Improved checks in openvz plugin and DB library.

Till Brehm · Till Brehm · commit 94b44c61a92a · 2014-08-13T17:06:16.000+02:00
diff --git a/interface/lib/classes/db_mysql.inc.php b/interface/lib/classes/db_mysql.inc.php
@@ -262,12 +262,18 @@ public function diffrec($record_old, $record_new) {
 	public function datalogSave($db_table, $action, $primary_field, $primary_id, $record_old, $record_new, $force_update = false) {
 		global $app, $conf;
 
-		// Insert backticks only for incomplete table names.
-		if(stristr($db_table, '.')) {
-			$escape = '';
+		// Check fields
+		if(!preg_match('/^[a-zA-Z0-9\.\-]{1,64}$/',$db_table)) $app->error('Invalid table name '.$db_table);
+		if(!preg_match('/^[a-zA-Z0-9\-]{1,64}$/',$primary_field)) $app->error('Invalid primary field '.$primary_field.' in table '.$db_table);
+		
+		if(strpos($db_table, '.') !== false) {
+			$db_table = preg_replace('/^(.+)\.(.+)$/', '`$1`.`$2`', $db_table);
 		} else {
-			$escape = '`';
+			$db_table = '`' . $db_table . '`';
 		}
+		
+		$primary_field = $this->quote($primary_field);
+		$primary_id = intval($primary_id);
 
 		if($force_update == true) {
 			//* We force a update even if no record has changed
@@ -307,7 +313,16 @@ public function datalogSave($db_table, $action, $primary_field, $primary_id, $re
 	public function datalogInsert($tablename, $insert_data, $index_field) {
 		global $app;
 		
-		$tablename = $this->quote($tablename);
+		// Check fields
+		if(!preg_match('/^[a-zA-Z0-9\.\-]{1,64}$/',$tablename)) $app->error('Invalid table name '.$tablename);
+		if(!preg_match('/^[a-zA-Z0-9\-]{1,64}$/',$index_field)) $app->error('Invalid index field '.$index_field.' in table '.$tablename);
+		
+		if(strpos($tablename, '.') !== false) {
+			$tablename = preg_replace('/^(.+)\.(.+)$/', '`$1`.`$2`', $tablename);
+		} else {
+			$tablename = '`' . $tablename . '`';
+		}
+		
 		$index_field = $this->quote($index_field);
 
 		if(is_array($insert_data)) {
@@ -337,7 +352,16 @@ public function datalogInsert($tablename, $insert_data, $index_field) {
 	public function datalogUpdate($tablename, $update_data, $index_field, $index_value, $force_update = false) {
 		global $app;
 		
-		$tablename = $this->quote($tablename);
+		// Check fields
+		if(!preg_match('/^[a-zA-Z0-9\.\-]{1,64}$/',$tablename)) $app->error('Invalid table name '.$tablename);
+		if(!preg_match('/^[a-zA-Z0-9\-]{1,64}$/',$index_field)) $app->error('Invalid index field '.$index_field.' in table '.$tablename);
+		
+		if(strpos($tablename, '.') !== false) {
+			$tablename = preg_replace('/^(.+)\.(.+)$/', '`$1`.`$2`', $tablename);
+		} else {
+			$tablename = '`' . $tablename . '`';
+		}
+		
 		$index_field = $this->quote($index_field);
 		$index_value = $this->quote($index_value);
 
@@ -364,7 +388,16 @@ public function datalogUpdate($tablename, $update_data, $index_field, $index_val
 	public function datalogDelete($tablename, $index_field, $index_value) {
 		global $app;
 		
-		$tablename = $this->quote($tablename);
+		// Check fields
+		if(!preg_match('/^[a-zA-Z0-9\.\-]{1,64}$/',$tablename)) $app->error('Invalid table name '.$tablename);
+		if(!preg_match('/^[a-zA-Z0-9\-]{1,64}$/',$index_field)) $app->error('Invalid index field '.$index_field.' in table '.$tablename);
+		
+		if(strpos($tablename, '.') !== false) {
+			$tablename = preg_replace('/^(.+)\.(.+)$/', '`$1`.`$2`', $tablename);
+		} else {
+			$tablename = '`' . $tablename . '`';
+		}
+		
 		$index_field = $this->quote($index_field);
 		$index_value = $this->quote($index_value);
 
diff --git a/interface/lib/plugins/vm_openvz_plugin.inc.php b/interface/lib/plugins/vm_openvz_plugin.inc.php
@@ -33,7 +33,7 @@ function onLoad() {
 	function openvz_vm_insert($event_name, $page_form) {
 		global $app, $conf;
 
-		$this->id = $page_form->id;
+		$this->id = $app->functions->intval($page_form->id);
 		$this->dataRecord = $page_form->dataRecord;
 		$this->oldDataRecord = $page_form->oldDataRecord;
 
@@ -58,7 +58,7 @@ function openvz_vm_insert($event_name, $page_form) {
 		$this->applyTemplate();
 
 		// Set the IP address
-		$app->db->query("UPDATE openvz_ip SET vm_id = ".$this->id." WHERE ip_address = '".$this->dataRecord['ip_address']."'");
+		$app->db->query("UPDATE openvz_ip SET vm_id = ".$this->id." WHERE ip_address = '".$app->db->quote($this->dataRecord['ip_address'])."'");
 
 		// Create the OpenVZ config file and store it in config field
 		$this->makeOpenVZConfig();
@@ -74,7 +74,7 @@ function openvz_vm_insert($event_name, $page_form) {
 	function openvz_vm_update($event_name, $page_form) {
 		global $app, $conf;
 
-		$this->id = $page_form->id;
+		$this->id = $app->functions->intval($page_form->id);
 		$this->dataRecord = $page_form->dataRecord;
 		$this->oldDataRecord = $page_form->oldDataRecord;
 
@@ -94,7 +94,7 @@ function openvz_vm_update($event_name, $page_form) {
 		}
 
 		// Set the IP address
-		if(isset($this->dataRecord['ip_address'])) $app->db->query("UPDATE openvz_ip SET vm_id = ".$this->id." WHERE ip_address = '".$this->dataRecord['ip_address']."'");
+		if(isset($this->dataRecord['ip_address'])) $app->db->query("UPDATE openvz_ip SET vm_id = ".$this->id." WHERE ip_address = '".$app->db->quote($this->dataRecord['ip_address'])."'");
 
 		// Create the OpenVZ config file and store it in config field
 		$this->makeOpenVZConfig();
@@ -111,7 +111,7 @@ function openvz_vm_delete($event_name, $page_form) {
 		global $app, $conf;
 
 		//* Free the IP address
-		$tmp = $app->db->queryOneRecord("SELECT ip_address_id FROM openvz_ip WHERE vm_id = ".$page_form->id);
+		$tmp = $app->db->queryOneRecord("SELECT ip_address_id FROM openvz_ip WHERE vm_id = ".$app->functions->intval($page_form->id));
 		$app->db->datalogUpdate('openvz_ip', 'vm_id = 0', 'ip_address_id', $tmp['ip_address_id']);
 		unset($tmp);
 
@@ -120,29 +120,29 @@ function openvz_vm_delete($event_name, $page_form) {
 	private function applyTemplate() {
 		global $app, $conf;
 
-		$tpl = $app->db->queryOneRecord("SELECT * FROM openvz_template WHERE template_id = ".$this->dataRecord["template_id"]);
+		$tpl = $app->db->queryOneRecord("SELECT * FROM openvz_template WHERE template_id = ".$app->functions->intval($this->dataRecord["template_id"]));
 
 		$sql = "UPDATE openvz_vm SET ";
-		$sql .= "diskspace = '".$tpl['diskspace']."', ";
-		$sql .= "ram = '".$tpl['ram']."', ";
-		$sql .= "ram_burst = '".$tpl['ram_burst']."', ";
-		$sql .= "cpu_units = '".$tpl['cpu_units']."', ";
-		$sql .= "cpu_num = '".$tpl['cpu_num']."', ";
-		$sql .= "cpu_limit = '".$tpl['cpu_limit']."', ";
-		$sql .= "io_priority = '".$tpl['io_priority']."', ";
-		$sql .= "nameserver = '".$tpl['nameserver']."', ";
-		$sql .= "create_dns = '".$tpl['create_dns']."', ";
-		$sql .= "capability = '".$tpl['capability']."' ";
-		$sql .= "WHERE vm_id = ".$this->id;
+		$sql .= "diskspace = '".$app->db->quote($tpl['diskspace'])."', ";
+		$sql .= "ram = '".$app->db->quote($tpl['ram'])."', ";
+		$sql .= "ram_burst = '".$app->db->quote($tpl['ram_burst'])."', ";
+		$sql .= "cpu_units = '".$app->db->quote($tpl['cpu_units'])."', ";
+		$sql .= "cpu_num = '".$app->db->quote($tpl['cpu_num'])."', ";
+		$sql .= "cpu_limit = '".$app->db->quote($tpl['cpu_limit'])."', ";
+		$sql .= "io_priority = '".$app->db->quote($tpl['io_priority'])."', ";
+		$sql .= "nameserver = '".$app->db->quote($tpl['nameserver'])."', ";
+		$sql .= "create_dns = '".$app->db->quote($tpl['create_dns'])."', ";
+		$sql .= "capability = '".$app->db->quote($tpl['capability'])."' ";
+		$sql .= "WHERE vm_id = ".$app->functions->intval($this->id);
 		$app->db->query($sql);
 
 	}
 
 	private function makeOpenVZConfig() {
 		global $app, $conf;
 
-		$vm = $app->db->queryOneRecord("SELECT * FROM openvz_vm WHERE vm_id = ".$this->id);
-		$vm_template = $app->db->queryOneRecord("SELECT * FROM openvz_template WHERE template_id = ".$vm['template_id']);
+		$vm = $app->db->queryOneRecord("SELECT * FROM openvz_vm WHERE vm_id = ".$app->functions->intval($this->id));
+		$vm_template = $app->db->queryOneRecord("SELECT * FROM openvz_template WHERE template_id = ".$app->functions->intval($vm['template_id']));
 		$burst_ram = $vm['ram_burst']*256;
 		$guar_ram = $vm['ram']*256;
 
@@ -194,12 +194,12 @@ private function makeOpenVZConfig() {
 		$tpl->setVar('nameserver', $vm['nameserver']);
 		$tpl->setVar('capability', $vm['capability']);
 
-		$tmp = $app->db->queryOneRecord("SELECT template_file FROM openvz_ostemplate WHERE ostemplate_id = ".$vm['ostemplate_id']);
+		$tmp = $app->db->queryOneRecord("SELECT template_file FROM openvz_ostemplate WHERE ostemplate_id = ".$app->functions->intval($vm['ostemplate_id']));
 		$tpl->setVar('ostemplate', $tmp['template_file']);
 		unset($tmp);
 
 		$openvz_config = $app->db->quote($tpl->grab());
-		$app->db->query("UPDATE openvz_vm SET config = '".$openvz_config."' WHERE vm_id = ".$this->id);
+		$app->db->query("UPDATE openvz_vm SET config = '".$openvz_config."' WHERE vm_id = ".$app->functions->intval($this->id));
 
 		unset($tpl);
 
@@ -208,33 +208,33 @@ private function makeOpenVZConfig() {
 	private function createDNS() {
 		global $app, $conf;
 
-		$vm = $app->db->queryOneRecord("SELECT * FROM openvz_vm WHERE vm_id = ".$this->id);
+		$vm = $app->db->queryOneRecord("SELECT * FROM openvz_vm WHERE vm_id = ".$app->functions->intval($this->id));
 
 		if($vm['create_dns'] != 'y') return;
 
 		$full_hostname = str_replace('{VEID}', $vm['veid'], $vm['hostname']);
 		$hostname_parts = explode('.', $full_hostname);
-		$hostname = $hostname_parts[0];
+		$hostname = $app->db->quote($hostname_parts[0]);
 		unset($hostname_parts[0]);
-		$zone = implode('.', $hostname_parts);
+		$zone = $app->db->quote((implode('.', $hostname_parts));
 		unset($hostname_parts);
 
 		// Find the dns zone
-		$zone_rec = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE origin = '$zone.'");
-		$rr_rec = $app->db->queryOneRecord("SELECT * FROM dns_rr WHERE zone = '".$zone_rec['id']."' AND name = '$hostname'");
+		$zone_rec = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE origin = '".$app->db->quote($zone).".'");
+		$rr_rec = $app->db->queryOneRecord("SELECT * FROM dns_rr WHERE zone = '".$app->functions->intval($zone_rec['id'])."' AND name = '".$app->db->quote($hostname)."'");
 
 		if($zone_rec['id'] > 0) {
-			$ip_address = $vm['ip_address'];
-			$sys_userid = $zone_rec['sys_userid'];
-			$sys_groupid = $zone_rec['sys_groupid'];
-			$server_id = $zone_rec['server_id'];
-			$dns_soa_id = $zone_rec['id'];
+			$ip_address = $app->db->quote($vm['ip_address']);
+			$sys_userid = $app->functions->intval($zone_rec['sys_userid']);
+			$sys_groupid = $app->functions->intval($zone_rec['sys_groupid']);
+			$server_id = $app->functions->intval($zone_rec['server_id']);
+			$dns_soa_id = $app->functions->intval($zone_rec['id']);
 
 			if($rr_rec['id'] > 0) {
 				$app->uses('validate_dns');
-				$app->db->datalogUpdate('dns_rr', "data = '$ip_address'", 'id', $rr_rec['id']);
+				$app->db->datalogUpdate('dns_rr', "data = '$ip_address'", 'id', $app->functions->intval($rr_rec['id']));
 				$serial = $app->validate_dns->increase_serial($zone_rec['serial']);
-				$app->db->datalogUpdate('dns_soa', "serial = '$serial'", 'id', $zone_rec['id']);
+				$app->db->datalogUpdate('dns_soa', "serial = '$serial'", 'id', $app->functions->intval($zone_rec['id']));
 			} else {
 				$insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `zone`, `name`, `type`, `data`, `aux`, `ttl`, `active`) VALUES
 				('$sys_userid', '$sys_groupid', 'riud', 'riud', '', '$server_id', '$dns_soa_id', '$hostname', 'A', '$ip_address', '0', '3600', 'Y')";
