tutos-commits Mailing List for TUTOS

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Revision: 1292
          http://sourceforge.net/p/tutos/code/1292
Author:   gokohnert
Date:     2016-07-08 14:20:10 +0000 (Fri, 08 Jul 2016)
Log Message:
-----------
check against SQL Injection

SYSS-2016-070

Credits:

This security vulnerability was found by Christoph Ritter of the SySS
GmbH.

E-Mail: chr...@sy...
Public Key: https://www.syss.de/fileadmin/dokumente/PGPKeys/Christoph_Ritter.asc
Key Fingerprint: 9FB0 1B9B 2F72 3DD5 3AF3 62D8 0545 8E66 6D35 EAE8

Modified Paths:
--------------
    trunk/php/report-engine/rep_bug_state_duration/rep_bug_state_duration.pinc

Modified: trunk/php/report-engine/rep_bug_state_duration/rep_bug_state_duration.pinc
===================================================================

--- trunk/php/report-engine/rep_bug_state_duration/rep_bug_state_duration.pinc	2016-07-08 14:18:44 UTC (rev 1291)
+++ trunk/php/report-engine/rep_bug_state_duration/rep_bug_state_duration.pinc	2016-07-08 14:20:10 UTC (rev 1292)
@@ -34,7 +34,9 @@
 
         $this->bugclass = array();
         if (isset($_GET['bugclass'])) {
-            $this->bugclass = $_GET['bugclass'];
+            if (is_array($_GET['bugclass'])) {
+                $this->bugclass = $_GET['bugclass'];
+            }
         }
 
         $this->stc = getObject($this->dbconn,$tutos['bug_state_stc']);
@@ -83,14 +85,12 @@
         }
 
         $x = new TUTOS_Date_Time();
-        # calc the last state only if not CLOSED
-                                              #   if (($lastState != BUG_STATE_CLOSED) && ($lastState != BUG_STATE_SOLVED)) {
-            if ($lastState != BUG_STATE_CLOSED)  {
-                $stat[$lastState] += ($x->ts - $lastChange);
-            }
-            $lastChange = $x->ts;
+        if ($lastState != BUG_STATE_CLOSED)  {
+            $stat[$lastState] += ($x->ts - $lastChange);
+        }
+        $lastChange = $x->ts;
 
-            return $r;
+        return $r;
     }
 
     function show(layout $ly) {
@@ -109,16 +109,20 @@
                 $r .= 'FILTERED '. $lang['BugClass'].': ';
                 $pre_r = '';
                 foreach ($this->bugclass as $j) {
-                    $r .= $pre_r. $lang['BugClasses'][$j];
-                    $pre_r = " or ";
+                    if (is_numeric($j)) {
+                        $r .= $pre_r. $lang['BugClasses'][$j];
+                        $pre_r = " or ";
+                    }
                 }
                 $r .= "<br />";
 
                 $q .= $pre . "class in (";
                 $pre2 = "";
                 foreach ($this->bugclass as $j) {
-                    $q.= $pre2.$j;
-                    $pre2 = ",";
+                    if (is_numeric($j)) {
+                        $q.= $pre2.$j;
+                        $pre2 = ",";
+                    }
                 }
                 $q.= ")";
                 $pre = " AND ";
@@ -240,4 +244,4 @@
 
 }
 
-?>
+?>
\ No newline at end of file

This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.





2001	Jan	Feb	Mar	Apr	May	Jun	Jul (13)	Aug (214)	Sep (144)	Oct (22)	Nov (22)	Dec (93)
2002	Jan (25)	Feb (31)	Mar (92)	Apr (70)	May (103)	Jun (130)	Jul (265)	Aug (325)	Sep (233)	Oct (244)	Nov (261)	Dec (157)
2003	Jan (101)	Feb (135)	Mar (148)	Apr (164)	May (53)	Jun (116)	Jul (149)	Aug (126)	Sep (45)	Oct (109)	Nov (36)	Dec (61)
2004	Jan (131)	Feb (236)	Mar (278)	Apr (259)	May (92)	Jun (110)	Jul (150)	Aug (64)	Sep (141)	Oct (141)	Nov (146)	Dec (65)
2005	Jan (70)	Feb (77)	Mar (129)	Apr (153)	May (161)	Jun (63)	Jul (42)	Aug (16)	Sep (30)	Oct (3)	Nov (8)	Dec (40)
2006	Jan (114)	Feb (16)	Mar (12)	Apr (15)	May (4)	Jun (9)	Jul (69)	Aug (27)	Sep (12)	Oct (80)	Nov (62)	Dec (41)
2007	Jan (34)	Feb (2)	Mar (38)	Apr (82)	May (61)	Jun (37)	Jul (16)	Aug (64)	Sep (7)	Oct (52)	Nov (18)	Dec (28)
2008	Jan (168)	Feb (26)	Mar (27)	Apr (19)	May (10)	Jun (58)	Jul (58)	Aug (91)	Sep (14)	Oct (23)	Nov (56)	Dec (38)
2009	Jan (58)	Feb (90)	Mar (204)	Apr (90)	May (27)	Jun (177)	Jul (116)	Aug (53)	Sep (42)	Oct (120)	Nov (51)	Dec (58)
2010	Jan (117)	Feb (231)	Mar (163)	Apr (90)	May (40)	Jun (139)	Jul (49)	Aug (118)	Sep (25)	Oct (80)	Nov (102)	Dec (99)
2011	Jan (176)	Feb (42)	Mar (60)	Apr (52)	May (30)	Jun (29)	Jul (27)	Aug (16)	Sep (51)	Oct (70)	Nov (63)	Dec (58)
2012	Jan (28)	Feb (26)	Mar (7)	Apr (12)	May (41)	Jun (61)	Jul (59)	Aug (38)	Sep (30)	Oct (28)	Nov (14)	Dec (31)
2013	Jan (24)	Feb (54)	Mar (45)	Apr (22)	May (35)	Jun (8)	Jul (18)	Aug (38)	Sep (11)	Oct (8)	Nov (19)	Dec (20)
2014	Jan (20)	Feb (22)	Mar (4)	Apr (6)	May (13)	Jun	Jul	Aug (1)	Sep	Oct	Nov	Dec (6)
2015	Jan	Feb (1)	Mar (4)	Apr	May	Jun	Jul	Aug	Sep	Oct	Nov (1)	Dec (1)
2016	Jan (4)	Feb	Mar	Apr (1)	May	Jun	Jul (2)	Aug (4)	Sep (1)	Oct (1)	Nov (1)	Dec
2017	Jan	Feb	Mar	Apr	May	Jun (3)	Jul (8)	Aug (13)	Sep (12)	Oct	Nov	Dec
2018	Jan	Feb	Mar (1)	Apr	May	Jun	Jul	Aug	Sep	Oct	Nov	Dec
2019	Jan	Feb	Mar	Apr	May	Jun	Jul	Aug	Sep	Oct	Nov (1)	Dec
2020	Jan	Feb	Mar	Apr	May	Jun	Jul	Aug	Sep	Oct	Nov	Dec (2)
2021	Jan	Feb (1)	Mar (1)	Apr	May	Jun	Jul	Aug	Sep	Oct	Nov	Dec

tutos-commits Mailing List for TUTOS

Projects / CRM / PLM / Calendar / Tasks / SCRUM / Test / Inventory

tutos-commits — SVN commits