+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20)
+--- Forum: Archived General Discussion (https://forum.codeigniter.com/forumdisplay.php?fid=21)
+--- Thread: Should the pagination offset value be checked for security? (/showthread.php?tid=28423)
Should the pagination offset value be checked for security? - El Forum - 03-10-2010
[eluser]Unknown[/eluser]
I'm using a non-active record SQL query to generate pagination results. Does this open up a security vulnerability through the offset value or is the offset value escaped automatically?
If this is a vulnerability, should I manually scrub the offset value to solve it?
My code is below :
Code:
$offset = $this->uri->segment(3);
//if there is no URI segment value and therefore offset has no value, set offset to zero
if($offset)
$offset=$offset;
else
$offset = 0;
$getposts = "SELECT * FROM table JOIN table2 ON table2.id = table.id ORDER BY CASE WHEN post_order > " . $start_post . " THEN 2 ELSE 1 END , post_order DESC LIMIT " . $offset . ", " . $config['per_page'];
$query = $this->db->query($getposts);Should the pagination offset value be checked for security? - El Forum - 03-10-2010
[eluser]theprodigy[/eluser]
Quote:Does this open up a security vulnerability through the offset value or is the offset value escaped automatically?
If this is a vulnerability, should I manually scrub the offset value to solve it?
The way you have your query written, I don't believe it will be escaped.
Is there any particular reason you aren't using the active record?
I would suggest either escaping it yourself, or running your own validation ( like is_numeric($offset) )
also, why do you have:
Code:
if($offset)
$offset=$offset;
else
$offset = 0;Just do:
Code:
if(!$offset)
$offset = 0;Should the pagination offset value be checked for security? - El Forum - 03-11-2010
[eluser]SpooF[/eluser]
The uri class does not automatically escape, its raw from the url.
Also:
Code:
$this->uri->segment(3,0);Will return the value of segment 3, or it will set it to 0 if its not provided.
Should the pagination offset value be checked for security? - El Forum - 03-11-2010
[eluser]pistolPete[/eluser]
Have a look at the user guide: http://ellislab.com/codeigniter/user-guide/database/queries.html
Escaping Queries