1
0
mirror of https://github.com/moparisthebest/wallabag synced 2024-11-30 12:52:24 -05:00

[fix] security problems with tags

This commit is contained in:
Nicolas Lœuillet 2014-02-19 13:25:28 +01:00
parent 53ae58e1a1
commit b89d5a2bf4
2 changed files with 37 additions and 13 deletions

View File

@ -344,30 +344,36 @@ class Database {
return $this->getHandle()->lastInsertId($column); return $this->getHandle()->lastInsertId($column);
} }
public function retrieveAllTags() { public function retrieveAllTags($user_id) {
$sql = "SELECT * FROM tags"; $sql = "SELECT tags.* FROM tags
$query = $this->executeQuery($sql, array()); LEFT JOIN tags_entries ON tags_entries.tag_id=tags.id
LEFT JOIN entries ON tags_entries.entry_id=entries.id
WHERE entries.user_id=?";
$query = $this->executeQuery($sql, array($user_id));
$tags = $query->fetchAll(); $tags = $query->fetchAll();
return $tags; return $tags;
} }
public function retrieveTag($id) { public function retrieveTag($id, $user_id) {
$tag = NULL; $tag = NULL;
$sql = "SELECT * FROM tags WHERE id=?"; $sql = "SELECT tags.* FROM tags
$params = array(intval($id)); LEFT JOIN tags_entries ON tags_entries.tag_id=tags.id
LEFT JOIN entries ON tags_entries.entry_id=entries.id
WHERE tags.id=? AND entries.user_id=?";
$params = array(intval($id), $user_id);
$query = $this->executeQuery($sql, $params); $query = $this->executeQuery($sql, $params);
$tag = $query->fetchAll(); $tag = $query->fetchAll();
return isset($tag[0]) ? $tag[0] : null; return isset($tag[0]) ? $tag[0] : null;
} }
public function retrieveEntriesByTag($tag_id) { public function retrieveEntriesByTag($tag_id, $user_id) {
$sql = $sql =
"SELECT entries.* FROM entries "SELECT entries.* FROM entries
LEFT JOIN tags_entries ON tags_entries.entry_id=entries.id LEFT JOIN tags_entries ON tags_entries.entry_id=entries.id
WHERE tags_entries.tag_id = ?"; WHERE tags_entries.tag_id = ? AND entries.user_id=?";
$query = $this->executeQuery($sql, array($tag_id)); $query = $this->executeQuery($sql, array($tag_id, $user_id));
$entries = $query->fetchAll(); $entries = $query->fetchAll();
return $entries; return $entries;

View File

@ -463,6 +463,12 @@ class Poche
case 'add_tag' : case 'add_tag' :
$tags = explode(',', $_POST['value']); $tags = explode(',', $_POST['value']);
$entry_id = $_POST['entry_id']; $entry_id = $_POST['entry_id'];
$entry = $this->store->retrieveOneById($entry_id, $this->user->getId());
if (!$entry) {
$this->messages->add('e', _('Article not found!'));
Tools::logm('error : article not found');
Tools::redirect();
}
foreach($tags as $key => $tag_value) { foreach($tags as $key => $tag_value) {
$value = trim($tag_value); $value = trim($tag_value);
$tag = $this->store->retrieveTagByValue($value); $tag = $this->store->retrieveTagByValue($value);
@ -487,6 +493,12 @@ class Poche
break; break;
case 'remove_tag' : case 'remove_tag' :
$tag_id = $_GET['tag_id']; $tag_id = $_GET['tag_id'];
$entry = $this->store->retrieveOneById($id, $this->user->getId());
if (!$entry) {
$this->messages->add('e', _('Article not found!'));
Tools::logm('error : article not found');
Tools::redirect();
}
$this->store->removeTagForEntry($id, $tag_id); $this->store->removeTagForEntry($id, $tag_id);
Tools::redirect(); Tools::redirect();
break; break;
@ -525,6 +537,12 @@ class Poche
break; break;
case 'edit-tags': case 'edit-tags':
# tags # tags
$entry = $this->store->retrieveOneById($id, $this->user->getId());
if (!$entry) {
$this->messages->add('e', _('Article not found!'));
Tools::logm('error : article not found');
Tools::redirect();
}
$tags = $this->store->retrieveTagsByEntry($id); $tags = $this->store->retrieveTagsByEntry($id);
$tpl_vars = array( $tpl_vars = array(
'entry_id' => $id, 'entry_id' => $id,
@ -532,8 +550,8 @@ class Poche
); );
break; break;
case 'tag': case 'tag':
$entries = $this->store->retrieveEntriesByTag($id); $entries = $this->store->retrieveEntriesByTag($id, $this->user->getId());
$tag = $this->store->retrieveTag($id); $tag = $this->store->retrieveTag($id, $this->user->getId());
$tpl_vars = array( $tpl_vars = array(
'tag' => $tag, 'tag' => $tag,
'entries' => $entries, 'entries' => $entries,
@ -541,7 +559,7 @@ class Poche
break; break;
case 'tags': case 'tags':
$token = $this->user->getConfigValue('token'); $token = $this->user->getConfigValue('token');
$tags = $this->store->retrieveAllTags(); $tags = $this->store->retrieveAllTags($this->user->getId());
$tpl_vars = array( $tpl_vars = array(
'token' => $token, 'token' => $token,
'user_id' => $this->user->getId(), 'user_id' => $this->user->getId(),
@ -1056,7 +1074,7 @@ class Poche
$feed->setChannelElement('author', 'wallabag'); $feed->setChannelElement('author', 'wallabag');
if ($type == 'tag') { if ($type == 'tag') {
$entries = $this->store->retrieveEntriesByTag($tag_id); $entries = $this->store->retrieveEntriesByTag($tag_id, $user_id);
} }
else { else {
$entries = $this->store->getEntriesByView($type, $user_id); $entries = $this->store->getEntriesByView($type, $user_id);