summaryrefslogtreecommitdiff
path: root/drivers/adodb-csv.inc.php
diff options
context:
space:
mode:
authorDave Paul <dave.paul@jadu.net>2018-03-06 15:40:29 +0000
committerDamien Regad <dregad@mantisbt.org>2018-03-30 02:24:54 +0200
commitd29c23f2264ec95c6d3851e0f51ce240b2f36b74 (patch)
tree38c7f723c0fcf78214ab1f65cc940858d4355e6d /drivers/adodb-csv.inc.php
parent34788ce8c1d08500631f55764cc2247b9c7cfd2b (diff)
downloadadodb-d29c23f2264ec95c6d3851e0f51ce240b2f36b74.tar.gz
adodb-d29c23f2264ec95c6d3851e0f51ce240b2f36b74.tar.bz2
adodb-d29c23f2264ec95c6d3851e0f51ce240b2f36b74.zip
Fix potential SQL injection in SelectLimit()
The `SelectLimit` function has a potential SQL injection vulnerability through the use of the `nrows` and `offset` parameters which are not forced to integers. This is a follow-up on #311, and fixes all remaining drivers that do not use ADOConnection::SelectLimit(). Fixes #401 Signed-off-by: Damien Regad <dregad@mantisbt.org> Original commits squashed, message reworded. Fixed whitespace.
Diffstat (limited to 'drivers/adodb-csv.inc.php')
-rw-r--r--drivers/adodb-csv.inc.php4
1 files changed, 3 insertions, 1 deletions
diff --git a/drivers/adodb-csv.inc.php b/drivers/adodb-csv.inc.php
index 5ac23fce..61fad92a 100644
--- a/drivers/adodb-csv.inc.php
+++ b/drivers/adodb-csv.inc.php
@@ -83,8 +83,10 @@ class ADODB_csv extends ADOConnection {
// parameters use PostgreSQL convention, not MySQL
function SelectLimit($sql, $nrows = -1, $offset = -1, $inputarr = false, $secs2cache = 0)
{
- global $ADODB_FETCH_MODE;
+ global $ADODB_FETCH_MODE;
+ $nrows = (int) $nrows;
+ $offset = (int) $offset;
$url = $this->_url.'?sql='.urlencode($sql)."&nrows=$nrows&fetch=".
(($this->fetchMode !== false)?$this->fetchMode : $ADODB_FETCH_MODE).
"&offset=$offset";