Add a check for a altered database id in the query. Fixes the problem reported in the issue but there may be a lot more to do.

fix #216
This commit is contained in:
Sébastien Lucas 2015-10-14 17:46:59 +02:00
parent 5fb661f195
commit 933292553d

View file

@ -1264,6 +1264,9 @@ abstract class Base
global $config; global $config;
if (self::isMultipleDatabaseEnabled ()) { if (self::isMultipleDatabaseEnabled ()) {
if (is_null ($database)) $database = GetUrlParam (DB, 0); if (is_null ($database)) $database = GetUrlParam (DB, 0);
if (!is_null($database) && !preg_match('/^\d+$/', $database)) {
return self::error ($database);
}
$array = array_keys ($config['calibre_directory']); $array = array_keys ($config['calibre_directory']);
return $array[$database]; return $array[$database];
} }
@ -1274,6 +1277,9 @@ abstract class Base
global $config; global $config;
if (self::isMultipleDatabaseEnabled ()) { if (self::isMultipleDatabaseEnabled ()) {
if (is_null ($database)) $database = GetUrlParam (DB, 0); if (is_null ($database)) $database = GetUrlParam (DB, 0);
if (!is_null($database) && !preg_match('/^\d+$/', $database)) {
return self::error ($database);
}
$array = array_values ($config['calibre_directory']); $array = array_values ($config['calibre_directory']);
return $array[$database]; return $array[$database];
} }
@ -1285,11 +1291,11 @@ abstract class Base
return self::getDbDirectory ($database) .'metadata.db'; return self::getDbDirectory ($database) .'metadata.db';
} }
private static function error () { private static function error ($database) {
if (php_sapi_name() != "cli") { if (php_sapi_name() != "cli") {
header("location: checkconfig.php?err=1"); header("location: checkconfig.php?err=1");
} }
throw new Exception('Database not found.'); throw new Exception("Database <{$database}> not found.");
} }
public static function getDb ($database = NULL) { public static function getDb ($database = NULL) {
@ -1301,10 +1307,10 @@ abstract class Base
self::$db->sqliteCreateFunction ('normAndUp', 'normAndUp', 1); self::$db->sqliteCreateFunction ('normAndUp', 'normAndUp', 1);
} }
} else { } else {
self::error (); self::error ($database);
} }
} catch (Exception $e) { } catch (Exception $e) {
self::error (); self::error ($database);
} }
} }
return self::$db; return self::$db;