Commit 9e8365ac authored by Wim Van de Meerssche's avatar Wim Van de Meerssche

fixed possible SQL injection

parent e926ec63
......@@ -437,10 +437,16 @@ sub LookupByProject($$)
{
my ($class, $project_name) = @_;
if (! TBcheck_dbslot($project_name, "projects", "pid",
TBDB_CHECKDBSLOT_WARN|TBDB_CHECKDBSLOT_ERROR)){
print STDERR "project has an invalid name: \"$project_name\"";
return ();
}
my $query_result =
DBQueryWarn("select s.idx from geni_slices s JOIN geni_certificates c ON s.uuid=c.uuid ".
"where c.urn LIKE '%:$project_name+slice+%'");
return undef unless defined($query_result);
return () unless defined($query_result);
my @result = ();
while (my ($idx) = $query_result->fetchrow_array()) {
......
......@@ -486,7 +486,7 @@ sub LookupSlices()
}
my $members = {};
if (defined(@initial_match_slices)) {
if (@initial_match_slices) {
foreach my $slice (@initial_match_slices) {
if (defined($slice)) {
#check if user is allowed to access slice
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment