fix: mysql injection vulnerability

fix: new profile page not being cached by service worker chore: cleanup
ellite · Oct 11, 2024 · 3d6a8c3 · 3d6a8c3
1 parent 087e1c7
commit 3d6a8c3
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 10 deletions.
diff --git a/passwordreset.php b/passwordreset.php
@@ -45,11 +45,23 @@
     $requestMode = true;
     $resetMode = false;
     $email = $_POST['email'];
-    $user = $db->querySingle("SELECT * FROM user WHERE email = '$email'", true);
+
+    $stmt = $db->prepare("SELECT * FROM user WHERE email = :email");
+    $stmt->bindValue(':email', $email, SQLITE3_TEXT);
+    $user = $stmt->execute()->fetchArray(SQLITE3_ASSOC);
+
     if ($user) {
-        $db->exec("DELETE FROM password_resets WHERE email = '$email'");
+        $stmt = $db->prepare("DELETE FROM password_resets WHERE email = :email");
+        $stmt->bindValue(':email', $email, SQLITE3_TEXT);
+        $stmt->execute();
+
         $token = bin2hex(random_bytes(32));
-        $db->exec("INSERT INTO password_resets (user_id, email, token) VALUES (" . $user['id'] . ", '$email', '$token')");
+
+        $stmt = $db->prepare("INSERT INTO password_resets (user_id, email, token) VALUES (:user_id, :email, :token)");
+        $stmt->bindValue(':user_id', $user['id'], SQLITE3_INTEGER);
+        $stmt->bindValue(':email', $email, SQLITE3_TEXT);
+        $stmt->bindValue(':token', $token, SQLITE3_TEXT);
+        $stmt->execute();
     }
     $hasSuccessMessage = true;
 }
@@ -84,7 +96,11 @@
     $reset = $stmt->execute()->fetchArray(SQLITE3_ASSOC);
 
     if ($reset) {
-        $user = $db->querySingle("SELECT * FROM user WHERE email = '" . $reset['email'] . "'", true);
+        $stmt = $db->prepare("SELECT * FROM user WHERE email = :email");
+        $stmt->bindValue(':email', $reset['email'], SQLITE3_TEXT);
+        $result = $stmt->execute();
+        $user = $result->fetchArray(SQLITE3_ASSOC);
+
         if ($password == $confirmPassword) {
             $passwordHash = password_hash($password, PASSWORD_DEFAULT);
             $db->exec("UPDATE user SET password = '$passwordHash' WHERE id = " . $user['id']);

diff --git a/profile.php b/profile.php
@@ -1,9 +1,4 @@
 <?php
-// Show all errors
-ini_set('display_errors', 1);
-ini_set('display_startup_errors', 1);
-error_reporting(E_ALL);
-
 require_once 'includes/header.php';
 ?>
 

diff --git a/service-worker.js b/service-worker.js
@@ -4,6 +4,7 @@ self.addEventListener('install', function (event) {
             const urlsToCache = [
                 '.',
                 'index.php',
+                'profile.php',
                 'calendar.php',
                 'settings.php',
                 'stats.php',
@@ -165,7 +166,7 @@ self.addEventListener('fetch', function (event) {
 self.addEventListener('fetch', event => {
     const url = new URL(event.request.url);
     // Check if the request is for an image in the logos directory
-    if (url.pathname.startsWith('/images/uploads/logos/')) {
+    if (url.pathname.includes('images/uploads/logos')) {
         event.respondWith(
             caches.match(event.request).then(response => {
                 return response || fetch(event.request).then(response => {