Should the pagination offset value be checked for security?

#1
[eluser]Unknown[/eluser]
I'm using a non-active record SQL query to generate pagination results. Does this open up a security vulnerability through the offset value or is the offset value escaped automatically?

If this is a vulnerability, should I manually scrub the offset value to solve it?

My code is below :

Code:
$offset = $this->uri->segment(3);
        
//if there is no URI segment value and therefore offset has no value, set offset to zero    

if($offset)
    $offset=$offset;
else
    $offset = 0;

$getposts = "SELECT * FROM table JOIN table2 ON table2.id = table.id ORDER BY CASE WHEN post_order > " . $start_post . " THEN 2 ELSE 1 END , post_order DESC LIMIT " . $offset . ", " . $config['per_page'];

$query = $this->db->query($getposts);

#2
[eluser]theprodigy[/eluser]
Quote:Does this open up a security vulnerability through the offset value or is the offset value escaped automatically?

If this is a vulnerability, should I manually scrub the offset value to solve it?

The way you have your query written, I don't believe it will be escaped.
Is there any particular reason you aren't using the active record?

I would suggest either escaping it yourself, or running your own validation ( like is_numeric($offset) )

also, why do you have:
Code:
if($offset)
    $offset=$offset;
else
    $offset = 0;

Just do:
Code:
if(!$offset)
    $offset = 0;

#3
[eluser]SpooF[/eluser]
The uri class does not automatically escape, its raw from the url.

Also:

Code:
$this->uri->segment(3,0);

Will return the value of segment 3, or it will set it to 0 if its not provided.

#4
[eluser]pistolPete[/eluser]
Have a look at the user guide: http://ellislab.com/codeigniter/user-gui...eries.html
Escaping Queries


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2021 MyBB Group.