Changeset 909ea23


Ignore:
Timestamp:
06/23/11 08:46:31 (10 years ago)
Author:
Philipp Spitzer <philipp@…>
Branches:
master, qt5
Children:
141a5c2
Parents:
06eef78
Message:

void possible SQL injection in function addRoomToDB.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • src/sql/sqlengine.cpp

    r06eef78 r909ea23  
    245245        //   and assign autoincremented 'id' to aRoom
    246246        // - if it exists, then we need to get its 'id' and assign it to aRoom
    247         int roomId = -1;
     247        aRoom["id"] = "";
    248248        if(query.next()) // ROOM record with 'name' already exists: we need to get its 'id'
    249249        {
    250             roomId = query.value(0).toInt();
     250            aRoom["id"] = query.value(0).toInt();
    251251        }
    252252        else // ROOM record doesn't exist yet, need to create it
    253253        {
    254             // TODO: SQL Injection!!!
    255             QString values = QString("'%1', '%2', '%3'").arg(aRoom["conference_id"],aRoom["name"],aRoom["picture"]);
    256             QString query = QString("INSERT INTO ROOM (xid_conference,name,picture) VALUES (%1)").arg(values);
    257             QSqlQuery result (query, db);
    258             roomId = result.lastInsertId().toInt(); // 'id' is assigned automatically
     254            query = QSqlQuery(db);
     255            query.prepare("INSERT INTO ROOM (xid_conference,name,picture) VALUES (:xid_conference, :name, :picture)");
     256            query.bindValue(":xid_conference", aRoom["conference_id"]);
     257            query.bindValue(":xid_name", aRoom["name"]);
     258            query.bindValue(":xid_picture", aRoom["picture"]);
     259            if (!query.exec()) qDebug() << "Could not execute 'insert into room ...' query." << query.lastError();
     260            aRoom["id"] = query.lastInsertId().toInt(); // 'id' is assigned automatically
    259261            //LOG_AUTOTEST(query);
    260262        }
     
    263265        query.bindValue(":conference_id", aRoom["conference_id"]);
    264266        query.bindValue(":event_id", aRoom["event_id"]);
    265         query.bindValue(":roomId", roomId);
    266         if (!query.exec()) qDebug() << "Could not execute insert into event_room query:" << query.lastError();
     267        query.bindValue(":roomId", aRoom["id"]);
     268        if (!query.exec()) qDebug() << "Could not 'execute insert into event_room' query:" << query.lastError();
    267269        //LOG_AUTOTEST(query);
    268270    }
     
    307309        query += "INNER JOIN PERSON ON ( EVENT_PERSON.xid_person = PERSON.id ) ";
    308310    }
     311    // TODO: avoid .arg
    309312    query += QString("WHERE EVENT.xid_conference = %1 AND (").arg( aConferenceId );
    310313
    311314    foreach (QString table, aColumns.uniqueKeys()){
    312315        foreach (QString column, aColumns.values(table)){
     316            // TODO: SQL Injection!!!
    313317            query += QString("%1.%2 LIKE '\%%3\%' OR ").arg( table, column, aKeyword );
    314318        }
Note: See TracChangeset for help on using the changeset viewer.