diff options
| author | Gábor Hojtsy <gabor@hojtsy.hu> | 2007-09-27 16:52:00 +0000 |
|---|---|---|
| committer | Gábor Hojtsy <gabor@hojtsy.hu> | 2007-09-27 16:52:00 +0000 |
| commit | 74def328c8d6ebaa6c46011b8dc9692be4900e7f (patch) | |
| tree | 61d2ec1587743eb9c9eb3b860ee93935022f3e65 /modules/block | |
| parent | b5b6b32e364b87c87e944968764e212e85d2e10e (diff) | |
| download | brdo-74def328c8d6ebaa6c46011b8dc9692be4900e7f.tar.gz brdo-74def328c8d6ebaa6c46011b8dc9692be4900e7f.tar.bz2 | |
#167284 by Heine and pwolanin: proper field type placeholders in IN() queries, setting a best practice to avoid vulnerabilities
Diffstat (limited to 'modules/block')
| -rw-r--r-- | modules/block/block.module | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/modules/block/block.module b/modules/block/block.module index ca2a204f7..af458a8d5 100644 --- a/modules/block/block.module +++ b/modules/block/block.module @@ -332,7 +332,8 @@ function block_user($type, $edit, &$user, $category = NULL) { switch ($type) { case 'form': if ($category == 'account') { - $result = db_query("SELECT DISTINCT b.* FROM {blocks} b LEFT JOIN {blocks_roles} r ON b.module = r.module AND b.delta = r.delta WHERE b.status = 1 AND b.custom != 0 AND (r.rid IN (%s) OR r.rid IS NULL) ORDER BY b.weight, b.module", implode(',', array_keys($user->roles))); + $rids = array_keys($user->roles); + $result = db_query("SELECT DISTINCT b.* FROM {blocks} b LEFT JOIN {blocks_roles} r ON b.module = r.module AND b.delta = r.delta WHERE b.status = 1 AND b.custom != 0 AND (r.rid IN (". db_placeholders($rids) .") OR r.rid IS NULL) ORDER BY b.weight, b.module", $rids); $form['block'] = array('#type' => 'fieldset', '#title' => t('Block configuration'), '#weight' => 3, '#collapsible' => TRUE, '#tree' => TRUE); while ($block = db_fetch_object($result)) { $data = module_invoke($block->module, 'block', 'list'); @@ -379,7 +380,8 @@ function block_list($region) { static $blocks = array(); if (!count($blocks)) { - $result = db_query(db_rewrite_sql("SELECT DISTINCT b.* FROM {blocks} b LEFT JOIN {blocks_roles} r ON b.module = r.module AND b.delta = r.delta WHERE b.theme = '%s' AND b.status = 1 AND (r.rid IN (%s) OR r.rid IS NULL) ORDER BY b.region, b.weight, b.module", 'b', 'bid'), $theme_key, implode(',', array_keys($user->roles))); + $rids = array_keys($user->roles); + $result = db_query(db_rewrite_sql("SELECT DISTINCT b.* FROM {blocks} b LEFT JOIN {blocks_roles} r ON b.module = r.module AND b.delta = r.delta WHERE b.theme = '%s' AND b.status = 1 AND (r.rid IN (". db_placeholders($rids) .") OR r.rid IS NULL) ORDER BY b.region, b.weight, b.module", 'b', 'bid'), array_merge(array($theme_key), $rids)); while ($block = db_fetch_object($result)) { if (!isset($blocks[$block->region])) { $blocks[$block->region] = array(); |