updated to 1.84

WebsiteBaker-modules · Apr 13, 2018 · 352412a · 352412a
1 parent f4d0e12
commit 352412a
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 6 deletions.
diff --git a/info.php b/info.php
@@ -24,6 +24,9 @@
  -----------------------------------------------------------------------------------------
  
 	DEVELOPMENT HISTORY:
+	
+   v.1.84  	(Florian Meerwinck; 03/29/2018)
+   ! fix security issue in view.php (non-validated post values), thanks to Tonke Hanebuth / perComp Verlag GmbH
 
    v1.83  (Christoph Marti; 05/30/2017)
 	 + [stock.php] Fixed typo in ternary operator (thanks to ICE)
@@ -740,7 +743,7 @@ function require_once() by include()
 $module_directory   = 'bakery';
 $module_name        = 'Bakery';
 $module_function    = 'page';
-$module_version     = '1.83';
+$module_version     = '1.84';
 $module_platform    = '2.7';
 $module_author      = 'Christoph Marti';
 $module_license     = 'GNU General Public License';

diff --git a/view.php b/view.php
@@ -241,10 +241,10 @@
 			}
 			if (substr($field,0,4) == "item" && $value > 0) {
 				// Get item_id
-				$item_id = substr($field,4,strlen($field)-4);
+				$item_id = intval(substr($field,4,strlen($field)-4)); // th 28.03.2018 - input validation: $item_id
 				// Get item attributes and make comma separated string
 				if (isset($_POST['attribute'][0])) {
-					$attributes = implode(",", $_POST['attribute']);
+					$attributes = implode(",", array_map('intval', $_POST['attribute'])); // th 28.03.2018 - input validation: $attributes
 				} else {
 				// If no attribute is given set it to "none"
 					$attributes = "none";
@@ -269,7 +269,7 @@
 				$price    = $row2['price'];
 				$tax_rate = $row2['tax_rate'];
 				$stock    = $row2['stock'];
-				$quantity = $value;
+				$value = intval($value); $quantity = $value; // th 28.03.2018 - input validation: $quantity, $value
 
 				// Only use stock admin if stock is not blank
 				if (is_numeric($stock) && !empty($stock)) {
@@ -326,8 +326,8 @@
 		// Update quantities in db
 		foreach ($_POST['quantity'] as $item_id => $attributes) {
 			foreach ($_POST['quantity'][$item_id] as $attributes => $quantity) {
-				$item_id = strip_tags($item_id);
-				$attributes = strip_tags($attributes);
+				$item_id = intval(strip_tags($item_id)); // th 28.03.2018 - input validation: $item_id
+				$attributes = strip_tags($attributes); if ($attributes != "none") $attributes = preg_replace("/[^0-9\,]/", '', ($attributes)); // th 28.03.2018 - input validation: $attributes
 				$quantity = abs(strip_tags($quantity));
 
 				// Query item stock