[Gemstracker-svn] SF.net SVN: gemstracker:[636] trunk/library/classes/Gems

[<gem...@li...>]

Revision: 636
          http://gemstracker.svn.sourceforge.net/gemstracker/?rev=636&view=rev
Author:   matijsdejong
Date:     2012-04-26 09:07:54 +0000 (Thu, 26 Apr 2012)
Log Message:
-----------
Fixes for attack pattern identified by Michiel

Modified Paths:
--------------
    trunk/library/classes/Gems/Registry/CachedArrayTargetAbstract.php
    trunk/library/classes/Gems/User/Organization.php

Modified: trunk/library/classes/Gems/Registry/CachedArrayTargetAbstract.php
===================================================================
--- trunk/library/classes/Gems/Registry/CachedArrayTargetAbstract.php	2012-04-25 14:43:30 UTC (rev 635)
+++ trunk/library/classes/Gems/Registry/CachedArrayTargetAbstract.php	2012-04-26 09:07:54 UTC (rev 636)
@@ -102,7 +102,7 @@
      * @return string
      */
     private function _getCacheId() {
-        return GEMS_PROJECT_NAME . '__' . get_class($this) . '__' . $this->_id;
+        return GEMS_PROJECT_NAME . '__' . get_class($this) . '__' . preg_replace('/[^a-zA-Z0-9_]/', '_', $this->_id);
     }
 
     /**

Modified: trunk/library/classes/Gems/User/Organization.php
===================================================================
--- trunk/library/classes/Gems/User/Organization.php	2012-04-25 14:43:30 UTC (rev 635)
+++ trunk/library/classes/Gems/User/Organization.php	2012-04-26 09:07:54 UTC (rev 636)
@@ -285,7 +285,7 @@
     {
         try {
             $sql = "SELECT * FROM gems__organizations WHERE gor_id_organization = ? LIMIT 1";
-            $data = $this->db->fetchRow($sql, $id);
+            $data = $this->db->fetchRow($sql, intval($id));
         } catch (Exception $e) {
             $data = false;
         }

This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.