summaryrefslogtreecommitdiff
path: root/pages/account/52.php
diff options
context:
space:
mode:
authorBenny Baumann <BenBE@geshi.org>2014-04-30 18:27:23 +0200
committerBenny Baumann <BenBE@geshi.org>2014-04-30 20:18:56 +0200
commit5303f27029a70f45b46e292e9e8262f6111444c2 (patch)
treecaeb75be001e7f73c7130896d188654c820f5cee /pages/account/52.php
parent8cdfaa2216d2e052bd5e9098e9e4c34e7b546e9d (diff)
downloadcacert-devel-5303f27029a70f45b46e292e9e8262f6111444c2.tar.gz
cacert-devel-5303f27029a70f45b46e292e9e8262f6111444c2.tar.xz
cacert-devel-5303f27029a70f45b46e292e9e8262f6111444c2.zip
bug 1138: And yet another bunch of missing escapes
Diffstat (limited to 'pages/account/52.php')
-rw-r--r--pages/account/52.php20
1 files changed, 10 insertions, 10 deletions
diff --git a/pages/account/52.php b/pages/account/52.php
index ce2025f..cb35548 100644
--- a/pages/account/52.php
+++ b/pages/account/52.php
@@ -18,14 +18,14 @@
<? if($_SESSION['profile']['tverify'] <= 0) { echo _("You don't have access to this area."); } else { ?>
<?
$uid = intval($_GET['uid']);
- $query = "select * from `tverify` where `id`='$uid' and `modified`=0";
+ $query = "select * from `tverify` where `id`='".intval($uid)."' and `modified`=0";
$res = mysql_query($query);
if(mysql_num_rows($res) > 0)
{
$row = mysql_fetch_assoc($res);
$memid = intval($row['memid']);
- $query2 = "select * from `tverify-vote` where `tverify`='$uid' and `memid`='".intval($_SESSION['profile']['id'])."'";
+ $query2 = "select * from `tverify-vote` where `tverify`='".intval($uid)."' and `memid`='".intval($_SESSION['profile']['id'])."'";
$rc2 = mysql_num_rows(mysql_query($query2));
if($rc2 > 0)
{
@@ -35,9 +35,9 @@
exit;
}
- $query = "select sum(`points`) as `points` from `notary` where `to`='$memid' and `deleted` = 0";
+ $query = "select sum(`points`) as `points` from `notary` where `to`='".intval($memid)."' and `deleted` = 0";
$notary = mysql_fetch_assoc(mysql_query($query));
- $query = "select * from `users` where `id`='$memid'";
+ $query = "select * from `users` where `id`='".intval($memid)."'";
$user = mysql_fetch_assoc(mysql_query($query));
$tobe = 50 - $notary['points'];
if($row['URL'] != '' && $row['photoid'] != '')
@@ -48,9 +48,9 @@
$tobe = 0;
?>
<?=_("Request Details")?>:<br>
-<?=_("Name on file")?>: <?=$user['fname']." ".$user['mname']." ".$user['lname']." ".$user['suffix']?><br>
-<?=_("Primary email address")?>: <?=$user['email']." (".$user['id'].")"?><br>
-<?=_("Certificate Subject")?>: <?=$row['CN']?><br>
+<?=_("Name on file")?>: <?=sanitizeHTML($user['fname']." ".$user['mname']." ".$user['lname']." ".$user['suffix'])?><br>
+<?=_("Primary email address")?>: <?=sanitizeHTML($user['email'])." (".intval($user['id']).")"?><br>
+<?=_("Certificate Subject")?>: <?=sanitizeHTML($row['CN'])?><br>
<? if($row['URL'] != '') { ?><?=_("Notary URL")?>: <a href="<?=$row['URL']?>"><?=$row['URL']?></a><br><? } ?>
<? if($row['photoid'] != '') { ?><?=_("Photo ID URL")?>: <a href="/account.php?id=51&amp;photoid=<?=intval($row['id'])?>"><?=_("Here")?></a><br><? } ?>
<?=_("Current Points")?>: <?=intval($notary['points'])?><br>
@@ -63,10 +63,10 @@
<input type="submit" name="agree" value="<?=_("I agree with this Application")?>">
<input type="submit" name="disagree" value="<?=_("I don't agree with this Application")?>">
<input type="hidden" name="oldid" value="<?=intval($_GET['id'])?>">
-<input type="hidden" name="uid" value="<?=$uid?>">
+<input type="hidden" name="uid" value="<?=intval($uid)?>">
</form>
<? } else {
- $query = "select * from `tverify` where `id`='$uid' and `modified`=1";
+ $query = "select * from `tverify` where `id`='".intval($uid)."' and `modified`=1";
$res = mysql_query($query);
if(mysql_num_rows($res) > 0)
{
@@ -84,7 +84,7 @@
while($row = mysql_fetch_assoc($res))
{
$uid=intval($row['id']);
- $query3 = "select * from `tverify-vote` where `tverify`='$uid' and `memid`='".intval($_SESSION['profile']['id'])."'";
+ $query3 = "select * from `tverify-vote` where `tverify`='".intval($uid)."' and `memid`='".intval($_SESSION['profile']['id'])."'";
$rc3 = mysql_num_rows(mysql_query($query3));
if($rc3 <= 0)
{