Skip to content

Commit

Permalink
Merge pull request from GHSA-jwpv-7m4h-5gvc
Browse files Browse the repository at this point in the history 
* Prevent SQL injection through search API

* better solution
  • Loading branch information
@cedric-anne
cedric-anne committed Oct 6, 2020
1 parent 3ae40f0 commit 3dc4475
Showing 1 changed file with 5 additions and 2 deletions.
7 changes: 5 additions & 2 deletions inc/api/api.class.php
View file
Expand Up @@ -1631,8 +1631,8 @@ protected function searchItems($itemtype, $params = []) {
if (isset($params['criteria']) && is_array($params['criteria'])) {

// use a recursive closure to check each nested criteria
$check_criteria = function($criteria) use (&$check_criteria, $soptions) {
foreach ($criteria as $criterion) {
$check_criteria = function(&$criteria) use (&$check_criteria, $soptions) {
foreach ($criteria as &$criterion) {
// recursive call
if (isset($criterion['criteria'])) {
return $check_criteria($criterion['criteria']);
Expand All @@ -1653,6 +1653,9 @@ protected function searchItems($itemtype, $params = []) {
&& $soptions[$criterion['field']]['nosearch']) {
return __("Forbidden field ID in search criteria");
}

// Escape value to prevent SQL injection
$criterion['value'] = Toolbox::addslashes_deep($criterion['value']);
}

return true;
Expand Down

0 comments on commit 3dc4475

Please sign in to comment.