Fix security bugs

composer.json

@@ -21,7 +21,7 @@
     "extra": {
         "display-name": "Discord Notifications",
         "soft-require": {
-            "phpbb/phpbb": ">=3.1.4,<3.2.0@dev"
+            "phpbb/phpbb": ">=3.1.4"
         }
     },
     "require-dev": {

notification_service.php

@@ -77,7 +77,7 @@ public function is_notification_forum_enabled($forum_id)
 		}
 
 		// Query the forum table where forum notification settings are stored
-		$sql = "SELECT discord_notifications_enabled FROM " . FORUMS_TABLE . " WHERE forum_id = $forum_id";
+		$sql = "SELECT discord_notifications_enabled FROM " . FORUMS_TABLE . " WHERE forum_id = " . (int)$forum_id;
 		$result = $this->db->sql_query($sql);
 		$data = $this->db->sql_fetchrow($result);
 		$enabled = $data['discord_notifications_enabled'] == 1 ? true : false;
@@ -107,7 +107,7 @@ public function query_forum_name($forum_id)
 			return null;
 		}
 
-		$sql = "SELECT forum_name from " . FORUMS_TABLE . " WHERE forum_id = $forum_id";
+		$sql = "SELECT forum_name from " . FORUMS_TABLE . " WHERE forum_id = " . (int)$forum_id;
 		$result = $this->db->sql_query($sql);
 		$data = $this->db->sql_fetchrow($result);
 		$name = $data['forum_name'];
@@ -127,7 +127,7 @@ public function query_post_subject($post_id)
 			return null;
 		}
 
-		$sql = "SELECT post_subject from " . POSTS_TABLE . " WHERE post_id = $post_id";
+		$sql = "SELECT post_subject from " . POSTS_TABLE . " WHERE post_id = " (int)$post_id;
 		$result = $this->db->sql_query($sql);
 		$data = $this->db->sql_fetchrow($result);
 		$subject = $data['post_subject'];
@@ -147,7 +147,7 @@ public function query_topic_title($topic_id)
 			return null;
 		}
 
-		$sql = "SELECT topic_title from " . TOPICS_TABLE . " WHERE topic_id = $topic_id";
+		$sql = "SELECT topic_title from " . TOPICS_TABLE . " WHERE topic_id = " (int)$topic_id;
 		$result = $this->db->sql_query($sql);
 		$data = $this->db->sql_fetchrow($result);
 		$title = $data['topic_title'];
@@ -176,7 +176,7 @@ public function query_topic_details($topic_id)
 				FROM
 				$forum_table f, $topic_table t
 				WHERE
-				t.forum_id = f.forum_id and t.topic_id = $topic_id";
+				t.forum_id = f.forum_id and t.topic_id = ". (int)$topic_id;
 		$result = $this->db->sql_query($sql);
 		$data = $this->db->sql_fetchrow($result);
 		$this->db->sql_freeresult($result);
@@ -196,7 +196,7 @@ public function query_user_name($user_id)
 			return null;
 		}
 
-		$sql = "SELECT username from " . USERS_TABLE . " WHERE user_id = $user_id";
+		$sql = "SELECT username from " . USERS_TABLE . " WHERE user_id = " . (int)$user_id;
 		$result = $this->db->sql_query($sql);
 		$data = $this->db->sql_fetchrow($result);
 		$name = $data['username'];
@@ -311,20 +311,22 @@ private function execute_discord_webhook($discord_webhook_url, $color, $message,
 		}
 
 		// Place the message inside the JSON structure that Discord expects to receive at the REST endpoint.
-		$post = '';
+		$json = array("embeds"=>array(
+			"color"=>$color,
+			"description"=>$message
+			)
+		);
+
 		if (isset($footer))
 		{
-			$post = sprintf('{"embeds": [{"color": "%d", "description" : "%s", "footer": {"text": "%s"}}]}', $color, $message, $footer);
-		}
-		else {
-			$post = sprintf('{"embeds": [{"color": "%d", "description" : "%s"}]}', $color, $message);
+			$json["embeds"]["footer"] = array("text"=>$footer);
 		}
 
 		// Use the CURL library to transmit the message via a POST operation to the webhook URL.
 		$h = curl_init();
 		curl_setopt($h, CURLOPT_URL, $discord_webhook_url);
 		curl_setopt($h, CURLOPT_POST, 1);
-		curl_setopt($h, CURLOPT_POSTFIELDS, $post);
+		curl_setopt($h, CURLOPT_POSTFIELDS, json_encode($json));
 		$response = curl_exec($h);
 		curl_close($h);