Fixed Insecure Object Accesses

a392c648 · Sibidharan · 1491d459 · a392c648 · a392c648 · a392c648
Commit a392c648 authored 3 years ago by Sibidharan
--- a/api/lib/Folder.class.php
+++ b/api/lib/Folder.class.php
@@ -37,15 +37,15 @@ class Folder extends Share{
        }
    }

-    public function createNew($name='New Folder'){
-        if(isset($_SESSION['username']) and strlen($name) <= 45){
+    public function createNew($name='Default Folder'){
+        if(isset($_SESSION['username']) and strlen($name) >= 5 and strlen($name) <=45){
            $query = "INSERT INTO `apis`.`folders` (`name`, `owner`) VALUES ('$name', '$_SESSION[username]');";
            if(mysqli_query($this->db, $query)){
                $this->id = mysqli_insert_id($this->db);
                return $this->id;
            }
        } else {
-            throw new Exception("Cannot create note");
+            throw new Exception("Cannot create default folderse");
        }
    }

@@ -53,8 +53,11 @@ class Folder extends Share{
        if($this->id != null){
            $query = "SELECT * FROM folders WHERE id=$this->id";
            $result = mysqli_query($this->db, $query);
-            if($result){
+            if($result && mysqli_num_rows($result) == 1){
                $this->data = mysqli_fetch_assoc($result);
+                if($this->getOwner() != $_SESSION['username']){
+                    throw new Exception("Unauthorized");
+                }
                $this->id = $this->data['id'];
            } else {
                throw new Exception("Not found");

--- a/api/lib/Notes.class.php
+++ b/api/lib/Notes.class.php
@@ -133,21 +133,25 @@ class Notes extends Share{
                throw new Exception("Note not loaded");
            }
        } else {
-            throw new Exception("Unauthorized ".$this->getOwner());
+            throw new Exception("Unauthorized ");
        }
    }
    
    public function createNew($title, $body, $folder){
-        new Folder($folder);
-        if(isset($_SESSION['username']) and strlen($title) <= 45){
-            $query = "INSERT INTO `apis`.`notes` (`title`, `body`, `owner`, `folder_id`) VALUES ('$title', '$body', '$_SESSION[username]', '$folder');";
-            if(mysqli_query($this->db, $query)){
-                $this->id = mysqli_insert_id($this->db);
-                $this->refresh();
-                return $this->id;
+        $f = new Folder($folder);
+        if($f->getOwner() == $_SESSION['username']){
+            if(isset($_SESSION['username']) and strlen($title) <= 45){
+                $query = "INSERT INTO `apis`.`notes` (`title`, `body`, `owner`, `folder_id`) VALUES ('$title', '$body', '$_SESSION[username]', '$folder');";
+                if(mysqli_query($this->db, $query)){
+                    $this->id = mysqli_insert_id($this->db);
+                    $this->refresh();
+                    return $this->id;
+                }
+            } else {
+                throw new Exception("Cannot create note");
            }
        } else {
-            throw new Exception("Cannot create note");
+            throw new Exception("Unauthorized");
        }
    }
 }
\ No newline at end of file
--- a/api/lib/Signup.class.php
+++ b/api/lib/Signup.class.php
@@ -32,6 +32,8 @@ class Signup {
            $this->id = mysqli_insert_id($this->db);
            $this->sendVerificationMail();
            $f = new Folder();
+            session_start();
+            $_SESSION['username'] = $this->username;
            $f->createNew('Default Folder');
        }
    }