Malware gevoelige code
Zou iemand mij kunnen vertellen,
waarom deze code gevoelig is voor malware, althans die van stopbadmalware.org
Code (php)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
<?php
Class Succes {
function __construct(){
}
public static function renderBranceSelect(){
$html = 'test';
$result = Db::sql_select("SELECT * FROM successen_branche WHERE actief='1' ORDER BY volgorde_nr");
$option_list= '<option value="">kies een branche</option>';
for($i=0;$i<mysql_num_rows($result);$i++){
// if($cat_id == mysql_result($result,$i,"id") ){
// $class = 'class="sel"';
//}
$option_list.=
'<option value="' . mysql_result($result,$i,"id") . '">'
. mysql_result($result,$i,"naam") .
'</option>'
;
}
$html =
'<div style="float:left;width:200px;oveflow:hidden;margin-right:10px;margin-left:10px;">
<div style="font-size:15px;font-weight:bold;">Branche</div>
<br>
<select onchange="renderKlanten()" style="width:200px;" id="branche-select">'
. $option_list .
'</select>
</div>'
;
return $html;
}
public static function getKlantenList($branche_id = false){
$disabled= 'disabled="disabled"';
if($branche_id){
$b_result = Db::sql_select("SELECT * FROM successen_branche WHERE id= '" .$branche_id ."'");
$result = Db::sql_select("SELECT * FROM klanten WHERE actief= '1' AND branche ='". mysql_result($b_result,0,'naam') ."' ORDER BY naam ASC");
$disabled= '';
}
$option_list = '<option value="">kies een opdrachtgever</option>';
if(isset($result)){
for($i=0;$i<mysql_num_rows($result);$i++){
$option_list.=
'<option value="' . mysql_result($result,$i,"id") . '">'
. mysql_result($result,$i,"naam") .
'</option>'
;
}
}
$html =
'<div style="float:left;width:200px;oveflow:hidden;">
<div style="font-size:15px;font-weight:bold;">Opdrachtgevers</div><br>
<select '. $disabled .' onchange="renderSuccessen();" style="width:200px;" id="opdrachtgever-select">'
. $option_list .
'</select>
</div>'
;
return $html;
}
public static function getSuccessenList($klant_id = false){
if((!$klant_id)||($klant_id == '')){
return '';
}
if($klant_id == '*'){
$result = Db::sql_select("SELECT * FROM successen WHERE actief= '1' ORDER BY omschrijving ASC");
}else {
$s_arr = Db::column_to_array("gekoppelde_object_id",Db::sql_select("SELECT * FROM cms_koppelingen_data WHERE list_id = '1' AND gekoppelde_list_id ='5' AND object_id = '" .$klant_id ."'"));
$sql_id_str = implode("' OR id='",$s_arr);
//var_dump("SELECT * FROM successen WHERE actief= '1' AND id='". $sql_id_str ."' ORDER BY omschrijving ASC");
$result = Db::sql_select("SELECT * FROM successen WHERE actief= '1' AND id='". $sql_id_str ."' ORDER BY omschrijving ASC");
}
$list = '';
if(mysql_num_rows($result) == 0){
$list .= '<li>Geen successen</li>';
}else {
for($i=0;$i<mysql_num_rows($result);$i++){
$list .= '<li>' .Tekst::remove_tag('p',mysql_result($result,$i,"omschrijving")) .'</li>';
}
}
$html =
'<div style="font-size:15px;font-weight:bold;margin-bot">Successen</div><ul>'
. $list .
'</ul>'
;
return $html;
}
}
?>
Class Succes {
function __construct(){
}
public static function renderBranceSelect(){
$html = 'test';
$result = Db::sql_select("SELECT * FROM successen_branche WHERE actief='1' ORDER BY volgorde_nr");
$option_list= '<option value="">kies een branche</option>';
for($i=0;$i<mysql_num_rows($result);$i++){
// if($cat_id == mysql_result($result,$i,"id") ){
// $class = 'class="sel"';
//}
$option_list.=
'<option value="' . mysql_result($result,$i,"id") . '">'
. mysql_result($result,$i,"naam") .
'</option>'
;
}
$html =
'<div style="float:left;width:200px;oveflow:hidden;margin-right:10px;margin-left:10px;">
<div style="font-size:15px;font-weight:bold;">Branche</div>
<br>
<select onchange="renderKlanten()" style="width:200px;" id="branche-select">'
. $option_list .
'</select>
</div>'
;
return $html;
}
public static function getKlantenList($branche_id = false){
$disabled= 'disabled="disabled"';
if($branche_id){
$b_result = Db::sql_select("SELECT * FROM successen_branche WHERE id= '" .$branche_id ."'");
$result = Db::sql_select("SELECT * FROM klanten WHERE actief= '1' AND branche ='". mysql_result($b_result,0,'naam') ."' ORDER BY naam ASC");
$disabled= '';
}
$option_list = '<option value="">kies een opdrachtgever</option>';
if(isset($result)){
for($i=0;$i<mysql_num_rows($result);$i++){
$option_list.=
'<option value="' . mysql_result($result,$i,"id") . '">'
. mysql_result($result,$i,"naam") .
'</option>'
;
}
}
$html =
'<div style="float:left;width:200px;oveflow:hidden;">
<div style="font-size:15px;font-weight:bold;">Opdrachtgevers</div><br>
<select '. $disabled .' onchange="renderSuccessen();" style="width:200px;" id="opdrachtgever-select">'
. $option_list .
'</select>
</div>'
;
return $html;
}
public static function getSuccessenList($klant_id = false){
if((!$klant_id)||($klant_id == '')){
return '';
}
if($klant_id == '*'){
$result = Db::sql_select("SELECT * FROM successen WHERE actief= '1' ORDER BY omschrijving ASC");
}else {
$s_arr = Db::column_to_array("gekoppelde_object_id",Db::sql_select("SELECT * FROM cms_koppelingen_data WHERE list_id = '1' AND gekoppelde_list_id ='5' AND object_id = '" .$klant_id ."'"));
$sql_id_str = implode("' OR id='",$s_arr);
//var_dump("SELECT * FROM successen WHERE actief= '1' AND id='". $sql_id_str ."' ORDER BY omschrijving ASC");
$result = Db::sql_select("SELECT * FROM successen WHERE actief= '1' AND id='". $sql_id_str ."' ORDER BY omschrijving ASC");
}
$list = '';
if(mysql_num_rows($result) == 0){
$list .= '<li>Geen successen</li>';
}else {
for($i=0;$i<mysql_num_rows($result);$i++){
$list .= '<li>' .Tekst::remove_tag('p',mysql_result($result,$i,"omschrijving")) .'</li>';
}
}
$html =
'<div style="font-size:15px;font-weight:bold;margin-bot">Successen</div><ul>'
. $list .
'</ul>'
;
return $html;
}
}
?>
Wat kan hieraan verbeterd worden?
Ik vind je code niet netjes maar zie niet meteen iets waardoor die gevoelig is voor malware. (Ik zie ook geen enkele input van user data)
Misschien wel aan de INSERT of UPDATE query's.
Heb je daar ook code van?
Wat zijn trouwens de symptomen van die malware? Wat gebeurt er?