diff --git a/.changelogs/fix_security-3.yml b/.changelogs/fix_security-3.yml new file mode 100644 index 0000000000..abc1ee8d50 --- /dev/null +++ b/.changelogs/fix_security-3.yml @@ -0,0 +1,3 @@ +significance: patch +type: fixed +entry: Fixes sanitization as reported by FKSEC. diff --git a/includes/abstracts/abstract.llms.database.query.php b/includes/abstracts/abstract.llms.database.query.php index 3bd2df44ca..1ce8bfc71e 100644 --- a/includes/abstracts/abstract.llms.database.query.php +++ b/includes/abstracts/abstract.llms.database.query.php @@ -232,7 +232,6 @@ protected function sql_limit() { * @return string */ protected function sql_orderby() { - $sql = ''; $sort = $this->get( 'sort' ); @@ -244,7 +243,7 @@ protected function sql_orderby() { foreach ( $sort as $orderby => $order ) { $pre = ( $comma ) ? ', ' : ' '; - $sql .= $pre . "{$orderby} {$order}"; + $sql .= $pre . sanitize_sql_orderby( "{$orderby} {$order}" ); $comma = true; } } diff --git a/includes/notifications/class.llms.notifications.query.php b/includes/notifications/class.llms.notifications.query.php index eefa9d5896..abeb5ae61f 100644 --- a/includes/notifications/class.llms.notifications.query.php +++ b/includes/notifications/class.llms.notifications.query.php @@ -94,7 +94,6 @@ protected function get_default_args() { * @param LLMS_Notifications_Query $notifications_query Instance of `LLMS_Notifications_Query`. */ return apply_filters( 'llms_notifications_query_default_args', $args, $this ); - } /** @@ -139,7 +138,6 @@ public function get_notifications() { * @param LLMS_Notifications_Query $notifications_query Instance of `LLMS_Notifications_Query`. */ return apply_filters( 'llms_notifications_query_get_notifications', $notifications, $this ); - } /** @@ -153,7 +151,6 @@ protected function parse_args() { $this->parse_statuses(); $this->parse_types(); - } /** @@ -176,7 +173,6 @@ private function parse_statuses() { $statuses = array_intersect( $statuses, $this->get_available_statuses() ); $this->arguments['statuses'] = $statuses; - } /** @@ -198,7 +194,6 @@ private function parse_types() { // ensure only valid types are used $types = array_intersect( $types, $this->get_available_types() ); $this->arguments['types'] = $types; - } /** @@ -218,7 +213,6 @@ private function parse_triggers() { } $this->arguments['triggers'] = $triggers; - } /** @@ -254,7 +248,6 @@ protected function prepare_query() { // phpcs:enable WordPress.DB.PreparedSQL.InterpolatedNotPrepared return $sql; - } /** @@ -275,7 +268,7 @@ protected function sql_orderby() { foreach ( $this->get( 'sort' ) as $orderby => $order ) { $pre = ( $comma ) ? ', ' : ' '; - $sql .= $pre . "n.{$orderby} {$order}"; + $sql .= $pre . 'n.' . sanitize_sql_orderby( "{$orderby} {$order}" ); $comma = true; } @@ -292,7 +285,6 @@ protected function sql_orderby() { * @param LLMS_Notifications_Query $notifications_query Instance of LLMS_Events_Query. */ return apply_filters( 'llms_notifications_query_where', $sql, $this ); - } /** @@ -344,7 +336,5 @@ private function sql_where() { } return $where; - } - }