1.2.1

Security Update

includes/ajax.php

@@ -12,31 +12,34 @@
 {
 	if(sanitize_text_field($_POST["what"] == "new"))
 	{
-		$ticket = $wpdb->get_results("SELECT * FROM wp_sts_tickets WHERE geloest='0' AND bearbeiter='unbekannt' AND termin_timestamp<'$timestamp'
+		$ticket = $wpdb->get_results($wpdb->prepare("SELECT * FROM wp_sts_tickets WHERE geloest='0' AND bearbeiter='unbekannt' AND termin_timestamp<%d
 					UNION
-				   SELECT * FROM wp_sts_tickets WHERE geloest='0' AND bearbeiter='unbekannt' AND termin_timestamp='$timestamp'
+				   SELECT * FROM wp_sts_tickets WHERE geloest='0' AND bearbeiter='unbekannt' AND termin_timestamp=%d
 					UNION
 				   SELECT * FROM wp_sts_tickets WHERE geloest='0' AND bearbeiter='unbekannt' AND termin IS NULL
 				    UNION
-				   SELECT * FROM wp_sts_tickets WHERE geloest='0' AND bearbeiter='unbekannt' AND termin_timestamp>'$timestamp' ");
+				   SELECT * FROM wp_sts_tickets WHERE geloest='0' AND bearbeiter='unbekannt' AND termin_timestamp>%d ",
+				   $timestamp, $timestamp, $timestamp));
 	} else if(sanitize_text_field($_POST["what"] == "open"))
 	{
-		$ticket = $wpdb->get_results("SELECT * FROM wp_sts_tickets WHERE geloest='0' AND bearbeiter!='unbekannt' AND termin_timestamp<'$timestamp'
+		$ticket = $wpdb->get_results($wpdb->prepare("SELECT * FROM wp_sts_tickets WHERE geloest='0' AND bearbeiter!='unbekannt' AND termin_timestamp<%d
 					UNION
-				   SELECT * FROM wp_sts_tickets WHERE geloest='0' AND bearbeiter!='unbekannt' AND termin_timestamp='$timestamp'
+				   SELECT * FROM wp_sts_tickets WHERE geloest='0' AND bearbeiter!='unbekannt' AND termin_timestamp=%d
 					UNION
 				   SELECT * FROM wp_sts_tickets WHERE geloest='0' AND bearbeiter!='unbekannt' AND termin IS NULL
 				    UNION
-				   SELECT * FROM wp_sts_tickets WHERE geloest='0' AND bearbeiter!='unbekannt' AND termin_timestamp>'$timestamp' ");
+				   SELECT * FROM wp_sts_tickets WHERE geloest='0' AND bearbeiter!='unbekannt' AND termin_timestamp>%d ",
+				   $timestamp, $timestamp, $timestamp));
 	} else if(sanitize_text_field($_POST["what"] == "my"))
 	{
-		$ticket = $wpdb->get_results("SELECT * FROM wp_sts_tickets WHERE geloest='0' AND bearbeiter='$user' AND termin_timestamp<'$timestamp'
+		$ticket = $wpdb->get_results($wpdb->prepare("SELECT * FROM wp_sts_tickets WHERE geloest='0' AND bearbeiter=%s AND termin_timestamp<%d
 					UNION
-				   SELECT * FROM wp_sts_tickets WHERE geloest='0' AND bearbeiter='$user' AND termin_timestamp='$timestamp'
+				   SELECT * FROM wp_sts_tickets WHERE geloest='0' AND bearbeiter=%s AND termin_timestamp=%d
 					UNION
-				   SELECT * FROM wp_sts_tickets WHERE geloest='0' AND bearbeiter='$user' AND termin IS NULL
+				   SELECT * FROM wp_sts_tickets WHERE geloest='0' AND bearbeiter=%s AND termin IS NULL
 				    UNION
-				   SELECT * FROM wp_sts_tickets WHERE geloest='0' AND bearbeiter='$user' AND termin_timestamp>'$timestamp' ");
+				   SELECT * FROM wp_sts_tickets WHERE geloest='0' AND bearbeiter=%s AND termin_timestamp>%d ",
+				   $user, $timestamp, $user, $timestamp, $user, $user, $timestamp));
 	}
 }	
 
@@ -48,22 +51,31 @@
 	$order = sanitize_text_field($_POST["order"]);
 	$offset = 0;
 	if(isset($_POST["offset"])){$offset = sanitize_text_field($_POST["offset"]);}
-	$ticket = $wpdb->get_results("SELECT * FROM wp_sts_tickets WHERE $select LIKE '%$search%' ORDER BY id $order LIMIT 10 OFFSET $offset");
+	$ticket = $wpdb->get_results($wpdb->prepare(
+				"SELECT * FROM wp_sts_tickets WHERE %s LIKE %s ORDER BY id $order LIMIT 10 OFFSET %d",
+				$select, $search, $offset)
+			  );
 	if($select == 'termin')
 	{
-		$ticket = $wpdb->get_results("SELECT * FROM wp_sts_tickets WHERE $select IS NOT NULL AND $select != '' AND geloest='0' ORDER BY termin_timestamp ASC LIMIT 10 OFFSET $offset");
+		$ticket = $wpdb->get_results($wpdb->prepare(
+					"SELECT * FROM wp_sts_tickets WHERE %s IS NOT NULL AND %s != '' AND geloest='0' ORDER BY termin_timestamp ASC LIMIT 10 OFFSET %d",
+					$select, $select, $offset)
+				  );
 	}
 	if($select == 'geloest')
 	{
-		$ticket = $wpdb->get_results("SELECT * FROM wp_sts_tickets WHERE geloest='1' ORDER BY ende_timestamp $order LIMIT 10 OFFSET $offset");
+		$ticket = $wpdb->get_results($wpdb->prepare(
+					"SELECT * FROM wp_sts_tickets WHERE geloest='1' ORDER BY ende_timestamp $order LIMIT 10 OFFSET %d",
+					$offset)
+				  );
 	}
 }
 
 // Abfrage für Änderung an Ticket
 if(isset($_POST["id"]))
 {
 	$id = sanitize_text_field($_POST["id"]);
-	$ticket = $wpdb->get_results("SELECT * FROM wp_sts_tickets WHERE id='$id'");
+	$ticket = $wpdb->get_results($wpdb->prepare("SELECT * FROM wp_sts_tickets WHERE id=%d", $id));
 }
 
 // Schleife für Aktuallisierung des gewünschten Bereichs
@@ -292,14 +304,22 @@
 	$select = sanitize_text_field($_POST["select"]);
 	$search = sanitize_text_field($_POST["search"]);
 	$order = sanitize_text_field($_POST["order"]);
-	$ticket = $wpdb->get_results("SELECT COUNT(*) AS count FROM wp_sts_tickets WHERE $select LIKE '%$search%' ORDER BY id $order");
+	$ticket = $wpdb->get_results($wpdb->prepare(
+				"SELECT COUNT(*) AS count FROM wp_sts_tickets WHERE %s LIKE %s ORDER BY id $order",
+				$select, $search)
+			  );
 	if($select == 'termin')
 	{
-		$ticket = $wpdb->get_results("SELECT COUNT(*) AS count FROM wp_sts_tickets WHERE $select LIKE '%$search%' AND geloest='0' ORDER BY termin_timestamp ASC");
+		$ticket = $wpdb->get_results($wpdb->prepare(
+					"SELECT COUNT(*) AS count FROM wp_sts_tickets WHERE %s LIKE %s AND geloest='0' ORDER BY termin_timestamp ASC",
+					$select, $search)
+				  );
 	}
 	if($select == 'geloest')
 	{
-		$ticket = $wpdb->get_results("SELECT COUNT(*) AS count FROM wp_sts_tickets WHERE geloest='1' ORDER BY id $order");
+		$ticket = $wpdb->get_results(
+					"SELECT COUNT(*) AS count FROM wp_sts_tickets WHERE geloest='1' ORDER BY id $order"
+				  );
 	}
 
 	// Abfrage

includes/mail.php

@@ -25,29 +25,29 @@
 {
 	if($rechner != NULL || $raum != NULL || $telefon != NULL || $termin != NULL || $status != NULL)
 	{
-		$query = $wpdb->get_results("SELECT id FROM wp_sts_tickets WHERE problem = '$problem' LIMIT 1");
+		$query = $wpdb->get_results($wpdb->prepare("SELECT id FROM wp_sts_tickets WHERE problem = %s LIMIT 1", $problem));
 		foreach($query as $id)
 		{
 			if($rechner != NULL)
 			{
-				$wpdb->query($wpdb->prepare("UPDATE wp_sts_tickets SET rechner=%s WHERE id='$id->id'", $rechner));
+				$wpdb->query($wpdb->prepare("UPDATE wp_sts_tickets SET rechner=%s WHERE id=%d", $rechner, $id->id));
 			}
 			if($raum != NULL)
 			{
-				$wpdb->query($wpdb->prepare("UPDATE wp_sts_tickets SET raum=%s WHERE id='$id->id'", $raum));
+				$wpdb->query($wpdb->prepare("UPDATE wp_sts_tickets SET raum=%s WHERE id=%d", $raum, $id->id));
 			}
 			if($telefon != NULL)
 			{
-				$wpdb->query($wpdb->prepare("UPDATE wp_sts_tickets SET telefon=%s WHERE id='$id->id'", $telefon));
+				$wpdb->query($wpdb->prepare("UPDATE wp_sts_tickets SET telefon=%s WHERE id=%d", $telefon, $id->id));
 			}
 			if($termin != NULL)
 			{
 				$time = strtotime($termin);
-				$wpdb->query($wpdb->prepare("UPDATE wp_sts_tickets SET datepicker=%s WHERE id='$id->id'", $termin));
+				$wpdb->query($wpdb->prepare("UPDATE wp_sts_tickets SET datepicker=%s WHERE id=%d", $termin, $id->id));
 			}
 			if($status != NULL)
 			{
-				$wpdb->query("UPDATE wp_sts_tickets SET status='1' WHERE id='$id->id'");
+				$wpdb->query($wpdb->prepare("UPDATE wp_sts_tickets SET status='1' WHERE id=%d", $id->id));
 			}			
 		}
 	}

includes/system.php

@@ -71,13 +71,14 @@
 		<?php
 		//Verbindung zur Datenbank		
 		//Abfrage der eigenen Tickets
-		$ticket = $wpdb->get_results("SELECT * FROM wp_sts_tickets WHERE geloest='0' AND bearbeiter='$user' AND termin_timestamp<'$timestamp'
+		$ticket = $wpdb->get_results($wpdb->prepare("SELECT * FROM wp_sts_tickets WHERE geloest='0' AND bearbeiter=%s AND termin_timestamp<%d
 					UNION
-				   SELECT * FROM wp_sts_tickets WHERE geloest='0' AND bearbeiter='$user' AND termin_timestamp='$timestamp'
+				   SELECT * FROM wp_sts_tickets WHERE geloest='0' AND bearbeiter=%s AND termin_timestamp=%d
 					UNION
-				   SELECT * FROM wp_sts_tickets WHERE geloest='0' AND bearbeiter='$user' AND termin IS NULL
-					UNION
-				   SELECT * FROM wp_sts_tickets WHERE geloest='0' AND bearbeiter='$user' AND termin_timestamp>'$timestamp' ");
+				   SELECT * FROM wp_sts_tickets WHERE geloest='0' AND bearbeiter=%s AND termin IS NULL
+				    UNION
+				   SELECT * FROM wp_sts_tickets WHERE geloest='0' AND bearbeiter=%s AND termin_timestamp>%d ",
+				   $user, $timestamp, $user, $timestamp, $user, $user, $timestamp));
 		foreach($ticket as $row)
 		{
 		?>

includes/update.php

@@ -9,7 +9,7 @@
 <?php
 $id = sanitize_text_field($_POST["id"]);
 $status = NULL;
-$query_stat = $wpdb->get_results($wpdb->prpare("SELECT status, mail FROM wp_sts_tickets WHERE id=%d",$id));
+$query_stat = $wpdb->get_results($wpdb->prepare("SELECT status, mail FROM wp_sts_tickets WHERE id=%d",$id));
 foreach($query_stat as $row)
 {
 	if($row->status === '1')