bug 1137: corrected some checks in wot.inc.php and wot.php

3 files changed, 26 insertions, 9 deletions

diff --git a/includes/wot.inc.php b/includes/wot.inc.php
index 94253c9..b2d9a75 100644
--- a/includes/wot.inc.php
+++ b/includes/wot.inc.php
@@ -630,6 +630,7 @@ function AssureFoot($oldid,$confirm)
 // double with notray.inc
 /**
  * write_user_agreement()
+ * writes a new record to the table user_agreement
  *
  * @param mixed $memid
  * @param mixed $document
@@ -640,40 +641,52 @@ function AssureFoot($oldid,$confirm)
  * @return
  */
 function write_user_agreement($memid, $document, $method, $comment, $active=1, $secmemid=0){
-	// write a new record to the table user_agreement
-	$query="insert into `user_agreements` set `memid`=".$memid.", `secmemid`=".$secmemid.
-			",`document`='".$document."',`date`=NOW(), `active`=".$active.",`method`='".$method."',`comment`='".$comment."'" ;
+	//
+	$query="insert into `user_agreements` set `memid`=".intval($memid).", `secmemid`=".intval($secmemid).
+			",`document`='".$document."',`date`=NOW(), `active`=".intval($active).",`method`='".$method."',`comment`='".$comment."'" ;
 	$res = mysql_query($query);
 }
 
 /**
  * check_date_format()
+ * checks if the date is entered in the right date format YYYY-MM-DD and
+ * if the date is after the 1st January of the given year
  *
  * @param mixed $date
  * @param integer $year
  * @return
  */
 function check_date_format($date, $year=2000){
-	//checks if the date is entered in the right date format YYYY-MM-DD and if
 	if (!strpos($date,'-')) {
 		return FALSE;
 	}
 	$arr=explode('-',$date);
+
+	if ((count($arr)!=3)) {
+		return FALSE;
+	}
 	if (intval($arr[0])<=$year) {
+
+	}
+	if (intval($arr[1])>12 or intval($arr[1])<=0) {
+		return FALSE;
+	}
+	if (intval($arr[2])>31 or intval($arr[2])<=0) {
 		return FALSE;
 	}
-	return checkdate(intval($arr[1]), intval($arr[2]), intval($arr[0]));
+
+	return checkdate( intval($arr[1]), intval($arr[2]), intval($arr[0]));
 
 }
 
 /**
  * check_date_differnce()
+ * returns false if the date is larger then today + time diffrence
  *
  * @param mixed $date
  * @param integer $diff
  * @return
  */
 function check_date_differnce($date, $diff=1){
-	//returns false if the date is larger then today + time diffrence
 	return (strtotime($date)<=time()+$diff*86400);
-}
\ No newline at end of file
+}
diff --git a/pages/wot/6.php b/pages/wot/6.php
index a1f7489..fda3fc3 100644
--- a/pages/wot/6.php
+++ b/pages/wot/6.php
@@ -55,7 +55,5 @@
 	AssureBoxLine("rules",_("I have read and understood the CAcert Community Agreement (CCA), Assurance Policy and the Assurance Handbook. I am making this Assurance subject to and in compliance with the CCA, Assurance policy and handbook."),array_key_exists('rules',$_POST) && $_POST['rules'] == 1);
 	AssureTextLine(_("Policy"),"<a href=\"/policy/CAcert Community Agreement.php\" target=\"_blank\">"._("CAcert Community Agreement")."</a> -<a href=\"/policy/AssurancePolicy.php\" target=\"_blank\">"._("Assurance Policy")."</a> - <a href=\"http://wiki.cacert.org/AssuranceHandbook2\" target=\"_blank\">"._("Assurance Handbook")."</a>");
 	AssureInboxLine("points",_("Points"),"","<br />(Max. ".maxpoints().")");
-//	AssureCCABoxLine("CCAAgreed",sprintf(_("Check this box only if %s agreed to the <a href=\"/policy/CAcertCommunityAgreement.php\">CAcert Community Agreement</a>"),$fname));
-//	AssureCCABoxLine("CCAAgree",_("Check this box only if YOU agree to the <a href=\"/policy/CAcertCommunityAgreement.php\">CAcert Community Agreement</a>"));
 	AssureFoot($id,_("I confirm this Assurance"));
 ?>
diff --git a/www/wot.php b/www/wot.php
index a470b96..e35bdb0 100644
--- a/www/wot.php
+++ b/www/wot.php
@@ -266,6 +266,12 @@ $iecho= "c";
 			exit;
 		}
 
+		if($_REQUEST['points'] <0 || ($_REQUEST['points']>35))
+		{
+			show_page("VerifyData","",_("The number of points you entered are out of the range given by policy."));
+			exit;
+		}
+
 		$query = "select * from `users` where `id`='".$_SESSION['_config']['notarise']['id']."'";
 		$res = mysql_query($query);
 		$row = mysql_fetch_assoc($res);