summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBenny Baumann <BenBE@geshi.org>2014-04-30 18:27:23 +0200
committerBenny Baumann <BenBE@geshi.org>2014-04-30 20:18:56 +0200
commit5303f27029a70f45b46e292e9e8262f6111444c2 (patch)
treecaeb75be001e7f73c7130896d188654c820f5cee
parent8cdfaa2216d2e052bd5e9098e9e4c34e7b546e9d (diff)
downloadcacert-devel-5303f27029a70f45b46e292e9e8262f6111444c2.tar.gz
cacert-devel-5303f27029a70f45b46e292e9e8262f6111444c2.tar.xz
cacert-devel-5303f27029a70f45b46e292e9e8262f6111444c2.zip
bug 1138: And yet another bunch of missing escapes
-rw-r--r--pages/account/44.php2
-rw-r--r--pages/account/5.php32
-rw-r--r--pages/account/52.php20
-rw-r--r--pages/account/55.php10
-rw-r--r--pages/account/57.php2
-rw-r--r--pages/account/59.php10
-rw-r--r--pages/account/6.php4
7 files changed, 40 insertions, 40 deletions
diff --git a/pages/account/44.php b/pages/account/44.php
index d7e31c6..718f0e0 100644
--- a/pages/account/44.php
+++ b/pages/account/44.php
@@ -54,6 +54,6 @@ if (!valid_ticket_number($ticketno)) {
</tr>
</table>
<input type="hidden" name="userid" value="<?=intval($_REQUEST['userid'])?>">
-<input type="hidden" name="oldid" value="<?=$id?>">
+<input type="hidden" name="oldid" value="<?=intval($id)?>">
<input type="hidden" name="ticketno" value="<?=sanitizeHTML($ticketno)?>"/>
</form>
diff --git a/pages/account/5.php b/pages/account/5.php
index cca2f6f..f458114 100644
--- a/pages/account/5.php
+++ b/pages/account/5.php
@@ -19,7 +19,7 @@
<form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
- <td colspan="10" class="title"><?=_("Client Certificates")?> - <a href="account.php?id=5&amp;viewall=<?=!$viewall?>"><?=$viewall?_("Hide old certificates"):_("View all certificates")?></a></td>
+ <td colspan="10" class="title"><?=_("Client Certificates")?> - <a href="account.php?id=5&amp;viewall=<?=intval(!$viewall)?>"><?=$viewall?_("Hide old certificates"):_("View all certificates")?></a></td>
</tr>
<tr>
<td class="DataTD"><?=_("Renew/Revoke/Delete")?></td>
@@ -43,7 +43,7 @@
`emailcerts`.`disablelogin` as `disablelogin`,
`emailcerts`.`description`
from `emailcerts`
- where `emailcerts`.`memid`='".$_SESSION['profile']['id']."'
+ where `emailcerts`.`memid`='".intval($_SESSION['profile']['id'])."'
";
if($viewall != 1)
$query .= " AND `revoked`=0 AND `renewed`=0 ";
@@ -75,32 +75,32 @@
?>
<tr>
<? if($verified != _("Pending") && $verified != _("Revoked")) { ?>
- <td class="DataTD"><input type="checkbox" name="revokeid[]" value="<?=$row['id']?>"></td>
+ <td class="DataTD"><input type="checkbox" name="revokeid[]" value="<?=intval($row['id'])?>"></td>
<td class="DataTD"><?=$verified?></td>
- <td class="DataTD"><a href="account.php?id=6&amp;cert=<?=$row['id']?>"><?=(trim($row['CN'])=="" ? _("empty") : $row['CN'])?></a></td>
+ <td class="DataTD"><a href="account.php?id=6&amp;cert=<?=intval($row['id'])?>"><?=(trim($row['CN'])=="" ? _("empty") : sanitizeHTML($row['CN']))?></a></td>
<? } else if($verified != _("Revoked")) { ?>
- <td class="DataTD"><input type="checkbox" name="delid[]" value="<?=$row['id']?>"></td>
+ <td class="DataTD"><input type="checkbox" name="delid[]" value="<?=intval($row['id'])?>"></td>
<td class="DataTD"><?=$verified?></td>
- <td class="DataTD"><?=(trim($row['CN'])=="" ? _("empty") : $row['CN'])?></td>
+ <td class="DataTD"><?=(trim($row['CN'])=="" ? _("empty") : sanitizeHTML($row['CN']))?></td>
<? } else { ?>
<td class="DataTD">&nbsp;</td>
<td class="DataTD"><?=$verified?></td>
- <td class="DataTD"><?=(trim($row['CN'])=="" ? _("empty") : $row['CN'])?></td>
+ <td class="DataTD"><?=(trim($row['CN'])=="" ? _("empty") : sanitizeHTML($row['CN']))?></td>
<? } ?>
- <td class="DataTD"><?=$row['serial']?></td>
- <td class="DataTD"><?=$row['revoke']?></td>
- <td class="DataTD"><?=$row['expire']?></td>
+ <td class="DataTD"><?=sanitizeHTML($row['serial'])?></td>
+ <td class="DataTD"><?=sanitizeHTML($row['revoke'])?></td>
+ <td class="DataTD"><?=sanitizeHTML($row['expire'])?></td>
<td class="DataTD">
- <input type="checkbox" name="disablelogin_<?=$row['id']?>" value="1" <?=$row['disablelogin']?"":'checked="checked"'?>/>
- <input type="hidden" name="cert_<?=$row['id']?>" value="1" />
+ <input type="checkbox" name="disablelogin_<?=intval($row['id'])?>" value="1" <?=$row['disablelogin']?"":'checked="checked"'?>/>
+ <input type="hidden" name="cert_<?=intval($row['id'])?>" value="1" />
</td>
- <td class="DataTD"><input name="comment_<?=$row['id']?>" type="text" value="<?=htmlspecialchars($row['description'])?>" /></td>
- <td class="DataTD"><input type="checkbox" name="check_comment_<?=$row['id']?>" /></td>
+ <td class="DataTD"><input name="comment_<?=intval($row['id'])?>" type="text" value="<?=htmlspecialchars($row['description'])?>" /></td>
+ <td class="DataTD"><input type="checkbox" name="check_comment_<?=intval($row['id'])?>" /></td>
</tr>
<? } ?>
<tr>
<td class="DataTD" colspan="9">
- <a href="account.php?id=5&amp;viewall=<?=!$viewall?>"><b><?=$viewall?_("Hide old certificates"):_("View all certificates")?></b></a>
+ <a href="account.php?id=5&amp;viewall=<?=intval(!$viewall)?>"><b><?=$viewall?_("Hide old certificates"):_("View all certificates")?></b></a>
</td>
</tr>
@@ -119,7 +119,7 @@
</tr>
<? } ?>
</table>
-<input type="hidden" name="oldid" value="<?=$id?>" />
+<input type="hidden" name="oldid" value="<?=intval($id)?>" />
<input type="hidden" name="csrf" value="<?=make_csrf('clicerchange')?>" />
</form>
<p><?=_("From here you can delete pending requests, or revoke valid certificates.")?></p>
diff --git a/pages/account/52.php b/pages/account/52.php
index ce2025f..cb35548 100644
--- a/pages/account/52.php
+++ b/pages/account/52.php
@@ -18,14 +18,14 @@
<? if($_SESSION['profile']['tverify'] <= 0) { echo _("You don't have access to this area."); } else { ?>
<?
$uid = intval($_GET['uid']);
- $query = "select * from `tverify` where `id`='$uid' and `modified`=0";
+ $query = "select * from `tverify` where `id`='".intval($uid)."' and `modified`=0";
$res = mysql_query($query);
if(mysql_num_rows($res) > 0)
{
$row = mysql_fetch_assoc($res);
$memid = intval($row['memid']);
- $query2 = "select * from `tverify-vote` where `tverify`='$uid' and `memid`='".intval($_SESSION['profile']['id'])."'";
+ $query2 = "select * from `tverify-vote` where `tverify`='".intval($uid)."' and `memid`='".intval($_SESSION['profile']['id'])."'";
$rc2 = mysql_num_rows(mysql_query($query2));
if($rc2 > 0)
{
@@ -35,9 +35,9 @@
exit;
}
- $query = "select sum(`points`) as `points` from `notary` where `to`='$memid' and `deleted` = 0";
+ $query = "select sum(`points`) as `points` from `notary` where `to`='".intval($memid)."' and `deleted` = 0";
$notary = mysql_fetch_assoc(mysql_query($query));
- $query = "select * from `users` where `id`='$memid'";
+ $query = "select * from `users` where `id`='".intval($memid)."'";
$user = mysql_fetch_assoc(mysql_query($query));
$tobe = 50 - $notary['points'];
if($row['URL'] != '' && $row['photoid'] != '')
@@ -48,9 +48,9 @@
$tobe = 0;
?>
<?=_("Request Details")?>:<br>
-<?=_("Name on file")?>: <?=$user['fname']." ".$user['mname']." ".$user['lname']." ".$user['suffix']?><br>
-<?=_("Primary email address")?>: <?=$user['email']." (".$user['id'].")"?><br>
-<?=_("Certificate Subject")?>: <?=$row['CN']?><br>
+<?=_("Name on file")?>: <?=sanitizeHTML($user['fname']." ".$user['mname']." ".$user['lname']." ".$user['suffix'])?><br>
+<?=_("Primary email address")?>: <?=sanitizeHTML($user['email'])." (".intval($user['id']).")"?><br>
+<?=_("Certificate Subject")?>: <?=sanitizeHTML($row['CN'])?><br>
<? if($row['URL'] != '') { ?><?=_("Notary URL")?>: <a href="<?=$row['URL']?>"><?=$row['URL']?></a><br><? } ?>
<? if($row['photoid'] != '') { ?><?=_("Photo ID URL")?>: <a href="/account.php?id=51&amp;photoid=<?=intval($row['id'])?>"><?=_("Here")?></a><br><? } ?>
<?=_("Current Points")?>: <?=intval($notary['points'])?><br>
@@ -63,10 +63,10 @@
<input type="submit" name="agree" value="<?=_("I agree with this Application")?>">
<input type="submit" name="disagree" value="<?=_("I don't agree with this Application")?>">
<input type="hidden" name="oldid" value="<?=intval($_GET['id'])?>">
-<input type="hidden" name="uid" value="<?=$uid?>">
+<input type="hidden" name="uid" value="<?=intval($uid)?>">
</form>
<? } else {
- $query = "select * from `tverify` where `id`='$uid' and `modified`=1";
+ $query = "select * from `tverify` where `id`='".intval($uid)."' and `modified`=1";
$res = mysql_query($query);
if(mysql_num_rows($res) > 0)
{
@@ -84,7 +84,7 @@
while($row = mysql_fetch_assoc($res))
{
$uid=intval($row['id']);
- $query3 = "select * from `tverify-vote` where `tverify`='$uid' and `memid`='".intval($_SESSION['profile']['id'])."'";
+ $query3 = "select * from `tverify-vote` where `tverify`='".intval($uid)."' and `memid`='".intval($_SESSION['profile']['id'])."'";
$rc3 = mysql_num_rows(mysql_query($query3));
if($rc3 <= 0)
{
diff --git a/pages/account/55.php b/pages/account/55.php
index 7e9710c..d110601 100644
--- a/pages/account/55.php
+++ b/pages/account/55.php
@@ -58,7 +58,7 @@
<?
$query = "SELECT `CP`.`pass_date`, `CT`.`type_text`, `CV`.`test_text` ".
" FROM `cats_passed` AS CP, `cats_variant` AS CV, `cats_type` AS CT ".
- " WHERE `CP`.`variant_id`=`CV`.`id` AND `CV`.`type_id`=`CT`.`id` AND `CP`.`user_id` ='".(int)$user_id."'".
+ " WHERE `CP`.`variant_id`=`CV`.`id` AND `CV`.`type_id`=`CT`.`id` AND `CP`.`user_id` ='".intval($user_id)."'".
" ORDER BY `CP`.`pass_date`";
$res = mysql_query($query);
@@ -71,9 +71,9 @@
}
?>
<tr>
- <td class="DataTD"><?=$row[0]?></td>
- <td class="DataTD"><?=$row[1]?></td>
- <td class="DataTD"><?=$row[2]?></td>
+ <td class="DataTD"><?=sanitizeHTML($row[0])?></td>
+ <td class="DataTD"><?=sanitizeHTML($row[1])?></td>
+ <td class="DataTD"><?=sanitizeHTML($row[2])?></td>
</tr>
<? }
?>
@@ -84,7 +84,7 @@
<?
if ($_SESSION['profile']['admin'] == 1 && array_key_exists('userid',$_REQUEST) && intval($_REQUEST['userid']) > 0) {
?>
- <tr><td colspan="3" class="DataTD"><a href="account.php?id=43&amp;userid=<?=$user_id ?>">back</a></td></tr>
+ <tr><td colspan="3" class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($user_id)?>">back</a></td></tr>
<? } else {
$query = 'SELECT `u`.id, `u`.`assurer`, SUM(`points`) FROM `users` AS `u`, `notary` AS `n` '.
' WHERE `u`.`id` = \''.(int)intval($_SESSION['profile']['id']).'\' AND `n`.`to` = `u`.`id` AND `expire` < now() and and `n`.`deleted` = 0'.
diff --git a/pages/account/57.php b/pages/account/57.php
index c6a490f..9db7ccf 100644
--- a/pages/account/57.php
+++ b/pages/account/57.php
@@ -98,7 +98,7 @@
<?
if ($_SESSION['profile']['admin'] == 1 && array_key_exists('userid',$_REQUEST) && intval($_REQUEST['userid']) > 0) {
?>
- <tr><td colspan="3" class="DataTD"><a href="account.php?id=43&amp;userid=<?=$user_id ?>">back</a></td></tr>
+ <tr><td colspan="3" class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($user_id)?>">back</a></td></tr>
<? }
?> </table>
<?
diff --git a/pages/account/59.php b/pages/account/59.php
index f8bae4a..1c73ae5 100644
--- a/pages/account/59.php
+++ b/pages/account/59.php
@@ -65,14 +65,14 @@ if ($userid != $_SESSION['profile']['id']) {
if (!valid_ticket_number($ticketno)) {
printf(_("I'm sorry, you did not enter a ticket number! %s Support is not allowed to view the account history without a ticket number."), '<br/>');
- echo '<br/><a href="account.php?id=43&amp;userid='.$userid.'">'. _('Back to previous page.') .'</a>';
+ echo '<br/><a href="account.php?id=43&amp;userid='.intval($userid).'">'. _('Back to previous page.') .'</a>';
showfooter();
exit;
}
if (!write_se_log($userid, $_SESSION['profile']['id'], 'SE View account history', $ticketno)) {
echo _("Writing to the admin log failed. Can't continue.");
- echo '<br/><a href="account.php?id=43&amp;userid='.$userid.'">'. _('Back to previous page.') .'</a>';
+ echo '<br/><a href="account.php?id=43&amp;userid='.intval($userid).'">'. _('Back to previous page.') .'</a>';
showfooter();
exit;
}
@@ -89,11 +89,11 @@ if ($userid != $_SESSION['profile']['id']) {
</tr>
<tr>
<td class="DataTD"><?=_('User name')?></td>
- <td class="DataTD"><?=$username?></td>
+ <td class="DataTD"><?=sanitizeHTML($username)?></td>
</tr>
<tr>
<td class="DataTD"><?=_('Date of Birth')?></td>
- <td class="DataTD"><?=$dob?></td>
+ <td class="DataTD"><?=sanitizeHTML($dob)?></td>
</tr>
<tr>
<td class="DataTD"><?=_("Is Assurer")?>:</td>
@@ -378,7 +378,7 @@ if (mysql_num_rows($dres) > 0) {
?>
<tr>
<td colspan="<?=$colspan?>" >
- <a href="account.php?id=<?=$oldid?intval($oldid):($support?43:13)?>&amp;userid=<?=$userid?>"><?= _('Back to previous page.')?></a>
+ <a href="account.php?id=<?=$oldid?intval($oldid):($support?43:13)?>&amp;userid=<?=intval($userid)?>"><?= _('Back to previous page.')?></a>
</td>
</tr>
diff --git a/pages/account/6.php b/pages/account/6.php
index 0803406..305fccb 100644
--- a/pages/account/6.php
+++ b/pages/account/6.php
@@ -137,11 +137,11 @@ if (array_key_exists('format', $_REQUEST)) {
</tr>
<tr>
<td class="DataTD"><?=_("Email Address")?></td>
- <td class="DataTD"><?=(trim($row['CN'])=="" ? _("empty") : $row['CN'])?></td>
+ <td class="DataTD"><?=(trim($row['CN'])=="" ? _("empty") : sanitizeHTML($row['CN']))?></td>
</tr>
<tr>
<td class="DataTD"><?=_("SerialNumber")?></td>
- <td class="DataTD"><?=$row['serial']?></td>
+ <td class="DataTD"><?=sanitizeHTML($row['serial'])?></td>
</tr>
<tr>
<td class="DataTD"><?=_("Revoked")?></td>