Mercurial Mercurial > repos > enano-1.1 / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
includes/dbal.php
changeset 128 01955bf53f96
parent 91 8079b0288e8e
child 142 ca9118d9c0f2
equal deleted inserted replaced
127:a2b20a832447 128:01955bf53f96 
   194     $sz = strlen($q);
 
   194     $sz = strlen($q);
 
   195     $quotechar = false;
 
   195     $quotechar = false;
 
   196     $quotepos  = 0;
 
   196     $quotepos  = 0;
 
   197     $prev_is_quote = false;
 
   197     $prev_is_quote = false;
 
   198     $just_started = false;
 
   198     $just_started = false;
 
   199     for($i=0;$i<strlen($q);$i++,$c=substr($q, $i, 1))
 
   199     for ( $i = 0; $i < strlen($q); $i++, $c = substr($q, $i, 1) )
 
   200     {
 
   200     {
 
   201       $next = substr($q, $i+1, 1);
 
   201       $next = substr($q, $i+1, 1);
 
   202       $next2 = substr($q, $i+2, 1);
 
   202       $next2 = substr($q, $i+2, 1);
 
   203       $prev = substr($q, $i-1, 1);
 
   203       $prev = substr($q, $i-1, 1);
 
   204       $prev2 = substr($q, $i-2, 1);
 
   204       $prev2 = substr($q, $i-2, 1);
 
   205       if(isset($c) && in_array($c, Array('"', "'", '`')))
 
   205       if(isset($c) && in_array($c, Array('"', "'", '`')))
 
   206       {
 
   206       {
 
   207         if($quotechar)
 
   207         if($quotechar)
 
   208         {
 
   208         {
 
   209           if(
 
   209           if (
 
   210               ( $quotechar == $c && $quotechar != $next && ( $quotechar != $prev || $just_entered ) && $prev != '\\') ||
 
   210               ( $quotechar == $c && $quotechar != $next && ( $quotechar != $prev || $just_started ) && $prev != '\\') ||
 
   211               ( $prev2 == '\\' && $prev == $quotechar && $quotechar == $c )
 
   211               ( $prev2 == '\\' && $prev == $quotechar && $quotechar == $c )
 
   212             )
 
   212             )
 
   213           {
 
   213           {
 
   214             $quotechar = false;
 
   214             $quotechar = false;
 
   215             if($debug) echo('$db-&gt;check_query(): just finishing a quote section, quoted string: '.htmlspecialchars(substr($q, $quotepos, $i - $quotepos + 1)) . '<br />');
 
   215             if($debug) echo('$db-&gt;check_query(): just finishing a quote section, quoted string: '.htmlspecialchars(substr($q, $quotepos, $i - $quotepos + 1)) . '<br />');
 
   220         }
 
   220         }
 
   221         else
 
   221         else
 
   222         {
 
   222         {
 
   223           $quotechar = $c;
 
   223           $quotechar = $c;
 
   224           $quotepos  = $i;
 
   224           $quotepos  = $i;
 
   225           $just_entered = true;
 
   225           $just_started = true;
 
   226         }
 
   226         }
 
   227         if($debug) echo '$db-&gt;check_query(): found quote char as pos: '.$i.'<br />';
 
   227         if($debug) echo '$db-&gt;check_query(): found quote char as pos: '.$i.'<br />';
 
   228         continue;
 
   228         continue;
 
   229       }
 
   229       }
 
   230       $just_entered = false;
 
   230       $just_started = false;
 
   231     }
 
   231     }
 
   232     if(substr(trim($q), strlen(trim($q))-1, 1) == ';') $q = substr(trim($q), 0, strlen(trim($q))-1);
 
   232     if(substr(trim($q), strlen(trim($q))-1, 1) == ';') $q = substr(trim($q), 0, strlen(trim($q))-1);
 
   233     for($i=0;$i<strlen($q);$i++,$c=substr($q, $i, 1))
 
   233     for($i=0;$i<strlen($q);$i++,$c=substr($q, $i, 1))
 
   234     {
 
   234     {
 
   235       if( ( $c == ';' && $i != $sz-1 ) || $c . substr($q, $i+1, 1) == '--') // Don't permit semicolons in mid-query, and never allow comments
 
   235       if ( 
       
   236            ( ( $c == ';' && $i != $sz-1 ) || $c . substr($q, $i+1, 1) == '--' )
 
       
   237         || ( in_array($c, Array('"', "'", '`')) )
 
       
   238          ) // Don't permit semicolons in mid-query, and never allow comments
 
   236       {
 
   239       {
 
   237         // Injection attempt!
 
   240         // Injection attempt!
 
   238         if($debug)
 
   241         if($debug)
 
   239         {
 
   242         {
 
   240           $e = '';
 
   243           $e = '';
 
   245           }
 
   248           }
 
   246           echo 'Injection attempt caught at pos: '.$i.'<br />';
 
   249           echo 'Injection attempt caught at pos: '.$i.'<br />';
 
   247         }
 
   250         }
 
   248         return false;
 
   251         return false;
 
   249       }
 
   252       }
 
       
   253     }
 
       
   254     if ( preg_match('/[\s]+(SAFE_QUOTE|[\S]+)=\\1($|[\s]+)/', $q, $match) )
 
       
   255     {
 
       
   256       if ( $debug ) echo 'Found always-true test in query, injection attempt caught, match:<br />' . '<pre>' . print_r($match, true) . '</pre>';
 
       
   257       return false;
 
   250     }
 
   258     }
 
   251     return true;
 
   259     return true;
 
   252   }
 
   260   }
 
   253   
   261   
   254   /**
 
   262   /**
Enano CMS (1.1.x)