Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
I
ISPConfig 3
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Service Desk
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Operations
Operations
Incidents
Environments
Packages & Registries
Packages & Registries
Container Registry
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Massimiliano
ISPConfig 3
Commits
629a8ddf
Commit
629a8ddf
authored
Aug 08, 2018
by
Jesse Norell
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
add db::securityScan()
parent
2c915aec
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
53 additions
and
1 deletion
+53
-1
server/lib/classes/db_mysql.inc.php
server/lib/classes/db_mysql.inc.php
+53
-1
No files found.
server/lib/classes/db_mysql.inc.php
View file @
629a8ddf
...
...
@@ -187,6 +187,58 @@ class db
mysqli_query
(
$this
->
_iConnId
,
"SET character_set_results = '"
.
$this
->
dbCharset
.
"', character_set_client = '"
.
$this
->
dbCharset
.
"', character_set_connection = '"
.
$this
->
dbCharset
.
"', character_set_database = '"
.
$this
->
dbCharset
.
"', character_set_server = '"
.
$this
->
dbCharset
.
"'"
);
}
private
function
securityScan
(
$string
)
{
global
$app
,
$conf
;
// get security config
if
(
isset
(
$app
))
{
$app
->
uses
(
'getconf'
);
$ids_config
=
$app
->
getconf
->
get_security_config
(
'ids'
);
if
(
$ids_config
[
'sql_scan_enabled'
]
==
'yes'
)
{
// Remove whitespace
$string
=
trim
(
$string
);
if
(
substr
(
$string
,
-
1
)
==
';'
)
$string
=
substr
(
$string
,
0
,
-
1
);
// Save original string
$string_orig
=
$string
;
//echo $string;
$chars
=
array
(
';'
,
'#'
,
'/*'
,
'*/'
,
'--'
,
'\\\''
,
'\\"'
);
$string
=
str_replace
(
'\\\\'
,
''
,
$string
);
$string
=
preg_replace
(
'/(^|[^\\\])([\'"])\\2/is'
,
'$1'
,
$string
);
$string
=
preg_replace
(
'/(^|[^\\\])([\'"])(.*?[^\\\])\\2/is'
,
'$1'
,
$string
);
$ok
=
true
;
if
(
substr_count
(
$string
,
"`"
)
%
2
!=
0
||
substr_count
(
$string
,
"'"
)
%
2
!=
0
||
substr_count
(
$string
,
'"'
)
%
2
!=
0
)
{
$app
->
log
(
"SQL injection warning ("
.
$string_orig
.
")"
,
2
);
$ok
=
false
;
}
else
{
foreach
(
$chars
as
$char
)
{
if
(
strpos
(
$string
,
$char
)
!==
false
)
{
$ok
=
false
;
$app
->
log
(
"SQL injection warning ("
.
$string_orig
.
")"
,
2
);
break
;
}
}
}
if
(
$ok
==
true
)
{
return
true
;
}
else
{
if
(
$ids_config
[
'sql_scan_action'
]
==
'warn'
)
{
// we return false in warning level.
return
false
;
}
else
{
// if sql action = 'block' or anything else then stop here.
$app
->
error
(
'Possible SQL injection. All actions have been logged.'
);
}
}
}
}
}
private
function
_query
(
$sQuery
=
''
)
{
global
$app
;
...
...
@@ -227,7 +279,7 @@ class db
$aArgs
=
func_get_args
();
$sQuery
=
call_user_func_array
(
array
(
&
$this
,
'_build_query_string'
),
$aArgs
);
$this
->
securityScan
(
$sQuery
);
$this
->
_iQueryId
=
mysqli_query
(
$this
->
_iConnId
,
$sQuery
);
if
(
!
$this
->
_iQueryId
)
{
$this
->
_sqlerror
(
'Falsche Anfrage / Wrong Query'
,
'SQL-Query = '
.
$sQuery
);
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
