diff options
| author | Nicolas LÅ“uillet <nicolas.loeuillet@gmail.com> | 2014-02-19 13:25:28 +0100 |
|---|---|---|
| committer | Nicolas LÅ“uillet <nicolas.loeuillet@gmail.com> | 2014-02-19 13:25:28 +0100 |
| commit | b89d5a2bf48c2c1eb796963b3401aca498618ec4 (patch) | |
| tree | f9ab84e607cb54bdb0dc1d0027435af213a722f3 | |
| parent | 53ae58e1a1bf097b8eb1af3a532ebf25630f96ec (diff) | |
| download | wallabag-b89d5a2bf48c2c1eb796963b3401aca498618ec4.tar.gz wallabag-b89d5a2bf48c2c1eb796963b3401aca498618ec4.tar.zst wallabag-b89d5a2bf48c2c1eb796963b3401aca498618ec4.zip | |
[fix] security problems with tags
| -rw-r--r-- | inc/poche/Database.class.php | 24 | ||||
| -rw-r--r-- | inc/poche/Poche.class.php | 26 |
2 files changed, 37 insertions, 13 deletions
diff --git a/inc/poche/Database.class.php b/inc/poche/Database.class.php index 58583bf5..3332b5a3 100644 --- a/inc/poche/Database.class.php +++ b/inc/poche/Database.class.php | |||
| @@ -344,30 +344,36 @@ class Database { | |||
| 344 | return $this->getHandle()->lastInsertId($column); | 344 | return $this->getHandle()->lastInsertId($column); |
| 345 | } | 345 | } |
| 346 | 346 | ||
| 347 | public function retrieveAllTags() { | 347 | public function retrieveAllTags($user_id) { |
| 348 | $sql = "SELECT * FROM tags"; | 348 | $sql = "SELECT tags.* FROM tags |
| 349 | $query = $this->executeQuery($sql, array()); | 349 | LEFT JOIN tags_entries ON tags_entries.tag_id=tags.id |
| 350 | LEFT JOIN entries ON tags_entries.entry_id=entries.id | ||
| 351 | WHERE entries.user_id=?"; | ||
| 352 | $query = $this->executeQuery($sql, array($user_id)); | ||
| 350 | $tags = $query->fetchAll(); | 353 | $tags = $query->fetchAll(); |
| 351 | 354 | ||
| 352 | return $tags; | 355 | return $tags; |
| 353 | } | 356 | } |
| 354 | 357 | ||
| 355 | public function retrieveTag($id) { | 358 | public function retrieveTag($id, $user_id) { |
| 356 | $tag = NULL; | 359 | $tag = NULL; |
| 357 | $sql = "SELECT * FROM tags WHERE id=?"; | 360 | $sql = "SELECT tags.* FROM tags |
| 358 | $params = array(intval($id)); | 361 | LEFT JOIN tags_entries ON tags_entries.tag_id=tags.id |
| 362 | LEFT JOIN entries ON tags_entries.entry_id=entries.id | ||
| 363 | WHERE tags.id=? AND entries.user_id=?"; | ||
| 364 | $params = array(intval($id), $user_id); | ||
| 359 | $query = $this->executeQuery($sql, $params); | 365 | $query = $this->executeQuery($sql, $params); |
| 360 | $tag = $query->fetchAll(); | 366 | $tag = $query->fetchAll(); |
| 361 | 367 | ||
| 362 | return isset($tag[0]) ? $tag[0] : null; | 368 | return isset($tag[0]) ? $tag[0] : null; |
| 363 | } | 369 | } |
| 364 | 370 | ||
| 365 | public function retrieveEntriesByTag($tag_id) { | 371 | public function retrieveEntriesByTag($tag_id, $user_id) { |
| 366 | $sql = | 372 | $sql = |
| 367 | "SELECT entries.* FROM entries | 373 | "SELECT entries.* FROM entries |
| 368 | LEFT JOIN tags_entries ON tags_entries.entry_id=entries.id | 374 | LEFT JOIN tags_entries ON tags_entries.entry_id=entries.id |
| 369 | WHERE tags_entries.tag_id = ?"; | 375 | WHERE tags_entries.tag_id = ? AND entries.user_id=?"; |
| 370 | $query = $this->executeQuery($sql, array($tag_id)); | 376 | $query = $this->executeQuery($sql, array($tag_id, $user_id)); |
| 371 | $entries = $query->fetchAll(); | 377 | $entries = $query->fetchAll(); |
| 372 | 378 | ||
| 373 | return $entries; | 379 | return $entries; |
diff --git a/inc/poche/Poche.class.php b/inc/poche/Poche.class.php index 76169297..753bd7f0 100644 --- a/inc/poche/Poche.class.php +++ b/inc/poche/Poche.class.php | |||
| @@ -463,6 +463,12 @@ class Poche | |||
| 463 | case 'add_tag' : | 463 | case 'add_tag' : |
| 464 | $tags = explode(',', $_POST['value']); | 464 | $tags = explode(',', $_POST['value']); |
| 465 | $entry_id = $_POST['entry_id']; | 465 | $entry_id = $_POST['entry_id']; |
| 466 | $entry = $this->store->retrieveOneById($entry_id, $this->user->getId()); | ||
| 467 | if (!$entry) { | ||
| 468 | $this->messages->add('e', _('Article not found!')); | ||
| 469 | Tools::logm('error : article not found'); | ||
| 470 | Tools::redirect(); | ||
| 471 | } | ||
| 466 | foreach($tags as $key => $tag_value) { | 472 | foreach($tags as $key => $tag_value) { |
| 467 | $value = trim($tag_value); | 473 | $value = trim($tag_value); |
| 468 | $tag = $this->store->retrieveTagByValue($value); | 474 | $tag = $this->store->retrieveTagByValue($value); |
| @@ -487,6 +493,12 @@ class Poche | |||
| 487 | break; | 493 | break; |
| 488 | case 'remove_tag' : | 494 | case 'remove_tag' : |
| 489 | $tag_id = $_GET['tag_id']; | 495 | $tag_id = $_GET['tag_id']; |
| 496 | $entry = $this->store->retrieveOneById($id, $this->user->getId()); | ||
| 497 | if (!$entry) { | ||
| 498 | $this->messages->add('e', _('Article not found!')); | ||
| 499 | Tools::logm('error : article not found'); | ||
| 500 | Tools::redirect(); | ||
| 501 | } | ||
| 490 | $this->store->removeTagForEntry($id, $tag_id); | 502 | $this->store->removeTagForEntry($id, $tag_id); |
| 491 | Tools::redirect(); | 503 | Tools::redirect(); |
| 492 | break; | 504 | break; |
| @@ -525,6 +537,12 @@ class Poche | |||
| 525 | break; | 537 | break; |
| 526 | case 'edit-tags': | 538 | case 'edit-tags': |
| 527 | # tags | 539 | # tags |
| 540 | $entry = $this->store->retrieveOneById($id, $this->user->getId()); | ||
| 541 | if (!$entry) { | ||
| 542 | $this->messages->add('e', _('Article not found!')); | ||
| 543 | Tools::logm('error : article not found'); | ||
| 544 | Tools::redirect(); | ||
| 545 | } | ||
| 528 | $tags = $this->store->retrieveTagsByEntry($id); | 546 | $tags = $this->store->retrieveTagsByEntry($id); |
| 529 | $tpl_vars = array( | 547 | $tpl_vars = array( |
| 530 | 'entry_id' => $id, | 548 | 'entry_id' => $id, |
| @@ -532,8 +550,8 @@ class Poche | |||
| 532 | ); | 550 | ); |
| 533 | break; | 551 | break; |
| 534 | case 'tag': | 552 | case 'tag': |
| 535 | $entries = $this->store->retrieveEntriesByTag($id); | 553 | $entries = $this->store->retrieveEntriesByTag($id, $this->user->getId()); |
| 536 | $tag = $this->store->retrieveTag($id); | 554 | $tag = $this->store->retrieveTag($id, $this->user->getId()); |
| 537 | $tpl_vars = array( | 555 | $tpl_vars = array( |
| 538 | 'tag' => $tag, | 556 | 'tag' => $tag, |
| 539 | 'entries' => $entries, | 557 | 'entries' => $entries, |
| @@ -541,7 +559,7 @@ class Poche | |||
| 541 | break; | 559 | break; |
| 542 | case 'tags': | 560 | case 'tags': |
| 543 | $token = $this->user->getConfigValue('token'); | 561 | $token = $this->user->getConfigValue('token'); |
| 544 | $tags = $this->store->retrieveAllTags(); | 562 | $tags = $this->store->retrieveAllTags($this->user->getId()); |
| 545 | $tpl_vars = array( | 563 | $tpl_vars = array( |
| 546 | 'token' => $token, | 564 | 'token' => $token, |
| 547 | 'user_id' => $this->user->getId(), | 565 | 'user_id' => $this->user->getId(), |
| @@ -1056,7 +1074,7 @@ class Poche | |||
| 1056 | $feed->setChannelElement('author', 'wallabag'); | 1074 | $feed->setChannelElement('author', 'wallabag'); |
| 1057 | 1075 | ||
| 1058 | if ($type == 'tag') { | 1076 | if ($type == 'tag') { |
| 1059 | $entries = $this->store->retrieveEntriesByTag($tag_id); | 1077 | $entries = $this->store->retrieveEntriesByTag($tag_id, $user_id); |
| 1060 | } | 1078 | } |
| 1061 | else { | 1079 | else { |
| 1062 | $entries = $this->store->getEntriesByView($type, $user_id); | 1080 | $entries = $this->store->getEntriesByView($type, $user_id); |