Steve-Dee-Designs
/
woocommerce
mirror of https://github.com/woocommerce/woocommerce.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

remove extract and sanitize orderby against whitelist

This commit is contained in:
Mike Jolley 2017-03-31 11:15:55 +01:00
parent 1cd85b1b9b
commit a443419006
1 changed files with 15 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
includes/data-stores/class-wc-customer-download-data-store.php
View File

@ -214,38 +214,37 @@ class WC_Customer_Download_Data_Store implements WC_Customer_Download_Data_Store
'return' => 'objects',
) );
extract( $args );
$query = array();
$query[] = "SELECT * FROM {$wpdb->prefix}woocommerce_downloadable_product_permissions WHERE 1=1";
if ( $user_email ) {
$query[] = $wpdb->prepare( "AND user_email = %s", $user_email );
if ( $args['user_email'] ) {
$query[] = $wpdb->prepare( "AND user_email = %s", sanitize_email( $args['user_email'] ) );
}
if ( $order_id ) {
$query[] = $wpdb->prepare( "AND order_id = %d", $order_id );
if ( $args['order_id'] ) {
$query[] = $wpdb->prepare( "AND order_id = %d", $args['order_id'] );
}
if ( $order_key ) {
$query[] = $wpdb->prepare( "AND order_key = %s", $order_key );
if ( $args['order_key'] ) {
$query[] = $wpdb->prepare( "AND order_key = %s", $args['order_key'] );
}
if ( $product_id ) {
$query[] = $wpdb->prepare( "AND product_id = %d", $product_id );
if ( $args['product_id'] ) {
$query[] = $wpdb->prepare( "AND product_id = %d", $args['product_id'] );
}
$orderby = esc_sql( $orderby );
$order = esc_sql( $order );
$query[] = "ORDER BY {$orderby} {$order}";
$order = in_array( $args['order'], array( 'permission_id', 'download_id', 'product_id', 'order_id', 'order_key', 'user_email', 'user_id', 'downloads_remaining', 'access_granted', 'access_expires', 'download_count' ) ) ? $args['order'] : 'permission_id';
$orderby = 'DESC' === strtoupper( $args['orderby'] ) ? 'DESC' : 'ASC';
$orderby_sql = sanitize_sql_orderby( "{$orderby} {$order}" );
$query[] = "ORDER BY {$orderby_sql}";
if ( 0 < $limit ) {
$query[] = $wpdb->prepare( "LIMIT %d", $limit );
if ( 0 < $args['limit'] ) {
$query[] = $wpdb->prepare( "LIMIT %d", $args['limit'] );
}
$raw_downloads = $wpdb->get_results( implode( ' ', $query ) );
switch ( $return ) {
switch ( $args['return'] ) {
case 'ids' :
return wp_list_pluck( $raw_downloads, 'permission_id' );
default :