From 816ba87485e68e2636167a945496c9e33a199f99 Mon Sep 17 00:00:00 2001 From: Marcus Hill Date: Sun, 27 Mar 2022 20:02:16 +0100 Subject: [PATCH] SQL Injection / XSS fixes --- api/v1/contacts/read.php | 2 +- client_asset_add_modal.php | 2 +- client_assets.php | 10 +++--- client_certificates.php | 6 ++-- client_contacts.php | 6 ++-- client_departments.php | 4 +-- client_documents.php | 4 +-- client_domains.php | 6 ++-- client_invoices.php | 6 ++-- client_locations.php | 6 ++-- client_logins.php | 6 ++-- client_logs.php | 2 +- client_networks.php | 6 ++-- client_payments.php | 6 ++-- client_quotes.php | 6 ++-- client_recurring_invoices.php | 6 ++-- client_software.php | 6 ++-- client_tickets.php | 6 ++-- client_trips.php | 6 ++-- client_vendors.php | 6 ++-- invoices.php | 2 +- post.php | 64 ++++++++++++++++++++++------------- 22 files changed, 95 insertions(+), 79 deletions(-) diff --git a/api/v1/contacts/read.php b/api/v1/contacts/read.php index 5b4409ea..7f7b4903 100644 --- a/api/v1/contacts/read.php +++ b/api/v1/contacts/read.php @@ -17,7 +17,7 @@ if(isset($_GET['contact_id'])){ // Specific contact via email (single) elseif(isset($_GET['contact_email'])){ - $email = trim($_GET['contact_email']); + $email = trim(strip_tags(mysqli_real_escape_string($mysqli,$_GET['contact_email']))); $sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_email = '$email' AND company_id = '$company_id'"); } diff --git a/client_asset_add_modal.php b/client_asset_add_modal.php index a21c9069..ee3764a8 100644 --- a/client_asset_add_modal.php +++ b/client_asset_add_modal.php @@ -2,7 +2,7 @@
-
New
+
New
diff --git a/client_assets.php b/client_assets.php index 87992935..b86789b9 100644 --- a/client_assets.php +++ b/client_assets.php @@ -103,19 +103,19 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));

Assets

- +
- - + +
- s"> + s">
@@ -154,7 +154,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
- Export + Export
diff --git a/client_certificates.php b/client_certificates.php index df820aa0..e5c2bd7e 100644 --- a/client_certificates.php +++ b/client_certificates.php @@ -57,12 +57,12 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
- +
- +
@@ -71,7 +71,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
- Export + Export
diff --git a/client_contacts.php b/client_contacts.php index 680d148e..d71937b0 100644 --- a/client_contacts.php +++ b/client_contacts.php @@ -68,12 +68,12 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
- +
- +
@@ -82,7 +82,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
- Export + Export Import
diff --git a/client_departments.php b/client_departments.php index db3aeca7..3c02af01 100644 --- a/client_departments.php +++ b/client_departments.php @@ -58,12 +58,12 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
- +
- +
diff --git a/client_documents.php b/client_documents.php index bbe50682..3dad7e00 100644 --- a/client_documents.php +++ b/client_documents.php @@ -115,9 +115,9 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
- +
- +
diff --git a/client_domains.php b/client_domains.php index 94b7d38c..9aef1b3a 100644 --- a/client_domains.php +++ b/client_domains.php @@ -58,12 +58,12 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
- +
- +
@@ -72,7 +72,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
- Export + Export
diff --git a/client_invoices.php b/client_invoices.php index 645096dd..dc9e94e1 100644 --- a/client_invoices.php +++ b/client_invoices.php @@ -59,12 +59,12 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
- +
- +
@@ -73,7 +73,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
- Export + Export
diff --git a/client_locations.php b/client_locations.php index 656f4365..ab9f0d70 100644 --- a/client_locations.php +++ b/client_locations.php @@ -64,12 +64,12 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
- +
- +
@@ -78,7 +78,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
- Export + Export Import
diff --git a/client_logins.php b/client_logins.php index 1db58013..7620a4aa 100644 --- a/client_logins.php +++ b/client_logins.php @@ -60,12 +60,12 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
- +
- +
@@ -74,7 +74,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
- Export + Export Import
diff --git a/client_logs.php b/client_logs.php index 7ffae4e5..f2d182df 100644 --- a/client_logs.php +++ b/client_logs.php @@ -58,7 +58,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
- +
diff --git a/client_networks.php b/client_networks.php index dbf9218a..f9a09af6 100644 --- a/client_networks.php +++ b/client_networks.php @@ -59,12 +59,12 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
- +
- +
@@ -73,7 +73,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
- Export + Export
diff --git a/client_payments.php b/client_payments.php index 59b65d7a..716664fe 100644 --- a/client_payments.php +++ b/client_payments.php @@ -57,12 +57,12 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
- +
- +
@@ -71,7 +71,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
- Export + Export
diff --git a/client_quotes.php b/client_quotes.php index ac88e9ec..1e8b3a49 100644 --- a/client_quotes.php +++ b/client_quotes.php @@ -59,12 +59,12 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
- +
- +
@@ -73,7 +73,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
- Export + Export
diff --git a/client_recurring_invoices.php b/client_recurring_invoices.php index c86d66c6..b3980b45 100644 --- a/client_recurring_invoices.php +++ b/client_recurring_invoices.php @@ -59,12 +59,12 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
- +
- +
@@ -73,7 +73,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
- Export + Export
diff --git a/client_software.php b/client_software.php index 75ac57f8..3335ec88 100644 --- a/client_software.php +++ b/client_software.php @@ -58,12 +58,12 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
- +
- +
@@ -72,7 +72,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
- Export + Export
diff --git a/client_tickets.php b/client_tickets.php index a5f58320..195421c0 100644 --- a/client_tickets.php +++ b/client_tickets.php @@ -63,12 +63,12 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
- +
- +
@@ -77,7 +77,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
- Export + Export
diff --git a/client_trips.php b/client_trips.php index 38c5a49d..d170fadc 100644 --- a/client_trips.php +++ b/client_trips.php @@ -70,12 +70,12 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
- +
- +
@@ -84,7 +84,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
- Export + Export Import
diff --git a/client_vendors.php b/client_vendors.php index 7e0cb211..0c47e17c 100644 --- a/client_vendors.php +++ b/client_vendors.php @@ -63,12 +63,12 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
- +
- +
@@ -77,7 +77,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
- Export + Export Import
diff --git a/invoices.php b/invoices.php index 9e8f806b..e361eafc 100644 --- a/invoices.php +++ b/invoices.php @@ -69,7 +69,7 @@ } if(!empty($_GET['sb'])){ - $sb = $_GET['sb']; + $sb = strip_tags(mysqli_real_escape_string($mysqli, $_GET['sb'])); }else{ $sb = "invoice_number"; } diff --git a/post.php b/post.php index 597d01e4..3ff2ce6a 100644 --- a/post.php +++ b/post.php @@ -315,7 +315,7 @@ if(isset($_POST['edit_user_companies'])){ mysqli_query($mysqli,"DELETE FROM user_companies WHERE user_id = $user_id"); foreach($_POST['companies'] as $company){ - intval($company); + $company = intval($company); mysqli_query($mysqli,"INSERT INTO user_companies SET user_id = $user_id, company_id = $company"); } @@ -1178,7 +1178,7 @@ if(isset($_POST['add_client'])){ //Add Tags if(isset($_POST['tags'])){ foreach($_POST['tags'] as $tag){ - intval($tag); + $tag = intval($tag); mysqli_query($mysqli,"INSERT INTO client_tags SET client_id = $client_id, tag_id = $tag"); } } @@ -1706,7 +1706,7 @@ if(isset($_POST['add_campaign'])){ //Create Recipient List based off tags selected if(isset($_POST['tags'])){ foreach($_POST['tags'] as $tag){ - intval($tag); + $tag = intval($tag); $sql = mysqli_query($mysqli,"SELECT * FROM clients LEFT JOIN contacts ON contacts.contact_id = clients.primary_contact @@ -4807,7 +4807,7 @@ if(isset($_POST['add_software'])){ // Add Asset Licenses if(!empty($_POST['assets'])){ foreach($_POST['assets'] as $asset){ - intval($asset); + $asset = intval($asset); mysqli_query($mysqli,"INSERT INTO software_assets SET software_id = $software_id, asset_id = $asset"); } } @@ -4815,7 +4815,7 @@ if(isset($_POST['add_software'])){ // Add Contact Licenses if(!empty($_POST['contacts'])){ foreach($_POST['contacts'] as $contact){ - intval($contact); + $contact = intval($contact); mysqli_query($mysqli,"INSERT INTO software_contacts SET software_id = $software_id, contact_id = $contact"); } } @@ -4867,7 +4867,7 @@ if(isset($_POST['edit_software'])){ mysqli_query($mysqli,"DELETE FROM software_assets WHERE software_id = $software_id"); if(!empty($_POST['assets'])){ foreach($_POST['assets'] as $asset){ - intval($asset); + $asset = intval($asset); mysqli_query($mysqli,"INSERT INTO software_assets SET software_id = $software_id, asset_id = $asset"); } } @@ -4876,7 +4876,7 @@ if(isset($_POST['edit_software'])){ mysqli_query($mysqli,"DELETE FROM software_contacts WHERE software_id = $software_id"); if(!empty($_POST['contacts'])){ foreach($_POST['contacts'] as $contact){ - intval($contact); + $contact = intval($contact); mysqli_query($mysqli,"INSERT INTO software_contacts SET software_id = $software_id, contact_id = $contact"); } } @@ -5954,7 +5954,8 @@ if(isset($_POST['add_service'])){ if(!empty($_POST['contacts'])){ $service_contact_ids = $_POST['contacts']; foreach($service_contact_ids as $contact_id){ - if(intval($contact_id)){ + $contact_id = intval($contact_id); + if($contact_id > 0){ mysqli_query($mysqli, "INSERT INTO service_contacts SET service_id = '$service_id', contact_id = '$contact_id'"); } } @@ -5963,7 +5964,8 @@ if(isset($_POST['add_service'])){ if(!empty($_POST['vendors'])){ $service_vendor_ids = $_POST['vendors']; foreach($service_vendor_ids as $vendor_id){ - if(intval($vendor_id)){ + $vendor_id = intval($vendor_id); + if($vendor_id > 0){ mysqli_query($mysqli, "INSERT INTO service_vendors SET service_id = '$service_id', vendor_id = '$vendor_id'"); } } @@ -5972,7 +5974,8 @@ if(isset($_POST['add_service'])){ if(!empty($_POST['documents'])){ $service_document_ids = $_POST['documents']; foreach($service_document_ids as $document_id){ - if(intval($document_id)){ + $document_id = intval($document_id); + if($document_id > 0){ mysqli_query($mysqli, "INSERT INTO service_documents SET service_id = '$service_id', document_id = '$document_id'"); } } @@ -5981,7 +5984,8 @@ if(isset($_POST['add_service'])){ if(!empty($_POST['assets'])){ $service_asset_ids = $_POST['assets']; foreach($service_asset_ids as $asset_id){ - if(intval($asset_id)){ + $asset_id = intval($asset_id); + if($asset_id > 0){ mysqli_query($mysqli, "INSERT INTO service_assets SET service_id = '$service_id', asset_id = '$asset_id'"); } } @@ -5990,7 +5994,8 @@ if(isset($_POST['add_service'])){ if(!empty($_POST['logins'])){ $service_login_ids = $_POST['logins']; foreach($service_login_ids as $login_id){ - if(intval($login_id)){ + $login_id = intval($login_id); + if($login_id > 0){ mysqli_query($mysqli, "INSERT INTO service_logins SET service_id = '$service_id', login_id = '$login_id'"); } } @@ -5999,7 +6004,8 @@ if(isset($_POST['add_service'])){ if(!empty($_POST['domains'])){ $service_domain_ids = $_POST['domains']; foreach($service_domain_ids as $domain_id){ - if(intval($domain_id)){ + $domain_id = intval($domain_id); + if($domain_id > 0){ mysqli_query($mysqli, "INSERT INTO service_domains SET service_id = '$service_id', domain_id = '$domain_id'"); } } @@ -6008,7 +6014,8 @@ if(isset($_POST['add_service'])){ if(!empty($_POST['certificates'])){ $service_cert_ids = $_POST['certificates']; foreach($service_cert_ids as $cert_id){ - if(intval($cert_id)){ + $cert_id = intval($cert_id); + if($cert_id > 0){ mysqli_query($mysqli, "INSERT INTO service_certificates SET service_id = '$service_id', certificate_id = '$cert_id'"); } } @@ -6053,7 +6060,8 @@ if(isset($_POST['edit_service'])){ if(!empty($_POST['contacts'])){ $service_contact_ids = $_POST['contacts']; foreach($service_contact_ids as $contact_id){ - if(intval($contact_id)){ + $contact_id = intval($contact_id); + if($contact_id > 0){ mysqli_query($mysqli, "INSERT INTO service_contacts SET service_id = '$service_id', contact_id = '$contact_id'"); } } @@ -6062,7 +6070,8 @@ if(isset($_POST['edit_service'])){ if(!empty($_POST['vendors'])){ $service_vendor_ids = $_POST['vendors']; foreach($service_vendor_ids as $vendor_id){ - if(intval($vendor_id)){ + $vendor_id = intval($vendor_id); + if($vendor_id > 0){ mysqli_query($mysqli, "INSERT INTO service_vendors SET service_id = '$service_id', vendor_id = '$vendor_id'"); } } @@ -6071,7 +6080,8 @@ if(isset($_POST['edit_service'])){ if(!empty($_POST['documents'])){ $service_document_ids = $_POST['documents']; foreach($service_document_ids as $document_id){ - if(intval($document_id)){ + $document_id = intval($document_id); + if($document_id > 0){ mysqli_query($mysqli, "INSERT INTO service_documents SET service_id = '$service_id', document_id = '$document_id'"); } } @@ -6080,7 +6090,8 @@ if(isset($_POST['edit_service'])){ if(!empty($_POST['assets'])){ $service_asset_ids = $_POST['assets']; foreach($service_asset_ids as $asset_id){ - if(intval($asset_id)){ + $asset_id = intval($asset_id); + if($asset_id > 0){ mysqli_query($mysqli, "INSERT INTO service_assets SET service_id = '$service_id', asset_id = '$asset_id'"); } } @@ -6089,7 +6100,8 @@ if(isset($_POST['edit_service'])){ if(!empty($_POST['logins'])){ $service_login_ids = $_POST['logins']; foreach($service_login_ids as $login_id){ - if(intval($login_id)){ + $login_id = intval($login_id); + if($login_id > 0){ mysqli_query($mysqli, "INSERT INTO service_logins SET service_id = '$service_id', login_id = '$login_id'"); } } @@ -6098,7 +6110,8 @@ if(isset($_POST['edit_service'])){ if(!empty($_POST['domains'])){ $service_domain_ids = $_POST['domains']; foreach($service_domain_ids as $domain_id){ - if(intval($domain_id)){ + $domain_id = intval($domain_id); + if($domain_id > 0){ mysqli_query($mysqli, "INSERT INTO service_domains SET service_id = '$service_id', domain_id = '$domain_id'"); } } @@ -6107,7 +6120,8 @@ if(isset($_POST['edit_service'])){ if(!empty($_POST['certificates'])){ $service_cert_ids = $_POST['certificates']; foreach($service_cert_ids as $cert_id){ - if(intval($cert_id)){ + $cert_id = intval($cert_id); + if($cert_id > 0){ mysqli_query($mysqli, "INSERT INTO service_certificates SET service_id = '$service_id', certificate_id = '$cert_id'"); } } @@ -6253,8 +6267,9 @@ if(isset($_POST['add_document'])){ mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Document', log_action = 'Create', log_description = '$details', log_created_at = NOW(), company_id = $session_company_id, log_user_id = $session_user_id"); // Add tags - foreach($tags_ids as $tag_id){ - if(intval($tag_id)){ + foreach($tags_ids as $tag_id) { + $tag_id = intval($tag_id); + if ($tag_id > 0) { mysqli_query($mysqli, "INSERT INTO documents_tagged SET document_id = '$document_id', tag_id = '$tag_id'"); } } @@ -6291,7 +6306,8 @@ if(isset($_POST['edit_document'])){ // Add tags foreach($tags_ids as $tag_id) { - if (intval($tag_id)) { + $tag_id = intval($tag_id); + if ($tag_id > 0) { mysqli_query($mysqli, "INSERT INTO documents_tagged SET document_id = '$document_id', tag_id = '$tag_id'"); } }