summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorINOPIAE <inopiae@cacert.org>2014-02-25 22:59:19 +0100
committerINOPIAE <inopiae@cacert.org>2014-02-25 22:59:19 +0100
commit8c38aa34ce71ef56583235e09bc6134d4567abaf (patch)
treea0e6a42794a51544d31fad3ccfd2780682ac1ed5
parentdae136a73c50a394529f38574eb9273416b45465 (diff)
downloadcacert-devel-8c38aa34ce71ef56583235e09bc6134d4567abaf.tar.gz
cacert-devel-8c38aa34ce71ef56583235e09bc6134d4567abaf.tar.xz
cacert-devel-8c38aa34ce71ef56583235e09bc6134d4567abaf.zip
bug 1136: added intval for $_REQUEST['userid']
-rw-r--r--includes/account.php32
1 files changed, 16 insertions, 16 deletions
diff --git a/includes/account.php b/includes/account.php
index ec109ae..ed9ad66 100644
--- a/includes/account.php
+++ b/includes/account.php
@@ -2698,7 +2698,7 @@ function buildSubjectFromSession() {
$day = intval($_REQUEST['day']);
$month = intval($_REQUEST['month']);
$year = intval($_REQUEST['year']);
- $userid = intval($_REQUEST['userid']);
+ $userid = intval(intval($_REQUEST['userid']));
$query = "update `users` set `fname`='$fname',`mname`='$mname',`lname`='$lname',`suffix`='$suffix',`dob`='$year-$month-$day' where `id`='$userid'";
mysql_query($query);
write_se_log($userid, $_SESSION['profile']['id'],'SE Name/DOB Change',$ticketno);
@@ -2734,7 +2734,7 @@ function buildSubjectFromSession() {
if($id == 44)
{
- if($_REQUEST['userid'] != "")
+ if(intval($_REQUEST['userid']) != "")
$_REQUEST['userid'] = intval($_REQUEST['userid']);
$row = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($_REQUEST['userid'])."'"));
if($row['email'] == "")
@@ -3057,7 +3057,7 @@ function buildSubjectFromSession() {
if($id == 50)
{
- if(array_key_exists('userid',$_REQUEST) && $_REQUEST['userid'] != "")
+ if(array_key_exists('userid',$_REQUEST) && intval($_REQUEST['userid']) != "")
$_REQUEST['userid'] = intval($_REQUEST['userid']);
$row = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($_REQUEST['userid'])."'"));
@@ -3079,42 +3079,42 @@ function buildSubjectFromSession() {
if (trim($_REQUEST['arbitrationno'])==""){
showheader(_("My CAcert.org Account!"));
echo _("You did not enter an arbitration number entry.");
- printf('<br/><a href="account.php?id=43&amp;userid=' . $_REQUEST['userid'] . '">' . _('Back to previous page.') .'</a>');
+ printf('<br/><a href="account.php?id=43&amp;userid=' . intval($_REQUEST['userid']) . '">' . _('Back to previous page.') .'</a>');
showfooter();
exit;
}
if ( 1 !== preg_match('/^[a-z]\d{8}\.\d+\.\d+$/i',trim($_REQUEST['arbitrationno'])) ) {
showheader(_("My CAcert.org Account!"));
printf(_("'%s' is not a valid arbitration number entry."), sanitizeHTML(trim($_REQUEST['arbitrationno'])));
- printf('<br/><a href="account.php?id=43&amp;userid=' . $_REQUEST['userid'] . '">' . _('Back to previous page.') .'</a>');
+ printf('<br/><a href="account.php?id=43&amp;userid=' . intval($_REQUEST['userid']) . '">' . _('Back to previous page.') .'</a>');
showfooter();
exit;
}
if (check_email_exists(trim($_REQUEST['arbitrationno']).'@cacert.org')) {
showheader(_("My CAcert.org Account!"));
printf(_("The email address '%s' is already in a different account. Can't continue."), sanitizeHTML($_REQUEST['arbitrationno'].'@cacert.org'));
- printf('<br/><a href="account.php?id=43&amp;userid=' . $_REQUEST['userid'] . '">' . _('Back to previous page.') .'</a>');
+ printf('<br/><a href="account.php?id=43&amp;userid=' . intval($_REQUEST['userid']) . '">' . _('Back to previous page.') .'</a>');
showfooter();
exit;
}
- if (check_client_cert_running($_REQUEST['userid'],1) ||
- check_server_cert_running($_REQUEST['userid'],1) ||
- check_gpg_cert_running($_REQUEST['userid'],1)) {
+ if (check_client_cert_running(intval($_REQUEST['userid']),1) ||
+ check_server_cert_running(intval($_REQUEST['userid']),1) ||
+ check_gpg_cert_running(intval($_REQUEST['userid']),1)) {
showheader(_("My CAcert.org Account!"));
printf(_("The CCA retention time for at least one certificate is not over. Can't continue."));
- printf('<br/><a href="account.php?id=43&amp;userid=' . $_REQUEST['userid'] . '">' . _('Back to previous page.') .'</a>');
+ printf('<br/><a href="account.php?id=43&amp;userid=' . intval($_REQUEST['userid']) . '">' . _('Back to previous page.') .'</a>');
showfooter();
exit;
}
- if (check_is_orgadmin($_REQUEST['userid'],1)) {
+ if (check_is_orgadmin(intval($_REQUEST['userid']),1)) {
showheader(_("My CAcert.org Account!"));
printf(_("The user is listed as Organisation Administrator. Can't continue."));
- printf('<br/><a href="account.php?id=43&amp;userid=' . $_REQUEST['userid'] . '">' . _('Back to previous page.') .'</a>');
+ printf('<br/><a href="account.php?id=43&amp;userid=' . intval($_REQUEST['userid']) . '">' . _('Back to previous page.') .'</a>');
showfooter();
exit;
}
- account_delete($_REQUEST['userid'], trim($_REQUEST['arbitrationno']), $_SESSION['profile']['id']);
- write_se_log($_REQUEST['userid'], $_SESSION['profile']['id'], 'SE Account delete', trim($_REQUEST['arbitrationno']));
+ account_delete(intval($_REQUEST['userid']), trim($_REQUEST['arbitrationno']), $_SESSION['profile']['id']);
+ write_se_log(intval($_REQUEST['userid']), $_SESSION['profile']['id'], 'SE Account delete', trim($_REQUEST['arbitrationno']));
}
if(($id == 51 || $id == 52 || $oldid == 52))
@@ -3242,9 +3242,9 @@ function buildSubjectFromSession() {
*/
if($id == 59){
if ($oldid == 43 && $_SESSION['profile']['admin'] == 1) {
- write_se_log($_REQUEST['userid'], $_SESSION['profile']['id'], 'SE View account history', $_REQUEST['ticketno']);
+ write_se_log(intval($_REQUEST['userid']), $_SESSION['profile']['id'], 'SE View account history', $_REQUEST['ticketno']);
$_SESSION['support']=1;
- }ELSEIF ($oldid == 13 && $_REQUEST['userid'] == $_SESSION['profile']['id']){
+ }ELSEIF ($oldid == 13 && intval($_REQUEST['userid']) == $_SESSION['profile']['id']){
$_SESSION['support']=0;
}ELSE{
showheader(_("My CAcert.org Account!"));