diff --git a/html/pages/ipv4.inc.php b/html/pages/ipv4.inc.php index 32fd2c17d..6ae3e8d91 100644 --- a/html/pages/ipv4.inc.php +++ b/html/pages/ipv4.inc.php @@ -40,9 +40,8 @@ print_optionbar_end(); echo(''); -# FIXME SQL INJECTION!! -if ($_POST['device_id']) { $where .= " AND I.device_id = '".$_POST['device_id']."'"; } -if ($_POST['interface']) { $where .= " AND I.ifDescr LIKE '".$_POST['interface']."'"; } +if (is_numeric($_POST['device_id'])) { $where .= " AND I.device_id = '".$_POST['device_id']."'"; } +if ($_POST['interface']) { $where .= " AND I.ifDescr LIKE '".mres($_POST['interface'])."'"; } $sql = "SELECT * FROM `ipv4_addresses` AS A, `ports` AS I, `devices` AS D, `ipv4_networks` AS N WHERE I.interface_id = A.interface_id AND I.device_id = D.device_id AND N.ipv4_network_id = A.ipv4_network_id $where ORDER BY A.ipv4_address"; diff --git a/html/pages/ipv6.inc.php b/html/pages/ipv6.inc.php index 5df8ec287..775f7d282 100644 --- a/html/pages/ipv6.inc.php +++ b/html/pages/ipv6.inc.php @@ -40,9 +40,8 @@ print_optionbar_end(); echo('
'); -# FIXME SQL INJECTION!! -if ($_POST['device_id']) { $where .= " AND I.device_id = '".$_POST['device_id']."'"; } -if ($_POST['interface']) { $where .= " AND I.ifDescr LIKE '".$_POST['interface']."'"; } +if (is_numeric($_POST['device_id'])) { $where .= " AND I.device_id = '".$_POST['device_id']."'"; } +if ($_POST['interface']) { $where .= " AND I.ifDescr LIKE '".mres($_POST['interface'])."'"; } $sql = "SELECT * FROM `ipv6_addresses` AS A, `ports` AS I, `devices` AS D, `ipv6_networks` AS N WHERE I.interface_id = A.interface_id AND I.device_id = D.device_id AND N.ipv6_network_id = A.ipv6_network_id $where ORDER BY A.ipv6_address"; diff --git a/html/pages/ports/default.inc.php b/html/pages/ports/default.inc.php index a31a2e059..1b2931532 100644 --- a/html/pages/ports/default.inc.php +++ b/html/pages/ports/default.inc.php @@ -85,6 +85,7 @@ # $sql = "SELECT * FROM `ports` AS I, `devices` AS D, `devices_perms` AS P WHERE I.device_id = D.device_id AND D.device_id = P.device_id AND P.user_id = '" . $_SESSION['user_id'] . "' ORDER BY D.hostname, I.ifDescr"; #} +# FIXME block below is not totally used, at least the iftype stuff is bogus? if ($_GET['opta'] == "down" || $_GET['type'] == "down" || $_POST['state'] == "down") { $where .= "AND I.ifAdminStatus = 'up' AND I.ifOperStatus = 'down' AND I.ignore = '0'"; @@ -110,11 +111,10 @@ if ($_GET['opta'] == "down" || $_GET['type'] == "down" || $_POST['state'] == "do $where .= " AND I.ifType = 'ppp'"; } -# FIXME SQL Injection! -if ($_POST['device_id']) { $where .= " AND I.device_id = '".$_POST['device_id']."'"; } -if ($_POST['ifType']) { $where .= " AND I.ifType = '".$_POST['ifType']."'"; } -if ($_POST['ifSpeed']) { $where .= " AND I.ifSpeed = '".$_POST['ifSpeed']."'"; } -if ($_POST['ifAlias']) { $where .= " AND I.ifAlias LIKE '%".$_POST['ifAlias']."%'"; } +if (is_numeric($_POST['device_id'])) { $where .= " AND I.device_id = '".$_POST['device_id']."'"; } +if ($_POST['ifType']) { $where .= " AND I.ifType = '".mres($_POST['ifType'])."'"; } +if (is_numeric($_POST['ifSpeed'])) { $where .= " AND I.ifSpeed = '".$_POST['ifSpeed']."'"; } +if ($_POST['ifAlias']) { $where .= " AND I.ifAlias LIKE '%".mres($_POST['ifAlias'])."%'"; } if ($_POST['deleted'] || $_GET['type'] == "deleted") { $where .= " AND I.deleted = '1'"; } $sql = "SELECT * FROM `ports` AS I, `devices` AS D WHERE I.device_id = D.device_id $where ORDER BY D.hostname, I.ifIndex";