Add int casting, fix "order by" queries

Author: jmontoyaa

main/admin/course_list.php

@@ -41,6 +41,13 @@ function get_course_data($from, $number_of_items, $column, $direction, $dataFunc
 {
     $addTeacherColumn = api_get_configuration_value('add_teachers_in_course_list');
     $table = Database::get_main_table(TABLE_MAIN_COURSE);
+    $from = (int) $from;
+    $number_of_items = (int) $number_of_items;
+    $column = (int) $column;
+
+    if (!in_array(strtolower($direction), ['asc', 'desc'])) {
+        $direction = 'desc';
+    }
 
     $teachers = '';
     if ($addTeacherColumn) {
@@ -250,6 +257,14 @@ function get_course_data_by_session($from, $number_of_items, $column, $direction
     $session_rel_course = Database::get_main_table(TABLE_MAIN_SESSION_COURSE);
     $session = Database::get_main_table(TABLE_MAIN_SESSION);
 
+    $from = (int) $from;
+    $number_of_items = (int) $number_of_items;
+    $column = (int) $column;
+
+    if (!in_array(strtolower($direction), ['asc', 'desc'])) {
+        $direction = 'desc';
+    }
+
     $sql = "SELECT
                 c.code AS col0,
                 c.title AS col1,

main/admin/course_list_admin.php

@@ -42,6 +42,14 @@ function get_course_data($from, $number_of_items, $column, $direction, $dataFunc
     $addTeacherColumn = true;
     $table = Database::get_main_table(TABLE_MAIN_COURSE);
 
+    $from = (int) $from;
+    $number_of_items = (int) $number_of_items;
+    $column = (int) $column;
+
+    if (!in_array(strtolower($direction), ['asc', 'desc'])) {
+        $direction = 'desc';
+    }
+
     $teachers = '';
     if ($addTeacherColumn) {
         $teachers = " GROUP_CONCAT(cu.user_id SEPARATOR ',') as col4, ";

main/admin/course_request_review.php

@@ -129,6 +129,11 @@ function get_request_data($from, $number_of_items, $column, $direction)
     global $keyword;
     $course_request_table = Database::get_main_table(TABLE_MAIN_COURSE_REQUEST);
 
+    $from = (int) $from;
+    $number_of_items = (int) $number_of_items;
+    $column = (int) $column;
+    $direction = !in_array(strtolower(trim($direction)), ['asc', 'desc']) ? 'asc' : $direction;
+
     if (DELETE_ACTION_ENABLED) {
         $sql = "SELECT id AS col0,
                    code AS col1,
@@ -177,7 +182,7 @@ function get_request_data($from, $number_of_items, $column, $direction)
 function email_filter($teacher)
 {
     $teacher = Database::escape_string($teacher);
-    $sql = "SELECT user_id FROM ".Database::get_main_table(TABLE_MAIN_COURSE_REQUEST)." 
+    $sql = "SELECT user_id FROM ".Database::get_main_table(TABLE_MAIN_COURSE_REQUEST)."
             WHERE tutor_name LIKE '".$teacher."'";
     $res = Database::query($sql);
     $info = Database::fetch_array($res);

main/admin/settings.lib.php

@@ -1279,6 +1279,11 @@ function getTemplateData($from, $number_of_items, $column, $direction)
     // Database table definition.
     $table_system_template = Database::get_main_table('system_template');
 
+    $from = (int) $from;
+    $number_of_items = (int) $number_of_items;
+    $column = (int) $column;
+    $direction = !in_array(strtolower(trim($direction)), ['asc', 'desc']) ? 'asc' : $direction;
+
     // The sql statement.
     $sql = "SELECT image as col0, title as col1, id as col2 FROM $table_system_template";
     $sql .= " ORDER BY col$column $direction ";

main/cron/lang/langstats.class.php

@@ -152,8 +152,10 @@ public function add_use($term, $term_file = '')
      */
     public function get_popular_terms($num = 1000)
     {
+        $num = (int) $num;
         $res = $this->db->query(
-            'SELECT * FROM lang_freq ORDER BY term_count DESC LIMIT '.$num
+            'SELECT * FROM lang_freq
+                  ORDER BY term_count DESC LIMIT '.$num
         );
         $list = [];
         while ($row = $res->fetchArray()) {

main/exercise/TestCategory.php

@@ -236,7 +236,7 @@ public static function getCategoryListInfo($field = '', $courseId = 0)
             $field = Database::escape_string($field);
             $sql = "SELECT $field FROM $table
                     WHERE c_id = $courseId
-                    ORDER BY $field ASC";
+                    ORDER BY `$field` ASC";
             $res = Database::query($sql);
             while ($row = Database::fetch_array($res)) {
                 $categories[] = $row[$field];

main/exercise/exercise.class.php

@@ -666,7 +666,7 @@ public function getQuestionListPagination(
             if (!empty($sidx) && !empty($sord)) {
                 if ('question' === $sidx) {
                     if (in_array(strtolower($sord), ['desc', 'asc'])) {
-                        $orderCondition = " ORDER BY q.$sidx $sord";
+                        $orderCondition = " ORDER BY `q.$sidx` $sord";
                     }
                 }
             }

main/forum/forumfunction.inc.php

@@ -6128,6 +6128,7 @@ function get_thread_user_post_limit($course_code, $thread_id, $user_id, $limit =
 
     $course_info = api_get_course_info($course_code);
     $course_id = $course_info['real_id'];
+    $limit = (int) $limit;
 
     $sql = "SELECT * FROM $table_posts posts
             LEFT JOIN  $table_users users
@@ -6136,7 +6137,8 @@ function get_thread_user_post_limit($course_code, $thread_id, $user_id, $limit =
                 posts.c_id = $course_id AND
                 posts.thread_id='".Database::escape_string($thread_id)."' AND
                 posts.poster_id='".Database::escape_string($user_id)."'
-            ORDER BY posts.post_id DESC LIMIT $limit ";
+            ORDER BY posts.post_id DESC
+            LIMIT $limit ";
     $result = Database::query($sql);
     $post_list = [];
     while ($row = Database::fetch_array($result)) {

main/group/group_space.php

@@ -424,6 +424,7 @@ function get_number_of_group_users()
  */
 function get_group_user_data($from, $number_of_items, $column, $direction)
 {
+    $direction = !in_array(strtolower(trim($direction)), ['asc', 'desc']) ? 'asc' : $direction;
     $groupInfo = GroupManager::get_group_properties(api_get_group_id());
     $course_id = api_get_course_int_id();
     $column = (int) $column;

main/inc/ajax/exercise.ajax.php

@@ -241,7 +241,7 @@
                     GROUP BY exe_user_id
                 ) as aa
                 ON aa.exe_user_id = user_id
-                ORDER BY $sidx $sord
+                ORDER BY `$sidx` $sord
                 LIMIT $start, $limit";
 
         $result = Database::query($sql);