From bd94ea6d29cb427e4e230f6a12e0286d6dd5dac0 Mon Sep 17 00:00:00 2001
From: bradymiller <bradymiller@users.sourceforge.net>
Date: Thu, 20 Feb 2014 16:37:46 -0800
Subject: [PATCH] sql-injection fixes in dynamic_finder_ajax.php script

---
 interface/main/finder/dynamic_finder_ajax.php | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/interface/main/finder/dynamic_finder_ajax.php b/interface/main/finder/dynamic_finder_ajax.php
index f818b9bb3..ab542b9ac 100644
--- a/interface/main/finder/dynamic_finder_ajax.php
+++ b/interface/main/finder/dynamic_finder_ajax.php
@@ -31,7 +31,7 @@ $iDisplayStart  = isset($_GET['iDisplayStart' ]) ? 0 + $_GET['iDisplayStart' ] :
 $iDisplayLength = isset($_GET['iDisplayLength']) ? 0 + $_GET['iDisplayLength'] : -1;
 $limit = '';
 if ($iDisplayStart >= 0 && $iDisplayLength >= 0) {
-  $limit = "LIMIT $iDisplayStart, $iDisplayLength";
+  $limit = "LIMIT " . escape_limit($iDisplayStart) . ", " . escape_limit($iDisplayLength);
 }
 
 // Column sorting parameters.
@@ -41,7 +41,7 @@ if (isset($_GET['iSortCol_0'])) {
 	for ($i = 0; $i < intval($_GET['iSortingCols']); ++$i) {
     $iSortCol = intval($_GET["iSortCol_$i"]);
 		if ($_GET["bSortable_$iSortCol"] == "true" ) {
-      $sSortDir = add_escape_custom($_GET["sSortDir_$i"]); // ASC or DESC
+      $sSortDir = escape_sort_order($_GET["sSortDir_$i"]); // ASC or DESC
       // We are to sort on column # $iSortCol in direction $sSortDir.
       $orderby .= $orderby ? ', ' : 'ORDER BY ';
       //
@@ -49,7 +49,7 @@ if (isset($_GET['iSortCol_0'])) {
         $orderby .= "lname $sSortDir, fname $sSortDir, mname $sSortDir";
       }
       else {
-        $orderby .= "`" . add_escape_custom($aColumns[$iSortCol]) . "` $sSortDir";
+        $orderby .= "`" . escape_sql_column_name($aColumns[$iSortCol],array('patient_data')) . "` $sSortDir";
       }
 		}
 	}
@@ -69,7 +69,7 @@ if (isset($_GET['sSearch']) && $_GET['sSearch'] !== "") {
         "mname LIKE '$sSearch%' ";
     }
     else {
-      $where .= "`" . add_escape_custom($colname) . "` LIKE '$sSearch%' ";
+      $where .= "`" . escape_sql_column_name($colname,array('patient_data')) . "` LIKE '$sSearch%' ";
     }
   }
   if ($where) $where .= ")";
@@ -89,7 +89,7 @@ for ($i = 0; $i < count($aColumns); ++$i) {
         "mname LIKE '$sSearch%' )";
     }
     else {
-      $where .= " `" . add_escape_custom($colname) . "` LIKE '$sSearch%'";
+      $where .= " `" . escape_sql_column_name($colname,array('patient_data')) . "` LIKE '$sSearch%'";
     }
   }
 }
@@ -105,7 +105,7 @@ foreach ($aColumns as $colname) {
     $sellist .= "lname, fname, mname";
   }
   else {
-    $sellist .= "`" . add_escape_custom($colname) . "`";
+    $sellist .= "`" . escape_sql_column_name($colname,array('patient_data')) . "`";
   }
 }
 
-- 
2.11.4.GIT