From f50038ee776e5ef3c7f71081958e16b6176eed93 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Hannu=20Po=CC=88lo=CC=88nen?= Date: Wed, 21 Dec 2016 10:14:20 +0200 Subject: [PATCH] Escape table names & cast variables to int --- classes/helpers/config.php | 4 +-- classes/helpers/customer.php | 17 +++++------ classes/helpers/url.php | 2 +- classes/models/order.php | 54 +++++++++++++++++------------------ controllers/front/order.php | 3 +- controllers/front/product.php | 3 +- 6 files changed, 43 insertions(+), 40 deletions(-) diff --git a/classes/helpers/config.php b/classes/helpers/config.php index 75469ea4..ed310f0f 100644 --- a/classes/helpers/config.php +++ b/classes/helpers/config.php @@ -111,8 +111,8 @@ public function exists($name, $lang_id = null, $id_shop_group = null, $id_shop = */ public function purge() { - $config_table = _DB_PREFIX_ . 'configuration'; - $config_lang_table = $config_table . '_lang'; + $config_table = pSQL(_DB_PREFIX_ . 'configuration'); + $config_lang_table = pSQL($config_table . '_lang'); Db::getInstance()->execute( 'DELETE `' . $config_lang_table . '` FROM `' . $config_lang_table . '` diff --git a/classes/helpers/customer.php b/classes/helpers/customer.php index cf8b04c1..e564306c 100644 --- a/classes/helpers/customer.php +++ b/classes/helpers/customer.php @@ -41,7 +41,7 @@ class NostoTaggingHelperCustomer */ public static function getCustomerLinkTableName() { - return _DB_PREFIX_.self::TABLE_NAME_CUSTOMER_LINK; + return pSQL(_DB_PREFIX_.self::TABLE_NAME_CUSTOMER_LINK); } /** @@ -171,9 +171,9 @@ public function getNostoId(Order $order) public function getCustomerReference(Customer $customer) { $sql = sprintf( - 'SELECT `customer_reference` FROM `%s` WHERE `id_customer` = \'%s\'', + 'SELECT `customer_reference` FROM `%s` WHERE `id_customer` = \'%d\'', self::getCustomerReferenceTableName(), - $customer->id + (int)$customer->id ); return Db::getInstance()->getValue($sql); @@ -191,15 +191,16 @@ public function saveCustomerReference(Customer $customer, $reference) { $table = self::getCustomerReferenceTableName(); $customer_reference = pSQL($reference); + $customer_id = (int)$customer->id; $data = array( - 'id_customer' => $customer->id, + 'id_customer' => $customer_id, 'customer_reference' => $customer_reference ); $existing_id = Db::getInstance()->getRow( sprintf( - 'SELECT id_customer FROM `%s` WHERE id_customer = \'%s\'', + 'SELECT id_customer FROM `%s` WHERE id_customer = \'%d\'', $table, - $customer->id + $customer_id ) ); if (empty($existing_id)) { @@ -211,8 +212,8 @@ public function saveCustomerReference(Customer $customer, $reference) } else { unset($data['id_customer']); $where = sprintf( - 'id_customer=\'%s\'', - $customer->id + 'id_customer=\'%d\'', + $customer_id ); if (_PS_VERSION_ >= '1.5') { return Db::getInstance()->update($table, $data, $where, 0, false, true, false); diff --git a/classes/helpers/url.php b/classes/helpers/url.php index ada03c0a..7428f753 100644 --- a/classes/helpers/url.php +++ b/classes/helpers/url.php @@ -85,7 +85,7 @@ public function getPreviewUrlCategory($id_category = null, $id_lang = null) // Find a category that is active, not the root category and has a parent category. $sql = ' SELECT `id_category` - FROM `'._DB_PREFIX_.'category` + FROM `'.pSQL(_DB_PREFIX_).'category` WHERE `active` = 1 AND `id_parent` > 0 '; diff --git a/classes/models/order.php b/classes/models/order.php index 34c07f87..56e730c3 100644 --- a/classes/models/order.php +++ b/classes/models/order.php @@ -451,7 +451,7 @@ protected function getProductAttributeCombinationsById($product, $id_product_att return $product->getAttributeCombinationsById($id_product_attribute, $id_lang); } - return Db::getInstance()->ExecuteS( + return Db::getInstance()->executeS( 'SELECT pa.*, ag.`id_attribute_group`, @@ -460,32 +460,32 @@ protected function getProductAttributeCombinationsById($product, $id_product_att al.`name` attribute_name, a.`id_attribute`, pa.`unit_price_impact` - FROM - `'._DB_PREFIX_.'product_attribute` pa - LEFT JOIN - `'._DB_PREFIX_.'product_attribute_combination` pac - ON pac.`id_product_attribute` = pa.`id_product_attribute` - LEFT JOIN - `'._DB_PREFIX_.'attribute` a ON a.`id_attribute` = pac.`id_attribute` - LEFT JOIN - `'._DB_PREFIX_.'attribute_group` ag - ON ag.`id_attribute_group` = a.`id_attribute_group` - LEFT JOIN - `'._DB_PREFIX_.'attribute_lang` al - ON (a.`id_attribute` = al.`id_attribute` AND al.`id_lang` = '.(int)($id_lang).') - LEFT JOIN - `'._DB_PREFIX_.'attribute_group_lang` agl - ON ( - ag.`id_attribute_group` = agl.`id_attribute_group` - AND agl.`id_lang` = '.(int)($id_lang).' - ) - WHERE - pa.`id_product` = '.(int)($product->id).' - AND - pa.`id_product_attribute` = '.(int)$id_product_attribute.' - GROUP BY - pa.`id_product_attribute`, ag.`id_attribute_group` - ORDER BY pa.`id_product_attribute`' + FROM + `'._DB_PREFIX_.'product_attribute` pa + LEFT JOIN + `'._DB_PREFIX_.'product_attribute_combination` pac + ON pac.`id_product_attribute` = pa.`id_product_attribute` + LEFT JOIN + `'._DB_PREFIX_.'attribute` a ON a.`id_attribute` = pac.`id_attribute` + LEFT JOIN + `'._DB_PREFIX_.'attribute_group` ag + ON ag.`id_attribute_group` = a.`id_attribute_group` + LEFT JOIN + `'._DB_PREFIX_.'attribute_lang` al + ON (a.`id_attribute` = al.`id_attribute` AND al.`id_lang` = '.(int)($id_lang).') + LEFT JOIN + `'._DB_PREFIX_.'attribute_group_lang` agl + ON ( + ag.`id_attribute_group` = agl.`id_attribute_group` + AND agl.`id_lang` = '.(int)($id_lang).' + ) + WHERE + pa.`id_product` = '.(int)($product->id).' + AND + pa.`id_product_attribute` = '.(int)$id_product_attribute.' + GROUP BY + pa.`id_product_attribute`, ag.`id_attribute_group` + ORDER BY pa.`id_product_attribute`' ); } } diff --git a/controllers/front/order.php b/controllers/front/order.php index e283f919..63d7ce4a 100644 --- a/controllers/front/order.php +++ b/controllers/front/order.php @@ -98,7 +98,7 @@ protected function getOrderIds() LIMIT %d OFFSET %d ', - _DB_PREFIX_, + pSQL(_DB_PREFIX_), $where, $this->limit, $this->offset @@ -109,6 +109,7 @@ protected function getOrderIds() foreach ($rows as $row) { $order_ids[] = (int)$row['id_order']; } + return $order_ids; } } diff --git a/controllers/front/product.php b/controllers/front/product.php index 258b2466..5b285740 100644 --- a/controllers/front/product.php +++ b/controllers/front/product.php @@ -81,7 +81,7 @@ protected function getProductIds() LIMIT %d OFFSET %d ', - _DB_PREFIX_, + pSQL(_DB_PREFIX_), $this->limit, $this->offset ); @@ -90,6 +90,7 @@ protected function getProductIds() foreach ($rows as $row) { $product_ids[] = (int)$row['id_product']; } + return $product_ids; } }