, a.domain_id $db->query("SELECT a.id, a.address, a.password, a.`enabled`, a.mail_action, d.domaine AS domain, m.quota, m.quota*1024*1024 AS quotabytes, m.bytes AS used, NOT ISNULL(m.id) AS islocal, a.type, r.recipients, m.lastlogin, a.domain_id
FROM (address a LEFT JOIN mailbox m ON m.address_id=a.id) LEFT JOIN recipient r ON r.address_id=a.id, domaines d FROM (address a LEFT JOIN mailbox m ON m.address_id=a.id) LEFT JOIN recipient r ON r.address_id=a.id, domaines d
WHERE $where AND d.id=a.domain_id $limit ;"); WHERE " . $where . " AND d.id=a.domain_id " . $limit . " ;", $query_args);
if (!$db->next_record()) { if (!$db->next_record()) {
$err->raise("mail", _("No email found for this query")); $err->raise("mail", _("No email found for this query"));
return array(); return array();

25
bureau/class/m_mysql.php
View File

@ -479,15 +479,14 @@ class m_mysql {
return false; return false;
} }
// @TODO:EM: does this part have to be escaped?
# Protect database name if not wildcard # Protect database name if not wildcard
if ($base != '*') { if ($base != '*') {
$base = "`" . $base . "`"; $base = $db->quote($base);
} }
$grant = "grant " . $rights . " on " . $base . "." . $table . " to '" . $user . "'@'" . $this->dbus->Client . "'"; $grant = "grant " . $db->quote($rights) . " on " . $base . "." . $db->quote($table) . " to " . $db->quote($user) . "@" . $db->quote($this->dbus->Client);
if ($pass) { if ($pass) {
$grant .= " identified by '" . $pass . "';"; $grant .= " identified by " . $db->quote($pass) . ";";
} else { } else {
$grant .= ";"; $grant .= ";";
} }
@ -556,8 +555,7 @@ class m_mysql {
* @access private * @access private
*/ */
function get_db_size($dbname) { function get_db_size($dbname) {
// @TODO:EM: does this part have to be escaped? $this->dbus->query("SHOW TABLE STATUS FROM ". $db->quote($dbname) .";");
$this->dbus->query("SHOW TABLE STATUS FROM `$dbname`;");
$size = 0; $size = 0;
while ($this->dbus->next_record()) { while ($this->dbus->next_record()) {
$size += $this->dbus->f('Data_length') + $this->dbus->f('Index_length'); $size += $this->dbus->f('Data_length') + $this->dbus->f('Index_length');
@ -753,7 +751,6 @@ class m_mysql {
* @param $password The password for this username * @param $password The password for this username
* @param $passconf The password confirmation * @param $passconf The password confirmation
* @return boolean if the password has been changed in MySQL or FALSE if an error occurred * @return boolean if the password has been changed in MySQL or FALSE if an error occurred
* @TODO:EM: is this correctly escaped ?
* */ * */
function change_user_password($usern, $password, $passconf) { function change_user_password($usern, $password, $passconf) {
global $db, $err, $cuid, $admin; global $db, $err, $cuid, $admin;
@ -771,7 +768,7 @@ class m_mysql {
return false; // The error has been raised by checkPolicy() return false; // The error has been raised by checkPolicy()
} }
} }
$this->dbus->query("SET PASSWORD FOR '" . addslashes($usern) . "'@'" . $this->dbus->Client . "' = PASSWORD(?);", array($pass)); $this->dbus->query("SET PASSWORD FOR " . $db->quote($usern) . "@" . $db->quote($this->dbus->Client) . "' = PASSWORD(?);", array($pass));
$db->query("UPDATE dbusers set password= ? where name= ? and uid= ? ;", array($pass, $usern, $cuid)); $db->query("UPDATE dbusers set password= ? where name= ? and uid= ? ;", array($pass, $usern, $cuid));
return true; return true;
} }
@ -805,8 +802,7 @@ class m_mysql {
$login = $db->f("name"); $login = $db->f("name");
// Ok, database exists and dbname is compliant. Let's proceed // Ok, database exists and dbname is compliant. Let's proceed
// @TODO:EM: is this correctly escaped ? $this->dbus->query("REVOKE ALL PRIVILEGES ON *.* FROM " . $db->quote($user) . "@" . $db->quote($this->dbus->Client) . ";");
$this->dbus->query("REVOKE ALL PRIVILEGES ON *.* FROM '" . $user . "'@'" . $this->dbus->Client . "';");
$this->dbus->query("DELETE FROM mysql.db WHERE User= ? AND Host= ? ;", array($user, $this->dbus->Client)); $this->dbus->query("DELETE FROM mysql.db WHERE User= ? AND Host= ? ;", array($user, $this->dbus->Client));
$this->dbus->query("DELETE FROM mysql.user WHERE User= ? AND Host= ? ;", array($user, $this->dbus->Client)); $this->dbus->query("DELETE FROM mysql.user WHERE User= ? AND Host= ? ;", array($user, $this->dbus->Client));
$this->dbus->query("FLUSH PRIVILEGES"); $this->dbus->query("FLUSH PRIVILEGES");
@ -873,7 +869,6 @@ class m_mysql {
global $err; global $err;
$err->log("mysql", "set_user_rights"); $err->log("mysql", "set_user_rights");
$dbname = str_replace('_', '\_', $dbname);
// On genere les droits en fonction du tableau de droits // On genere les droits en fonction du tableau de droits
$strrights = ""; $strrights = "";
for ($i = 0; $i < count($rights); $i++) { for ($i = 0; $i < count($rights); $i++) {
@ -936,18 +931,16 @@ class m_mysql {
} }
// We reset all user rights on this DB : // We reset all user rights on this DB :
$this->dbus->query("SELECT * FROM mysql.db WHERE User = ? AND Db = ?;", array($usern, $dbname)); $this->dbus->query("SELECT * FROM mysql.db WHERE User = ? AND Db = ?;", array($user, $dbn));
// @TODO:EM: This has to be verified, and maybe we should use another way to escape those requests // @TODO:EM: This has to be verified, and maybe we should use another way to escape those requests
$usern = addslashes($user);
$dbname = addslashes($dbn);
if ($this->dbus->num_rows()) { if ($this->dbus->num_rows()) {
$this->dbus->query("REVOKE ALL PRIVILEGES ON `$dbname`.* FROM '$usern'@'" . $this->dbus->Client . "';"); $this->dbus->query("REVOKE ALL PRIVILEGES ON ".$db->quote($dbn).".* FROM ".$db->quote($user)."@" . $db->quote($this->dbus->Client) . ";");
} }
if ($strrights) { if ($strrights) {
$strrights = substr($strrights, 0, strlen($strrights) - 1); $strrights = substr($strrights, 0, strlen($strrights) - 1);
$this->grant($dbname, $usern, $strrights); $this->grant($dbn, $user, $strrights);
} }
$this->dbus->query("FLUSH PRIVILEGES"); $this->dbus->query("FLUSH PRIVILEGES");
return TRUE; return TRUE;