From 21e35af721c375ef4676ed50835e30d828e76520 Mon Sep 17 00:00:00 2001 From: Christian F Date: Wed, 19 Apr 2023 08:31:10 +0200 Subject: [PATCH] fixed sql injection, readjust tabs (#14941) --- .../Admin/Asset/AssetController.php | 27 ++++++++++++------- 1 file changed, 17 insertions(+), 10 deletions(-) diff --git a/bundles/AdminBundle/Controller/Admin/Asset/AssetController.php b/bundles/AdminBundle/Controller/Admin/Asset/AssetController.php index 46e23f6e508..616b2d38721 100644 --- a/bundles/AdminBundle/Controller/Admin/Asset/AssetController.php +++ b/bundles/AdminBundle/Controller/Admin/Asset/AssetController.php @@ -2109,10 +2109,10 @@ public function downloadAsZipJobsAction(Request $request) $userIds = $this->getAdminUser()->getRoles(); $userIds[] = $this->getAdminUser()->getId(); $conditionFilters[] = ' ( - (select list from users_workspaces_asset where userId in (' . implode(',', $userIds) . ') and LOCATE(CONCAT(path, filename),cpath)=1 ORDER BY LENGTH(cpath) DESC LIMIT 1)=1 - OR - (select list from users_workspaces_asset where userId in (' . implode(',', $userIds) . ') and LOCATE(cpath,CONCAT(path, filename))=1 ORDER BY LENGTH(cpath) DESC LIMIT 1)=1 - )'; + (select list from users_workspaces_asset where userId in (' . implode(',', $userIds) . ') and LOCATE(CONCAT(path, filename),cpath)=1 ORDER BY LENGTH(cpath) DESC LIMIT 1)=1 + OR + (select list from users_workspaces_asset where userId in (' . implode(',', $userIds) . ') and LOCATE(cpath,CONCAT(path, filename))=1 ORDER BY LENGTH(cpath) DESC LIMIT 1)=1 + )'; } $condition = implode(' AND ', $conditionFilters); @@ -2177,23 +2177,30 @@ public function downloadAsZipAddFilesAction(Request $request) $db = \Pimcore\Db::get(); $conditionFilters = []; - $selectedIds = $request->get('selectedIds', []); if (!empty($selectedIds)) { $selectedIds = explode(',', $selectedIds); + + $quotedSelectedIds = []; + foreach ($selectedIds as $selectedId) { + if ($selectedId) { + $quotedSelectedIds[] = $db->quote($selectedId); + } + } + //add a condition if id numbers are specified - $conditionFilters[] = 'id IN (' . implode(',', $selectedIds) . ')'; + $conditionFilters[] = 'id IN (' . implode(',', $quotedSelectedIds) . ')'; } $conditionFilters[] = "type != 'folder' AND path LIKE " . $db->quote(Helper::escapeLike($parentPath) . '/%'); if (!$this->getAdminUser()->isAdmin()) { $userIds = $this->getAdminUser()->getRoles(); $userIds[] = $this->getAdminUser()->getId(); $conditionFilters[] = ' ( - (select list from users_workspaces_asset where userId in (' . implode(',', $userIds) . ') and LOCATE(CONCAT(path, filename),cpath)=1 ORDER BY LENGTH(cpath) DESC LIMIT 1)=1 - OR - (select list from users_workspaces_asset where userId in (' . implode(',', $userIds) . ') and LOCATE(cpath,CONCAT(path, filename))=1 ORDER BY LENGTH(cpath) DESC LIMIT 1)=1 - )'; + (select list from users_workspaces_asset where userId in (' . implode(',', $userIds) . ') and LOCATE(CONCAT(path, filename),cpath)=1 ORDER BY LENGTH(cpath) DESC LIMIT 1)=1 + OR + (select list from users_workspaces_asset where userId in (' . implode(',', $userIds) . ') and LOCATE(cpath,CONCAT(path, filename))=1 ORDER BY LENGTH(cpath) DESC LIMIT 1)=1 + )'; } $condition = implode(' AND ', $conditionFilters);