[3.2.5] SQL injection #1575

This commit is contained in:
Coen Jacobs 2012-10-18 15:37:04 +02:00
parent 1ab98042a6
commit 9ecb20f259
5 changed files with 19 additions and 19 deletions

View File

@ -1068,22 +1068,22 @@ class WC_Product {
global $wpdb;
$count = $wpdb->get_var("
$count = $wpdb->get_var( $wpdb->prepare("
SELECT COUNT(meta_value) FROM $wpdb->commentmeta
LEFT JOIN $wpdb->comments ON $wpdb->commentmeta.comment_id = $wpdb->comments.comment_ID
WHERE meta_key = 'rating'
AND comment_post_ID = $this->id
AND comment_post_ID = %d
AND comment_approved = '1'
AND meta_value > 0
");
"), $this->id );
$ratings = $wpdb->get_var("
$ratings = $wpdb->get_var( $wpdb->prepare("
SELECT SUM(meta_value) FROM $wpdb->commentmeta
LEFT JOIN $wpdb->comments ON $wpdb->commentmeta.comment_id = $wpdb->comments.comment_ID
WHERE meta_key = 'rating'
AND comment_post_ID = $this->id
AND comment_post_ID = %d
AND comment_approved = '1'
");
"), $this->id );
if ( $count>0 ) :
$average_rating = number_format($ratings / $count, 2);
@ -1622,7 +1622,7 @@ class WC_Product {
*/
function grouped_product_sync() {
global $wpdb, $woocommerce;
$post_parent = $wpdb->get_var("SELECT post_parent FROM $wpdb->posts WHERE ID = $this->id;");
$post_parent = $wpdb->get_var( $wpdb->prepare( "SELECT post_parent FROM $wpdb->posts WHERE ID = %d;"), $this->id );
if (!$post_parent) return;

View File

@ -17,22 +17,22 @@ if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
if ( get_option('woocommerce_enable_review_rating') == 'yes' ) {
$count = $wpdb->get_var("
$count = $wpdb->get_var( $wpdb->prepare("
SELECT COUNT(meta_value) FROM $wpdb->commentmeta
LEFT JOIN $wpdb->comments ON $wpdb->commentmeta.comment_id = $wpdb->comments.comment_ID
WHERE meta_key = 'rating'
AND comment_post_ID = $post->ID
AND comment_post_ID = %d
AND comment_approved = '1'
AND meta_value > 0
");
"), $post->ID );
$rating = $wpdb->get_var("
$rating = $wpdb->get_var( $wpdb->prepare("
SELECT SUM(meta_value) FROM $wpdb->commentmeta
LEFT JOIN $wpdb->comments ON $wpdb->commentmeta.comment_id = $wpdb->comments.comment_ID
WHERE meta_key = 'rating'
AND comment_post_ID = $post->ID
AND comment_post_ID = %d
AND comment_approved = '1'
");
"), $post->ID );
if ( $count > 0 ) {

View File

@ -1323,13 +1323,13 @@ function woocommerce_product_ordering() {
$nextid = isset( $_POST['nextid'] ) ? $_POST['nextid'] : false;
$new_pos = array(); // store new positions for ajax
$siblings = $wpdb->get_results("
SELECT ID, menu_order FROM {$wpdb->posts} AS posts
$siblings = $wpdb->get_results( $wpdb->prepare("
SELECT ID, menu_order FROM %s AS posts
WHERE posts.post_type = 'product'
AND posts.post_status IN ( 'publish', 'pending', 'draft', 'future', 'private' )
AND posts.ID NOT IN ( {$post->ID} )
AND posts.ID NOT IN (%s)
ORDER BY posts.menu_order ASC, posts.ID DESC
");
"), $wpdb->posts, $post->ID );
$menu_order = 0;

View File

@ -806,7 +806,7 @@ function woocommerce_download_product() {
$product_id = (int) urldecode($_GET['download_file']);
$order_key = urldecode( $_GET['order'] );
$email = str_replace( ' ', '+', urldecode( $_GET['email'] ) );
$email = sanitize_email( str_replace( ' ', '+', urldecode( $_GET['email'] ) ) );
$download_id = isset( $_GET['key'] ) ? urldecode( $_GET['key'] ) : ''; // backwards compatibility for existing download URLs
$_product = new WC_Product( $product_id );

View File

@ -1421,7 +1421,7 @@ class Woocommerce {
function get_attribute_taxonomies() {
global $wpdb;
if ( ! $this->attribute_taxonomies )
$this->attribute_taxonomies = $wpdb->get_results("SELECT * FROM " . $wpdb->prefix . "woocommerce_attribute_taxonomies;" );
$this->attribute_taxonomies = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM " . $wpdb->prefix . "woocommerce_attribute_taxonomies" ) );
return apply_filters( 'woocommerce_attribute_taxonomies', $this->attribute_taxonomies );
}