From d85098ff0653b1833afe48bc23f78a802dec842f Mon Sep 17 00:00:00 2001 From: "marcelo.cuiza" Date: Thu, 2 Apr 2015 09:44:16 -0400 Subject: [PATCH] PM-2061 Resolver las incidencias Very High y High del third Party Se validaron las incidencias --- gulliver/system/class.dbMaintenance.php | 8 ++ .../drivers/pgsql/metadata/PgSQLTableInfo.php | 77 +++++++++++++++++++ .../sqlite/metadata/SQLiteTableInfo.php | 12 ++- .../thirdparty/pear/PEAR/Command/Package.php | 11 +++ 4 files changed, 107 insertions(+), 1 deletion(-) diff --git a/gulliver/system/class.dbMaintenance.php b/gulliver/system/class.dbMaintenance.php index 5dbac67aa..1e6022198 100755 --- a/gulliver/system/class.dbMaintenance.php +++ b/gulliver/system/class.dbMaintenance.php @@ -443,8 +443,16 @@ class DataBaseMaintenance if (empty( $aTables )) return false; printf( "%-70s", "LOCK TABLES" ); + + if(is_array($aTables)) { + foreach($aTables as $k => $v) { + $aTables[$k] = mysql_real_escape_string($v); + } + } + $sQuery = "LOCK TABLES " . implode( " READ, ", $aTables ) . " READ; "; $sQuery = $filter->preventSqlInjection($sQuery); + if (@mysql_query( $sQuery )) { echo " [OK]\n"; return true; diff --git a/gulliver/thirdparty/creole/drivers/pgsql/metadata/PgSQLTableInfo.php b/gulliver/thirdparty/creole/drivers/pgsql/metadata/PgSQLTableInfo.php index 3a21d0ec8..be6988af0 100755 --- a/gulliver/thirdparty/creole/drivers/pgsql/metadata/PgSQLTableInfo.php +++ b/gulliver/thirdparty/creole/drivers/pgsql/metadata/PgSQLTableInfo.php @@ -70,6 +70,17 @@ class PgSQLTableInfo extends TableInfo { // Get the columns, types, etc. // Based on code from pgAdmin3 (http://www.pgadmin.org/) + + $realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] ); + $docuroot = explode( '/', $realdocuroot ); + array_pop( $docuroot ); + $pathhome = implode( '/', $docuroot ) . '/'; + array_pop( $docuroot ); + $pathTrunk = implode( '/', $docuroot ) . '/'; + require_once($pathTrunk.'gulliver/system/class.inputfilter.php'); + $filter = new InputFilter(); + $this->oid = $filter->validateInput($this->oid, 'int'); + $result = pg_query ($this->conn->getResource(), sprintf ("SELECT att.attname, att.atttypmod, @@ -203,6 +214,17 @@ class PgSQLTableInfo extends TableInfo { { throw new SQLException ("Invalid domain name [" . $strDomain . "]"); } // if (strlen (trim ($strDomain)) < 1) + + $realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] ); + $docuroot = explode( '/', $realdocuroot ); + array_pop( $docuroot ); + $pathhome = implode( '/', $docuroot ) . '/'; + array_pop( $docuroot ); + $pathTrunk = implode( '/', $docuroot ) . '/'; + require_once($pathTrunk.'gulliver/system/class.inputfilter.php'); + $filter = new InputFilter(); + $strDomain = $filter->validateInput($strDomain); + $result = pg_query ($this->conn->getResource(), sprintf ("SELECT d.typname as domname, b.typname as basetype, @@ -243,6 +265,16 @@ class PgSQLTableInfo extends TableInfo { protected function initForeignKeys() { include_once 'creole/metadata/ForeignKeyInfo.php'; + + $realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] ); + $docuroot = explode( '/', $realdocuroot ); + array_pop( $docuroot ); + $pathhome = implode( '/', $docuroot ) . '/'; + array_pop( $docuroot ); + $pathTrunk = implode( '/', $docuroot ) . '/'; + require_once($pathTrunk.'gulliver/system/class.inputfilter.php'); + $filter = new InputFilter(); + $this->oid = $filter->validateInput($this->oid, 'int'); $result = pg_query ($this->conn->getResource(), sprintf ("SELECT conname, @@ -328,6 +360,16 @@ class PgSQLTableInfo extends TableInfo { // columns have to be loaded first if (!$this->colsLoaded) $this->initColumns(); + + $realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] ); + $docuroot = explode( '/', $realdocuroot ); + array_pop( $docuroot ); + $pathhome = implode( '/', $docuroot ) . '/'; + array_pop( $docuroot ); + $pathTrunk = implode( '/', $docuroot ) . '/'; + require_once($pathTrunk.'gulliver/system/class.inputfilter.php'); + $filter = new InputFilter(); + $this->oid = $filter->validateInput($this->oid, 'int'); $result = pg_query ($this->conn->getResource(), sprintf ("SELECT DISTINCT ON(cls.relname) @@ -343,6 +385,16 @@ class PgSQLTableInfo extends TableInfo { if (!$result) { throw new SQLException("Could not list indexes keys for table: " . $this->name, pg_last_error($this->conn->getResource())); } + + $realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] ); + $docuroot = explode( '/', $realdocuroot ); + array_pop( $docuroot ); + $pathhome = implode( '/', $docuroot ) . '/'; + array_pop( $docuroot ); + $pathTrunk = implode( '/', $docuroot ) . '/'; + require_once($pathTrunk.'gulliver/system/class.inputfilter.php'); + $filter = new InputFilter(); + $this->oid = $filter->validateInput($this->oid); while($row = pg_fetch_assoc($result)) { $name = $row["idxname"]; @@ -353,6 +405,8 @@ class PgSQLTableInfo extends TableInfo { $arrColumns = explode (' ', $row['indkey']); foreach ($arrColumns as $intColNum) { + $intColNum = $filter->validateInput($intColNum, 'int'); + $result2 = pg_query ($this->conn->getResource(), sprintf ("SELECT a.attname FROM pg_catalog.pg_class c JOIN pg_catalog.pg_attribute a ON a.attrelid = c.oid WHERE c.oid = '%s' AND a.attnum = %d AND NOT a.attisdropped @@ -380,6 +434,16 @@ class PgSQLTableInfo extends TableInfo { // Primary Keys + $realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] ); + $docuroot = explode( '/', $realdocuroot ); + array_pop( $docuroot ); + $pathhome = implode( '/', $docuroot ) . '/'; + array_pop( $docuroot ); + $pathTrunk = implode( '/', $docuroot ) . '/'; + require_once($pathTrunk.'gulliver/system/class.inputfilter.php'); + $filter = new InputFilter(); + $this->oid = $filter->validateInput($this->oid); + $result = pg_query($this->conn->getResource(), sprintf ("SELECT DISTINCT ON(cls.relname) cls.relname as idxname, @@ -395,11 +459,24 @@ class PgSQLTableInfo extends TableInfo { // Loop through the returned results, grouping the same key_name together // adding each column for that key. + + $realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] ); + $docuroot = explode( '/', $realdocuroot ); + array_pop( $docuroot ); + $pathhome = implode( '/', $docuroot ) . '/'; + array_pop( $docuroot ); + $pathTrunk = implode( '/', $docuroot ) . '/'; + require_once($pathTrunk.'gulliver/system/class.inputfilter.php'); + $filter = new InputFilter(); + $this->oid = $filter->validateInput($this->oid); + while($row = pg_fetch_assoc($result)) { $arrColumns = explode (' ', $row['indkey']); foreach ($arrColumns as $intColNum) { + $intColNum = $filter->validateInput($intColNum, 'int'); + $result2 = pg_query ($this->conn->getResource(), sprintf ("SELECT a.attname FROM pg_catalog.pg_class c JOIN pg_catalog.pg_attribute a ON a.attrelid = c.oid WHERE c.oid = '%s' AND a.attnum = %d AND NOT a.attisdropped diff --git a/gulliver/thirdparty/creole/drivers/sqlite/metadata/SQLiteTableInfo.php b/gulliver/thirdparty/creole/drivers/sqlite/metadata/SQLiteTableInfo.php index 011deaa82..c88eab6a1 100755 --- a/gulliver/thirdparty/creole/drivers/sqlite/metadata/SQLiteTableInfo.php +++ b/gulliver/thirdparty/creole/drivers/sqlite/metadata/SQLiteTableInfo.php @@ -103,13 +103,23 @@ class SQLiteTableInfo extends TableInfo { include_once 'creole/metadata/IndexInfo.php'; // columns have to be loaded first - if (!$this->colsLoaded) $this->initColumns(); + if (!$this->colsLoaded) $this->initColumns(); + + $realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] ); + $docuroot = explode( '/', $realdocuroot ); + array_pop( $docuroot ); + $pathhome = implode( '/', $docuroot ) . '/'; + array_pop( $docuroot ); + $pathTrunk = implode( '/', $docuroot ) . '/'; + require_once($pathTrunk.'gulliver/system/class.inputfilter.php'); + $filter = new InputFilter(); $sql = "PRAGMA index_list('".$this->name."')"; $res = sqlite_query($this->conn->getResource(), $sql); while($row = sqlite_fetch_array($res, SQLITE_ASSOC)) { $name = $row['name']; + $name = $filter->validateInput($name); $this->indexes[$name] = new IndexInfo($name); // get columns for that index diff --git a/gulliver/thirdparty/pear/PEAR/Command/Package.php b/gulliver/thirdparty/pear/PEAR/Command/Package.php index 544452e4e..f7b24490f 100755 --- a/gulliver/thirdparty/pear/PEAR/Command/Package.php +++ b/gulliver/thirdparty/pear/PEAR/Command/Package.php @@ -451,6 +451,17 @@ Wrote: /usr/src/redhat/RPMS/i386/PEAR::Net_Socket-1.0-1.i386.rpm } $plist = implode(" ", $params); $cmd = "$php -C -d include_path=$cwd$ps$ip -f $run_tests -- $plist"; + + $realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] ); + $docuroot = explode( '/', $realdocuroot ); + array_pop( $docuroot ); + $pathhome = implode( '/', $docuroot ) . '/'; + array_pop( $docuroot ); + $pathTrunk = implode( '/', $docuroot ) . '/'; + require_once($pathTrunk.'gulliver/system/class.inputfilter.php'); + $filter = new InputFilter(); + $cmd = $filter->validateInput($cmd); + system($cmd); return true; }