From: kkalev <kkalev>
Date: Sun, 18 Apr 2004 14:28:13 +0000 (+0000)
Subject: Add da_sql_escape_string for all relevant variables in lib/sql files
X-Git-Url: https://git.entuzijast.net/?a=commitdiff_plain;h=68ef11a305f01db0c31504a3d10b3433970daa69;p=freeradius-dialup-admin.git

Add da_sql_escape_string for all relevant variables in lib/sql files
---

diff --git a/Changelog b/Changelog
index 9b13e20..c1788c0 100644
--- a/Changelog
+++ b/Changelog
@@ -19,8 +19,7 @@ Ver 1.70:
 * Add an sql_xlat function
 * Add a nas administration page for sql based clients
 * Fix small bugs in accounting.php3 and user_stats.php3. Add nas_admin.php3 to the buttons page
-
-TODO: Check out the sql queries in lin/sql for sql injection.
+* Add da_sql_escape_string for all relevant variables in lib/sql files
 
 Ver 1.68:
 * Huge PostgreSQL compatibility patch by Guy Fraser <guy@incentre.net>
diff --git a/lib/sql/change_attrs.php3 b/lib/sql/change_attrs.php3
index 829707e..1c80c2b 100644
--- a/lib/sql/change_attrs.php3
+++ b/lib/sql/change_attrs.php3
@@ -27,6 +27,7 @@ if ($link){
 
 		while(isset($$name)){
 			$val=$$name;
+			$val = da_sql_escape_string($val);
 			$op_name = $name . '_op';
 			$i++;
 			$j++;
diff --git a/lib/sql/change_info.php3 b/lib/sql/change_info.php3
index 8fc63dc..5485b3f 100644
--- a/lib/sql/change_info.php3
+++ b/lib/sql/change_info.php3
@@ -13,6 +13,13 @@ if ($link){
 		"SELECT username FROM $config[sql_user_info_table] WHERE
 		username = '$login';");
 		if ($res){
+			$Fcn = da_sql_escape_string($Fcn);
+			$Fmail = da_sql_escape_string($Fmail);
+			$Fou = da_sql_escape_string($Fou);
+			$Ftelephonenumber = da_sql_escape_string($Ftelephonenumber);
+			$Fhomephone = da_sql_escape_string($Fhomephone);
+			$Fmobile = da_sql_escape_string($Fmobile);
+
 			if (!@da_sql_num_rows($res,$config)){
 				$res = @da_sql_query($link,$config,
 				"INSERT INTO $config[sql_user_info_table]
diff --git a/lib/sql/create_group.php3 b/lib/sql/create_group.php3
index 0f434c9..e37d7bb 100644
--- a/lib/sql/create_group.php3
+++ b/lib/sql/create_group.php3
@@ -17,6 +17,7 @@ if ($link){
 	$Members = preg_split("/[\n\s]+/",$members,-1,PREG_SPLIT_NO_EMPTY);
 	if (!empty($Members)){
 		foreach ($Members as $member){
+			$member = da_sql_escape_string($member);
 			$res = @da_sql_query($link,$config,
 			"INSERT INTO $config[sql_usergroup_table] (username,groupname)
 			VALUES ('$member','$login');");
@@ -44,6 +45,7 @@ if ($link){
 				$type = 2;
 			}
 			$val = $$attrmap["$key"];
+			$val = da_sql_escape_string($val);
 			$op_name = $attrmap["$key"] . '_op';
 			$op_val = $$op_name;
 			if ($op_val != ''){
diff --git a/lib/sql/create_user.php3 b/lib/sql/create_user.php3
index e271012..ab6131d 100644
--- a/lib/sql/create_user.php3
+++ b/lib/sql/create_user.php3
@@ -30,6 +30,12 @@ if ($link){
 			username = '$login';");
 			if ($res){
 				if (!@da_sql_num_rows($res,$config)){
+					$Fcn = da_sql_escape_string($Fcn);
+					$Fmail = da_sql_escape_string($Fmail);
+					$Fou = da_sql_escape_string($Fou);
+					$Fhomephone = da_sql_escape_string($Fhomephone);
+					$Fworkphone = da_sql_escape_string($Fworkphone);
+					$Fmobile = da_sql_escape_string($Fmobile);	
 					$res = @da_sql_query($link,$config,
 					"INSERT INTO $config[sql_user_info_table]
 					(username,name,mail,department,homephone,workphone,mobile) VALUES
@@ -44,6 +50,7 @@ if ($link){
 				echo "<b>Could not add user information in user info table: " . da_sql_error($link,$config) . "</b><br>\n";
 		}
 		if ($Fgroup != ''){
+			$Fgroup = da_sql_escape_string($Fgroup);
 			$res = @da_sql_query($link,$config,
 			"SELECT username FROM $config[sql_usergroup_table]
 			WHERE username = '$login' AND groupname = '$Fgroup';");
@@ -81,6 +88,7 @@ if ($link){
 					$type = 2;
 				}
 				$val = $$attrmap["$key"];
+				$val = da_sql_escape_string($val);
 				$op_name = $attrmap["$key"] . '_op';
 				$op_val = $$op_name;
 				if ($op_val != ''){
diff --git a/lib/sql/find.php3 b/lib/sql/find.php3
index f3b0c94..a4a700a 100644
--- a/lib/sql/find.php3
+++ b/lib/sql/find.php3
@@ -8,6 +8,9 @@ else{
 
 $link = @da_sql_pconnect($config);
 if ($link){
+	$search = da_sql_escape_string($search);
+	if (!is_int($max_results))
+		$max_results = 10;
 	if (($search_IN == 'name' || $search_IN == 'ou') && $config[sql_use_user_info_table] == 'true'){
 		$attr = ($search_IN == 'name') ? 'name' : 'department';
 		$res = @da_sql_query($link,$config,
diff --git a/lib/sql/functions.php3 b/lib/sql/functions.php3
index 2691528..98fdc66 100644
--- a/lib/sql/functions.php3
+++ b/lib/sql/functions.php3
@@ -16,6 +16,7 @@ function connect2db($config)
 function get_user_info($link,$user,$config)
 {
 	if ($link && $config[sql_use_user_info_table] == 'true'){
+		$user = da_sql_escape_string($user);
 		$res=@da_sql_query($link,$config,
 		"SELECT name FROM $config[sql_user_info_table] WHERE username = '$user';");
 		if ($res){
diff --git a/lib/sql/group_admin.php3 b/lib/sql/group_admin.php3
index d7b3516..6eecd65 100644
--- a/lib/sql/group_admin.php3
+++ b/lib/sql/group_admin.php3
@@ -9,6 +9,7 @@ $link = @da_sql_pconnect($config);
 if ($link){
 	if (isset($del_members)){
 		foreach ($del_members as $del){
+			$del = da_sql_escape_string($del);
 			$res = @da_sql_query($link,$config,
 			"DELETE FROM $config[sql_usergroup_table] WHERE username = '$del' AND groupname = '$login';");
 			if (!$res)
@@ -19,6 +20,7 @@ if ($link){
 		$Members = preg_split("/[\n\s]+/",$new_members,-1,PREG_SPLIT_NO_EMPTY);
 		if (!empty($Members)){
 			foreach ($Members as $new_member){
+				$new_member = da_sql_escape_string($new_member);
 				$res = @da_sql_query($link,$config,
 				"SELECT username FROM $config[sql_usergroup_table] WHERE
 				username = '$new_member' AND groupname = '$login';");