mirror of
https://github.com/moparisthebest/wallabag
synced 2024-11-23 17:42:15 -05:00
[fix] security problems with tags
This commit is contained in:
parent
53ae58e1a1
commit
b89d5a2bf4
@ -344,30 +344,36 @@ class Database {
|
||||
return $this->getHandle()->lastInsertId($column);
|
||||
}
|
||||
|
||||
public function retrieveAllTags() {
|
||||
$sql = "SELECT * FROM tags";
|
||||
$query = $this->executeQuery($sql, array());
|
||||
public function retrieveAllTags($user_id) {
|
||||
$sql = "SELECT tags.* FROM tags
|
||||
LEFT JOIN tags_entries ON tags_entries.tag_id=tags.id
|
||||
LEFT JOIN entries ON tags_entries.entry_id=entries.id
|
||||
WHERE entries.user_id=?";
|
||||
$query = $this->executeQuery($sql, array($user_id));
|
||||
$tags = $query->fetchAll();
|
||||
|
||||
return $tags;
|
||||
}
|
||||
|
||||
public function retrieveTag($id) {
|
||||
public function retrieveTag($id, $user_id) {
|
||||
$tag = NULL;
|
||||
$sql = "SELECT * FROM tags WHERE id=?";
|
||||
$params = array(intval($id));
|
||||
$sql = "SELECT tags.* FROM tags
|
||||
LEFT JOIN tags_entries ON tags_entries.tag_id=tags.id
|
||||
LEFT JOIN entries ON tags_entries.entry_id=entries.id
|
||||
WHERE tags.id=? AND entries.user_id=?";
|
||||
$params = array(intval($id), $user_id);
|
||||
$query = $this->executeQuery($sql, $params);
|
||||
$tag = $query->fetchAll();
|
||||
|
||||
return isset($tag[0]) ? $tag[0] : null;
|
||||
}
|
||||
|
||||
public function retrieveEntriesByTag($tag_id) {
|
||||
public function retrieveEntriesByTag($tag_id, $user_id) {
|
||||
$sql =
|
||||
"SELECT entries.* FROM entries
|
||||
LEFT JOIN tags_entries ON tags_entries.entry_id=entries.id
|
||||
WHERE tags_entries.tag_id = ?";
|
||||
$query = $this->executeQuery($sql, array($tag_id));
|
||||
WHERE tags_entries.tag_id = ? AND entries.user_id=?";
|
||||
$query = $this->executeQuery($sql, array($tag_id, $user_id));
|
||||
$entries = $query->fetchAll();
|
||||
|
||||
return $entries;
|
||||
|
@ -463,6 +463,12 @@ class Poche
|
||||
case 'add_tag' :
|
||||
$tags = explode(',', $_POST['value']);
|
||||
$entry_id = $_POST['entry_id'];
|
||||
$entry = $this->store->retrieveOneById($entry_id, $this->user->getId());
|
||||
if (!$entry) {
|
||||
$this->messages->add('e', _('Article not found!'));
|
||||
Tools::logm('error : article not found');
|
||||
Tools::redirect();
|
||||
}
|
||||
foreach($tags as $key => $tag_value) {
|
||||
$value = trim($tag_value);
|
||||
$tag = $this->store->retrieveTagByValue($value);
|
||||
@ -487,6 +493,12 @@ class Poche
|
||||
break;
|
||||
case 'remove_tag' :
|
||||
$tag_id = $_GET['tag_id'];
|
||||
$entry = $this->store->retrieveOneById($id, $this->user->getId());
|
||||
if (!$entry) {
|
||||
$this->messages->add('e', _('Article not found!'));
|
||||
Tools::logm('error : article not found');
|
||||
Tools::redirect();
|
||||
}
|
||||
$this->store->removeTagForEntry($id, $tag_id);
|
||||
Tools::redirect();
|
||||
break;
|
||||
@ -525,6 +537,12 @@ class Poche
|
||||
break;
|
||||
case 'edit-tags':
|
||||
# tags
|
||||
$entry = $this->store->retrieveOneById($id, $this->user->getId());
|
||||
if (!$entry) {
|
||||
$this->messages->add('e', _('Article not found!'));
|
||||
Tools::logm('error : article not found');
|
||||
Tools::redirect();
|
||||
}
|
||||
$tags = $this->store->retrieveTagsByEntry($id);
|
||||
$tpl_vars = array(
|
||||
'entry_id' => $id,
|
||||
@ -532,8 +550,8 @@ class Poche
|
||||
);
|
||||
break;
|
||||
case 'tag':
|
||||
$entries = $this->store->retrieveEntriesByTag($id);
|
||||
$tag = $this->store->retrieveTag($id);
|
||||
$entries = $this->store->retrieveEntriesByTag($id, $this->user->getId());
|
||||
$tag = $this->store->retrieveTag($id, $this->user->getId());
|
||||
$tpl_vars = array(
|
||||
'tag' => $tag,
|
||||
'entries' => $entries,
|
||||
@ -541,7 +559,7 @@ class Poche
|
||||
break;
|
||||
case 'tags':
|
||||
$token = $this->user->getConfigValue('token');
|
||||
$tags = $this->store->retrieveAllTags();
|
||||
$tags = $this->store->retrieveAllTags($this->user->getId());
|
||||
$tpl_vars = array(
|
||||
'token' => $token,
|
||||
'user_id' => $this->user->getId(),
|
||||
@ -1056,7 +1074,7 @@ class Poche
|
||||
$feed->setChannelElement('author', 'wallabag');
|
||||
|
||||
if ($type == 'tag') {
|
||||
$entries = $this->store->retrieveEntriesByTag($tag_id);
|
||||
$entries = $this->store->retrieveEntriesByTag($tag_id, $user_id);
|
||||
}
|
||||
else {
|
||||
$entries = $this->store->getEntriesByView($type, $user_id);
|
||||
|
Loading…
Reference in New Issue
Block a user