我正在修改我的同事在 CakePHP 2.7 中开发的 API 系统。出于某种原因,他使用的是$this->query("INSERT INTO...")逻辑,而不是$this->Model->save。当然,雇佣的渗透测试人员发现这是最关键的漏洞,但我无法$this>模型>保存来保存数据。
相关代码位:
APIController.php:
public $uses = array('ApiLog', 'ClientRecords', 'Client','TestingAPIStat','TestingAPIPool','Logging');
public function afterFilter() {
$l_t_n = $this->Logging->table;
$this->Logging->query("INSERT INTO $l_t_n VALUES ('$username', '$clientCode', '$surname', '$address1', '$address2', '$address3', '$address4', '$address5', '$address6', '$address7','$address8' , '$address9', '$postcode', '$dob', '$forename', '$title', '$home_telephone','$work_telephone' , '$mobile_telephone', '$email_address', '$ip', '$now', $dur_query, $dur_calc, $dur, '$code', $countids, $init_pool_size, "$string_query",$r_id,$tgood,$tbad,$treturner);");
模型日志记录.php:
<?php
App::uses('AppModel', 'Model');
class Logging extends AppModel
{
public $useTable = "logging";
}
上面的代码确实有效并将新记录插入表中。当我修改代码以使用 this->Logging->save($logging_values ) 时,它不会插入新记录,但是 $this->Logging->save 返回 true。
我尝试保存的$logging_values数组结构和内容:
Array
(
[Logging] => Array
(
[Request_ID] => aa11
[add1] => 5
[add2] => 5
[add3] => 5
[add4] => 5
[add5] => 5
[add6] => 5
[add7] => 5
[add8] => 5
[add9] => 5
[calc_duration] => 5
[client_code] => 5
[dob] =>
[email_address] => 5
[firstname] => 5
[home_telephone] => 5
[init_pool_size] => 5
[mobile_telephone] => 5
[overall_duration] => 5
[pool_records] => 5
[pool_size] => 5
[postcode] => 5
[query_duration] => 5
[returned_code] => 5
[submitted_time] =>
[surname] => 5
[title] => 5
[total_bad] => 5
[total_good] => 5
[total_returner] => 5
[user_ip] => 5
[username] => 5
[work_telephone] => 5
)
)
日志记录表结构:
CREATE TABLE `logging` (
`username` Text CHARACTER SET utf8 COLLATE utf8_general_ci NULL,
`client_code` VarChar( 10 ) CHARACTER SET utf8 COLLATE utf8_general_ci NULL,
`surname` VarChar( 150 ) CHARACTER SET utf8 COLLATE utf8_general_ci NULL,
`add1` VarChar( 150 ) CHARACTER SET utf8 COLLATE utf8_general_ci NULL,
`add2` VarChar( 150 ) CHARACTER SET utf8 COLLATE utf8_general_ci NULL,
`add3` VarChar( 150 ) CHARACTER SET utf8 COLLATE utf8_general_ci NULL,
`add4` VarChar( 150 ) CHARACTER SET utf8 COLLATE utf8_general_ci NULL,
`add5` VarChar( 150 ) CHARACTER SET utf8 COLLATE utf8_general_ci NULL,
`add6` VarChar( 150 ) CHARACTER SET utf8 COLLATE utf8_general_ci NULL,
`add7` VarChar( 150 ) CHARACTER SET utf8 COLLATE utf8_general_ci NULL,
`add8` VarChar( 150 ) CHARACTER SET utf8 COLLATE utf8_general_ci NULL,
`add9` VarChar( 150 ) CHARACTER SET utf8 COLLATE utf8_general_ci NULL,
`postcode` VarChar( 150 ) CHARACTER SET utf8 COLLATE utf8_general_ci NULL,
`dob` VarChar( 150 ) CHARACTER SET utf8 COLLATE utf8_general_ci NULL,
`firstname` VarChar( 150 ) CHARACTER SET utf8 COLLATE utf8_general_ci NULL,
`title` VarChar( 20 ) CHARACTER SET utf8 COLLATE utf8_general_ci NULL,
`home_telephone` VarChar( 45 ) CHARACTER SET utf8 COLLATE utf8_general_ci NULL,
`mobile_telephone` VarChar( 45 ) CHARACTER SET utf8 COLLATE utf8_general_ci NULL,
`work_telephone` VarChar( 45 ) CHARACTER SET utf8 COLLATE utf8_general_ci NULL,
`email_address` VarChar( 150 ) CHARACTER SET utf8 COLLATE utf8_general_ci NULL,
`user_ip` VarChar( 45 ) CHARACTER SET utf8 COLLATE utf8_general_ci NULL,
`submitted_time` DateTime NULL,
`query_duration` Double( 22, 0 ) NULL,
`calc_duration` Double( 22, 0 ) NULL,
`overall_duration` Double( 22, 0 ) NULL,
`returned_code` VarChar( 10 ) CHARACTER SET utf8 COLLATE utf8_general_ci NULL,
`pool_size` Int( 11 ) NULL,
`init_pool_size` Int( 11 ) NULL,
`pool_records` Text CHARACTER SET utf8 COLLATE utf8_general_ci NULL,
`Request_ID` Int( 255 ) NOT NULL,
`total_good` Int( 11 ) NULL,
`total_bad` Int( 11 ) NULL,
`total_returner` Int( 11 ) NULL )
CHARACTER SET = utf8
COLLATE = utf8_general_ci
ENGINE = InnoDB;
我正在使用的代码
if($this->Logging->save($logging_values, false))
{ echo "success";};
debug($this->Logging->validationErrors); //show validationErrors
debug($this->Logging->getDataSource()->getLog(false, false));
我确实看到了"成功"消息,但没有任何内容被保存。当我尝试将文本保存到整数数据库列"Request_ID"中时,我得到内部服务器响应 500。不确定如何调试?debug 语句不显示任何内容,尽管 debug 选项在核心中设置为 2.php
尝试以下代码可能会解决您的问题
$this->Logging->save($logging_values['Logging']);