From: Janusz Dobrowolski <janusz@frontaccounting.eu>
Date: Fri, 26 Nov 2010 10:09:40 +0000 (+0000)
Subject: Fixed vulnerability on id paramater
X-Git-Tag: v2.4.2~19^2~452
X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=commitdiff_plain;h=6d0efd2a58264dc44d8f19f7ee189b67265f740f;p=fa-stable.git

Fixed vulnerability on id paramater
---

diff --git a/admin/db/security_db.inc b/admin/db/security_db.inc
index 4af9fde6..d1a2eefb 100644
--- a/admin/db/security_db.inc
+++ b/admin/db/security_db.inc
@@ -13,7 +13,7 @@
 
 function get_security_role($id)
 {
-	$sql = "SELECT * FROM ".TB_PREF."security_roles WHERE id='$id'";
+	$sql = "SELECT * FROM ".TB_PREF."security_roles WHERE id=".(int)$id;
 	$ret = db_query($sql, "could not retrieve security roles");
 	$row = db_fetch($ret);
 	if ($row != false) {
@@ -45,21 +45,21 @@ function update_security_role($id, $name, $description, $sections, $areas)
     	.",description=".db_escape($description)
     	.",sections=".db_escape(implode(';', $sections))
     	.",areas=".db_escape(implode(';', $areas))
-    	." WHERE id=$id";
+    	." WHERE id=".(int)$id;
     	db_query($sql, "could not update role");
 }
 //--------------------------------------------------------------------------------------------------
 
 function delete_security_role($id)
 {
-	$sql = "DELETE FROM ".TB_PREF."security_roles WHERE id=$id";
+	$sql = "DELETE FROM ".TB_PREF."security_roles WHERE id=".(int)$id;
 
 	db_query($sql, "could not delete role");
 }
 //--------------------------------------------------------------------------------------------------
 
 function check_role_used($id) {
-	$sql = "SELECT count(*) FROM ".TB_PREF."users WHERE role_id=$id";
+	$sql = "SELECT count(*) FROM ".TB_PREF."users WHERE role_id=".(int)$id;
 	$ret = db_query($sql, 'cannot check role usage');
 	$row = db_fetch($ret);
 	return $row[0];