ecshop/OMS
1
0
Fork 0
mirror of https://gitee.com/ShopeX/OMS synced 2026-04-24 09:54:26 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix: 修复getviewcount()方法SQL注入漏洞

Browse Source
This commit is contained in:
wangbiao
2026-02-04 16:57:36 +08:00
parent bcf8bd2728
commit aa5a29833f
1 changed files with 29 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
app/base/lib/db/tools.php
View File

@@ -125,14 +125,27 @@ class base_db_tools{
} }
static function filter2sql($filter){ static function filter2sql($filter){
$db = kernel::database();
$where = array('1'); $where = array('1');
// format filter to array
if ($filter) { if ($filter) {
foreach ($filter as $k => $v) { foreach ($filter as $k => $v) {
// Column name hardening: only allow simple identifiers
$k = (string)$k;
if ($k === '' || !preg_match('/^[a-zA-Z0-9_]+$/', $k)) {
continue;
}
$col = '`' . $k . '`';
if (is_array($v)) { if (is_array($v)) {
$ac = array(); $ac = array();
foreach ($v as $m) { foreach ($v as $m) {
if ($m !== '_ANY_' && $m !== '' && $m != '_ALL_') { if ($m !== '_ANY_' && $m !== '' && $m != '_ALL_') {
$ac[] = $k.'=\''.$m.'\''; if ($m === null) {
$m = '';
}
$ac[] = $col . ' = ' . $db->quote($m);
} else { } else {
$ac = array(); $ac = array();
break; break;
@@ -142,10 +155,14 @@ class base_db_tools{
$where[] = '(' . implode(' or ', $ac) . ')'; $where[] = '(' . implode(' or ', $ac) . ')';
} }
} else { } else {
$where[] = '`'.$k.'` = "'.str_replace('"','\\"',$v).'"'; if ($v === null) {
$v = '';
}
$where[] = $col . ' = ' . $db->quote($v);
} }
} }
} }
return implode(' AND ', $where); return implode(' AND ', $where);
} }