* Multiple Vulnerabilities * * SQL Injection - $_POST['products_id'] * SQL Injection - $_POST['id'] * * Please Note : This file should be placed in includes/extra_configures and will automatically load. * */ if (isset($_POST['id']) && is_array($_POST['id']) && count($_POST['id']) > 0) { $_POST['id'] = securityPatchSanitizePostVariableId($_POST['id']); } if (isset($_POST['products_id']) && is_array($_POST['products_id']) && count($_POST['products_id']) > 0) { $_POST['products_id'] = securityPatchSanitizePostVariableProductsId($_POST['products_id']); } if (isset($_POST['notify']) && is_array($_POST['notify']) && count($_POST['notify']) > 0) { $_POST['notify'] = securityPatchSanitizePostVariableProductsId($_POST['notify']); } function securityPatchSanitizePostVariableId($arrayToSanitize) { foreach ($arrayToSanitize as $key => $variableToSanitize) { if (is_integer($key)) { if (is_array($arrayToSanitize[$key])) { $arrayToSanitize[$key] = securityPatchSanitizePostVariableId($arrayToSanitize[$key]); } else { $arrayToSanitize[$key] = (int) $variableToSanitize; } } if (preg_replace('/[0-9a-zA-z:_]/', '', $key) != '') { unset($arrayToSanitize[$key]); } }
* * SQL Injection - $_POST['products_id'] * SQL Injection - $_POST['id'] * * Please Note : This file should be placed in includes/extra_configures and will automatically load. * */ if (isset($_POST['id']) && is_array($_POST['id']) && count($_POST['id']) > 0) { $_POST['id'] = securityPatchSanitizePostVariableId($_POST['id']); } if (isset($_POST['products_id']) && is_array($_POST['products_id']) && count($_POST['products_id']) > 0) { $_POST['products_id'] = securityPatchSanitizePostVariableProductsId($_POST['products_id']); } // -> #21373 if (isset($_POST['cart_quantity']) && is_array($_POST['cart_quantity']) && count($_POST['cart_quantity']) > 0) { $_POST['cart_quantity'] = securityPatchSanitizePostVariableProductsId($_POST['cart_quantity']); } if (isset($_POST['cart_quantity']) && !is_array($_POST['cart_quantity'])) { $_POST['cart_quantity'] = mb_convert_kana($_POST['cart_quantity'], "a", "EUC-JP"); } // <- #21373 function securityPatchSanitizePostVariableId($arrayToSanitize) { foreach ($arrayToSanitize as $key => $variableToSanitize) { if (is_integer($key)) { if (is_array($arrayToSanitize[$key])) { $arrayToSanitize[$key] = securityPatchSanitizePostVariableId($arrayToSanitize[$key]); } else { $arrayToSanitize[$key] = (int) $variableToSanitize; } }
/** * Security Patch * * Multiple Vulnerabilities * * SQL Injection - $_POST['products_id'] * SQL Injection - $_POST['id'] * * Please Note : This file should be placed in includes/extra_configures and will automatically load. * */ if (isset($_POST['id']) && is_array($_POST['id']) && count($_POST['id']) > 0) { $_POST['id'] = securityPatchSanitizePostVariableId($_POST['id']); } if (isset($_POST['products_id']) && is_array($_POST['products_id']) && count($_POST['products_id']) > 0) { $_POST['products_id'] = securityPatchSanitizePostVariableProductsId($_POST['products_id']); } function securityPatchSanitizePostVariableId($arrayToSanitize) { foreach ($arrayToSanitize as $key => $variableToSanitize) { if (is_integer($key)) { if (is_array($arrayToSanitize[$key])) { $arrayToSanitize[$key] = securityPatchSanitizePostVariableId($arrayToSanitize[$key]); } else { $arrayToSanitize[$key] = (int) $variableToSanitize; } } if (ereg_replace('[0-9a-zA-z:_]', '', $key) != '') { unset($arrayToSanitize[$key]); } }