From a392c6482895136032e08af97ac218d80ea5c507 Mon Sep 17 00:00:00 2001
From: Sibidharan Nandhakumar <hello@sibidharan.me>
Date: Wed, 19 May 2021 20:07:46 +0530
Subject: [PATCH] Fixed Insecure Object Accesses
---
api/lib/Folder.class.php | 11 +++++++----
api/lib/Notes.class.php | 22 +++++++++++++---------
api/lib/Signup.class.php | 2 ++
3 files changed, 22 insertions(+), 13 deletions(-)
diff --git a/api/lib/Folder.class.php b/api/lib/Folder.class.php
index 446b506..4b0d0fc 100644
--- a/api/lib/Folder.class.php
+++ b/api/lib/Folder.class.php
@@ -37,15 +37,15 @@ class Folder extends Share{
}
}
- public function createNew($name='New Folder'){
- if(isset($_SESSION['username']) and strlen($name) <= 45){
+ public function createNew($name='Default Folder'){
+ if(isset($_SESSION['username']) and strlen($name) >= 5 and strlen($name) <=45){
$query = "INSERT INTO `apis`.`folders` (`name`, `owner`) VALUES ('$name', '$_SESSION[username]');";
if(mysqli_query($this->db, $query)){
$this->id = mysqli_insert_id($this->db);
return $this->id;
}
} else {
- throw new Exception("Cannot create note");
+ throw new Exception("Cannot create default folderse");
}
}
@@ -53,8 +53,11 @@ class Folder extends Share{
if($this->id != null){
$query = "SELECT * FROM folders WHERE id=$this->id";
$result = mysqli_query($this->db, $query);
- if($result){
+ if($result && mysqli_num_rows($result) == 1){
$this->data = mysqli_fetch_assoc($result);
+ if($this->getOwner() != $_SESSION['username']){
+ throw new Exception("Unauthorized");
+ }
$this->id = $this->data['id'];
} else {
throw new Exception("Not found");
diff --git a/api/lib/Notes.class.php b/api/lib/Notes.class.php
index 084939e..2e351d0 100644
--- a/api/lib/Notes.class.php
+++ b/api/lib/Notes.class.php
@@ -133,21 +133,25 @@ class Notes extends Share{
throw new Exception("Note not loaded");
}
} else {
- throw new Exception("Unauthorized ".$this->getOwner());
+ throw new Exception("Unauthorized ");
}
}
public function createNew($title, $body, $folder){
- new Folder($folder);
- if(isset($_SESSION['username']) and strlen($title) <= 45){
- $query = "INSERT INTO `apis`.`notes` (`title`, `body`, `owner`, `folder_id`) VALUES ('$title', '$body', '$_SESSION[username]', '$folder');";
- if(mysqli_query($this->db, $query)){
- $this->id = mysqli_insert_id($this->db);
- $this->refresh();
- return $this->id;
+ $f = new Folder($folder);
+ if($f->getOwner() == $_SESSION['username']){
+ if(isset($_SESSION['username']) and strlen($title) <= 45){
+ $query = "INSERT INTO `apis`.`notes` (`title`, `body`, `owner`, `folder_id`) VALUES ('$title', '$body', '$_SESSION[username]', '$folder');";
+ if(mysqli_query($this->db, $query)){
+ $this->id = mysqli_insert_id($this->db);
+ $this->refresh();
+ return $this->id;
+ }
+ } else {
+ throw new Exception("Cannot create note");
}
} else {
- throw new Exception("Cannot create note");
+ throw new Exception("Unauthorized");
}
}
}
\ No newline at end of file
diff --git a/api/lib/Signup.class.php b/api/lib/Signup.class.php
index 4471db5..b8f4fd3 100644
--- a/api/lib/Signup.class.php
+++ b/api/lib/Signup.class.php
@@ -32,6 +32,8 @@ class Signup {
$this->id = mysqli_insert_id($this->db);
$this->sendVerificationMail();
$f = new Folder();
+ session_start();
+ $_SESSION['username'] = $this->username;
$f->createNew('Default Folder');
}
}
--
GitLab