diff options
author | Isaac Bennetch <bennetch@gmail.com> | 2020-10-09 06:06:08 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-10-09 06:06:08 +0300 |
commit | deb2dce644bef9fabb7fb8fd2a560df420f9dab9 (patch) | |
tree | 8419d1425b95dfa26739928e8a884d0ba8457a0c /libraries | |
parent | 89f552afb7670614e1f8ccce608b2d58211051ef (diff) | |
parent | d09ab9bc9d634ad08b866d42bb8c4109869d38d2 (diff) |
Merge pull request #319 from phpmyadmin/sec/318
Check where clause signature in TableSearchController
Diffstat (limited to 'libraries')
-rw-r--r-- | libraries/classes/Controllers/Table/TableSearchController.php | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/libraries/classes/Controllers/Table/TableSearchController.php b/libraries/classes/Controllers/Table/TableSearchController.php index 16ed3fe1fd..e9f1e48e05 100644 --- a/libraries/classes/Controllers/Table/TableSearchController.php +++ b/libraries/classes/Controllers/Table/TableSearchController.php @@ -8,6 +8,7 @@ namespace PhpMyAdmin\Controllers\Table; use PhpMyAdmin\Controllers\TableController; +use PhpMyAdmin\Core; use PhpMyAdmin\DatabaseInterface; use PhpMyAdmin\Relation; use PhpMyAdmin\Sql; @@ -345,13 +346,15 @@ class TableSearchController extends TableController ); //Append it to row array as where_clause $row['where_clause'] = $uniqueCondition[0]; + $row['where_clause_sign'] = Core::signSqlQuery($uniqueCondition[0]); $tmpData = array( $_POST['criteriaColumnNames'][0] => $row[$_POST['criteriaColumnNames'][0]], $_POST['criteriaColumnNames'][1] => $row[$_POST['criteriaColumnNames'][1]], - 'where_clause' => $uniqueCondition[0] + 'where_clause' => $uniqueCondition[0], + 'where_clause_sign' => Core::signSqlQuery($uniqueCondition[0]) ); $tmpData[$dataLabel] = ($dataLabel) ? $row[$dataLabel] : ''; $data[] = $tmpData; @@ -419,6 +422,10 @@ class TableSearchController extends TableController */ public function getDataRowAction() { + if (! Core::checkSqlQuerySignature($_POST['where_clause'], $_POST['where_clause_sign'])) { + return; + } + $extra_data = array(); $row_info_query = 'SELECT * FROM ' . Util::backquote($_POST['db']) . '.' . Util::backquote($_POST['table']) . ' WHERE ' . $_POST['where_clause']; |