- include/filter.class.php -> loadValues now calls the superclass protected method replaceSQLDecryptionPassword to replace password variables with their values

- include/statistik.class.php -> loadData now calls the superclass protected method replaceSQLDecryptionPassword to replace password variables with their values
- Added new functions hasSQLDecryption and isSQLDecryptionValid to include/functions.inc.php
- Script vilesci/statistik/filter_details.php and vilesci/stammdaten/statistik_details.php now do not allow to store SQL strings that contain PostgreSQL decryption functions using a clear password
This commit is contained in:
Paolo
2023-07-17 12:06:37 +02:00
parent 2cc0283d25
commit 75fb0f2d4a
5 changed files with 63 additions and 13 deletions
+24
View File
@@ -1196,4 +1196,28 @@ function anzahlTage($date1, $date2)
$diff = $date2_ts - $date1_ts;
return round($diff / 86400);
}
/**
* Checks if the provided SQL string contains PostgreSQL functions to decrypt data, returns a boolean
*/
function hasSQLDecryption($sql)
{
return stripos($sql, 'PGP_SYM_DECRYPT') !== false;
}
/**
* Checks if the provided SQL string contains PostgreSQL functions to decrypt data,
* and if it is used a variable instead of a readable password. Returns a boolean
*/
function isSQLDecryptionValid($sql)
{
// If the SQL string contains decryption functions and there are _no_ password variables
if (hasSQLDecryption($sql) && strpos($sql, '${') === false)
{
return false; // then return false
}
return true; // in any other case return true
}
?>