maxtors Posted November 14, 2009 Share Posted November 14, 2009 Hello my mcafee secure gave me a MySQL Database Error Disclosure Vulnerability error found in a Filterlist contribution i installed here is the code in question maybe someone can help me find a fix for it thanks pfrom=From pto=To refine=Refine+your+results categories_id=334 search_in_description=1 subsearch=0 max_pages=x%27%3B%22%2C%29%60 THE SINGLE BEST WAY TO FIX THIS VULNERABILITY IS TO IDENTIFY THE ACCEPTABLE INPUT FOR EACH FORM PARAMETER AND REJECT INPUT THAT DOES NOT MEET THAT CRITERIA. The following is an acceptable solution however it is not optimal. Implement content parsing on data input fields including URL parameters. Remove the following characters from any user or dynamic database input: (examples in VBScript) ' (escape the single quote) input = replace( input, "'", "''" ) " (double quote) input = replace( input, """", "" ) ) (close parenthesis) input = replace( input, ")", "" ) ( (open parenthesis) input = replace( input, "(", "" ) ; (semi-colon) input = replace( input, ";", "" ) - (dash) input = replace( input, "-", "" ) | (pipe) input = replace( input, "|", "" ) On text input it is recommended to append quotes around the user supplied input. Please contact ScanAlert Support if you need further instructions. <?php require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_ADVANCED_SEARCH); ?> <script language="javascript" src="includes/general.js"></script> <script language="javascript" src="includes/jquery1.2.6.js"></script> <script language="javascript"> <!-- function check_form() { var error_message = "<?php echo JS_ERROR; ?>"; var error_found = false; var error_field; var keywords = document.adv_filter.refine.value; var pfrom = document.adv_filter.pfrom.value; var pto = document.adv_filter.pto.value; var pfrom_float; var pto_float; if (((keywords == '') || (keywords.length < 1)) && ((pfrom == '') || (pfrom.length < 1)) && ((pto == '') || (pto.length < 1))) { error_message = error_message + "* <?php echo ERROR_AT_LEAST_ONE_INPUT; ?>\n"; error_field = document.advanced_search.keywords; error_found = true; } if (pfrom.length > 0) { pfrom_float = parseFloat(pfrom); if (isNaN(pfrom_float)) { error_message = error_message + "* <?php echo ERROR_PRICE_FROM_MUST_BE_NUM; ?>\n"; error_field = document.advanced_search.pfrom; error_found = true; } } else { pfrom_float = 0; } if (pto.length > 0) { pto_float = parseFloat(pto); if (isNaN(pto_float)) { error_message = error_message + "* <?php echo ERROR_PRICE_TO_MUST_BE_NUM; ?>\n"; error_field = document.advanced_search.pto; error_found = true; } } else { pto_float = 0; } if ((pfrom.length > 0) && (pto.length > 0)) { if ((!isNaN(pfrom_float)) && (!isNaN(pto_float)) && (pto_float < pfrom_float)) { error_message = error_message + "* <?php echo ERROR_PRICE_TO_LESS_THAN_PRICE_FROM; ?>\n"; error_field = document.advanced_search.pto; error_found = true; } } if (error_found == true) { alert(error_message); error_field.focus(); return false; } else { return true; } } function popupWindow(url) { window.open(url,'popupWindow','toolbar=no,location=no,directories=no,status=no,menubar=no,scrollbars=yes,resizable=yes,copyhistory=no,width=450,height=280,screenX=150,screenY=150,top=150,left=150') } //Search Box controls $(document).ready( function() { searchBox(); } ); function searchBox() { $("#refine").focus( function() { if(this.value=='<?php echo REFINE_RESULTS; ?>') { this.value=''; } } ); $("#subsearch").click( function() { if($("#refine").val()=='<?php echo REFINE_RESULTS; ?>') { $("#refine").val(''); } } ); $("#refine").blur( function() { if(this.value=='') { this.value='<?php echo REFINE_RESULTS; ?>'; }; } ); $("#pfrom").focus( function() { if(this.value=='<?=PRICE_FROM?>') { this.value=''; } } ); $("#subsearch").click( function() { if($("#pfrom").val()=='<?=PRICE_FROM?>') { $("#pfrom").val(''); } } ); $("#pfrom").blur( function() { if(this.value=='') { this.value='<?=PRICE_FROM?>'; }; } ); $("#pto").focus( function() { if(this.value=='<?=PRICE_TO?>') { this.value=''; } } ); $("#subsearch").click( function() { if($("#pto").val()=='<?=PRICE_TO?>') { $("#pto").val(''); } } ); $("#pto").blur( function() { if(this.value=='') { this.value='<?=PRICE_TO?>'; }; } ); } //--> </script> <?php $hold_max_pages = MAX_DISPLAY_SEARCH_RESULTS; if ($HTTP_GET_VARS['max_pages']) { $hold_max_pages = $HTTP_GET_VARS['max_pages']; } else { $hold_max_pages = MAX_DISPLAY_SEARCH_RESULTS; } $error = false; if ( (isset($HTTP_GET_VARS['refine']) && empty($HTTP_GET_VARS['refine'])) && (isset($HTTP_GET_VARS['pfrom']) && !is_numeric($HTTP_GET_VARS['pfrom'])) && (isset($HTTP_GET_VARS['pto']) && !is_numeric($HTTP_GET_VARS['pto'])) ) { $error = true; $messageStack->add_session('search', ERROR_AT_LEAST_ONE_INPUT); } else { $pfrom = ''; $pto = ''; $keywords = ''; if (isset($HTTP_GET_VARS['pfrom']) && $HTTP_GET_VARS['pfrom'] !== PRICE_FROM) { $pfrom = $HTTP_GET_VARS['pfrom']; } if (isset($HTTP_GET_VARS['pto']) && $HTTP_GET_VARS['pto'] !== PRICE_TO) { $pto = $HTTP_GET_VARS['pto']; } if (isset($HTTP_GET_VARS['refine']) && $HTTP_GET_VARS['refine'] !== REFINE_RESULTS) { $keywords = $HTTP_GET_VARS['refine']; } $price_check_error = false; if (tep_not_null($pfrom)) { if (!settype($pfrom, 'double')) { $error = true; $price_check_error = true; $messageStack->add_session('search', ERROR_PRICE_FROM_MUST_BE_NUM); } } if (tep_not_null($pto)) { if (!settype($pto, 'double')) { $error = true; $price_check_error = true; $messageStack->add_session('search', ERROR_PRICE_TO_MUST_BE_NUM); } } if (($price_check_error == false) && is_float($pfrom) && is_float($pto)) { if ($pfrom >= $pto) { $error = true; $messageStack->add_session('search', ERROR_PRICE_TO_LESS_THAN_PRICE_FROM); } } if (tep_not_null($keywords)) { if (!tep_parse_search_string($keywords, $search_keywords)) { $error = true; $messageStack->add_session('search', ERROR_INVALID_KEYWORDS); } } } if (empty($pfrom) && empty($pto) && empty($keywords)) { $error = true; $messageStack->add_session('search', ERROR_AT_LEAST_ONE_INPUT); } if ((isset($HTTP_GET_VARS['refine']) && (!empty($HTTP_GET_VARS['refine']) || ($HTTP_GET_VARS['refine'] !== REFINE_RESULTS))) || (isset($HTTP_GET_VARS['pfrom']) && is_numeric($HTTP_GET_VARS['pfrom'])) || (isset($HTTP_GET_VARS['pto']) && is_numeric($HTTP_GET_VARS['pto']))) { // create column list $define_list = array('PRODUCT_LIST_MODEL' => PRODUCT_LIST_MODEL, 'PRODUCT_LIST_NAME' => PRODUCT_LIST_NAME, 'PRODUCT_LIST_MANUFACTURER' => PRODUCT_LIST_MANUFACTURER, 'PRODUCT_LIST_PRICE' => PRODUCT_LIST_PRICE, 'PRODUCT_LIST_QUANTITY' => PRODUCT_LIST_QUANTITY, 'PRODUCT_LIST_WEIGHT' => PRODUCT_LIST_WEIGHT, 'PRODUCT_LIST_IMAGE' => PRODUCT_LIST_IMAGE, 'PRODUCT_LIST_BUY_NOW' => PRODUCT_LIST_BUY_NOW); asort($define_list); $column_list = array(); reset($define_list); while (list($key, $value) = each($define_list)) { if ($value > 0) $column_list[] = $key; } $select_column_list = ''; for ($i=0, $n=sizeof($column_list); $i<$n; $i++) { switch ($column_list[$i]) { case 'PRODUCT_LIST_MODEL': $select_column_list .= 'p.products_model, '; break; case 'PRODUCT_LIST_MANUFACTURER': $select_column_list .= 'm.manufacturers_name, '; break; case 'PRODUCT_LIST_QUANTITY': $select_column_list .= 'p.products_quantity, '; break; case 'PRODUCT_LIST_IMAGE': $select_column_list .= 'p.products_image, '; break; case 'PRODUCT_LIST_WEIGHT': $select_column_list .= 'p.products_weight, '; break; } } $select_str = "select distinct " . $select_column_list . " m.manufacturers_id, p.products_id, pd.products_name, p.products_price, p.products_tax_class_id, IF(s.status, s.specials_new_products_price, NULL) as specials_new_products_price, IF(s.status, s.specials_new_products_price, p.products_price) as final_price "; if ( (DISPLAY_PRICE_WITH_TAX == 'true') && (tep_not_null($pfrom) || tep_not_null($pto)) ) { $select_str .= ", SUM(tr.tax_rate) as tax_rate "; } $from_str = "from ((" . TABLE_PRODUCTS . " p) left join " . TABLE_MANUFACTURERS . " m using(manufacturers_id), " . TABLE_PRODUCTS_DESCRIPTION . " pd) left join " . TABLE_SPECIALS . " s on p.products_id = s.products_id, " . TABLE_CATEGORIES . " c, " . TABLE_PRODUCTS_TO_CATEGORIES . " p2c"; if ( (DISPLAY_PRICE_WITH_TAX == 'true') && (tep_not_null($pfrom) || tep_not_null($pto)) ) { if (!tep_session_is_registered('customer_country_id')) { $customer_country_id = STORE_COUNTRY; $customer_zone_id = STORE_ZONE; } $from_str .= " left join " . TABLE_TAX_RATES . " tr on p.products_tax_class_id = tr.tax_class_id left join " . TABLE_ZONES_TO_GEO_ZONES . " gz on tr.tax_zone_id = gz.geo_zone_id and (gz.zone_country_id is null or gz.zone_country_id = '0' or gz.zone_country_id = '" . (int)$customer_country_id . "') and (gz.zone_id is null or gz.zone_id = '0' or gz.zone_id = '" . (int)$customer_zone_id . "')"; } $where_str = " where p.products_status = '1' and p.products_id = pd.products_id and pd.language_id = '" . (int)$languages_id . "' and p.products_id = p2c.products_id and p2c.categories_id = c.categories_id "; if (isset($HTTP_GET_VARS['categories_id']) && tep_not_null($HTTP_GET_VARS['categories_id'])) { if (isset($HTTP_GET_VARS['inc_subcat']) && ($HTTP_GET_VARS['inc_subcat'] == '1')) { $subcategories_array = array(); tep_get_subcategories($subcategories_array, $HTTP_GET_VARS['categories_id']); $where_str .= " and p2c.products_id = p.products_id and p2c.products_id = pd.products_id and (p2c.categories_id = '" . (int)$HTTP_GET_VARS['categories_id'] . "'"; for ($i=0, $n=sizeof($subcategories_array); $i<$n; $i++ ) { $where_str .= " or p2c.categories_id = '" . (int)$subcategories_array[$i] . "'"; } $where_str .= ")"; } else { $where_str .= " and p2c.products_id = p.products_id and p2c.products_id = pd.products_id and pd.language_id = '" . (int)$languages_id . "' and p2c.categories_id = '" . (int)$HTTP_GET_VARS['categories_id'] . "'"; } } if (isset($HTTP_GET_VARS['manufacturers_id']) && tep_not_null($HTTP_GET_VARS['manufacturers_id'])) { $where_str .= " and m.manufacturers_id = '" . (int)$HTTP_GET_VARS['manufacturers_id'] . "'"; } if (isset($search_keywords) && (sizeof($search_keywords) > 0)) { $where_str .= " and ("; for ($i=0, $n=sizeof($search_keywords); $i<$n; $i++ ) { switch ($search_keywords[$i]) { case '(': case ')': case 'and': case 'or': $where_str .= " " . $search_keywords[$i] . " "; break; default: $keyword = tep_db_prepare_input($search_keywords[$i]); $where_str .= "(pd.products_name like '%" . tep_db_input($keyword) . "%' or p.products_model like '%" . tep_db_input($keyword) . "%' or m.manufacturers_name like '%" . tep_db_input($keyword) . "%'"; if (isset($HTTP_GET_VARS['search_in_description']) && ($HTTP_GET_VARS['search_in_description'] == '1')) $where_str .= " or pd.products_description like '%" . tep_db_input($keyword) . "%'"; $where_str .= ')'; break; } } $where_str .= " )"; } if (tep_not_null($pfrom)) { if ($currencies->is_set($currency)) { $rate = $currencies->get_value($currency); $pfrom = $pfrom / $rate; } } if (tep_not_null($pto)) { if (isset($rate)) { $pto = $pto / $rate; } } if (DISPLAY_PRICE_WITH_TAX == 'true') { if ($pfrom > 0) $where_str .= " and (IF(s.status, s.specials_new_products_price, p.products_price) * if(gz.geo_zone_id is null, 1, 1 + (tr.tax_rate / 100) ) >= " . (double)$pfrom . ")"; if ($pto > 0) $where_str .= " and (IF(s.status, s.specials_new_products_price, p.products_price) * if(gz.geo_zone_id is null, 1, 1 + (tr.tax_rate / 100) ) <= " . (double)$pto . ")"; } else { if ($pfrom > 0) $where_str .= " and (IF(s.status, s.specials_new_products_price, p.products_price) >= " . (double)$pfrom . ")"; if ($pto > 0) $where_str .= " and (IF(s.status, s.specials_new_products_price, p.products_price) <= " . (double)$pto . ")"; } if ( (DISPLAY_PRICE_WITH_TAX == 'true') && (tep_not_null($pfrom) || tep_not_null($pto)) ) { $where_str .= " group by p.products_id, tr.tax_priority"; } if ( (!isset($HTTP_GET_VARS['sort'])) || (!ereg('[1-8][ad]', $HTTP_GET_VARS['sort'])) || (substr($HTTP_GET_VARS['sort'], 0, 1) > sizeof($column_list)) ) { for ($i=0, $n=sizeof($column_list); $i<$n; $i++) { if ($column_list[$i] == 'PRODUCT_LIST_NAME') { $HTTP_GET_VARS['sort'] = $i+1 . 'a'; $order_str = ' order by pd.products_name'; break; } } } else { $sort_col = substr($HTTP_GET_VARS['sort'], 0 , 1); $sort_order = substr($HTTP_GET_VARS['sort'], 1); $order_str = ' order by '; switch ($column_list[$sort_col-1]) { case 'PRODUCT_LIST_MODEL': $order_str .= "p.products_model " . ($sort_order == 'd' ? "desc" : "") . ", pd.products_name"; break; case 'PRODUCT_LIST_NAME': $order_str .= "pd.products_name " . ($sort_order == 'd' ? "desc" : ""); break; case 'PRODUCT_LIST_MANUFACTURER': $order_str .= "m.manufacturers_name " . ($sort_order == 'd' ? "desc" : "") . ", pd.products_name"; break; case 'PRODUCT_LIST_QUANTITY': $order_str .= "p.products_quantity " . ($sort_order == 'd' ? "desc" : "") . ", pd.products_name"; break; case 'PRODUCT_LIST_IMAGE': $order_str .= "pd.products_name"; break; case 'PRODUCT_LIST_WEIGHT': $order_str .= "p.products_weight " . ($sort_order == 'd' ? "desc" : "") . ", pd.products_name"; break; case 'PRODUCT_LIST_PRICE': $order_str .= "final_price " . ($sort_order == 'd' ? "desc" : "") . ", pd.products_name"; break; } } $listing_sql = $select_str . $from_str . $where_str . $order_str; } $listing_split = new splitPageResults($listing_sql, $hold_max_pages, 'p.products_id'); if (($listing_split->number_of_rows > 0) && ((PREV_NEXT_BAR_LOCATION == '1') || (PREV_NEXT_BAR_LOCATION == '3'))) { ?> <div class="infoBoxContents" style="padding:0.5em; text-align:center;"> <form name="filter" action="<?php echo tep_href_link(basename($PHP_SELF),tep_get_all_get_params(array('pfrom', 'pto', 'refine', 'page', 'info', 'x', 'y', 'manufacturers_id'))); ?>" method="get"> <label for="pfrom" class="fieldKey"><?=PRICE_RANGE?></label> <input id="pfrom" name="pfrom" value="<?=PRICE_FROM?>" class="fieldValue" style="width:5em" /> - <input id="pto" name="pto" value="<?=PRICE_TO?>" class="fieldValue" style="width:5em" /> <input id="refine" type='text' name='refine' value="<?=REFINE_RESULTS?>" style='width:42%;' class="fieldValue" /> <?php echo tep_draw_hidden_field('categories_id', (int)$current_category_id) . tep_draw_hidden_field('search_in_description', '1') . tep_image_submit('button_search.gif', IMAGE_BUTTON_SEARCH, "id='subsearch' name='subsearch' style='margin:0 5px;'"); ?> <div style="display:inline-block; width:49%; margin: 0.5em 0; text-align:center;"> <?php // optional Product List Filter if (PRODUCT_LIST_FILTER > 0) { $filterlist_sql = "select distinct m.manufacturers_id as id, m.manufacturers_name as name from " . TABLE_PRODUCTS . " p, " . TABLE_PRODUCTS_TO_CATEGORIES . " p2c, " . TABLE_MANUFACTURERS . " m where p.products_status = '1' and p.manufacturers_id = m.manufacturers_id and p.products_id = p2c.products_id and p2c.categories_id = '" . (int)$current_category_id . "' order by m.manufacturers_name"; $filterlist_query = tep_db_query($filterlist_sql); if (tep_db_num_rows($filterlist_query) > 1) { echo tep_draw_hidden_field('cPath', $cPath); $options = array(array('id' => '', 'text' => TEXT_ALL_MANUFACTURERS)); echo tep_draw_hidden_field('sort', $HTTP_GET_VARS['sort']); while ($filterlist = tep_db_fetch_array($filterlist_query)) { $options[] = array('id' => $filterlist['id'], 'text' => $filterlist['name']); } echo tep_draw_pull_down_menu('manufacturers_id', $options, (isset($HTTP_GET_VARS['manufacturers_id']) ? $HTTP_GET_VARS['manufacturers_id'] : ''), 'onchange="this.form.submit()"'); } } ?> </div><div style="display:inline-block; width:49%; margin: 0.5em 0; text-align:center;"> <?php $all = $listing_split->number_of_rows; $page_options = array(array('id' => $hold_max_pages, 'text' => sprintf(SHOWING_RESULTS, $hold_max_pages))); $page_options[] = array('id' => $all, 'text' => sprintf(SHOW_RESULTS, 'All') . " ($all)"); $page_options[] = array('id' => 5, 'text' => sprintf(SHOW_RESULTS, 5)); $page_options[] = array('id' => 15, 'text' => sprintf(SHOW_RESULTS, 15)); $page_options[] = array('id' => 25, 'text' => sprintf(SHOW_RESULTS, 25)); $page_options[] = array('id' => 50, 'text' => sprintf(SHOW_RESULTS, 50)); echo tep_hide_session_id(); echo tep_draw_pull_down_menu('max_pages', $page_options, '', 'onchange="this.form.submit()"'); ?> </div> </form> </div> <div class="smallText" style="display:inline-block; width:49%;"><?php echo $listing_split->display_count(TEXT_DISPLAY_NUMBER_OF_PRODUCTS); ?></div> <div class="smallText" style="display:inline-block; width:49%; text-align:right;"><?php echo TEXT_RESULT_PAGE . ' ' . $listing_split->display_links(MAX_DISPLAY_PAGE_LINKS, tep_get_all_get_params(array('page', 'info', 'x', 'y'))); ?></div> <?php } ?> Link to comment Share on other sites More sharing options...
♥geoffreywalton Posted November 14, 2009 Share Posted November 14, 2009 Have a look at my useful threads link below. The one on how to secure your site includes one on sql injection. G Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile Virus Threat Scanner My Contributions Basic install answers. Click here for Contributions / Add Ons. UK your site. Site Move. Basic design info. For links mentioned in old answers that are no longer here follow this link Useful Threads. If this post was useful, click the Like This button over there ======>>>>>. Link to comment Share on other sites More sharing options...
maxtors Posted November 14, 2009 Author Share Posted November 14, 2009 Did not fix the problem anyone else? Have a look at my useful threads link below. The one on how to secure your site includes one on sql injection. G Link to comment Share on other sites More sharing options...
spooks Posted November 14, 2009 Share Posted November 14, 2009 Did not fix the problem anyone else? Which contribs did u install? I would have thought that just security pro on its own would have complied with most they asked!! Sam Remember, What you think I ment may not be what I thought I ment when I said it. Contributions: Auto Backup your Database, Easy way Multi Images with Fancy Pop-ups, Easy way Products in columns with multi buy etc etc Disable any Category or Product, Easy way Secure & Improve your account pages et al. Link to comment Share on other sites More sharing options...
maxtors Posted November 14, 2009 Author Share Posted November 14, 2009 i pass with no problems if i remove the Filterlist contribution i have these contribution installed, Security Pro IP trap htaccess protection Anti XSS Which contribs did u install? I would have thought that just security pro on its own would have complied with most they asked!! Link to comment Share on other sites More sharing options...
spooks Posted November 15, 2009 Share Posted November 15, 2009 i pass with no problems if i remove the Filterlist contribution i have these contribution installed, Security Pro IP trap htaccess protection Anti XSS Why are'nt u using the latest of the filterlist contrib? Are u using the latest of Security Pro that removes % Have u tried adding the post cleaning ? Sam Remember, What you think I ment may not be what I thought I ment when I said it. Contributions: Auto Backup your Database, Easy way Multi Images with Fancy Pop-ups, Easy way Products in columns with multi buy etc etc Disable any Category or Product, Easy way Secure & Improve your account pages et al. Link to comment Share on other sites More sharing options...
maxtors Posted November 15, 2009 Author Share Posted November 15, 2009 i tried the latest filterlist contrib and got 3 secure errors but only got one with the _GET filterlist contrib and yes i have the latest of security pro and also tried the post cleaning here is the code from the new filterlist i tried? <?php require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_ADVANCED_SEARCH); ?> <script language="javascript" src="includes/general.js"></script> <script language="javascript" src="includes/jquery1.2.6.js"></script> <script language="javascript"> <!-- function check_form() { var error_message = "<?php echo JS_ERROR; ?>"; var error_found = false; var error_field; var keywords = document.adv_filter.refine.value; var pfrom = document.adv_filter.pfrom.value; var pto = document.adv_filter.pto.value; var pfrom_float; var pto_float; if (((keywords == '') || (keywords.length < 1)) && ((pfrom == '') || (pfrom.length < 1)) && ((pto == '') || (pto.length < 1))) { error_message = error_message + "* <?php echo ERROR_AT_LEAST_ONE_INPUT; ?>\n"; error_field = document.advanced_search.keywords; error_found = true; } if (pfrom.length > 0) { pfrom_float = parseFloat(pfrom); if (isNaN(pfrom_float)) { error_message = error_message + "* <?php echo ERROR_PRICE_FROM_MUST_BE_NUM; ?>\n"; error_field = document.advanced_search.pfrom; error_found = true; } } else { pfrom_float = 0; } if (pto.length > 0) { pto_float = parseFloat(pto); if (isNaN(pto_float)) { error_message = error_message + "* <?php echo ERROR_PRICE_TO_MUST_BE_NUM; ?>\n"; error_field = document.advanced_search.pto; error_found = true; } } else { pto_float = 0; } if ((pfrom.length > 0) && (pto.length > 0)) { if ((!isNaN(pfrom_float)) && (!isNaN(pto_float)) && (pto_float < pfrom_float)) { error_message = error_message + "* <?php echo ERROR_PRICE_TO_LESS_THAN_PRICE_FROM; ?>\n"; error_field = document.advanced_search.pto; error_found = true; } } if (error_found == true) { alert(error_message); error_field.focus(); return false; } else { return true; } } function popupWindow(url) { window.open(url,'popupWindow','toolbar=no,location=no,directories=no,status=no,menubar=no,scrollbars=yes,resizable=yes,copyhistory=no,width=450,height=280,screenX=150,screenY=150,top=150,left=150') } //Search Box controls $(document).ready( function() { searchBox(); } ); function searchBox() { $("#refine").focus( function() { if(this.value=='<?php echo REFINE_RESULTS; ?>') { this.value=''; } } ); $("#subsearch").click( function() { if($("#refine").val()=='<?php echo REFINE_RESULTS; ?>') { $("#refine").val(''); } } ); $("#refine").blur( function() { if(this.value=='') { this.value='<?php echo REFINE_RESULTS; ?>'; }; } ); $("#pfrom").focus( function() { if(this.value=='<?=PRICE_FROM?>') { this.value=''; } } ); $("#subsearch").click( function() { if($("#pfrom").val()=='<?=PRICE_FROM?>') { $("#pfrom").val(''); } } ); $("#pfrom").blur( function() { if(this.value=='') { this.value='<?=PRICE_FROM?>'; }; } ); $("#pto").focus( function() { if(this.value=='<?=PRICE_TO?>') { this.value=''; } } ); $("#subsearch").click( function() { if($("#pto").val()=='<?=PRICE_TO?>') { $("#pto").val(''); } } ); $("#pto").blur( function() { if(this.value=='') { this.value='<?=PRICE_TO?>'; }; } ); } //--> </script> <?php // clean posted vars reset($_POST); while (list($key, $value) = each($_POST)) { if (!is_array($_POST[$key])) { $_POST[$key] = preg_replace("/[^ a-zA-Z0-9@%:{}_.-]/i", "", urldecode($_POST[$key])); } else { unset($_POST[$key]); } // no arrays expected } $hold_max_pages = MAX_DISPLAY_SEARCH_RESULTS; if ($HTTP_POST_VARS['max_pages']) { $hold_max_pages = $HTTP_POST_VARS['max_pages']; } else { $hold_max_pages = MAX_DISPLAY_SEARCH_RESULTS; } $error = false; if ( (isset($HTTP_POST_VARS['refine']) && empty($HTTP_POST_VARS['refine'])) && (isset($HTTP_POST_VARS['pfrom']) && !is_numeric($HTTP_POST_VARS['pfrom'])) && (isset($HTTP_POST_VARS['pto']) && !is_numeric($HTTP_POST_VARS['pto'])) ) { $error = true; $messageStack->add_session('search', ERROR_AT_LEAST_ONE_INPUT); } else { $pfrom = ''; $pto = ''; $keywords = ''; if (isset($HTTP_POST_VARS['pfrom']) && $HTTP_POST_VARS['pfrom'] !== PRICE_FROM) { $pfrom = $HTTP_POST_VARS['pfrom']; } if (isset($HTTP_POST_VARS['pto']) && $HTTP_POST_VARS['pto'] !== PRICE_TO) { $pto = $HTTP_POST_VARS['pto']; } if (isset($HTTP_POST_VARS['refine']) && $HTTP_POST_VARS['refine'] !== REFINE_RESULTS) { $keywords = $HTTP_POST_VARS['refine']; } $price_check_error = false; if (tep_not_null($pfrom)) { if (!settype($pfrom, 'double')) { $error = true; $price_check_error = true; $messageStack->add_session('search', ERROR_PRICE_FROM_MUST_BE_NUM); } } if (tep_not_null($pto)) { if (!settype($pto, 'double')) { $error = true; $price_check_error = true; $messageStack->add_session('search', ERROR_PRICE_TO_MUST_BE_NUM); } } if (($price_check_error == false) && is_float($pfrom) && is_float($pto)) { if ($pfrom >= $pto) { $error = true; $messageStack->add_session('search', ERROR_PRICE_TO_LESS_THAN_PRICE_FROM); } } if (tep_not_null($keywords)) { if (!tep_parse_search_string($keywords, $search_keywords)) { $error = true; $messageStack->add_session('search', ERROR_INVALID_KEYWORDS); } } } if (empty($pfrom) && empty($pto) && empty($keywords)) { $error = true; $messageStack->add_session('search', ERROR_AT_LEAST_ONE_INPUT); } if ((isset($HTTP_POST_VARS['refine']) && (!empty($HTTP_POST_VARS['refine']) || ($HTTP_POST_VARS['refine'] !== REFINE_RESULTS))) || (isset($HTTP_POST_VARS['pfrom']) && is_numeric($HTTP_POST_VARS['pfrom'])) || (isset($HTTP_POST_VARS['pto']) && is_numeric($HTTP_POST_VARS['pto']))) { // create column list $define_list = array('PRODUCT_LIST_MODEL' => PRODUCT_LIST_MODEL, 'PRODUCT_LIST_NAME' => PRODUCT_LIST_NAME, 'PRODUCT_LIST_MANUFACTURER' => PRODUCT_LIST_MANUFACTURER, 'PRODUCT_LIST_PRICE' => PRODUCT_LIST_PRICE, 'PRODUCT_LIST_QUANTITY' => PRODUCT_LIST_QUANTITY, 'PRODUCT_LIST_WEIGHT' => PRODUCT_LIST_WEIGHT, 'PRODUCT_LIST_IMAGE' => PRODUCT_LIST_IMAGE, 'PRODUCT_LIST_BUY_NOW' => PRODUCT_LIST_BUY_NOW); asort($define_list); $column_list = array(); reset($define_list); while (list($key, $value) = each($define_list)) { if ($value > 0) $column_list[] = $key; } $select_column_list = ''; for ($i=0, $n=sizeof($column_list); $i<$n; $i++) { switch ($column_list[$i]) { case 'PRODUCT_LIST_MODEL': $select_column_list .= 'p.products_model, '; break; case 'PRODUCT_LIST_MANUFACTURER': $select_column_list .= 'm.manufacturers_name, '; break; case 'PRODUCT_LIST_QUANTITY': $select_column_list .= 'p.products_quantity, '; break; case 'PRODUCT_LIST_IMAGE': $select_column_list .= 'p.products_image, '; break; case 'PRODUCT_LIST_WEIGHT': $select_column_list .= 'p.products_weight, '; break; } } $select_str = "select distinct " . $select_column_list . " m.manufacturers_id, p.products_id, pd.products_name, p.products_price, p.products_tax_class_id, IF(s.status, s.specials_new_products_price, NULL) as specials_new_products_price, IF(s.status, s.specials_new_products_price, p.products_price) as final_price "; if ( (DISPLAY_PRICE_WITH_TAX == 'true') && (tep_not_null($pfrom) || tep_not_null($pto)) ) { $select_str .= ", SUM(tr.tax_rate) as tax_rate "; } $from_str = "from ((" . TABLE_PRODUCTS . " p) left join " . TABLE_MANUFACTURERS . " m using(manufacturers_id), " . TABLE_PRODUCTS_DESCRIPTION . " pd) left join " . TABLE_SPECIALS . " s on p.products_id = s.products_id, " . TABLE_CATEGORIES . " c, " . TABLE_PRODUCTS_TO_CATEGORIES . " p2c"; if ( (DISPLAY_PRICE_WITH_TAX == 'true') && (tep_not_null($pfrom) || tep_not_null($pto)) ) { if (!tep_session_is_registered('customer_country_id')) { $customer_country_id = STORE_COUNTRY; $customer_zone_id = STORE_ZONE; } $from_str .= " left join " . TABLE_TAX_RATES . " tr on p.products_tax_class_id = tr.tax_class_id left join " . TABLE_ZONES_TO_GEO_ZONES . " gz on tr.tax_zone_id = gz.geo_zone_id and (gz.zone_country_id is null or gz.zone_country_id = '0' or gz.zone_country_id = '" . (int)$customer_country_id . "') and (gz.zone_id is null or gz.zone_id = '0' or gz.zone_id = '" . (int)$customer_zone_id . "')"; } $where_str = " where p.products_status = '1' and p.products_id = pd.products_id and pd.language_id = '" . (int)$languages_id . "' and p.products_id = p2c.products_id and p2c.categories_id = c.categories_id "; if (isset($HTTP_POST_VARS['categories_id']) && tep_not_null($HTTP_POST_VARS['categories_id'])) { if (isset($HTTP_POST_VARS['inc_subcat']) && ($HTTP_POST_VARS['inc_subcat'] == '1')) { $subcategories_array = array(); tep_get_subcategories($subcategories_array, $HTTP_POST_VARS['categories_id']); $where_str .= " and p2c.products_id = p.products_id and p2c.products_id = pd.products_id and (p2c.categories_id = '" . (int)$HTTP_POST_VARS['categories_id'] . "'"; for ($i=0, $n=sizeof($subcategories_array); $i<$n; $i++ ) { $where_str .= " or p2c.categories_id = '" . (int)$subcategories_array[$i] . "'"; } $where_str .= ")"; } else { $where_str .= " and p2c.products_id = p.products_id and p2c.products_id = pd.products_id and pd.language_id = '" . (int)$languages_id . "' and p2c.categories_id = '" . (int)$HTTP_POST_VARS['categories_id'] . "'"; } } if (isset($HTTP_POST_VARS['manufacturers_id']) && tep_not_null($HTTP_POST_VARS['manufacturers_id'])) { $where_str .= " and m.manufacturers_id = '" . (int)$HTTP_POST_VARS['manufacturers_id'] . "'"; } if (isset($search_keywords) && (sizeof($search_keywords) > 0)) { $where_str .= " and ("; for ($i=0, $n=sizeof($search_keywords); $i<$n; $i++ ) { switch ($search_keywords[$i]) { case '(': case ')': case 'and': case 'or': $where_str .= " " . $search_keywords[$i] . " "; break; default: $keyword = tep_db_prepare_input($search_keywords[$i]); $where_str .= "(pd.products_name like '%" . tep_db_input($keyword) . "%' or p.products_model like '%" . tep_db_input($keyword) . "%' or m.manufacturers_name like '%" . tep_db_input($keyword) . "%'"; if (isset($HTTP_POST_VARS['search_in_description']) && ($HTTP_POST_VARS['search_in_description'] == '1')) $where_str .= " or pd.products_description like '%" . tep_db_input($keyword) . "%'"; $where_str .= ')'; break; } } $where_str .= " )"; } if (tep_not_null($pfrom)) { if ($currencies->is_set($currency)) { $rate = $currencies->get_value($currency); $pfrom = $pfrom / $rate; } } if (tep_not_null($pto)) { if (isset($rate)) { $pto = $pto / $rate; } } if (DISPLAY_PRICE_WITH_TAX == 'true') { if ($pfrom > 0) $where_str .= " and (IF(s.status, s.specials_new_products_price, p.products_price) * if(gz.geo_zone_id is null, 1, 1 + (tr.tax_rate / 100) ) >= " . (double)$pfrom . ")"; if ($pto > 0) $where_str .= " and (IF(s.status, s.specials_new_products_price, p.products_price) * if(gz.geo_zone_id is null, 1, 1 + (tr.tax_rate / 100) ) <= " . (double)$pto . ")"; } else { if ($pfrom > 0) $where_str .= " and (IF(s.status, s.specials_new_products_price, p.products_price) >= " . (double)$pfrom . ")"; if ($pto > 0) $where_str .= " and (IF(s.status, s.specials_new_products_price, p.products_price) <= " . (double)$pto . ")"; } if ( (DISPLAY_PRICE_WITH_TAX == 'true') && (tep_not_null($pfrom) || tep_not_null($pto)) ) { $where_str .= " group by p.products_id, tr.tax_priority"; } if ( (!isset($HTTP_POST_VARS['sort'])) || (!ereg('[1-8][ad]', $HTTP_POST_VARS['sort'])) || (substr($HTTP_POST_VARS['sort'], 0, 1) > sizeof($column_list)) ) { for ($i=0, $n=sizeof($column_list); $i<$n; $i++) { if ($column_list[$i] == 'PRODUCT_LIST_NAME') { $HTTP_POST_VARS['sort'] = $i+1 . 'a'; $order_str = ' order by pd.products_name'; break; } } } else { $sort_col = substr($HTTP_POST_VARS['sort'], 0 , 1); $sort_order = substr($HTTP_POST_VARS['sort'], 1); $order_str = ' order by '; switch ($column_list[$sort_col-1]) { case 'PRODUCT_LIST_MODEL': $order_str .= "p.products_model " . ($sort_order == 'd' ? "desc" : "") . ", pd.products_name"; break; case 'PRODUCT_LIST_NAME': $order_str .= "pd.products_name " . ($sort_order == 'd' ? "desc" : ""); break; case 'PRODUCT_LIST_MANUFACTURER': $order_str .= "m.manufacturers_name " . ($sort_order == 'd' ? "desc" : "") . ", pd.products_name"; break; case 'PRODUCT_LIST_QUANTITY': $order_str .= "p.products_quantity " . ($sort_order == 'd' ? "desc" : "") . ", pd.products_name"; break; case 'PRODUCT_LIST_IMAGE': $order_str .= "pd.products_name"; break; case 'PRODUCT_LIST_WEIGHT': $order_str .= "p.products_weight " . ($sort_order == 'd' ? "desc" : "") . ", pd.products_name"; break; case 'PRODUCT_LIST_PRICE': $order_str .= "final_price " . ($sort_order == 'd' ? "desc" : "") . ", pd.products_name"; break; } } $listing_sql = $select_str . $from_str . $where_str . $order_str; } $listing_split = new splitPageResults($listing_sql, $hold_max_pages, 'p.products_id'); if (($listing_split->number_of_rows > 0) && ((PREV_NEXT_BAR_LOCATION == '1') || (PREV_NEXT_BAR_LOCATION == '3'))) { ?> <div class="infoBoxContents" style="padding:0.5em; text-align:center;"> <form name="filter" action="<?php echo tep_href_link(basename($PHP_SELF),tep_get_all_get_params(array('pfrom', 'pto', 'refine', 'page', 'info', 'x', 'y', 'manufacturers_id'))); ?>" method="post"> <label for="pfrom" class="fieldKey"><?=PRICE_RANGE?></label> <input id="pfrom" name="pfrom" value="<?=PRICE_FROM?>" class="fieldValue" style="width:5em" /> - <input id="pto" name="pto" value="<?=PRICE_TO?>" class="fieldValue" style="width:5em" /> <input id="refine" type='text' name='refine' value="<?=REFINE_RESULTS?>" style='width:42%;' class="fieldValue" /> <?php echo tep_draw_hidden_field('categories_id', (int)$current_category_id) . tep_draw_hidden_field('search_in_description', '1') . tep_image_submit('button_search.gif', IMAGE_BUTTON_SEARCH, "id='subsearch' name='subsearch' style='margin:0 5px;'"); ?> <div style="display:inline-block; width:49%; margin: 0.5em 0; text-align:center;"> <?php // optional Product List Filter if (PRODUCT_LIST_FILTER > 0) { $filterlist_sql = "select distinct m.manufacturers_id as id, m.manufacturers_name as name from " . TABLE_PRODUCTS . " p, " . TABLE_PRODUCTS_TO_CATEGORIES . " p2c, " . TABLE_MANUFACTURERS . " m where p.products_status = '1' and p.manufacturers_id = m.manufacturers_id and p.products_id = p2c.products_id and p2c.categories_id = '" . (int)$current_category_id . "' order by m.manufacturers_name"; $filterlist_query = tep_db_query($filterlist_sql); if (tep_db_num_rows($filterlist_query) > 1) { echo tep_draw_hidden_field('cPath', $cPath); $options = array(array('id' => '', 'text' => TEXT_ALL_MANUFACTURERS)); echo tep_draw_hidden_field('sort', $HTTP_POST_VARS['sort']); while ($filterlist = tep_db_fetch_array($filterlist_query)) { $options[] = array('id' => $filterlist['id'], 'text' => $filterlist['name']); } echo tep_draw_pull_down_menu('manufacturers_id', $options, (isset($HTTP_POST_VARS['manufacturers_id']) ? $HTTP_POST_VARS['manufacturers_id'] : ''), 'onchange="this.form.submit()"'); } } ?> </div><div style="display:inline-block; width:49%; margin: 0.5em 0; text-align:center;"> <?php $all = $listing_split->number_of_rows; $page_options = array(array('id' => $hold_max_pages, 'text' => sprintf(SHOWING_RESULTS, $hold_max_pages))); $page_options[] = array('id' => $all, 'text' => sprintf(SHOW_RESULTS, 'All') . " ($all)"); $page_options[] = array('id' => 5, 'text' => sprintf(SHOW_RESULTS, 5)); $page_options[] = array('id' => 15, 'text' => sprintf(SHOW_RESULTS, 15)); $page_options[] = array('id' => 25, 'text' => sprintf(SHOW_RESULTS, 25)); $page_options[] = array('id' => 50, 'text' => sprintf(SHOW_RESULTS, 50)); echo tep_hide_session_id(); echo tep_draw_pull_down_menu('max_pages', $page_options, '', 'onchange="this.form.submit()"'); ?> </div> </form> <div> </div> </div> <div class="smallText" style="display:inline-block; width:49%;"><?php echo $listing_split->display_count(TEXT_DISPLAY_NUMBER_OF_PRODUCTS); ?></div> <div class="smallText" style="display:inline-block; width:49%; text-align:right;"><?php echo TEXT_RESULT_PAGE . ' ' . $listing_split->display_links(MAX_DISPLAY_PAGE_LINKS, tep_get_all_get_params(array('page', 'info', 'x', 'y'))); ?></div> <?php } ?> Why are'nt u using the latest of the filterlist contrib? Are u using the latest of Security Pro that removes % Have u tried adding the post cleaning ? Link to comment Share on other sites More sharing options...
spooks Posted November 15, 2009 Share Posted November 15, 2009 Can u confirm the precise remaining error, and that the filterlist or advanced search have not been placed in the Security Pro exclusion list. Sam Remember, What you think I ment may not be what I thought I ment when I said it. Contributions: Auto Backup your Database, Easy way Multi Images with Fancy Pop-ups, Easy way Products in columns with multi buy etc etc Disable any Category or Product, Easy way Secure & Improve your account pages et al. Link to comment Share on other sites More sharing options...
maxtors Posted November 15, 2009 Author Share Posted November 15, 2009 If i use the _post filterlist i get, SQL Injection Vulnerability in MySQL Database Potentially Exploitable Database Error Message MySQL Database Error Disclosure Vulnerability and i have not added filterlist or advanced search to security pro exclusion list i just added payment mods Can u confirm the precise remaining error, and that the filterlist or advanced search have not been placed in the Security Pro exclusion list. Link to comment Share on other sites More sharing options...
ken0306 Posted December 9, 2009 Share Posted December 9, 2009 It happen to my Mcafee account too today, so have you guys find out the way to fix it? Link to comment Share on other sites More sharing options...
maxtors Posted December 25, 2009 Author Share Posted December 25, 2009 Did you find a Fix? It happen to my Mcafee account too today, so have you guys find out the way to fix it? Link to comment Share on other sites More sharing options...
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.