Skip to content

Commit 22bb81d

Browse files
AngelFQCAngelFQC
committed
Security: Improve database query handling in CourseSelectForm by using parameterized queries and simplifying SQL logic
1 parent fd0f2a9 commit 22bb81d

File tree

1 file changed

+35
-31
lines changed

1 file changed

+35
-31
lines changed

src/Chamilo/CourseBundle/Component/CourseCopy/CourseSelectForm.php

Lines changed: 35 additions & 31 deletions
Original file line numberDiff line numberDiff line change
@@ -556,46 +556,50 @@ public static function get_posted_course(?string $from = '', $session_id = 0, $c
556556
if (is_array($resource)) {
557557
$resource = array_keys($resource);
558558
foreach ($resource as $resource_item) {
559-
$conditionSession = '';
559+
$whereConditions = [
560+
'd.c_id = ?' => [$course_id],
561+
'tool = ?' => [TOOL_DOCUMENT],
562+
'p.visibility <> ?' => [2],
563+
'd.id = ?' => [$resource_item],
564+
];
565+
560566
if (!empty($session_id)) {
561567
$session_id = (int) $session_id;
562-
$conditionSession = ' AND d.session_id ='.$session_id;
568+
$whereConditions['d.session_id = ?'] = [$session_id];
563569
}
564570

565-
$sql = 'SELECT d.id, d.path, d.comment, d.title, d.filetype, d.size
566-
FROM '.$table_doc.' d
567-
INNER JOIN '.$table_prop.' p
568-
ON (d.c_id = p.c_id)
569-
WHERE
570-
d.c_id = '.$course_id.' AND
571-
p.c_id = '.$course_id.' AND
572-
tool = \''.TOOL_DOCUMENT.'\' AND
573-
p.ref = d.id AND p.visibility != 2 AND
574-
d.id = '.$resource_item.$conditionSession.'
575-
ORDER BY path';
576-
$db_result = Database::query($sql);
577-
while ($obj = Database::fetch_object($db_result)) {
571+
$db_result = Database::select(
572+
['d.id', 'd.path', 'd.comment', 'd.title', 'd.filetype', 'd.size'],
573+
'FROM '.$table_doc.' d INNER JOIN '.$table_prop.' p ON (d.c_id = p.c_id AND p.ref = d.id)',
574+
[
575+
'where' => $whereConditions,
576+
'order' => 'path',
577+
]
578+
);
579+
580+
foreach ($db_result as $obj) {
578581
$doc = new Document(
579-
$obj->id,
580-
$obj->path,
581-
$obj->comment,
582-
$obj->title,
583-
$obj->filetype,
584-
$obj->size
582+
$obj['id'],
583+
$obj['path'],
584+
$obj['comment'],
585+
$obj['title'],
586+
$obj['filetype'],
587+
$obj['size']
585588
);
586589
if ($doc) {
587590
$course->add_resource($doc);
588591
// adding item property
589-
$sql = "SELECT * FROM $table_prop
590-
WHERE
591-
c_id = $course_id AND
592-
tool = '".RESOURCE_DOCUMENT."' AND
593-
ref = $resource_item ";
594-
$res = Database::query($sql);
595-
$all_properties = [];
596-
while ($item_property = Database::fetch_array($res, 'ASSOC')) {
597-
$all_properties[] = $item_property;
598-
}
592+
$all_properties = Database::select(
593+
'*',
594+
$table_prop,
595+
[
596+
'where' => [
597+
'c_id = ?' => $course_id,
598+
'tool = ?' => RESOURCE_DOCUMENT,
599+
'ref = ?' => $resource_item,
600+
],
601+
]
602+
);
599603
$course->resources[RESOURCE_DOCUMENT][$resource_item]->item_properties = $all_properties;
600604
}
601605
}

0 commit comments

Comments
 (0)