Skip to content

Commit 28baec7

Browse files
ywarnierywarnier
committed
Remove Database::escape_string() without quotes to avoid SQL injections - partial - refs #7440
1 parent f6b9a55 commit 28baec7

37 files changed

+206
-198
lines changed

main/inc/lib/fckeditor/fcktemplates.xml.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -219,7 +219,7 @@ function load_personal_templates($user_id = 0) {
219219
$sql = "SELECT template.id, template.title, template.description, template.image, template.ref_doc, document.path
220220
FROM ".$table_template." template, ".$table_document." document
221221
WHERE
222-
user_id='".Database::escape_string($user_id)."' AND
222+
user_id='".intval($user_id)."' AND
223223
course_code='".Database::escape_string(api_get_course_id())."' AND
224224
document.c_id = $course_id AND
225225
document.id = template.ref_doc";

main/inc/lib/groupmanager.lib.php

Lines changed: 18 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -611,7 +611,7 @@ public static function set_group_properties(
611611
max_student = '".Database::escape_string($maximum_number_of_students)."',
612612
self_registration_allowed = '".Database::escape_string($self_registration_allowed)."',
613613
self_unregistration_allowed = '".Database::escape_string($self_unregistration_allowed)."',
614-
category_id = '".Database::escape_string($categoryId)."'
614+
category_id = ".intval($categoryId)."
615615
WHERE c_id = $course_id AND id=".$group_id;
616616
$result = Database::query($sql);
617617

@@ -895,7 +895,7 @@ public static function update_category(
895895
groups_per_user = '".Database::escape_string($groups_per_user)."',
896896
self_reg_allowed = '".Database::escape_string($self_registration_allowed)."',
897897
self_unreg_allowed = '".Database::escape_string($self_unregistration_allowed)."',
898-
max_student = ".Database::escape_string($maximum_number_of_students)."
898+
max_student = ".intval($maximum_number_of_students)."
899899
WHERE c_id = $course_id AND id = $id";
900900

901901
Database::query($sql);
@@ -1015,8 +1015,8 @@ public static function get_users(
10151015
WHERE c_id = $courseId AND g.group_id = $group_id";
10161016

10171017
if (!empty($column) && !empty($direction)) {
1018-
$column = Database::escape_string($column);
1019-
$direction = Database::escape_string($direction);
1018+
$column = Database::escape_string($column, null, false);
1019+
$direction = ($direction == 'ASC' ? 'ASC' : 'DESC');
10201020
$sql .= " ORDER BY $column $direction";
10211021
}
10221022

@@ -1306,8 +1306,8 @@ public static function user_in_number_of_groups($user_id, $cat_id = null)
13061306
{
13071307
$table_group_user = Database :: get_course_table(TABLE_GROUP_USER);
13081308
$table_group = Database :: get_course_table(TABLE_GROUP);
1309-
$user_id = Database::escape_string($user_id);
1310-
$cat_id = Database::escape_string($cat_id);
1309+
$user_id = intval($user_id);
1310+
$cat_id = intval($cat_id);
13111311

13121312
$course_id = api_get_course_int_id();
13131313
$cat_condition = '';
@@ -1365,7 +1365,7 @@ public static function is_self_unregistration_allowed($user_id, $group_id)
13651365
return false;
13661366
}
13671367
$table_group = Database :: get_course_table(TABLE_GROUP);
1368-
$group_id = Database::escape_string($group_id);
1368+
$group_id = intval($group_id);
13691369
$course_id = api_get_course_int_id();
13701370
$db_result = Database::query(
13711371
'SELECT self_unregistration_allowed
@@ -1389,8 +1389,8 @@ public static function is_subscribed($user_id, $group_id)
13891389
return false;
13901390
}
13911391
$table_group_user = Database :: get_course_table(TABLE_GROUP_USER);
1392-
$group_id = Database::escape_string($group_id);
1393-
$user_id = Database::escape_string($user_id);
1392+
$group_id = intval($group_id);
1393+
$user_id = intval($user_id);
13941394
$course_id = api_get_course_int_id();
13951395
$sql = 'SELECT 1 FROM '.$table_group_user.'
13961396
WHERE
@@ -1499,7 +1499,7 @@ public static function get_subscribed_tutors($group_id, $id_only = false)
14991499
$order_clause = " ORDER BY u.official_code, u.firstname, u.lastname";
15001500
}
15011501

1502-
$group_id = Database::escape_string($group_id);
1502+
$group_id = intval($group_id);
15031503
$course_id = api_get_course_int_id();
15041504

15051505
$sql = "SELECT tg.id, u.user_id, u.lastname, u.firstname, u.email
@@ -1538,8 +1538,8 @@ public static function subscribe_users($user_ids, $group_id)
15381538
if (!empty($user_ids)) {
15391539
foreach ($user_ids as $user_id) {
15401540
if (self::can_user_subscribe($user_id, $group_id)) {
1541-
$user_id = Database::escape_string($user_id);
1542-
$group_id = Database::escape_string($group_id);
1541+
$user_id = intval($user_id);
1542+
$group_id = intval($group_id);
15431543
$sql = "INSERT INTO ".$table_group_user." (c_id, user_id, group_id)
15441544
VALUES ('$course_id', '".$user_id."', '".$group_id."')";
15451545
$result &= Database::query($sql);
@@ -1565,8 +1565,8 @@ public static function subscribe_tutors($user_ids, $group_id)
15651565
$table_group_tutor = Database :: get_course_table(TABLE_GROUP_TUTOR);
15661566

15671567
foreach ($user_ids as $user_id) {
1568-
$user_id = Database::escape_string($user_id);
1569-
$group_id = Database::escape_string($group_id);
1568+
$user_id = intval($user_id);
1569+
$group_id = intval($group_id);
15701570
$sql = "INSERT INTO ".$table_group_tutor." (c_id, user_id, group_id)
15711571
VALUES ('$course_id', '".$user_id."', '".$group_id."')";
15721572
$result &= Database::query($sql);
@@ -1584,7 +1584,7 @@ public static function unsubscribe_users($user_ids, $group_id)
15841584
{
15851585
$user_ids = is_array($user_ids) ? $user_ids : array ($user_ids);
15861586
$table_group_user = Database :: get_course_table(TABLE_GROUP_USER);
1587-
$group_id = Database::escape_string($group_id);
1587+
$group_id = intval($group_id);
15881588
$course_id = api_get_course_int_id();
15891589
$sql = 'DELETE FROM '.$table_group_user.'
15901590
WHERE c_id = '.$course_id.' AND group_id = '.$group_id.' AND user_id IN ('.implode(',', $user_ids).')';
@@ -1654,8 +1654,8 @@ public static function unsubscribe_all_tutors($group_ids)
16541654
public static function is_tutor_of_group($user_id, $group_id)
16551655
{
16561656
$table_group_tutor = Database :: get_course_table(TABLE_GROUP_TUTOR);
1657-
$user_id = Database::escape_string($user_id);
1658-
$group_id = Database::escape_string($group_id);
1657+
$user_id = intval($user_id);
1658+
$group_id = intval($group_id);
16591659
$course_id = api_get_course_int_id();
16601660

16611661
$sql = "SELECT * FROM ".$table_group_tutor."
@@ -1724,7 +1724,7 @@ public static function get_all_tutors()
17241724
public static function is_tutor($user_id)
17251725
{
17261726
$course_user_table = Database::get_main_table(TABLE_MAIN_COURSE_USER);
1727-
$user_id = Database::escape_string($user_id);
1727+
$user_id = intval($user_id);
17281728

17291729
$sql = "SELECT tutor_id FROM ".$course_user_table."
17301730
WHERE user_id = '".$user_id."' AND c_id ='".api_get_course_int_id()."'"."AND tutor_id=1";

main/inc/lib/legal.lib.php

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -35,11 +35,11 @@ public static function add($language, $content, $type, $changes)
3535
$version = intval(LegalManager::get_last_condition_version($language));
3636
$version++;
3737
$sql = "INSERT INTO $legal_table SET
38-
language_id = '".Database::escape_string($language)."',
38+
language_id = '".$language."',
3939
content = '".$content."',
4040
changes= '".$changes."',
4141
type = '".$type."',
42-
version = '".Database::escape_string($version)."',
42+
version = '".intval($version)."',
4343
date = '".$time."'";
4444
Database::query($sql);
4545

@@ -256,8 +256,8 @@ public static function count()
256256
public static function get_type_of_terms_and_conditions($legal_id,$language_id)
257257
{
258258
$legal_conditions_table = Database::get_main_table(TABLE_MAIN_LEGAL);
259-
$legal_id=Database::escape_string($legal_id);
260-
$language_id=Database::escape_string($language_id);
259+
$legal_id = intval($legal_id);
260+
$language_id = Database::escape_string($language_id);
261261
$sql = 'SELECT type FROM '.$legal_conditions_table.' WHERE legal_id="'.$legal_id.'" AND language_id="'.$language_id.'"';
262262
$rs = Database::query($sql);
263263

main/inc/lib/lp_item.lib.php

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -39,8 +39,8 @@ public function __construct($in_c_id=0, $in_id=0)
3939
$item_view_table = Database::get_course_table(TABLE_LP_ITEM);
4040
$sql = "SELECT * FROM $item_view_table
4141
WHERE
42-
c_id=".Database::escape_string($in_c_id)." AND
43-
id=".Database::escape_string($in_id);
42+
c_id=".intval($in_c_id)." AND
43+
id=".intval($in_id);
4444

4545
$res = Database::query($sql);
4646
$data = Database::fetch_array($res);
@@ -79,7 +79,7 @@ public function update_in_bdd()
7979
$item_view_table = Database::get_course_table(TABLE_LP_ITEM);
8080
if ($this->c_id > 0 && $this->id > 0) {
8181
$sql = "UPDATE $item_view_table SET
82-
lp_id = '".Database::escape_string($this->lp_id)."' ,
82+
lp_id = '".intval($this->lp_id)."' ,
8383
item_type = '".Database::escape_string($this->item_type)."' ,
8484
ref = '".Database::escape_string($this->ref)."' ,
8585
title = '".Database::escape_string($this->title)."' ,

main/inc/lib/main_api.lib.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3650,7 +3650,7 @@ function api_get_item_property_id($course_code, $tool, $ref)
36503650
*/
36513651
function api_track_item_property_update($tool, $ref, $title, $content, $progress)
36523652
{
3653-
$tbl_stats_item_property = Database::get_statistic_table(TABLE_STATISTIC_TRACK_E_ITEM_PROPERTY);
3653+
$tbl_stats_item_property = Database::get_main_table(TABLE_STATISTIC_TRACK_E_ITEM_PROPERTY);
36543654
$course_id = api_get_real_course_id(); //numeric
36553655
$course_code = api_get_course_id(); //alphanumeric
36563656
$item_property_id = api_get_item_property_id($course_code, $tool, $ref);

main/inc/lib/message.lib.php

Lines changed: 8 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -445,7 +445,7 @@ public static function delete_message_by_user_receiver($user_receiver_id, $id)
445445
if ($id != strval(intval($id)))
446446
return false;
447447
$user_receiver_id = intval($user_receiver_id);
448-
$id = Database::escape_string($id);
448+
$id = intval($id);
449449
$sql = "SELECT * FROM $table_message WHERE id=".$id." AND msg_status<>4;";
450450
$rs = Database::query($sql);
451451

@@ -763,14 +763,15 @@ public static function exist_message($user_id, $id)
763763
$table_message = Database::get_main_table(TABLE_MESSAGE);
764764
$query = "SELECT id FROM $table_message
765765
WHERE
766-
user_receiver_id=".Database::escape_string($user_id)." AND
767-
id='".Database::escape_string($id)."'";
766+
user_receiver_id = ".intval($user_id)." AND
767+
id = '".intval($id)."'";
768768
$result = Database::query($query);
769769
$num = Database::num_rows($result);
770-
if ($num > 0)
770+
if ($num > 0) {
771771
return true;
772-
else
772+
} else {
773773
return false;
774+
}
774775
}
775776

776777
/**
@@ -973,8 +974,8 @@ public static function show_message_box_sent()
973974
$query = "SELECT * FROM $table_message
974975
WHERE
975976
user_sender_id=".api_get_user_id()." AND
976-
id=".intval(Database::escape_string($_GET['id_send']))." AND
977-
msg_status=4;";
977+
id=".intval($_GET['id_send'])." AND
978+
msg_status = 4;";
978979
$result = Database::query($query);
979980
$message_id = intval($_GET['id_send']);
980981
}

main/inc/lib/notebook.lib.php

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -59,7 +59,7 @@ static function save_note($values)
5959
$course_id,
6060
'" . api_get_user_id() . "',
6161
'" . Database::escape_string(api_get_course_id()) . "',
62-
'" . Database::escape_string($_SESSION['id_session']) . "',
62+
'" . intval($_SESSION['id_session']) . "',
6363
'" . Database::escape_string($values['note_title']) . "',
6464
'" . Database::escape_string($values['note_comment']) . "',
6565
'" . Database::escape_string(date('Y-m-d H:i:s')) . "',
@@ -119,7 +119,7 @@ static function update_note($values) {
119119
$sql = "UPDATE $t_notebook SET
120120
user_id = '" . api_get_user_id() . "',
121121
course = '" . Database::escape_string(api_get_course_id()) . "',
122-
session_id = '" . Database::escape_string($_SESSION['id_session']) . "',
122+
session_id = '" . intval($_SESSION['id_session']) . "',
123123
title = '" . Database::escape_string($values['note_title']) . "',
124124
description = '" . Database::escape_string($values['note_comment']) . "',
125125
update_date = '" . Database::escape_string(date('Y-m-d H:i:s')) . "'

main/inc/lib/online.inc.php

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -393,7 +393,7 @@ function who_is_online_in_this_course($from, $number_of_items, $uid, $time_limit
393393

394394
$online_time = time() - $time_limit*60;
395395
$current_date = api_get_utc_datetime($online_time);
396-
$track_online_table = Database::get_statistic_table(TABLE_STATISTIC_TRACK_E_ONLINE);
396+
$track_online_table = Database::get_main_table(TABLE_STATISTIC_TRACK_E_ONLINE);
397397
$course_code = Database::escape_string($course_code);
398398

399399
$from = intval($from);
@@ -424,7 +424,7 @@ function who_is_online_in_this_course($from, $number_of_items, $uid, $time_limit
424424

425425
function who_is_online_in_this_course_count($uid, $time_limit, $coursecode=null) {
426426
if(empty($coursecode)) return false;
427-
$track_online_table = Database::get_statistic_table(TABLE_STATISTIC_TRACK_E_ONLINE);
427+
$track_online_table = Database::get_main_table(TABLE_STATISTIC_TRACK_E_ONLINE);
428428
$coursecode = Database::escape_string($coursecode);
429429
$time_limit = Database::escape_string($time_limit);
430430

@@ -451,7 +451,7 @@ function who_is_online_in_this_course_count($uid, $time_limit, $coursecode=null)
451451
*/
452452
function GetFullUserName($uid) {
453453
$uid = (int) $uid;
454-
$uid = Database::escape_string($uid);
454+
$uid = intval($uid);
455455
$user_table = Database::get_main_table(TABLE_MAIN_USER);
456456
$query = "SELECT firstname, lastname FROM ".$user_table." WHERE user_id='$uid'";
457457
$result = @Database::query($query);

main/inc/lib/search/tool_processors/document_processor.class.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -75,7 +75,7 @@ private function get_information($course_id, $doc_id) {
7575
$item_property_table = Database::get_course_table(TABLE_ITEM_PROPERTY);
7676
$doc_table = Database::get_course_table(TABLE_DOCUMENT);
7777

78-
$doc_id = Database::escape_string($doc_id);
78+
$doc_id = intval($doc_id);
7979
$sql = "SELECT * FROM $doc_table
8080
WHERE $doc_table.id = $doc_id AND c_id = $course_id
8181
LIMIT 1";

main/inc/lib/search/tool_processors/learnpath_processor.class.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -98,7 +98,7 @@ private function get_information($course_id, $lp_id, $has_document_id = TRUE) {
9898
$lp_table = Database::get_course_table(TABLE_LP_MAIN);
9999
$doc_table = Database::get_course_table(TABLE_DOCUMENT);
100100

101-
$lp_id = Database::escape_string($lp_id);
101+
$lp_id = intval($lp_id);
102102

103103
if ($has_document_id) {
104104
$sql = "SELECT $lpi_table.id, $lp_table.name, $lp_table.author, $doc_table.path

0 commit comments

Comments
 (0)