Sanitize some inline queries

lang/English/global.php

@@ -130,8 +130,6 @@ define('no_results_found', "No search results found for %s");
 define('tickets', "Support Tickets");
 define('news', "News");
 define('admin_news', "News Admin");
-define('rcon', "RCON");
-define('support', "Support");
 define('util', "Utilities");
 define('fast_download', "Fast Download");
 define('fd_user', "Fast Download");
@@ -141,4 +139,4 @@ define('faq', "F.A.Q.");
 define('mysql_admin', "MySQL Admin");
 define('copied', "Copied!");
 define('ticket_settings', "Ticket Settings");
-?>
+?>

modules/addonsmanager/addons_installer.php

@@ -66,15 +66,26 @@ function exec_ogp_module() {
 	
 	$home_cfg_id = $home_info['home_cfg_id'];
 	$server_xml = read_server_config(SERVER_CONFIG_LOCATION."/".$home_info['home_cfg_file']);
+	
+	$addon_types = array('plugin', 'mappack', 'config');
 	$addon_type = isset($_REQUEST['addon_type']) ? $_REQUEST['addon_type'] : "";
+
     $state = isset($_REQUEST['state']) ? $_REQUEST['state'] : "";
     $pid = isset($_REQUEST['pid']) ? $_REQUEST['pid'] : -1;
 	
     if ( $state != "" )
     {
-        $addon_id = $_REQUEST['addon_id'];
+        $addon_id = (int)$_REQUEST['addon_id'];
+
 		$remote = new OGPRemoteLibrary($home_info['agent_ip'],$home_info['agent_port'],$home_info['encryption_key'],$home_info['timeout']);
 		$addons_rows = $db->resultQuery("SELECT url, path, post_script FROM OGP_DB_PREFIXaddons WHERE addon_id=".$addon_id);
+
+		if (!$addons_rows) {
+			print_failure(get_lang('invalid_addon'));
+			$view->refresh('?m=addonsmanager&p=user_addons&home_id='. $home_id .'&mod_id='. $mod_id .'&ip='. $ip .'&port='.$port);
+			return;
+		}
+
 		$addon_info = $addons_rows[0];
 		$url = $addon_info['url'];
 		$filename = basename($url);
@@ -213,6 +224,14 @@ function exec_ogp_module() {
     }
     elseif( $addon_type != "" )
     {
+
+    	if (!in_array($addon_type, $addon_types)) {
+    		print_failure(get_lang('invalid_addon_type'));
+    		$view->refresh('?m=addonsmanager&p=user_addons&home_id='. $home_id .'&mod_id='. $mod_id .'&ip='. $ip .'&port='.$port);
+
+    		return;
+    	}
+
 		?>
 			<h2><?php echo htmlentities($home_info['home_name'])."&nbsp;".get_lang($addon_type) ;?></h2>
             <table class='center'>
@@ -262,4 +281,4 @@ function exec_ogp_module() {
 <?php 
     }
 }
-?>
+?>

modules/administration/banlist.php

@@ -33,6 +33,7 @@ function exec_ogp_module()
 		unset($_POST['unban']);
 		foreach($_POST as $name => $ip)
 		{
+			$ip = $db->real_escape_string($ip);
 			$db->query("UPDATE `OGP_DB_PREFIXban_list` SET logging_attempts='0', banned_until='0' WHERE client_ip = '$ip';");
 		}
 	}
@@ -63,4 +64,4 @@ function exec_ogp_module()
 	}
 	echo create_back_button($_GET['m'],"main");
 }
-?>
+?>

modules/dashboard/updateWidgets.php

@@ -39,12 +39,15 @@ function exec_ogp_module()
 	foreach($data->items as $item)  
 	{  
 		//Extract column number for panel  
-		$col_id=preg_replace('/[^\d\s]/', '', $item->column);  
+		$col_id = preg_replace('/[^\d\s]/', '', $item->column);
 		//Extract id of the panel  
-		$widget_id=preg_replace('/[^\d\s]/', '', $item->id);  
-		$db->query("UPDATE ".OGP_DB_PREFIX."widgets_users SET column_id='$col_id', sort_no='".$item->order."', collapsed='".$item->collapsed."' WHERE widget_id='".$widget_id."' AND user_id='".$_SESSION['user_id']."'") or   
-		die($db->getError());
-	}  
+		$widget_id = preg_replace('/[^\d\s]/', '', $item->id);
+
+		if (is_numeric($col_id) && is_numeric($widget_id)) {
+			$db->query("UPDATE ".OGP_DB_PREFIX."widgets_users SET column_id='$col_id', sort_no='".(int)$item->order."', collapsed='".(int)$item->collapsed."' WHERE widget_id='".$widget_id."' AND user_id='".$_SESSION['user_id']."'");
+		}
+	}
+
 	echo "success";
 }
-?>
+?>

modules/update/blacklist.php

@@ -82,14 +82,17 @@ function exec_ogp_module()
 	{
 		foreach($_POST['blacklist'] as $file)
 		{
+			$file = $db->real_escape_string($file);
 			$db->query("INSERT INTO `OGP_DB_PREFIXupdate_blacklist` SET file_path='$file';");
 		}
+		
 		foreach($_POST['folder_files'] as $file)
 		{
 			if(in_array($file,$current_blacklist))
 			{
 				if(!in_array($file,$_POST['blacklist']))
 				{
+					$file = $db->real_escape_string($file);
 					$db->query("DELETE FROM `OGP_DB_PREFIXupdate_blacklist` WHERE file_path='$file';");
 				}
 			}
@@ -251,4 +254,4 @@ function exec_ogp_module()
 	}
 	echo create_back_button($_GET['m']);
 }
-?>
+?>

modules/update/updating.php

@@ -244,8 +244,9 @@ function exec_ogp_module()
 				}
 				
 				// update version info in db
-								
-				$db->query("UPDATE OGP_DB_PREFIXsettings SET value = '$_GET[version]' WHERE setting = 'ogp_version'");
+
+				$version = $db->real_escape_string($_GET['version']);
+				$db->query("UPDATE OGP_DB_PREFIXsettings SET value = '$version' WHERE setting = 'ogp_version'");
 				$db->query("UPDATE OGP_DB_PREFIXsettings SET value = '$vtype' WHERE setting = 'version_type'");
 
 				// Remove the downloaded package
@@ -289,4 +290,4 @@ function exec_ogp_module()
 		print_failure( get_lang_f( 'temp_folder_not_writable', $temp ) );
 	}
 }
-?>
+?>

modules/user_games/edit_home.php

@@ -803,7 +803,7 @@ function exec_ogp_module()
 			{
 				if( isset($_REQUEST['set_ip']) )
 				{
-					$ip_id = $_POST['ip'];
+					$ip_id = $db->real_escape_string($_POST['ip']);
 					$ip_row = $db->resultQuery( "SELECT ip FROM OGP_DB_PREFIXremote_server_ips WHERE ip_id=".$ip_id );
 					$ip = $ip_row['0']['ip'];
 					$port = $_POST['port'];
@@ -942,4 +942,4 @@ function exec_ogp_module()
 		}
 	}
 }
-?>
+?>

modules/user_games/install_cmds.php

@@ -39,7 +39,7 @@ function exec_ogp_module()
 
 		if(isset($_POST['edit_preinstall_cmds']))
 		{
-			$precmd = $_POST['edit_preinstall_cmds'];
+			$precmd = $db->real_escape_string($_POST['edit_preinstall_cmds']);
 			if( isset( $_POST['save_as_default'] ) )
 			{
 				$game_mod_query = "UPDATE OGP_DB_PREFIXconfig_mods SET def_precmd='$precmd' WHERE mod_cfg_id='$mod_cfg_id'";
@@ -55,7 +55,7 @@ function exec_ogp_module()
 
 		if(isset($_POST['edit_postinstall_cmds']))
 		{
-			$postcmd = $_POST['edit_postinstall_cmds'];
+			$postcmd = $db->real_escape_string($_POST['edit_postinstall_cmds']);
 			if( isset( $_POST['save_as_default'] ) )
 			{
 				$game_mod_query = "UPDATE OGP_DB_PREFIXconfig_mods SET def_postcmd='$postcmd' WHERE mod_cfg_id='$mod_cfg_id'";
@@ -124,4 +124,4 @@ function exec_ogp_module()
 	}
 	echo create_back_button('user_games','edit&home_id='.$home_id);
 }
-?>
+?>

protocol/TeamSpeak3/functions.php

@@ -43,13 +43,15 @@ try
 	{
 		$status = "online";
 		$startup_file_exists = $remote->rfile_exists( "startups/".$server_home['ip']."-".$server_home['port'] ) === 1;
-		if(isset($_POST['new_ts3_port']) AND $server_home['home_id'] == $_POST['home_id'] )
-		{
-			if(isset($ts3_ServerInstance)) unset($ts3_ServerInstance);
+
+		if (isset($_POST['new_ts3_port']) && isPortValid($_POST['new_ts3_port']) && $server_home['home_id'] == $_POST['home_id']) {
+			if (isset($ts3_ServerInstance)) unset($ts3_ServerInstance);
+
 			$ts3_ServerInstance = TeamSpeak3::factory("serverquery://" . $cfg["user"] . ":" . $cfg["pass"] . "@" . $cfg["host"] . ":" . $cfg["query"] . "/");
 			$new_port = $_POST['new_ts3_port'];
 			$new_hostname = $_POST['new_ts3_hostname'];
 			$new_players = $_POST['new_ts3_players'];
+
 			/* add port to home on ogp db */
 			$AddVirtual = $db->addGameIpPort($server_home['home_id'], $server_home['ip_id'], $new_port);
 			if ($AddVirtual === TRUE)
@@ -94,10 +96,14 @@ try
 					$ts3_ServerInstance = TeamSpeak3::factory("serverquery://" . $cfg["user"] . ":" . $cfg["pass"] . "@" . $cfg["host"] . ":" . $cfg["query"] . "/");
 												
 					/* stop & remove server using given ID */
-					$sid =  $_POST['id'];
-					$ts3_ServerInstance->serverStop($sid);
-					$ts3_ServerInstance->serverDelete($sid);
-					$db->query( "DELETE FROM OGP_DB_PREFIXts3_homes WHERE vserver_id=" . $sid );
+					$sid = (int)$_POST['id'];
+
+					if ($sid !== 0) {
+						$ts3_ServerInstance->serverStop($sid);
+						$ts3_ServerInstance->serverDelete($sid);
+						$db->query( "DELETE FROM OGP_DB_PREFIXts3_homes WHERE vserver_id=" . $db->real_escape_string($sid));
+					}
+
 					/* refresh */
 					$view->refresh("?m=gamemanager&p=game_monitor&home_id=" . $server_home['home_id'], 0);
 				}
@@ -140,14 +146,14 @@ try
 		$TS3Admin_installed = $db->isModuleInstalled('TS3Admin');
 		if( $TS3Admin_installed )
 		{
-			if(isset($_POST['assign_to_user']) && $_POST['vserver_id'] == $ts3_ServerInstance->getId() AND $server_home['remote_server_id'] == $_POST['remote_server_id'] )
+			if(isset($_POST['assign_to_user']) && (int)$_POST['vserver_id'] == $ts3_ServerInstance->getId() AND $server_home['remote_server_id'] == $_POST['remote_server_id'] )
 			{
 				$query_ip = $server_home['use_nat'] == 1 ? $server_home['agent_ip'] : $server_home['ip'];
-				$db->query("INSERT INTO OGP_DB_PREFIXts3_homes (`rserver_id`, `ip`, `pwd`, `vserver_id`, `user_id`, `port`) VALUES ('".$server_home['remote_server_id']."', '".$query_ip."', '".$cfg["pass"]."', '".$_POST['vserver_id']."', '".$_POST['assign_to_user']."', '".$cfg['query']."');");
+				$db->query("INSERT INTO OGP_DB_PREFIXts3_homes (`rserver_id`, `ip`, `pwd`, `vserver_id`, `user_id`, `port`) VALUES ('".$server_home['remote_server_id']."', '".$query_ip."', '".$cfg["pass"]."', '".(int)$_POST['vserver_id']."', '".$db->real_escape_string($_POST['assign_to_user'])."', '".$cfg['query']."');");
 			}
-			if(isset($_POST['remove_vuser_id']) && $_POST['vserver_id'] == $ts3_ServerInstance->getId() AND $server_home['remote_server_id'] == $_POST['remote_server_id'] )
+			if(isset($_POST['remove_vuser_id']) && (int)$_POST['vserver_id'] == $ts3_ServerInstance->getId() AND $server_home['remote_server_id'] == (int)$_POST['remote_server_id'] )
 			{
-				$db->query( "DELETE FROM OGP_DB_PREFIXts3_homes WHERE vserver_id='" . $_POST['vserver_id'] . "' AND user_id='".$_POST['remove_vuser_id']."' AND rserver_id='".$_POST['remote_server_id']."';" );
+				$db->query( "DELETE FROM OGP_DB_PREFIXts3_homes WHERE vserver_id='" . (int)$_POST['vserver_id'] . "' AND user_id='".(int)$_POST['remove_vuser_id']."' AND rserver_id='".(int)$_POST['remote_server_id']."';" );
 			}
 			$add_remove_virtual .= "<tr><td>Assign This Virtual<br>Server To User</td><td>
 									<form action='' method='POST'>