Security Alert: class/criteria.php

Date 2005-06-29 10:32:31 | Category: Site News
in englishin japanese
This is a serious report about almost version of XOOPS.
A missing of single quotation makes a big hole.
(I shall never write the details like POC)

I think it's EMERGENCY for users using XOOPS < 2.0.10-1JP or 2.0.12.

You can fix it easily with any version of XOOPS.
- Open class/criteria.php
- go to line 342
- find the function named render()
- remove like this


	/**
	 * Make a sql condition string
	 * 
	 * @return  string
	 **/
	function render() {
		if ( is_numeric($this->value) || in_array(strtoupper($this->operator), array('IN', 'NOT IN'))) {
			$value = $this->value;
		} else {
			if ( '' === ($value = trim($this->value)) ) {
				return '';
			}
			if ( (substr($value, 0, 1) != '`') && (substr($value, -1) != '`') ) {
				$value = "'$value'";
			}
		}
		$clause = (!empty($this->prefix) ? "{$this->prefix}." : "") . $this->column;
		if ( !empty($this->function) ) {
			$clause = sprintf($this->function, $clause);
		}
		$clause .= " {$this->operator} $value";
		return $clause;
	}





You can read more news at PEAK XOOPS.
http://xoops.peak.ne.jp

The URL for this story is:
http://xoops.peak.ne.jp/md/news/index.php?page=article&storyid=60