shuber 2005/04/28 18:10:18 CEST
Modified files: (Branch: JAHIA-4-0-BRANCH)
src/java/org/jahia/services/usermanager
JahiaSiteUserManagerDBService.java
JahiaUserManagerDBProvider.java
Log:
Bugfix : fixing SQL injection vulnerability in user login form.
Revision Changes Path
1.13.2.3 +9 -9
jahia/src/java/org/jahia/services/usermanager/JahiaSiteUserManagerDBService.java
http://jahia.mine.nu:8080/cgi-bin/cvsweb.cgi/jahia/src/java/org/jahia/services/usermanager/JahiaSiteUserManagerDBService.java.diff?r1=1.13.2.2&r2=1.13.2.3&f=h
1.20.4.10 +18 -12
jahia/src/java/org/jahia/services/usermanager/JahiaUserManagerDBProvider.java
http://jahia.mine.nu:8080/cgi-bin/cvsweb.cgi/jahia/src/java/org/jahia/services/usermanager/JahiaUserManagerDBProvider.java.diff?r1=1.20.4.9&r2=1.20.4.10&f=h
Index: JahiaSiteUserManagerDBService.java
===================================================================
RCS file:
/home/cvs/repository/jahia/src/java/org/jahia/services/usermanager/Attic/JahiaSiteUserManagerDBService.java,v
retrieving revision 1.13.2.2
retrieving revision 1.13.2.3
diff -u -r1.13.2.2 -r1.13.2.3
--- JahiaSiteUserManagerDBService.java 18 Aug 2004 14:51:48 -0000
1.13.2.2
+++ JahiaSiteUserManagerDBService.java 28 Apr 2005 16:10:17 -0000
1.13.2.3
@@ -25,6 +25,7 @@
import java.sql.SQLException;
import java.sql.Statement;
import java.util.*;
+import java.sql.PreparedStatement;
/**
@@ -341,7 +342,7 @@
JahiaUser user = null;
Connection dbConn = null;
- Statement statement = null;
+ PreparedStatement statement = null;
user = (JahiaUser) siteUserCache.get(buildCacheKey(siteID,
username));
if (user != null) {
@@ -352,16 +353,15 @@
SiteUserBean suBean = null;
dbConn =
org.jahia.services.database.ConnectionDispenser.getConnection();
- statement = dbConn.createStatement();
+ StringBuffer query = new StringBuffer(
+ "select * from jahia_sites_users where
siteid_sites_users=?");
+ query.append(" and username_sites_users=?");
+ statement = dbConn.prepareStatement(query.toString());
if (statement != null) {
- StringBuffer query = new StringBuffer(
- "select * from jahia_sites_users where
siteid_sites_users=");
- query.append(siteID);
- query.append(" and username_sites_users='");
- query.append(username);
- query.append("'");
- ResultSet rs = statement.executeQuery(query.toString());
+ statement.setInt(1, siteID);
+ statement.setString(2, username);
+ ResultSet rs = statement.executeQuery();
if (rs != null) {
while (rs.next()) {
suBean = getSiteUserBeanFromResultSet(rs);
Index: JahiaUserManagerDBProvider.java
===================================================================
RCS file:
/home/cvs/repository/jahia/src/java/org/jahia/services/usermanager/Attic/JahiaUserManagerDBProvider.java,v
retrieving revision 1.20.4.9
retrieving revision 1.20.4.10
diff -u -r1.20.4.9 -r1.20.4.10
--- JahiaUserManagerDBProvider.java 1 Apr 2005 08:14:58 -0000 1.20.4.9
+++ JahiaUserManagerDBProvider.java 28 Apr 2005 16:10:17 -0000
1.20.4.10
@@ -667,14 +667,19 @@
boolean result = true;
String userIDStr = Integer.toString (id);
- Statement statement = null;
+ PreparedStatement statement = null;
try {
- statement = dbConn.createStatement ();
+ String query = "INSERT INTO jahia_users (id_jahia_users,
name_jahia_users, password_jahia_users, key_jahia_users, siteid_jahia_users)
VALUES (?,?,?,?,?)";
- String query = "INSERT INTO jahia_users (id_jahia_users,
name_jahia_users, password_jahia_users, key_jahia_users, siteid_jahia_users)
VALUES (" +
- userIDStr + ",'" + username + "','" + password + "','" +
userKey + "'," + siteID + ")";
- statement.executeUpdate (query);
+ statement = dbConn.prepareStatement (query);
+
+ statement.setInt(1, id);
+ statement.setString(2, username);
+ statement.setString(3, password);
+ statement.setString(4, userKey);
+ statement.setInt(5, siteID);
+ statement.executeUpdate ();
// Add the user's attributes
if (properties != null) {
@@ -722,14 +727,15 @@
UserProperties properties = new UserProperties ();
// execute the SELECT query
- Statement statement = null;
+ PreparedStatement statement = null;
try {
- statement = dbConn.createStatement ();
+ String query = "SELECT id_jahia_users, password_jahia_users,
key_jahia_users FROM jahia_users WHERE name_jahia_users=? and
siteid_jahia_users=?";
+ statement = dbConn.prepareStatement (query);
if (statement != null) {
- String query = "SELECT id_jahia_users, password_jahia_users,
key_jahia_users FROM jahia_users WHERE name_jahia_users='" +
- name + "' and siteid_jahia_users=" + siteID;
+ statement.setString(1, name);
+ statement.setInt(2, siteID);
- ResultSet rs = statement.executeQuery (query);
+ ResultSet rs = statement.executeQuery ();
if (rs != null) {
if (rs.next ()) {
@@ -1096,8 +1102,8 @@
"] at position " + i);
}
}
- /* end EP mods */
- return (!badCharFound);
+ /* end EP mods */
+ return (!badCharFound);
}
//-------------------------------------------------------------------------
