bradymiller wrote on Friday, June 18, 2010:
hey,
I’ve completed a quick revision, and some thoughts below… Placed the commits on my github repository:
http://github.com/bradymiller/openemr/commits/security_example_2
Even cooler to look at them here (each dot is a commit in security example thread):
http://github.com/openemr/openemr/network
Left previous branch security_example on github for easy diff to see revisions.
To review the steps(commits):
1. Place new adodb bind sql.inc functionality
2. Global per-script magic quote reverser
3. Remove custom escape and database preparation functions
4. Convert sql functions to adodb binding
5. Stop faking register globals
6. Avoid xss attacks (via htmlspecialchars())
Details revisions and thoughts:
1. Described above. Just removed a bug. Major issues is whether to combine this into original functions or to keep them separate. The only way we can combine is if we can figure out a way for them to output the same data structures (I’m still researching this, but likely not possible) in order to not break third party customized code. If keep separate, then Stephen has suggested changing the names to *_bind instead of *_safe. All I care about the name is it has a _* at end to make the walk through easier (ie easier to spot the old vs new functions).
2. Described above. Migrated the new mechanism to globals and swiped code from the online php manual (to work with php4 and php5), which seems to work well.
3. Described above. Stephen suggest this may not be possible and to keep the hooks/functions in place. The problem is that this walk through will take months, so can’t change these functions all at once. My suggestion is to completely yank them where no longer needed, however use them for when escaping of column names are needed (in the layout code). This still requires a walkthrough (can’t automate) to ensure place trim() where needed, and there are several of these escaping mechanisms throughout the codebase.
4. Described above. The sql function names will depend on outcome on number 1, but otherwise is working well.
5. Described above. This functionality already exist, so easy. But requires detailed look at each script to ensure EXTRACT is not needed.
6. Described above. Working well.
The main issues are in step 1, and will require some more research and discussion.
-brady