From 5706ce20b7d54739a1239f6f1527bf6594218754 Mon Sep 17 00:00:00 2001
From: Juan Ferrer Toribio <juan.ferrer.toribio@gmail.com>
Date: Wed, 18 Feb 2015 17:13:23 +0100
Subject: [PATCH] Fallos de seguridad solucionados

---
 package/DEBIAN/control                  |  2 +-
 package/usr/share/php/vn/db/conn.php    | 87 +++++++++++++++++++++++--
 package/usr/share/php/vn/db/db.php      |  2 +-
 package/usr/share/php/vn/lib/type.php   |  6 +-
 package/usr/share/php/vn/sql/render.php | 57 ----------------
 package/usr/share/php/vn/sql/sql.php    |  7 --
 package/usr/share/php/vn/sql/value.php  | 41 ------------
 7 files changed, 87 insertions(+), 115 deletions(-)
 delete mode 100755 package/usr/share/php/vn/sql/render.php
 delete mode 100755 package/usr/share/php/vn/sql/sql.php
 delete mode 100755 package/usr/share/php/vn/sql/value.php

diff --git a/package/DEBIAN/control b/package/DEBIAN/control
index 435ada1..5c0ec03 100644
--- a/package/DEBIAN/control
+++ b/package/DEBIAN/control
@@ -1,5 +1,5 @@
 Package: php-vn-lib
-Version: 1.0-7
+Version: 1.0-10
 Architecture: all
 Maintainer: Juan Ferrer Toribio <juan@verdnatura.es>
 Depends: php5-mysql
diff --git a/package/usr/share/php/vn/db/conn.php b/package/usr/share/php/vn/db/conn.php
index 991f691..5208e02 100755
--- a/package/usr/share/php/vn/db/conn.php
+++ b/package/usr/share/php/vn/db/conn.php
@@ -2,11 +2,9 @@
 
 namespace Vn\Db;
 
-require_once ('vn/sql/sql.php');
+require_once ('vn/lib/type.php');
 require_once ('vn/db/exception.php');
 
-use Vn\Sql\Render;
-
 class Conn
 {
 	private $conn = NULL;
@@ -125,7 +123,7 @@ class Conn
 	 **/
 	function query ($query, $params = NULL)
 	{
-		$result = $this->conn->query (Render::toString ($query, $params));
+		$result = $this->conn->query ($this->render ($query, $params));
 		
 		if (!$result)
 			$this->checkError ();
@@ -146,7 +144,7 @@ class Conn
 	 **/
 	function multiQuery ($query, $params = NULL)
 	{
-		$success = $this->conn->multi_query (Render::toString ($query, $params));
+		$success = $this->conn->multi_query ($this->render ($query, $params));
 		
 		if (!$success)
 			$this->checkError ();
@@ -217,6 +215,85 @@ class Conn
 		
 		return NULL;
 	}
+
+	/**
+	 * Renders an SQL string using the given parameters.
+	 *
+	 * @param string $query The SQL string
+	 * @param mixed[] $paramsMap The query parameters
+	 *
+	 * @return mixed The rendered SQL string
+	 **/
+	function render (&$query, &$paramsMap = NULL)
+	{
+		if (isset ($paramsMap) && is_array ($paramsMap) && count ($paramsMap) > 0)
+		{
+			$i = 0;
+			$params = [];
+	
+			foreach ($paramsMap as $key => $value)
+				$params[$key] = $this->renderValue ($value);
+				
+			$replaceFunc = function ($matches) use (&$params, &$i)
+			{
+				$key = substr ($matches[0], 1);
+				
+				if (strlen ($key) == 0)
+					$key = $i++;	
+				if (isset ($params[$key]))
+					return $params[$key];
+			
+				return '#'. $key;
+			};
+
+			return preg_replace_callback ('/#\w*/', $replaceFunc, $query);
+		}
+		else
+			return $query;
+	}
+	
+	function renderValue ($value)
+	{
+		if ($value !== NULL)
+		switch (get_type ($value))
+		{
+			case TYPE_BOOLEAN:
+				return ($value) ? 'TRUE' : 'FALSE';
+			case TYPE_STRING:
+				return '\'' . $this->conn->escape_string ($value) . '\'';
+			case TYPE_DATE:
+				return strftime ('\'%Y-%m-%d\'', $value->getTimestamp ());
+			case TYPE_TIME:
+				return strftime ('\'%T\'', $value->getTimestamp ());
+			case TYPE_DATE_TIME:
+				return strftime ('\'%Y-%m-%d %T\'', $value->getTimestamp ());
+			default:
+				return $this->conn->escape_string ($value);
+		}
+		else
+			return 'NULL';
+	}
+
+	/**
+	 * Renders an SQL string using sprintf like style.
+	 * DEPRECATED
+	 *
+	 * @return mixed The rendered SQL string
+	 **/
+	static function renderf ($arg)
+	{
+		$count = count ($arg);
+
+		if ($count > 1)
+		{
+			for ($i = 1; $i < $count; $i++)
+				$arg[$i] = $this->renderValue ($arg[$i]);
+
+			return call_user_func_array ('sprintf', $arg);
+		}
+		else
+			return $arg[0];
+	}
 }
 
 ?>
diff --git a/package/usr/share/php/vn/db/db.php b/package/usr/share/php/vn/db/db.php
index aa3dad7..a6dfe80 100755
--- a/package/usr/share/php/vn/db/db.php
+++ b/package/usr/share/php/vn/db/db.php
@@ -1,6 +1,6 @@
 <?php
 
-require_once ('vn/sql/sql.php');
+require_once ('vn/lib/lib.php');
 require_once ('vn/db/conn.php');
 
 ?>
diff --git a/package/usr/share/php/vn/lib/type.php b/package/usr/share/php/vn/lib/type.php
index 2268f39..f91f5f2 100755
--- a/package/usr/share/php/vn/lib/type.php
+++ b/package/usr/share/php/vn/lib/type.php
@@ -16,14 +16,14 @@ class Date extends DateTime {}
 
 function get_type ($value)
 {
-	if (is_int ($value))
+	if (is_bool ($value))
+		return TYPE_BOOLEAN;
+	elseif (is_int ($value))
 		return TYPE_INTEGER;
 	elseif (is_float ($value))
 		return TYPE_DOUBLE;
 	elseif (is_string ($value))
 		return TYPE_STRING;
-	elseif (is_bool ($value))
-		return TYPE_BOOLEAN;
 	elseif (is_object ($value))
 	{
 		if ($value instanceof Time)
diff --git a/package/usr/share/php/vn/sql/render.php b/package/usr/share/php/vn/sql/render.php
deleted file mode 100755
index 499e7e6..0000000
--- a/package/usr/share/php/vn/sql/render.php
+++ /dev/null
@@ -1,57 +0,0 @@
-<?php
-
-namespace Vn\Sql;
-
-require_once ('vn/lib/lib.php');
-require_once ('vn/sql/value.php');
-
-class Render
-{
-	static function toString (&$query, &$paramsMap = NULL)
-	{
-		if (isset ($paramsMap) && is_array ($paramsMap) && count ($paramsMap) > 0)
-		{
-			$i = 0;
-			$params = [];
-	
-			foreach ($paramsMap as $key => $value)
-				$params[$key] = (new Value ($value))->render ();
-				
-			$replaceFunc = function ($matches) use (&$params, &$i)
-			{
-				$key = substr ($matches[0], 1);
-				
-				if (strlen ($key) == 0)
-					$key = $i++;	
-				if (isset ($params[$key]))
-					return $params[$key];
-			
-				return '#'. $key;
-			};
-
-			return preg_replace_callback ('/#\w*/', $replaceFunc, $query);
-		}
-		else
-			return $query;
-	}
-
-	static function printf ($arg)
-	{
-		$count = count ($arg);
-
-		if ($count > 1)
-		{
-			for ($n = 1; $n < $count; $n++)
-			{
-				$obj = new Value ($arg[$n]);
-				$arg[$n] = $obj->render ();
-			}
-
-			return call_user_func_array ('sprintf', $arg);
-		}
-		else
-			return $arg[0];
-	}
-}
-
-?>
diff --git a/package/usr/share/php/vn/sql/sql.php b/package/usr/share/php/vn/sql/sql.php
deleted file mode 100755
index 9ffe66e..0000000
--- a/package/usr/share/php/vn/sql/sql.php
+++ /dev/null
@@ -1,7 +0,0 @@
-<?php
-
-require_once ('vn/lib/lib.php');
-require_once ('vn/sql/render.php');
-require_once ('vn/sql/value.php');
-
-?>
diff --git a/package/usr/share/php/vn/sql/value.php b/package/usr/share/php/vn/sql/value.php
deleted file mode 100755
index 5f61c82..0000000
--- a/package/usr/share/php/vn/sql/value.php
+++ /dev/null
@@ -1,41 +0,0 @@
-<?php
-
-namespace Vn\Sql;
-
-require_once ('vn/lib/lib.php');
-
-class Value
-{
-	var $value;
-	
-	function __construct ($value)
-	{
-		$this->value = $value;
-	}
-	
-	function render ()
-	{
-		$value = $this->value;
-	
-		if ($value === NULL)
-			return 'NULL';
-
-		switch (get_type ($value))
-		{
-			case TYPE_STRING:
-				return '\'' . addslashes ($value) . '\'';
-			case TYPE_DATE:
-				return strftime ('\'%Y-%m-%d\'', $value->getTimestamp ());
-			case TYPE_TIME:
-				return strftime ('\'%T\'', $value->getTimestamp ());
-			case TYPE_DATE_TIME:
-				return strftime ('\'%Y-%m-%d %T\'', $value->getTimestamp ());
-			case TYPE_BOOLEAN:
-				return ($value) ? 'TRUE' : 'FALSE';
-			default:
-				return $value;
-		}
-	}
-}
-
-?>