fixes GHSA-wfmr-9hg8-jh3m protects pwg.activity.getList

include/ws_functions/pwg.php

@@ -454,8 +454,13 @@ function ws_getActivityList($param, &$service)
 {
   global $conf;
 
-  /* Test Lantency */ 
+  foreach (array('date_min', 'date_max') as $datefield)
-  // sleep(1);
+  {
+    if (!empty($param[$datefield]) and !is_valid_mysql_datetime($param[$datefield]))
+    {
+      return new PwgError(WS_ERR_INVALID_PARAM, 'Invalid '.$datefield);
+    }
+  }
   
   $output_lines = array();
   $current_key = '';
@@ -488,13 +493,13 @@ function ws_getActivityList($param, &$service)
   if (isset($param['action']))
   {
     $where .= '
-    AND action = "'.$param['action'].'"';
+    AND action = "'.pwg_db_real_escape_string($param['action']).'"';
   }
 
   if (isset($param['object']))
   {
     $where .= '
-    AND object = "'.$param['object'].'"';
+    AND object = "'.pwg_db_real_escape_string($param['object']).'"';
   }
 
   if (!empty($param['date_min']))

ws.php

@@ -86,8 +86,14 @@ function ws_addDefaultMethods( $arr )
     array(
       'page' => array('default'=>null,
                       'type'=>WS_TYPE_INT|WS_TYPE_POSITIVE),
-      'uid' => array('default'=>NULL,
+      'offset' => array('default'=>0,
-                     'type'=>WS_TYPE_INT|WS_TYPE_POSITIVE),
+                      'type'=>WS_TYPE_INT|WS_TYPE_POSITIVE),
+      'uid' => array('default'=>NULL, 'type'=>WS_TYPE_ID),
+      'date_min' => array('default'=>null),
+      'date_max' => array('default'=>null),
+      'id' => array('default'=>null, 'type'=>WS_TYPE_ID),
+      'object' => array('default'=>null),
+      'action' => array('default'=>null),
       ),
     'Returns general informations.',
     $ws_functions_root . 'pwg.php',