Opened 10 years ago

Closed 10 years ago

Last modified 10 years ago

#322 closed bug (fixed)

Region list in Algeria, raw XML display on somes of them

Reported by: ocal5 Owned by: jaliste
Priority: minor Milestone: 0.1.4
Component: BW Geo Keywords: country list region security
Cc: micha, steinwinde

Description

Hello,

Region list is here : http://www.bewelcome.org/country/DZ/Wilaya%20d%27%20El%20Tarf

As example, region who have a problem : http://www.bewelcome.org/country/DZ/Wilaya%20d%27%20Oran

Ce fichier XML ne semble pas avoir d'information de style associé avec lui. L'arbre du document est montré ci-dessous.
      
−
<exception>
<code>1000</code>
<message>MySQL error!</message>
−
<file>
/home/bwrox/www.bewelcome.org/lib/db/db_statement_mysql.lib.php
</file>
<line>285</line>
−
<info>
Statement: SELECT cities.Name  AS city, regions.country_code AS country, count(*) AS NbMember
FROM regions, cities
RIGHT JOIN members 
ON members.IdCity = cities.id AND members.Status = 'Active'
WHERE  cities.idregion = regions.id AND regions.name='Wilaya d' Oran' AND regions.country_code='DZ' group by cities.id ORDER BY cities.Name
</info>
<info>1064</info>
−
<info>
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Oran' AND regions.country_code='DZ' group by cities.id ORDER BY cities.Name' at line 5
</info>
−
<trace>
−
<event stackno="0">
−
<file>
/home/bwrox/www.bewelcome.org/lib/db/db_mysql.lib.php
</file>
<line>299</line>
<class type="->">PDBStatement_mysql</class>
<function>query</function>
−
<args>
−
<arg>
SELECT cities.Name  AS city, regions.country_code AS country, count(*) AS NbMember
FROM regions, cities
RIGHT JOIN members 
ON members.IdCity = cities.id AND members.Status = 'Active'
WHERE  cities.idregion = regions.id AND regions.name='Wilaya d' Oran' AND regions.country_code='DZ' group by cities.id ORDER BY cities.Name
</arg>
</args>
</event>
−
<event stackno="1">
−
<file>
/home/bwrox/www.bewelcome.org/build/country/country.model.php
</file>
<line>167</line>
<class type="->">PDB_mysql</class>
<function>query</function>
−
<args>
−
<arg>
SELECT cities.Name  AS city, regions.country_code AS country, count(*) AS NbMember
FROM regions, cities
RIGHT JOIN members 
ON members.IdCity = cities.id AND members.Status = 'Active'
WHERE  cities.idregion = regions.id AND regions.name='Wilaya d' Oran' AND regions.country_code='DZ' group by cities.id ORDER BY cities.Name
</arg>
</args>
</event>
−
<event stackno="2">
−
<file>
/home/bwrox/www.bewelcome.org/build/country/country.ctrl.php
</file>
<line>90</line>
<class type="->">Country</class>
<function>getAllCities</function>
−
<args>
<arg>Wilaya d' Oran</arg>
<arg>DZ</arg>
</args>
</event>
−
<event stackno="3">
<file>/home/bwrox/www.bewelcome.org/htdocs/index.php</file>
<line>131</line>
<class type="->">CountryController</class>
<function>index</function>
<args/>
</event>
</trace>
</exception>

There is something like 10 other links who are doing the same thing.

I havn't check on all other countrys ;-) but it's the same case on alpha.

Thanks

Change History (10)

comment:1 Changed 10 years ago by philipp

  • Milestone changed from unassigned to 0.2 - community

comment:2 Changed 10 years ago by jaliste

  • Keywords security added; Algeria xml css removed
  • Milestone changed from 0.2 - community to 0.1.3 - more improvements & bugfixing
  • Priority changed from major to blocker

Please observe that right now that this bug allows SQL INJECTION!!!!
Changing priorities accordingly!

comment:3 Changed 10 years ago by philipp

  • Cc micha steinwinde added

comment:4 Changed 10 years ago by jaliste

  • Milestone changed from 0.1.3 - more improvements & bugfixing to 0.1.4
  • Priority changed from blocker to trivial

Actually, the queries that are not escaped are executed after checking for the existance of regions, countries or cities. Thus, there is no risk of SQL injection!!! So downgrading priority... And make it depend on the fix of #262.

comment:5 Changed 10 years ago by ocal5

  • Priority changed from trivial to minor

To me trivial mean something like a better display, etc... here it's something who really don't work.

comment:6 Changed 10 years ago by jaliste

  • Owner set to jaliste
  • Status changed from new to assigned

Fixed in [3808]

comment:7 Changed 10 years ago by jaliste

  • follow_up changed from none to review code

comment:8 Changed 10 years ago by jeanyves

  • follow_up changed from review code to test on alpha

reviewed to test on alpha

comment:9 Changed 10 years ago by philipp

  • follow_up changed from test on alpha to release
  • Resolution set to fixed
  • Status changed from assigned to closed

looks fine on alpha

comment:10 Changed 10 years ago by matrixpoint

  • follow_up changed from release to none

Released to production in r3913.

Note: See TracTickets for help on using tickets.