Skip to content
This repository was archived by the owner on Sep 19, 2022. It is now read-only.

Commit e56b937

Browse files
vyskocilpavelvyskocilpavel
authored
Merge pull request #19 from melanger/fixSQLinjection
fix SQL injection vulnerabilities
2 parents 3e94135 + 895456e commit e56b937

File tree

2 files changed

+31
-17
lines changed

2 files changed

+31
-17
lines changed

CHANGELOG.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,7 @@ All notable changes to this project will be documented in this file.
77

88
#### Fixed
99
- Fixed the syntax of CHANGELOG
10+
- Fixed SQL injection vulnerability
1011

1112
## [v3.0.0]
1213
#### Added

lib/Auth/Process/DatabaseCommand.php

Lines changed: 30 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -74,8 +74,9 @@ public static function getSpNameBySpIdentifier($identifier)
7474
$stmt = $conn->prepare(
7575
"SELECT name " .
7676
"FROM " . $tableName . " " .
77-
"WHERE identifier='" . $identifier . "'"
77+
"WHERE identifier=?"
7878
);
79+
$stmt->bind_param('s', $identifier);
7980
$stmt->execute();
8081
$result = $stmt->get_result();
8182
$conn->close();
@@ -91,8 +92,9 @@ public static function getIdPNameByEntityId($idpEntityId)
9192
$stmt = $conn->prepare(
9293
"SELECT name " .
9394
"FROM " . $tableName . " " .
94-
"WHERE entityId='" . $idpEntityId . "'"
95+
"WHERE entityId=?"
9596
);
97+
$stmt->bind_param('s', $idpEntityId);
9698
$stmt->execute();
9799
$result = $stmt->get_result();
98100
$conn->close();
@@ -118,9 +120,10 @@ public static function getLoginCountPerDay($days)
118120
"FROM " . $table_name . " " .
119121
"WHERE service != '' AND " .
120122
"CONCAT(year,'-',LPAD(month,2,'00'),'-',LPAD(day,2,'00')) " .
121-
"BETWEEN CURDATE() - INTERVAL " . $days . " DAY AND CURDATE()" .
123+
"BETWEEN CURDATE() - INTERVAL ? DAY AND CURDATE()" .
122124
"GROUP BY year DESC,month DESC,day DESC"
123125
);
126+
$stmt->bind_param('d', $days);
124127
}
125128
$stmt->execute();
126129
$result = $stmt->get_result();
@@ -145,18 +148,20 @@ public static function getLoginCountPerDayForService($days, $spIdentifier)
145148
$stmt = $conn->prepare(
146149
"SELECT year, month, day, SUM(count) AS count " .
147150
"FROM " . $table_name . " " .
148-
"WHERE service='" . $spIdentifier . "' " .
151+
"WHERE service=? " .
149152
"GROUP BY year DESC,month DESC,day DESC"
150153
);
154+
$stmt->bind_param('s', $spIdentifier);
151155
} else {
152156
$stmt = $conn->prepare(
153157
"SELECT year, month, day, SUM(count) AS count " .
154158
"FROM " . $table_name . " " .
155-
"WHERE service='" . $spIdentifier . "' " .
159+
"WHERE service=? " .
156160
"AND CONCAT(year,'-',LPAD(month,2,'00'),'-',LPAD(day,2,'00')) " .
157-
"BETWEEN CURDATE() - INTERVAL " . $days . " DAY AND CURDATE() " .
161+
"BETWEEN CURDATE() - INTERVAL ? DAY AND CURDATE() " .
158162
"GROUP BY year DESC,month DESC,day DESC"
159163
);
164+
$stmt->bind_param('sd', $spIdentifier, $days);
160165
}
161166
$stmt->execute();
162167
$result = $stmt->get_result();
@@ -181,18 +186,20 @@ public static function getLoginCountPerDayForIdp($days, $idpIdentifier)
181186
$stmt = $conn->prepare(
182187
"SELECT year, month, day, SUM(count) AS count " .
183188
"FROM " . $table_name . " " .
184-
"WHERE sourceIdP='" . $idpIdentifier . "' " .
189+
"WHERE sourceIdP=? " .
185190
"GROUP BY year DESC,month DESC,day DESC"
186191
);
192+
$stmt->bind_param('s', $idpIdentifier);
187193
} else {
188194
$stmt = $conn->prepare(
189195
"SELECT year, month, day, SUM(count) AS count " .
190196
"FROM " . $table_name . " " .
191-
"WHERE sourceIdP='" . $idpIdentifier . "' " .
197+
"WHERE sourceIdP=? " .
192198
"AND CONCAT(year,'-',LPAD(month,2,'00'),'-',LPAD(day,2,'00')) " .
193-
"BETWEEN CURDATE() - INTERVAL " . $days . " DAY AND CURDATE() " .
199+
"BETWEEN CURDATE() - INTERVAL ? DAY AND CURDATE() " .
194200
"GROUP BY year DESC,month DESC,day DESC"
195201
);
202+
$stmt->bind_param('sd', $idpIdentifier, $days);
196203
}
197204
$stmt->execute();
198205
$result = $stmt->get_result();
@@ -228,10 +235,11 @@ public static function getAccessCountPerService($days)
228235
"FROM " . $table_name . " " .
229236
"LEFT OUTER JOIN " . $serviceProvidersMapTableName . " ON service = identifier " .
230237
"WHERE CONCAT(year,'-',LPAD(month,2,'00'),'-',LPAD(day,2,'00')) " .
231-
"BETWEEN CURDATE() - INTERVAL " . $days . " DAY AND CURDATE() " .
238+
"BETWEEN CURDATE() - INTERVAL ? DAY AND CURDATE() " .
232239
"GROUP BY service HAVING service != '' " .
233240
"ORDER BY count DESC"
234241
);
242+
$stmt->bind_param('d', $days);
235243
}
236244
$stmt->execute();
237245
$result = $stmt->get_result();
@@ -261,19 +269,21 @@ public static function getAccessCountForServicePerIdentityProviders($days, $spId
261269
"SELECT sourceIdp, service, IFNULL(name,sourceIdp) AS idpName, SUM(count) AS count " .
262270
"FROM " . $table_name . " " .
263271
"LEFT OUTER JOIN " . $identityProvidersMapTableName . " ON sourceIdp = entityId " .
264-
"GROUP BY sourceIdp, service HAVING sourceIdp != '' AND service = '" . $spIdentifier . "' " .
272+
"GROUP BY sourceIdp, service HAVING sourceIdp != '' AND service=? " .
265273
"ORDER BY count DESC"
266274
);
275+
$stmt->bind_param('s', $spIdentifier);
267276
} else {
268277
$stmt = $conn->prepare(
269278
"SELECT year, month, day, sourceIdp, service, IFNULL(name,sourceIdp) AS idpName, SUM(count) AS count " .
270279
"FROM " . $table_name . " " .
271280
"LEFT OUTER JOIN " . $identityProvidersMapTableName . " ON sourceIdp = entityId " .
272281
"WHERE CONCAT(year,'-',LPAD(month,2,'00'),'-',LPAD(day,2,'00')) " .
273-
"BETWEEN CURDATE() - INTERVAL " . $days . " DAY AND CURDATE() " .
274-
"GROUP BY sourceIdp, service HAVING sourceIdp != '' AND service = '" . $spIdentifier . "' " .
282+
"BETWEEN CURDATE() - INTERVAL ? DAY AND CURDATE() " .
283+
"GROUP BY sourceIdp, service HAVING sourceIdp != '' AND service=? " .
275284
"ORDER BY count DESC"
276285
);
286+
$stmt->bind_param('ds', $days, $spIdentifier);
277287
}
278288
$stmt->execute();
279289
$result = $stmt->get_result();
@@ -295,19 +305,21 @@ public static function getAccessCountForIdentityProviderPerServiceProviders($day
295305
"SELECT sourceIdp, service, IFNULL(name,service) AS spName, SUM(count) AS count " .
296306
"FROM " . $table_name . " " .
297307
"LEFT OUTER JOIN " . $serviceProvidersMapTableName . " ON service = identifier " .
298-
"GROUP BY sourceIdp, service HAVING service != '' AND sourceIdp = '" . $idpEntityId . "' " .
308+
"GROUP BY sourceIdp, service HAVING service != '' AND sourceIdp=? " .
299309
"ORDER BY count DESC"
300310
);
311+
$stmt->bind_param('s', $idpEntityId);
301312
} else {
302313
$stmt = $conn->prepare(
303314
"SELECT year, month, day, sourceIdp, service, IFNULL(name,service) AS spName, SUM(count) AS count " .
304315
"FROM " . $table_name . " " .
305316
"LEFT OUTER JOIN " . $serviceProvidersMapTableName . " ON service = identifier " .
306317
"WHERE CONCAT(year,'-',LPAD(month,2,'00'),'-',LPAD(day,2,'00')) " .
307-
"BETWEEN CURDATE() - INTERVAL " . $days . " DAY AND CURDATE() " .
308-
"GROUP BY sourceIdp, service HAVING service != '' AND sourceIdp = '" . $idpEntityId . "' " .
318+
"BETWEEN CURDATE() - INTERVAL ? DAY AND CURDATE() " .
319+
"GROUP BY sourceIdp, service HAVING service != '' AND sourceIdp=? " .
309320
"ORDER BY count DESC"
310321
);
322+
$stmt->bind_param('ds', $days, $idpEntityId);
311323
}
312324
$stmt->execute();
313325
$result = $stmt->get_result();
@@ -338,10 +350,11 @@ public static function getLoginCountPerIdp($days)
338350
"FROM " . $tableName . " " .
339351
"LEFT OUTER JOIN " . $identityProvidersMapTableName . " ON sourceIdp = entityId " .
340352
"WHERE CONCAT(year,'-',LPAD(month,2,'00'),'-',LPAD(day,2,'00')) " .
341-
"BETWEEN CURDATE() - INTERVAL " . $days . " DAY AND CURDATE() " .
353+
"BETWEEN CURDATE() - INTERVAL ? DAY AND CURDATE() " .
342354
"GROUP BY sourceIdp HAVING sourceIdp != '' " .
343355
"ORDER BY count DESC"
344356
);
357+
$stmt->bind_param('d', $days);
345358
}
346359
$stmt->execute();
347360
$result = $stmt->get_result();

0 commit comments

Comments
 (0)