1
0
mirror of https://github.com/moparisthebest/wallabag synced 2024-11-23 17:42:15 -05:00

[fix] security problems with tags

This commit is contained in:
Nicolas Lœuillet 2014-02-19 13:25:28 +01:00
parent 53ae58e1a1
commit b89d5a2bf4
2 changed files with 37 additions and 13 deletions

View File

@ -344,30 +344,36 @@ class Database {
return $this->getHandle()->lastInsertId($column);
}
public function retrieveAllTags() {
$sql = "SELECT * FROM tags";
$query = $this->executeQuery($sql, array());
public function retrieveAllTags($user_id) {
$sql = "SELECT tags.* FROM tags
LEFT JOIN tags_entries ON tags_entries.tag_id=tags.id
LEFT JOIN entries ON tags_entries.entry_id=entries.id
WHERE entries.user_id=?";
$query = $this->executeQuery($sql, array($user_id));
$tags = $query->fetchAll();
return $tags;
}
public function retrieveTag($id) {
public function retrieveTag($id, $user_id) {
$tag = NULL;
$sql = "SELECT * FROM tags WHERE id=?";
$params = array(intval($id));
$sql = "SELECT tags.* FROM tags
LEFT JOIN tags_entries ON tags_entries.tag_id=tags.id
LEFT JOIN entries ON tags_entries.entry_id=entries.id
WHERE tags.id=? AND entries.user_id=?";
$params = array(intval($id), $user_id);
$query = $this->executeQuery($sql, $params);
$tag = $query->fetchAll();
return isset($tag[0]) ? $tag[0] : null;
}
public function retrieveEntriesByTag($tag_id) {
public function retrieveEntriesByTag($tag_id, $user_id) {
$sql =
"SELECT entries.* FROM entries
LEFT JOIN tags_entries ON tags_entries.entry_id=entries.id
WHERE tags_entries.tag_id = ?";
$query = $this->executeQuery($sql, array($tag_id));
WHERE tags_entries.tag_id = ? AND entries.user_id=?";
$query = $this->executeQuery($sql, array($tag_id, $user_id));
$entries = $query->fetchAll();
return $entries;

View File

@ -463,6 +463,12 @@ class Poche
case 'add_tag' :
$tags = explode(',', $_POST['value']);
$entry_id = $_POST['entry_id'];
$entry = $this->store->retrieveOneById($entry_id, $this->user->getId());
if (!$entry) {
$this->messages->add('e', _('Article not found!'));
Tools::logm('error : article not found');
Tools::redirect();
}
foreach($tags as $key => $tag_value) {
$value = trim($tag_value);
$tag = $this->store->retrieveTagByValue($value);
@ -487,6 +493,12 @@ class Poche
break;
case 'remove_tag' :
$tag_id = $_GET['tag_id'];
$entry = $this->store->retrieveOneById($id, $this->user->getId());
if (!$entry) {
$this->messages->add('e', _('Article not found!'));
Tools::logm('error : article not found');
Tools::redirect();
}
$this->store->removeTagForEntry($id, $tag_id);
Tools::redirect();
break;
@ -525,6 +537,12 @@ class Poche
break;
case 'edit-tags':
# tags
$entry = $this->store->retrieveOneById($id, $this->user->getId());
if (!$entry) {
$this->messages->add('e', _('Article not found!'));
Tools::logm('error : article not found');
Tools::redirect();
}
$tags = $this->store->retrieveTagsByEntry($id);
$tpl_vars = array(
'entry_id' => $id,
@ -532,8 +550,8 @@ class Poche
);
break;
case 'tag':
$entries = $this->store->retrieveEntriesByTag($id);
$tag = $this->store->retrieveTag($id);
$entries = $this->store->retrieveEntriesByTag($id, $this->user->getId());
$tag = $this->store->retrieveTag($id, $this->user->getId());
$tpl_vars = array(
'tag' => $tag,
'entries' => $entries,
@ -541,7 +559,7 @@ class Poche
break;
case 'tags':
$token = $this->user->getConfigValue('token');
$tags = $this->store->retrieveAllTags();
$tags = $this->store->retrieveAllTags($this->user->getId());
$tpl_vars = array(
'token' => $token,
'user_id' => $this->user->getId(),
@ -1056,7 +1074,7 @@ class Poche
$feed->setChannelElement('author', 'wallabag');
if ($type == 'tag') {
$entries = $this->store->retrieveEntriesByTag($tag_id);
$entries = $this->store->retrieveEntriesByTag($tag_id, $user_id);
}
else {
$entries = $this->store->getEntriesByView($type, $user_id);