mirror of
https://github.com/FH-Complete/FHC-Core.git
synced 2026-07-16 22:42:16 +00:00
- include/filter.class.php -> loadValues now calls the superclass protected method replaceSQLDecryptionPassword to replace password variables with their values
- include/statistik.class.php -> loadData now calls the superclass protected method replaceSQLDecryptionPassword to replace password variables with their values - Added new functions hasSQLDecryption and isSQLDecryptionValid to include/functions.inc.php - Script vilesci/statistik/filter_details.php and vilesci/stammdaten/statistik_details.php now do not allow to store SQL strings that contain PostgreSQL decryption functions using a clear password
This commit is contained in:
@@ -1196,4 +1196,28 @@ function anzahlTage($date1, $date2)
|
||||
$diff = $date2_ts - $date1_ts;
|
||||
return round($diff / 86400);
|
||||
}
|
||||
|
||||
/**
|
||||
* Checks if the provided SQL string contains PostgreSQL functions to decrypt data, returns a boolean
|
||||
*/
|
||||
function hasSQLDecryption($sql)
|
||||
{
|
||||
return stripos($sql, 'PGP_SYM_DECRYPT') !== false;
|
||||
}
|
||||
|
||||
/**
|
||||
* Checks if the provided SQL string contains PostgreSQL functions to decrypt data,
|
||||
* and if it is used a variable instead of a readable password. Returns a boolean
|
||||
*/
|
||||
function isSQLDecryptionValid($sql)
|
||||
{
|
||||
// If the SQL string contains decryption functions and there are _no_ password variables
|
||||
if (hasSQLDecryption($sql) && strpos($sql, '${') === false)
|
||||
{
|
||||
return false; // then return false
|
||||
}
|
||||
|
||||
return true; // in any other case return true
|
||||
}
|
||||
|
||||
?>
|
||||
|
||||
Reference in New Issue
Block a user