From 19746ccb92536e0410ee07ff45b4b3bb72ba8b4f Mon Sep 17 00:00:00 2001
From: Brice Maron <brice@bmaron.net>
Date: Tue, 23 Apr 2013 21:59:52 +0200
Subject: [PATCH] Prevent any security problems with order by

---
 lib/bookmarks.php | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/lib/bookmarks.php b/lib/bookmarks.php
index 8c0c4090..0f994926 100644
--- a/lib/bookmarks.php
+++ b/lib/bookmarks.php
@@ -81,7 +81,10 @@ class OC_Bookmarks_Bookmarks{
 	public static function findBookmarks($offset, $sqlSortColumn, $filters, $filterTagOnly, $limit = 10) {
 		$CONFIG_DBTYPE = OCP\Config::getSystemValue( 'dbtype', 'sqlite' );
 		if(is_string($filters)) $filters = array($filters);
-
+		if(! in_array($sqlSortColumn, array('id', 'url', 'title', 'user_id',
+			'description', 'public', 'added', 'lastmodified','clickcount',))) {
+			$sqlSortColumn = 'bookmarks_sorting_recent';
+		}
 		$params=array(OCP\USER::getUser());
 
 		if($CONFIG_DBTYPE == 'pgsql') {
@@ -109,6 +112,7 @@ class OC_Bookmarks_Bookmarks{
 				$params[] = '%' . strtolower($filter) . '%';
 			}
 		}
+		
 		$sql .= " ORDER BY ".$sqlSortColumn." DESC ";
 		if($limit == -1 || $limit === false) {
 			$limit = null;
@@ -143,17 +147,17 @@ class OC_Bookmarks_Bookmarks{
 
 		$query = OCP\DB::prepare("
 			DELETE FROM `*PREFIX*bookmarks`
-			WHERE `id` = $id
+			WHERE `id` = ?
 			");
 
-		$result = $query->execute();
+		$result = $query->execute(array($id));
 
 		$query = OCP\DB::prepare("
 			DELETE FROM `*PREFIX*bookmarks_tags`
-			WHERE `bookmark_id` = $id
+			WHERE `bookmark_id` = ?
 			");
 
-		$result = $query->execute();
+		$result = $query->execute(array($id));
 		return true;
 	}