may/1KA_F2F
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Popravek zaradi poskusa napada preko ankete id

Browse Source
This commit is contained in:
Robert 2022-09-22 15:41:34 +02:00
parent 08dc54807b
commit 6ed15ff745
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
function.php
View File

@ -604,6 +604,10 @@ function preveriTipHierarhije()
return false; return false;
} }
// User id mora biti številka in ne sme bit 0, anketa ne sme vsebovati presledkov, ker gre za sql injection drugače
if(!is_numeric($global_user_id) || $global_user_id < 1 || preg_match('/(\s)/', $anketa)){
return false;
}
$sql = sisplet_query("SELECT type FROM srv_hierarhija_users WHERE user_id='" . $global_user_id . "' AND anketa_id='" . $anketa . "'"); $sql = sisplet_query("SELECT type FROM srv_hierarhija_users WHERE user_id='" . $global_user_id . "' AND anketa_id='" . $anketa . "'");
@ -698,6 +702,11 @@ function getSurveyIdFromHash($hash){
$ank_id = null; $ank_id = null;
// hash ne sme vsebovati presledkov
if(preg_match('/(\s)/', $hash)){
return false;
}
$sql = sisplet_query("SELECT id FROM srv_anketa WHERE hash='".$hash."'"); $sql = sisplet_query("SELECT id FROM srv_anketa WHERE hash='".$hash."'");
if (mysqli_num_rows($sql) > 0) { if (mysqli_num_rows($sql) > 0) {
$row = mysqli_fetch_array($sql); $row = mysqli_fetch_array($sql);