escape reserved keyword groups in SQL queries

d--j · d--j · commit 5b57c1f4bcaa · 2024-11-04T12:53:21.000+01:00
fixes #6764
diff --git a/interface/lib/classes/auth.inc.php b/interface/lib/classes/auth.inc.php
@@ -44,7 +44,7 @@ public function is_admin() {
 			return false;
 		}
 	}
-	
+
 	public function is_superadmin() {
 		if($_SESSION['s']['user']['typ'] == 'admin' && $_SESSION['s']['user']['userid'] == 1) {
 			return true;
@@ -71,11 +71,11 @@ public function has_clients($userid) {
 			return false;
 		}
 	}
-	
+
 	// Function to check if a client belongs to a reseller
 	public function is_client_of_reseller($userid = 0) {
 		global $app, $conf;
-		
+
 		if($userid == 0) $userid = $_SESSION['s']['user']['userid'];
 
 		$client = $app->db->queryOneRecord("SELECT client.sys_userid, client.sys_groupid FROM sys_user, client WHERE sys_user.userid = ? AND sys_user.client_id = client.client_id", $userid);
@@ -98,7 +98,7 @@ public function add_group_to_user($userid, $groupid) {
 			$groups = explode(',', $user['groups']);
 			if(!in_array($groupid, $groups)) $groups[] = $groupid;
 			$groups_string = implode(',', $groups);
-			$sql = "UPDATE sys_user SET groups = ? WHERE userid = ?";
+			$sql = "UPDATE sys_user SET `groups` = ? WHERE userid = ?";
 			$app->db->query($sql, $groups_string, $userid);
 			return true;
 		} else {
@@ -110,10 +110,10 @@ public function add_group_to_user($userid, $groupid) {
 	public function get_client_limit($userid, $limitname)
 	{
 		global $app;
-		
+
 		$userid = $app->functions->intval($userid);
 		if(!preg_match('/^[a-zA-Z0-9\-\_]{1,64}$/',$limitname)) $app->error('Invalid limit name '.$limitname);
-		
+
 		// simple query cache
 		if($this->client_limits===null)
 			$this->client_limits = $app->db->queryOneRecord("SELECT client.* FROM sys_user, client WHERE sys_user.userid = ? AND sys_user.client_id = client.client_id", $userid);
@@ -140,7 +140,7 @@ public function remove_group_from_user($userid, $groupid) {
 			$key = array_search($groupid, $groups);
 			unset($groups[$key]);
 			$groups_string = implode(',', $groups);
-			$sql = "UPDATE sys_user SET groups = ? WHERE userid = ?";
+			$sql = "UPDATE sys_user SET `groups` = ? WHERE userid = ?";
 			$app->db->query($sql, $groups_string, $userid);
 			return true;
 		} else {
@@ -188,11 +188,11 @@ public function check_module_permissions($module)  {
                        exit;
 		}
 	}
-	
+
 	public function check_security_permissions($permission) {
-		
+
 		global $app;
-		
+
 		$app->uses('getconf');
 		$security_config = $app->getconf->get_security_config('permissions');
 
@@ -202,7 +202,7 @@ public function check_security_permissions($permission) {
 		if($security_check !== true) {
 			$app->error($app->lng('security_check1_txt').' '.$permission.' '.$app->lng('security_check2_txt'));
 		}
-		
+
 	}
 
 	/**
@@ -239,12 +239,12 @@ public function get_random_password($minLength = 8, $special = false) {
 		if($minLength < 8) $minLength = 8;
 		$maxLength = $minLength + 5;
 		$length = random_int($minLength, $maxLength);
-		
+
 		$alphachars = "abcdefghijklmnopqrstuvwxyz";
 		$upperchars = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
 		$numchars = "1234567890";
 		$specialchars = "!@#_";
-		
+
 		$num_special = 0;
 		if($special == true) {
 			$num_special = intval(random_int(0, round($length / 4))) + 1;
@@ -254,31 +254,31 @@ public function get_random_password($minLength = 8, $special = false) {
 		$upperlen = intval($alphalen / 2);
 		$alphalen = $alphalen - $upperlen;
 		$password = '';
-		
+
 		for($i = 0; $i < $alphalen; $i++) {
 			$password .= substr($alphachars, random_int(0, strlen($alphachars) - 1), 1);
 		}
-		
+
 		for($i = 0; $i < $upperlen; $i++) {
 			$password .= substr($upperchars, random_int(0, strlen($upperchars) - 1), 1);
 		}
-		
+
 		for($i = 0; $i < $num_special; $i++) {
 			$password .= substr($specialchars, random_int(0, strlen($specialchars) - 1), 1);
 		}
-		
+
 		for($i = 0; $i < $numericlen; $i++) {
 			$password .= substr($numchars, random_int(0, strlen($numchars) - 1), 1);
 		}
-		
+
 		return str_shuffle($password);
 	}
 
 	public function crypt_password($cleartext_password, $charset = 'UTF-8') {
 		if($charset != 'UTF-8') {
 			$cleartext_password = mb_convert_encoding($cleartext_password, $charset, 'UTF-8');
 		}
-		
+
 		if(defined('CRYPT_SHA512') && CRYPT_SHA512 == 1) {
 			$salt = '$6$rounds=5000$';
 			$salt_length = 16;
@@ -289,7 +289,7 @@ public function crypt_password($cleartext_password, $charset = 'UTF-8') {
 			$salt = '$1$';
 			$salt_length = 12;
 		}
-		
+
 		if(function_exists('openssl_random_pseudo_bytes')) {
 			$salt .= substr(bin2hex(openssl_random_pseudo_bytes($salt_length)), 0, $salt_length);
 		} else {
@@ -301,7 +301,7 @@ public function crypt_password($cleartext_password, $charset = 'UTF-8') {
 		$salt .= "$";
 		return crypt($cleartext_password, $salt);
 	}
-	
+
 	public function csrf_token_get($form_name) {
 		/* CSRF PROTECTION */
 		// generate csrf protection id and key
@@ -311,24 +311,24 @@ public function csrf_token_get($form_name) {
 		if(!isset($_SESSION['_csrf_timeout'])) $_SESSION['_csrf_timeout'] = array();
 		$_SESSION['_csrf'][$_csrf_id] = $_csrf_key;
 		$_SESSION['_csrf_timeout'][$_csrf_id] = time() + 3600; // timeout hash in 1 hour
-		
+
 		return array('csrf_id' => $_csrf_id,'csrf_key' => $_csrf_key);
 	}
-	
+
 	public function csrf_token_check($method = 'POST') {
 		global $app;
-		
+
 		if($method == 'POST') {
 			$input_vars = $_POST;
 		} elseif ($method == 'GET') {
 			$input_vars = $_GET;
 		} else {
 			$app->error('Unknown CSRF verification method.');
 		}
-		
+
 		//print_r($input_vars);
 		//die(print_r($_SESSION['_csrf']));
-		
+
 		if(isset($input_vars) && is_array($input_vars)) {
 			$_csrf_valid = false;
 			if(isset($input_vars['_csrf_id']) && isset($input_vars['_csrf_key'])) {
@@ -346,7 +346,7 @@ public function csrf_token_check($method = 'POST') {
 			$_SESSION['_csrf_timeout'][$_csrf_id] = null;
 			unset($_SESSION['_csrf'][$_csrf_id]);
 			unset($_SESSION['_csrf_timeout'][$_csrf_id]);
-			
+
 			if(isset($_SESSION['_csrf_timeout']) && is_array($_SESSION['_csrf_timeout'])) {
 				$to_unset = array();
 				foreach($_SESSION['_csrf_timeout'] as $_csrf_id => $timeout) {
diff --git a/interface/lib/classes/functions.inc.php b/interface/lib/classes/functions.inc.php
@@ -672,7 +672,7 @@ public function func_client_cancel($client_id,$cancel) {
 			$result = false;
 		}
 		return $result;
-	}	
+	}
 
     /**
      * Lookup a client's group + all groups he is reselling.
@@ -683,8 +683,8 @@ function clientid_to_groups_list($client_id) {
       global $app;
 
       if ($client_id != null) {
-        // Get the clients groupid, and incase it's a reseller the groupid's of it's clients.
-        $group = $app->db->queryOneRecord("SELECT GROUP_CONCAT(groupid) AS groups FROM `sys_group` WHERE client_id IN (SELECT client_id FROM `client` WHERE client_id=? OR parent_client_id=?)", $client_id, $client_id);
+        // Get the clients groupid, and in case it's a reseller the groupid's of its clients.
+        $group = $app->db->queryOneRecord("SELECT GROUP_CONCAT(groupid) AS `groups` FROM `sys_group` WHERE client_id IN (SELECT client_id FROM `client` WHERE client_id=? OR parent_client_id=?)", $client_id, $client_id);
         return $group['groups'];
       }
       return null;
diff --git a/interface/lib/classes/tform.inc.php b/interface/lib/classes/tform.inc.php
@@ -115,7 +115,7 @@ function getNextTab() {
 			// Show the same tab again in case of an error
 			$active_tab = $_SESSION["s"]["form"]["tab"];
 		}
-		
+
 		if(!preg_match('/^[a-zA-Z0-9_]{0,50}$/',$active_tab)) {
 			die('Invalid next tab name.');
 		}
@@ -132,7 +132,7 @@ function getCurrentTab() {
 
 	function isReadonlyTab($tab, $primary_id) {
 		global $app, $conf;
-		
+
 		if(isset($this->formDef['tabs'][$tab]['readonly']) && $this->formDef['tabs'][$tab]['readonly'] == true) {
 
 			// Add backticks for incomplete table names.
@@ -149,7 +149,7 @@ function isReadonlyTab($tab, $primary_id) {
 			if($record['sys_userid'] != $_SESSION["s"]["user"]["userid"]) {
 				return true;
 			} else {
-				return false;	
+				return false;
 			}
 		} else {
 			return false;
@@ -204,7 +204,7 @@ function checkResellerLimit($limit_name, $sql_where = '') {
 		if($client['parent_client_id'] != 0) {
 
 			//* first we need to know the groups of this reseller
-			$tmp = $app->db->queryOneRecord("SELECT userid, groups FROM sys_user WHERE client_id = ?", $client['parent_client_id']);
+			$tmp = $app->db->queryOneRecord("SELECT userid, `groups` FROM sys_user WHERE client_id = ?", $client['parent_client_id']);
 			$reseller_groups = $tmp["groups"];
 			$reseller_userid = $tmp["userid"];
 
@@ -247,7 +247,7 @@ function getDiffRecord($record_old, $record_new) {
 		return $diffrec;
 
 	}
-	
+
 	/**
 	 * Generate HTML for DATE fields.
 	 *
@@ -260,10 +260,10 @@ function _getDateHTML($form_element, $default_value)
 	{
 		$_date = ($default_value && $default_value != '0000-00-00' ? strtotime($default_value) : false);
 		$_showdate = ($_date === false) ? false : true;
-		
+
 		$tmp_dt = strtr($this->dateformat,array('d' => 'dd', 'm' => 'mm', 'Y' => 'yyyy', 'y' => 'yy'));
-		
-		return '<input type="text" class="form-control" name="' . $form_element . '" value="' . ($_showdate ? date($this->dateformat, $_date) : '') . '"  data-input-element="date" data-date-format="' . $tmp_dt . '" />'; 
+
+		return '<input type="text" class="form-control" name="' . $form_element . '" value="' . ($_showdate ? date($this->dateformat, $_date) : '') . '"  data-input-element="date" data-date-format="' . $tmp_dt . '" />';
 	}
 
 
@@ -285,12 +285,12 @@ function _getDateTimeHTML($form_element, $default_value, $display_seconds=false)
 		if ($display_seconds === true) {
 			$dselect[] = 'second';
 		}
-		
+
 		$tmp_dt = strtr($this->datetimeformat,array('d' => 'dd', 'm' => 'mm', 'Y' => 'yyyy', 'y' => 'yy', 'H' => 'hh', 'h' => 'HH', 'i' => 'ii')) . ($display_seconds ? ':ss' : '');
 
 		$out = '';
-		
-		return '<input type="text" class="form-control" name="' . $form_element . '" value="' . ($_showdate ? date($this->datetimeformat . ($display_seconds ? ':s' : ''), $_datetime) : '') . '"  data-input-element="datetime" data-date-format="' . $tmp_dt . '" />'; 
+
+		return '<input type="text" class="form-control" name="' . $form_element . '" value="' . ($_showdate ? date($this->datetimeformat . ($display_seconds ? ':s' : ''), $_datetime) : '') . '"  data-input-element="datetime" data-date-format="' . $tmp_dt . '" />';
 /*
 		foreach ($dselect as $dt_element)
 		{
@@ -352,7 +352,7 @@ function _getDateTimeHTML($form_element, $default_value, $display_seconds=false)
 				$selected_value = (int)floor(date('s', $_datetime));
 				break;
 			}
-	
+
 			$out .= "<select name=\"".$form_element."[$dt_element]\" id=\"".$form_element."_$dt_element\" class=\"selectInput\" style=\"width: auto; float: none;\">";
 			if (!$_showdate) {
 				$out .= "<option value=\"-\" selected=\"selected\">--</option>" . PHP_EOL;
diff --git a/interface/lib/classes/tform_base.inc.php b/interface/lib/classes/tform_base.inc.php
@@ -379,7 +379,7 @@ function applyValueLimit($formtype, $limit, $values, $current_value = '') {
 					if($client['parent_client_id'] != 0) {
 
 						//* first we need to know the groups of this reseller
-						$tmp = $app->db->queryOneRecord("SELECT userid, groups FROM sys_user WHERE client_id = ?", $client['parent_client_id']);
+						$tmp = $app->db->queryOneRecord("SELECT userid, `groups` FROM sys_user WHERE client_id = ?", $client['parent_client_id']);
 						$reseller_groups = $tmp["groups"];
 						$reseller_userid = $tmp["userid"];
 
