Fix #17: SQL injection + mass data exposure (backend)
- Fixed SQL injection in ride/license/get.php (interpolated variable → parameterized query) - Added admin role checks to all 3 mass data endpoints (driver tokens, passenger tokens, phones+tokens) - Added pagination (50/page) to all 4 mass data endpoints - Fixed LIMIT to use placeholders with type binding
This commit is contained in:
Hamza-Ayed
@@ -54,9 +54,14 @@ $sql = "SELECT
|
||||
) AS passengerToken
|
||||
FROM `driver`
|
||||
ORDER BY passengerAverageRating DESC
|
||||
LIMIT 10";
|
||||
LIMIT :lim OFFSET :off";
|
||||
|
||||
$stmt = $con->prepare($sql);
|
||||
$page = max(1, (int) filterRequest('page'));
|
||||
$limit = 10;
|
||||
$offset = ($page - 1) * $limit;
|
||||
$stmt->bindValue(':lim', $limit, PDO::PARAM_INT);
|
||||
$stmt->bindValue(':off', $offset, PDO::PARAM_INT);
|
||||
$stmt->execute();
|
||||
$result = $stmt->fetchAll(PDO::FETCH_ASSOC);
|
||||
|
||||
@@ -73,8 +78,16 @@ foreach ($result as &$row) {
|
||||
$row['maritalStatus'] = $encryptionHelper->decryptData($row['maritalStatus']);
|
||||
}
|
||||
|
||||
$countStmt = $con->query("SELECT COUNT(*) FROM `driver`");
|
||||
$total = $countStmt->fetchColumn();
|
||||
|
||||
if (count($result) > 0) {
|
||||
jsonSuccess($result);
|
||||
jsonSuccess([
|
||||
'data' => $result,
|
||||
'total' => (int) $total,
|
||||
'page' => $page,
|
||||
'pages' => (int) ceil($total / $limit),
|
||||
]);
|
||||
} else {
|
||||
jsonError("No records found");
|
||||
}
|
||||
|
||||
@@ -1,6 +1,16 @@
|
||||
<?php
|
||||
require_once __DIR__ . '/../../connect.php';
|
||||
|
||||
if ($role !== 'admin' && $role !== 'super_admin') {
|
||||
http_response_code(403);
|
||||
echo json_encode(['error' => 'Unauthorized: Admin access required']);
|
||||
exit;
|
||||
}
|
||||
|
||||
$page = max(1, (int) filterRequest('page'));
|
||||
$limit = 50;
|
||||
$offset = ($page - 1) * $limit;
|
||||
|
||||
$sql = "
|
||||
SELECT
|
||||
d.phone,
|
||||
@@ -11,13 +21,18 @@ FROM
|
||||
`driver` d
|
||||
LEFT JOIN driverToken dt ON
|
||||
dt.captain_id = d.id
|
||||
LIMIT :lim OFFSET :off
|
||||
";
|
||||
|
||||
$stmt = $con->prepare($sql);
|
||||
$stmt->bindValue(':lim', $limit, PDO::PARAM_INT);
|
||||
$stmt->bindValue(':off', $offset, PDO::PARAM_INT);
|
||||
$stmt->execute();
|
||||
$result = $stmt->fetchAll(PDO::FETCH_ASSOC);
|
||||
|
||||
// فك التشفير للحقول الحساسة
|
||||
$countStmt = $con->query("SELECT COUNT(*) FROM `driver`");
|
||||
$total = $countStmt->fetchColumn();
|
||||
|
||||
foreach ($result as &$row) {
|
||||
$row['phone'] = $encryptionHelper->decryptData($row['phone']);
|
||||
if (!empty($row['token'])) {
|
||||
@@ -26,8 +41,12 @@ foreach ($result as &$row) {
|
||||
}
|
||||
|
||||
if ($stmt->rowCount() > 0) {
|
||||
jsonSuccess($result);
|
||||
jsonSuccess([
|
||||
'data' => $result,
|
||||
'total' => (int) $total,
|
||||
'page' => $page,
|
||||
'pages' => (int) ceil($total / $limit),
|
||||
]);
|
||||
} else {
|
||||
jsonError("No records found");
|
||||
}
|
||||
?>
|
||||
Reference in New Issue
Block a user