mirror of
https://github.com/DataTables/DataTables.git
synced 2025-02-19 17:54:14 +01:00
Fix:Server-side scripts security flaw - The example server-side scripts
had an injection vunrebility where paging and sorting could be exploited - 13314. DataTables 1.9.4 has been reissued with these fixes.
This commit is contained in:
Allan Jardine
parent
36fc3cc92e
commit
86cc702539
@ -128,8 +128,8 @@
|
||||
$sLimit = "";
|
||||
if ( isset( $_GET['iDisplayStart'] ) && $_GET['iDisplayLength'] != '-1' )
|
||||
{
|
||||
$sLimit = "LIMIT ".mysql_real_escape_string( $_GET['iDisplayStart'] ).", ".
|
||||
mysql_real_escape_string( $_GET['iDisplayLength'] );
|
||||
$sLimit = "LIMIT ".intval( $_GET['iDisplayStart'] ).", ".
|
||||
intval( $_GET['iDisplayLength'] );
|
||||
}
|
||||
|
||||
|
||||
@ -145,7 +145,7 @@
|
||||
if ( $_GET[ 'bSortable_'.intval($_GET['iSortCol_'.$i]) ] == "true" )
|
||||
{
|
||||
$sOrder .= "`".$aColumns[ intval( $_GET['iSortCol_'.$i] ) ]."` ".
|
||||
mysql_real_escape_string( $_GET['sSortDir_'.$i] ) .", ";
|
||||
($_GET['sSortDir_'.$i]==='asc' ? 'asc' : 'desc') .", ";
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -69,7 +69,7 @@
|
||||
$('#example').dataTable( {
|
||||
"bProcessing": true,
|
||||
"bServerSide": true,
|
||||
"sAjaxSource": "scripts/server_processing.php"
|
||||
"sAjaxSource": "scripts/server_processing.php",
|
||||
"fnServerParams": function ( aoData ) {
|
||||
aoData.push( { "name": "more_data", "value": "my_value" } );
|
||||
}
|
||||
|
||||
@ -59,8 +59,8 @@
|
||||
$sLimit = "";
|
||||
if ( isset( $_GET['iDisplayStart'] ) && $_GET['iDisplayLength'] != '-1' )
|
||||
{
|
||||
$sLimit = "LIMIT ".mysql_real_escape_string( $_GET['iDisplayStart'] ).", ".
|
||||
mysql_real_escape_string( $_GET['iDisplayLength'] );
|
||||
$sLimit = "LIMIT ".intval( $_GET['iDisplayStart'] ).", ".
|
||||
intval( $_GET['iDisplayLength'] );
|
||||
}
|
||||
|
||||
|
||||
@ -75,8 +75,8 @@
|
||||
{
|
||||
if ( $_GET[ 'bSortable_'.intval($_GET['iSortCol_'.$i]) ] == "true" )
|
||||
{
|
||||
$sOrder .= $aColumns[ intval( $_GET['iSortCol_'.$i] ) ]."
|
||||
".mysql_real_escape_string( $_GET['sSortDir_'.$i] ) .", ";
|
||||
$sOrder .= "`".$aColumns[ intval( $_GET['iSortCol_'.$i] ) ]."` ".
|
||||
($_GET['sSortDir_'.$i]==='asc' ? 'asc' : 'desc') .", ";
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -59,8 +59,8 @@
|
||||
$sLimit = "";
|
||||
if ( isset( $_GET['iDisplayStart'] ) && $_GET['iDisplayLength'] != '-1' )
|
||||
{
|
||||
$sLimit = "LIMIT ".mysql_real_escape_string( $_GET['iDisplayStart'] ).", ".
|
||||
mysql_real_escape_string( $_GET['iDisplayLength'] );
|
||||
$sLimit = "LIMIT ".intval( $_GET['iDisplayStart'] ).", ".
|
||||
intval( $_GET['iDisplayLength'] );
|
||||
}
|
||||
|
||||
|
||||
@ -75,8 +75,8 @@
|
||||
{
|
||||
if ( $_GET[ 'bSortable_'.intval($_GET['iSortCol_'.$i]) ] == "true" )
|
||||
{
|
||||
$sOrder .= $aColumns[ intval( $_GET['iSortCol_'.$i] )-1 ]."
|
||||
".mysql_real_escape_string( $_GET['sSortDir_'.$i] ) .", ";
|
||||
$sOrder .= "`".$aColumns[ intval( $_GET['iSortCol_'.$i] ) ]."` ".
|
||||
($_GET['sSortDir_'.$i]==='asc' ? 'asc' : 'desc') .", ";
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -31,8 +31,8 @@
|
||||
$sLimit = "";
|
||||
if ( isset( $_GET['iDisplayStart'] ) && $_GET['iDisplayLength'] != '-1' )
|
||||
{
|
||||
$sLimit = "LIMIT ".mysql_real_escape_string( $_GET['iDisplayStart'] ).", ".
|
||||
mysql_real_escape_string( $_GET['iDisplayLength'] );
|
||||
$sLimit = "LIMIT ".intval( $_GET['iDisplayStart'] ).", ".
|
||||
intval( $_GET['iDisplayLength'] );
|
||||
}
|
||||
|
||||
/* Ordering */
|
||||
|
||||
@ -59,8 +59,8 @@
|
||||
$sLimit = "";
|
||||
if ( isset( $_GET['iDisplayStart'] ) && $_GET['iDisplayLength'] != '-1' )
|
||||
{
|
||||
$sLimit = "LIMIT ".mysql_real_escape_string( $_GET['iDisplayStart'] ).", ".
|
||||
mysql_real_escape_string( $_GET['iDisplayLength'] );
|
||||
$sLimit = "LIMIT ".intval( $_GET['iDisplayStart'] ).", ".
|
||||
intval( $_GET['iDisplayLength'] );
|
||||
}
|
||||
|
||||
|
||||
@ -75,8 +75,8 @@
|
||||
{
|
||||
if ( $_GET[ 'bSortable_'.intval($_GET['iSortCol_'.$i]) ] == "true" )
|
||||
{
|
||||
$sOrder .= $aColumns[ intval( $_GET['iSortCol_'.$i] ) ]."
|
||||
".mysql_real_escape_string( $_GET['sSortDir_'.$i] ) .", ";
|
||||
$sOrder .= "`".$aColumns[ intval( $_GET['iSortCol_'.$i] ) ]."` ".
|
||||
($_GET['sSortDir_'.$i]==='asc' ? 'asc' : 'desc') .", ";
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -59,8 +59,8 @@
|
||||
$sLimit = "";
|
||||
if ( isset( $_GET['iDisplayStart'] ) && $_GET['iDisplayLength'] != '-1' )
|
||||
{
|
||||
$sLimit = "LIMIT ".mysql_real_escape_string( $_GET['iDisplayStart'] ).", ".
|
||||
mysql_real_escape_string( $_GET['iDisplayLength'] );
|
||||
$sLimit = "LIMIT ".intval( $_GET['iDisplayStart'] ).", ".
|
||||
intval( $_GET['iDisplayLength'] );
|
||||
}
|
||||
|
||||
|
||||
@ -75,8 +75,8 @@
|
||||
{
|
||||
if ( $_GET[ 'bSortable_'.intval($_GET['iSortCol_'.$i]) ] == "true" )
|
||||
{
|
||||
$sOrder .= $aColumns[ intval( $_GET['iSortCol_'.$i] ) ]."
|
||||
".mysql_real_escape_string( $_GET['sSortDir_'.$i] ) .", ";
|
||||
$sOrder .= "`".$aColumns[ intval( $_GET['iSortCol_'.$i] ) ]."` ".
|
||||
($_GET['sSortDir_'.$i]==='asc' ? 'asc' : 'desc') .", ";
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -59,8 +59,8 @@
|
||||
$sLimit = "";
|
||||
if ( isset( $_GET['iDisplayStart'] ) && $_GET['iDisplayLength'] != '-1' )
|
||||
{
|
||||
$sLimit = "LIMIT ".mysql_real_escape_string( $_GET['iDisplayStart'] ).", ".
|
||||
mysql_real_escape_string( $_GET['iDisplayLength'] );
|
||||
$sLimit = "LIMIT ".intval( $_GET['iDisplayStart'] ).", ".
|
||||
intval( $_GET['iDisplayLength'] );
|
||||
}
|
||||
|
||||
|
||||
@ -75,8 +75,8 @@
|
||||
{
|
||||
if ( $_GET[ 'bSortable_'.intval($_GET['iSortCol_'.$i]) ] == "true" )
|
||||
{
|
||||
$sOrder .= $aColumns[ intval( $_GET['iSortCol_'.$i] ) ]."
|
||||
".mysql_real_escape_string( $_GET['sSortDir_'.$i] ) .", ";
|
||||
$sOrder .= "`".$aColumns[ intval( $_GET['iSortCol_'.$i] ) ]."` ".
|
||||
($_GET['sSortDir_'.$i]==='asc' ? 'asc' : 'desc') .", ";
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -59,8 +59,8 @@
|
||||
$sLimit = "";
|
||||
if ( isset( $_GET['iDisplayStart'] ) && $_GET['iDisplayLength'] != '-1' )
|
||||
{
|
||||
$sLimit = "LIMIT ".mysql_real_escape_string( $_GET['iDisplayStart'] ).", ".
|
||||
mysql_real_escape_string( $_GET['iDisplayLength'] );
|
||||
$sLimit = "LIMIT ".intval( $_GET['iDisplayStart'] ).", ".
|
||||
intval( $_GET['iDisplayLength'] );
|
||||
}
|
||||
|
||||
|
||||
@ -76,8 +76,8 @@
|
||||
if ( $_GET[ 'bSortable_'.intval($_GET['iSortCol_'.$i]) ] == "true" )
|
||||
{
|
||||
$iColumnIndex = array_search( $_GET['mDataProp_'.$_GET['iSortCol_'.$i]], $aColumns );
|
||||
$sOrder .= $aColumns[ $iColumnIndex ]."
|
||||
".mysql_real_escape_string( $_GET['sSortDir_'.$i] ) .", ";
|
||||
$sOrder .= "`".$aColumns[ $iColumnIndex ]."` ".
|
||||
($_GET['sSortDir_'.$i]==='asc' ? 'asc' : 'desc') .", ";
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -59,8 +59,8 @@
|
||||
$sLimit = "";
|
||||
if ( isset( $_GET['iDisplayStart'] ) && $_GET['iDisplayLength'] != '-1' )
|
||||
{
|
||||
$sLimit = "LIMIT ".mysql_real_escape_string( $_GET['iDisplayStart'] ).", ".
|
||||
mysql_real_escape_string( $_GET['iDisplayLength'] );
|
||||
$sLimit = "LIMIT ".intval( $_GET['iDisplayStart'] ).", ".
|
||||
intval( $_GET['iDisplayLength'] );
|
||||
}
|
||||
|
||||
|
||||
@ -76,8 +76,8 @@
|
||||
if ( $_GET[ 'bSortable_'.intval($_GET['iSortCol_'.$i]) ] == "true" )
|
||||
{
|
||||
$iColumnIndex = array_search( $_GET['mDataProp_'.$_GET['iSortCol_'.$i]], $aColumns );
|
||||
$sOrder .= $aColumns[ $iColumnIndex ]."
|
||||
".mysql_real_escape_string( $_GET['sSortDir_'.$i] ) .", ";
|
||||
$sOrder .= "`".$aColumns[ $iColumnIndex ]."` ".
|
||||
($_GET['sSortDir_'.$i]==='asc' ? 'asc' : 'desc') .", ";
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -59,8 +59,8 @@
|
||||
$sLimit = "";
|
||||
if ( isset( $_POST['iDisplayStart'] ) && $_POST['iDisplayLength'] != '-1' )
|
||||
{
|
||||
$sLimit = "LIMIT ".mysql_real_escape_string( $_POST['iDisplayStart'] ).", ".
|
||||
mysql_real_escape_string( $_POST['iDisplayLength'] );
|
||||
$sLimit = "LIMIT ".intval( $_POST['iDisplayStart'] ).", ".
|
||||
intval( $_POST['iDisplayLength'] );
|
||||
}
|
||||
|
||||
|
||||
@ -74,8 +74,8 @@
|
||||
{
|
||||
if ( $_POST[ 'bSortable_'.intval($_POST['iSortCol_'.$i]) ] == "true" )
|
||||
{
|
||||
$sOrder .= $aColumns[ intval( $_POST['iSortCol_'.$i] ) ]."
|
||||
".mysql_real_escape_string( $_POST['sSortDir_'.$i] ) .", ";
|
||||
$sOrder .= "`".$aColumns[ intval( $_POST['iSortCol_'.$i] ) ]."` ".
|
||||
($_POST['sSortDir_'.$i]==='asc' ? 'asc' : 'desc') .", ";
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -75,7 +75,7 @@
|
||||
if ( $_GET[ 'bSortable_'.intval($_GET['iSortCol_'.$i]) ] == "true" )
|
||||
{
|
||||
$sOrder .= "`".$aColumns[ intval( $_GET['iSortCol_'.$i] ) ]."` ".
|
||||
mysql_real_escape_string( $_GET['sSortDir_'.$i] ) .", ";
|
||||
($_GET['sSortDir_'.$i]==='asc' ? 'asc' : 'desc') .", ";
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -141,8 +141,8 @@
|
||||
$sLimit = "";
|
||||
if ( isset( $_GET['iDisplayStart'] ) && $_GET['iDisplayLength'] != '-1' )
|
||||
{
|
||||
$sLimit = "LIMIT ".mysql_real_escape_string( $_GET['iDisplayStart'] ).", ".
|
||||
mysql_real_escape_string( $_GET['iDisplayLength'] );
|
||||
$sLimit = "LIMIT ".intval( $_GET['iDisplayStart'] ).", ".
|
||||
intval( $_GET['iDisplayLength'] );
|
||||
}
|
||||
|
||||
|
||||
@ -158,7 +158,7 @@
|
||||
if ( $_GET[ 'bSortable_'.intval($_GET['iSortCol_'.$i]) ] == "true" )
|
||||
{
|
||||
$sOrder .= "`".$aColumns[ intval( $_GET['iSortCol_'.$i] ) ]."` ".
|
||||
mysql_real_escape_string( $_GET['sSortDir_'.$i] ) .", ";
|
||||
($_GET['sSortDir_'.$i]==='asc' ? 'asc' : 'desc') .", ";
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user