From 8e0734ca8cea00bcc08a1a9cbcc92c6874c6765d Mon Sep 17 00:00:00 2001 From: Paolo Date: Tue, 30 Aug 2022 17:31:04 +0200 Subject: [PATCH] Added check in CL/Messages_model->sendReply to check that $receiver_id, $relationmessage_id and $token match in the database to avoid to be able to write to anyone using a token --- application/models/CL/Messages_model.php | 7 +++++++ application/models/system/MessageToken_model.php | 16 ++++++++++++++++ 2 files changed, 23 insertions(+) diff --git a/application/models/CL/Messages_model.php b/application/models/CL/Messages_model.php index 4975af382..b987102dd 100644 --- a/application/models/CL/Messages_model.php +++ b/application/models/CL/Messages_model.php @@ -528,6 +528,13 @@ class Messages_model extends CI_Model */ public function sendReply($receiver_id, $subject, $body, $relationmessage_id, $token) { + // Checks that the receiver_id, relationmessage_id and token belongs to the same message + $crossedDataResult = $this->MessageTokenModel->crossClientData($token, $relationmessage_id, $receiver_id); + if (isError($crossedDataResult)) show_error(getError($crossedDataResult)); + if (!hasData($crossedDataResult)) show_error( + 'The parameters token, relationmessage_id and receiver_id do not belong to the same message' + ); + // Retrieves message sender information $senderResult = $this->MessageTokenModel->getSenderData($receiver_id); if (isError($senderResult)) show_error(getError($senderResult)); diff --git a/application/models/system/MessageToken_model.php b/application/models/system/MessageToken_model.php index cd3d8f7d9..af7794fdb 100644 --- a/application/models/system/MessageToken_model.php +++ b/application/models/system/MessageToken_model.php @@ -176,4 +176,20 @@ class MessageToken_model extends DB_Model return $this->execQuery($sql, array($oe_kurzbz)); } + + /** + * + */ + public function crossClientData($token, $relationmessage_id, $receiver_id) + { + $sql = 'SELECT mm.message_id + FROM public.tbl_msg_message mm + JOIN public.tbl_msg_recipient mr USING(message_id) + WHERE mr.token = ? + AND mm.message_id = ? + AND mm.person_id = ?'; + + return $this->execQuery($sql, array($token, $relationmessage_id, $receiver_id)); + } } +