Merged in bugfix/PMCORE-1225-B (pull request #7915)
PMCORE-1225 execute-query-blacklist.ini not working according to the documentation Approved-by: Julio Cesar Laura Avendaño
This commit is contained in:
Roly Rudy Gutierrez Pinto
committed by
Julio Cesar Laura Avendaño
Julio Cesar Laura Avendaño
commit
d0f6f7de56
@@ -95,30 +95,44 @@ class SqlBlacklist extends Parser
|
|||||||
$config = $this->getConfigValues();
|
$config = $this->getConfigValues();
|
||||||
|
|
||||||
//verify statements
|
//verify statements
|
||||||
|
$notExecuteQuery = false;
|
||||||
foreach ($this->statements as $statement) {
|
foreach ($this->statements as $statement) {
|
||||||
$signed = get_class($statement);
|
$signed = get_class($statement);
|
||||||
foreach (Parser::$STATEMENT_PARSERS as $key => $value) {
|
foreach (Parser::$STATEMENT_PARSERS as $key => $value) {
|
||||||
if ($signed === $value && in_array(strtoupper($key), $config['statements'])) {
|
if ($signed === $value && in_array(strtoupper($key), $config['statements'])) {
|
||||||
throw new Exception(G::loadTranslation('ID_INVALID_QUERY'));
|
$notExecuteQuery = true;
|
||||||
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
//verify tables
|
//verify tables
|
||||||
//tokens are formed multidimensionally, it is necessary to recursively traverse the multidimensional object.
|
//tokens are formed multidimensionally, it is necessary to recursively traverse the multidimensional object.
|
||||||
$listTables = array_merge($config['tables'], $config['pmtables']);
|
$fn = function ($object, $callback) use (&$fn) {
|
||||||
$fn = function ($object) use (&$fn, $listTables) {
|
|
||||||
foreach ($object as $key => $value) {
|
foreach ($object as $key => $value) {
|
||||||
if (is_array($value) || is_object($value)) {
|
if (is_array($value) || is_object($value)) {
|
||||||
$fn($value);
|
$fn($value, $callback);
|
||||||
}
|
}
|
||||||
if ($key === 'table' && is_string($value)) {
|
if ($key === 'table' && is_string($value)) {
|
||||||
if (in_array($value, $listTables)) {
|
$callback($value);
|
||||||
throw new Exception(G::loadTranslation('ID_NOT_EXECUTE_QUERY', [$value]));
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
$fn($this->statements);
|
|
||||||
|
//verify system tables
|
||||||
|
$tables = $config['tables'];
|
||||||
|
$fn($this->statements, function ($table) use ($tables) {
|
||||||
|
if (in_array($table, $tables)) {
|
||||||
|
throw new Exception(G::loadTranslation('ID_NOT_EXECUTE_QUERY', [$table]));
|
||||||
|
}
|
||||||
|
});
|
||||||
|
|
||||||
|
//verify pmtables
|
||||||
|
$pmtables = $config['pmtables'];
|
||||||
|
$fn($this->statements, function ($table) use ($pmtables, $notExecuteQuery) {
|
||||||
|
if (in_array($table, $pmtables) && $notExecuteQuery) {
|
||||||
|
throw new Exception(G::loadTranslation('ID_NOT_EXECUTE_QUERY', [$table]));
|
||||||
|
}
|
||||||
|
});
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user