From 3710cbca3f995a9542cbe4547a6292bf4e02d816 Mon Sep 17 00:00:00 2001 From: Jelmer Prins Date: Wed, 23 Mar 2022 14:01:52 +0100 Subject: [PATCH] Fix sql injection through the type and language parameter of the translation export --- src/Backend/Modules/Locale/Actions/Export.php | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/Backend/Modules/Locale/Actions/Export.php b/src/Backend/Modules/Locale/Actions/Export.php index c99a8592a8..8f5a00a96b 100644 --- a/src/Backend/Modules/Locale/Actions/Export.php +++ b/src/Backend/Modules/Locale/Actions/Export.php @@ -5,6 +5,7 @@ use Backend\Core\Engine\Base\ActionIndex as BackendBaseActionIndex; use Backend\Core\Engine\Model as BackendModel; use Backend\Core\Language\Language as BL; +use Backend\Core\Language\Locale; use Backend\Modules\Locale\Engine\Model as BackendLocaleModel; use Symfony\Component\HttpFoundation\Response; @@ -47,7 +48,7 @@ private function buildQuery(): array // create an array for the languages, surrounded by quotes (example: 'en') $languages = []; foreach ($this->filter['language'] as $key => $val) { - $languages[$key] = '\'' . $val . '\''; + $languages[$key] = '\'' . Locale::fromString($val) . '\''; } $query .= ' AND l.language IN (' . implode(',', $languages) . ')'; @@ -70,7 +71,9 @@ private function buildQuery(): array // create an array for the types, surrounded by quotes (example: 'lbl') $types = []; foreach ($this->filter['type'] as $key => $val) { - $types[$key] = '\'' . $val . '\''; + if (in_array($val, BackendLocaleModel::TYPES)) { + $types[$key] = '\'' . $val . '\''; + } } $query .= ' AND l.type IN (' . implode(',', $types) . ')';