From af8535a22a0d4a84e92ee8dc776cc08768bd5ff8 Mon Sep 17 00:00:00 2001
From: nbm <nbm@c91229c3-7414-0410-bfa2-8a42b809f60b>
Date: Mon, 20 Dec 2004 10:52:57 +0000
Subject: [PATCH] Make create and store safer:

---
 presentation/lookAndFeel/knowledgeTree/create.php | 16 ++++++++++------
 presentation/lookAndFeel/knowledgeTree/store.inc  | 31 ++++++++++++++++++++++++++-----
 presentation/lookAndFeel/knowledgeTree/store.php  | 25 +++++++++++++++----------
 3 files changed, 51 insertions(+), 21 deletions(-)

diff --git a/presentation/lookAndFeel/knowledgeTree/create.php b/presentation/lookAndFeel/knowledgeTree/create.php
index ee948d9..c82bc19 100644
--- a/presentation/lookAndFeel/knowledgeTree/create.php
+++ b/presentation/lookAndFeel/knowledgeTree/create.php
@@ -30,10 +30,14 @@
 require_once("../../../config/dmsDefaults.php");
 require_once("$default->fileSystemRoot/presentation/Html.inc");
 
+if (!checkSession()) {
+    exit(0);
+}
+    
 $aKeys = array_keys($_POST);
 $aParameterValues = array();
-$sObjectName;
-$sObjectFolderName;
+// $sObjectName;
+// $sObjectFolderName;
 //parse the information in the html page
 for ($i = 0; $i < count($aKeys); $i++) {	
 	$sRowStart = $aKeys[$i];		
@@ -41,11 +45,11 @@ for ($i = 0; $i < count($aKeys); $i++) {
 	if ($pos == 0) {		
 		$i++;
 		//get the object to create
-		$sObjectName = $_POST[$aKeys[$i]];
-		$i++;
+		//$sObjectName = $_POST[$aKeys[$i]];
+		//$i++;
 		//get the object folder name
-		$sObjectFolderName = $_POST[$aKeys[$i]];		
-		$i++;
+		//$sObjectFolderName = $_POST[$aKeys[$i]];		
+		//$i++;
 		
 		while ((strncasecmp("unique_end", $sRowStart, 10) != 0)  && ($i < count($aKeys))) {			
 			//get the paramater number
diff --git a/presentation/lookAndFeel/knowledgeTree/store.inc b/presentation/lookAndFeel/knowledgeTree/store.inc
index 4a722e7..c0df717 100644
--- a/presentation/lookAndFeel/knowledgeTree/store.inc
+++ b/presentation/lookAndFeel/knowledgeTree/store.inc
@@ -33,19 +33,40 @@ function constructQuery($aKeys, $aSuppliedValues = null) {
 		$pos = strncasecmp("unique_start", $sRowStart, 12);
 		
 		if ($pos == 0) {		
-			$aColumns = array();
+            $sRandomString = substr($sRowStart, 13);
+            if (!array_key_exists("pelfq_" . $sRandomString . "_tn", $_SESSION)) {
+                print "Hack attempt!  Session data not set up for store.\n";
+                return false;
+            }
+            if (!array_key_exists("pelfq_" . $sRandomString . "_id", $_SESSION)) {
+                print "Hack attempt!  Session data not set up for store.\n";
+                return false;
+            }
+            if (!array_key_exists("pelfq_" . $sRandomString . "_columns", $_SESSION)) {
+                print "Hack attempt!  Session data not set up for store.\n";
+                return false;
+            }
+			
+            $aColumns = array();
 			$aValues = array();
 			$aTypes = array();
 			
-			$iPrimaryKey = $_POST[$aKeys[++$i]];		
-			$sTableName = $_POST[$aKeys[++$i]];
+			// $iPrimaryKey = $_POST[$aKeys[++$i]];		
+			// $sTableName = $_POST[$aKeys[++$i]];
+            $iPrimaryKey = $_SESSION["pelfq_" . $sRandomString . "_id"];
+            $sTableName = $_SESSION["pelfq_" . $sRandomString . "_tn"];
+            $aColumnNames = $_SESSION["pelfq_" . $sRandomString . "_columns"];
 			
-			$i++;		
+			$i++;
 			$iColumnCount = 0;
 			
 			//get all the values for the table
 			while ((strncasecmp("unique_end", $sRowStart, 10) != 0) && ($i <= count($aKeys)))  {					
 				$aColumns[$iColumnCount] = $_POST[$aKeys[$i]];			
+                if (!in_array($aColumns[$iColumnCount], $aColumnNames)) {
+                    print "Hack attempt! $aColumns[$iColumnCount] is not in "; var_dump($aColumnNames);
+                    return false;
+                }
 				$aTypes[$iColumnCount]= $_POST[$aKeys[++$i]];
 				
 				switch ($aTypes[$iColumnCount]) {
@@ -190,4 +211,4 @@ function constructQuery($aKeys, $aSuppliedValues = null) {
 	}
 	return $aQuery;
 }
-?>
\ No newline at end of file
+?>
diff --git a/presentation/lookAndFeel/knowledgeTree/store.php b/presentation/lookAndFeel/knowledgeTree/store.php
index ed24bf2..7538107 100644
--- a/presentation/lookAndFeel/knowledgeTree/store.php
+++ b/presentation/lookAndFeel/knowledgeTree/store.php
@@ -32,16 +32,21 @@ require_once("$default->fileSystemRoot/lib/documentmanagement/Document.inc");
 require_once("$default->fileSystemRoot/lib/foldermanagement/Folder.inc");
 require_once("store.inc");
 
+KTUtil::extractGPC('fReturnURL');
 
-if (count($_POST) > 0) {
-	$aKeys = array_keys($_POST);
-	$aQueries = constructQuery($aKeys);
-	
-	//execute the queries
-	for ($i=0; $i<count($aQueries); $i++) {
-		$sql = $default->db;
-		$sql->query($aQueries[$i]);
-	}
-	redirect(strip_tags(urldecode($fReturnURL)));
+if (checkSession()) {
+    if (count($_POST) > 0) {
+        $aKeys = array_keys($_POST);
+        $aQueries = constructQuery($aKeys);
+
+        //execute the queries
+        for ($i=0; $i<count($aQueries); $i++) {
+            $sql = $default->db;
+            $sql->query($aQueries[$i]);
+        }
+        $default->log->debug("store.php redirecting to $fReturnURL");
+        redirect(strip_tags(urldecode($fReturnURL)));
+    }
 }
+
 ?>
--
libgit2 0.21.4