From 6b9205b3a167ecf28bbd123ae0bcf85f6ea442d8 Mon Sep 17 00:00:00 2001
From: David Anderson <davea@ssl.berkeley.edu>
Date: Fri, 21 Nov 2014 15:37:40 -0800
Subject: [PATCH] web: fix SQL injection vulnerability in remote job submission

Also cast ID to int in lookup_id.
This isn't a vulnerability AFAIK, but doesn't hurt to be safe
---
 html/inc/bolt_db.inc   | 1 +
 html/inc/db_conn.inc   | 1 +
 html/inc/submit_db.inc | 1 +
 3 files changed, 3 insertions(+)

diff --git a/html/inc/bolt_db.inc b/html/inc/bolt_db.inc
index cbfeaa79c8..7ef291de4d 100644
--- a/html/inc/bolt_db.inc
+++ b/html/inc/bolt_db.inc
@@ -139,6 +139,7 @@ class BoltCourse {
     }
     static function lookup_name($name) {
         $db = BoltDb::get();
+        $name = BoincDb::escape_string($name);
         return $db->lookup('bolt_course', 'BoltCourse', "short_name='$name'");
     }
     static function enum() {
diff --git a/html/inc/db_conn.inc b/html/inc/db_conn.inc
index 9cd864e550..671cc8ab07 100644
--- a/html/inc/db_conn.inc
+++ b/html/inc/db_conn.inc
@@ -107,6 +107,7 @@ class DbConn {
     }
 
     function lookup_id($id, $table, $classname) {
+        $id = (int)$id;
         return $this->lookup($table, $classname, "id=$id");
     }
 
diff --git a/html/inc/submit_db.inc b/html/inc/submit_db.inc
index c890a58736..11824c39b4 100644
--- a/html/inc/submit_db.inc
+++ b/html/inc/submit_db.inc
@@ -27,6 +27,7 @@ class BoincBatch {
     }
     static function lookup_name($name) {
         $db = BoincDb::get();
+        $name = BoincDb::escape_string($name);
         return $db->lookup('batch', 'BoincBatch', "name='$name'");
     }
     static function enum($clause) {