diff options
| author | Benny Baumann <BenBE@geshi.org> | 2014-04-30 18:27:23 +0200 |
|---|---|---|
| committer | Benny Baumann <BenBE@geshi.org> | 2014-04-30 20:18:56 +0200 |
| commit | 5303f27029a70f45b46e292e9e8262f6111444c2 (patch) | |
| tree | caeb75be001e7f73c7130896d188654c820f5cee /pages | |
| parent | 8cdfaa2216d2e052bd5e9098e9e4c34e7b546e9d (diff) | |
| download | cacert-devel-5303f27029a70f45b46e292e9e8262f6111444c2.tar.gz cacert-devel-5303f27029a70f45b46e292e9e8262f6111444c2.tar.xz cacert-devel-5303f27029a70f45b46e292e9e8262f6111444c2.zip | |
bug 1138: And yet another bunch of missing escapes
Diffstat (limited to 'pages')
| -rw-r--r-- | pages/account/44.php | 2 | ||||
| -rw-r--r-- | pages/account/5.php | 32 | ||||
| -rw-r--r-- | pages/account/52.php | 20 | ||||
| -rw-r--r-- | pages/account/55.php | 10 | ||||
| -rw-r--r-- | pages/account/57.php | 2 | ||||
| -rw-r--r-- | pages/account/59.php | 10 | ||||
| -rw-r--r-- | pages/account/6.php | 4 |
7 files changed, 40 insertions, 40 deletions
diff --git a/pages/account/44.php b/pages/account/44.php index d7e31c6..718f0e0 100644 --- a/pages/account/44.php +++ b/pages/account/44.php @@ -54,6 +54,6 @@ if (!valid_ticket_number($ticketno)) { </tr> </table> <input type="hidden" name="userid" value="<?=intval($_REQUEST['userid'])?>"> -<input type="hidden" name="oldid" value="<?=$id?>"> +<input type="hidden" name="oldid" value="<?=intval($id)?>"> <input type="hidden" name="ticketno" value="<?=sanitizeHTML($ticketno)?>"/> </form> diff --git a/pages/account/5.php b/pages/account/5.php index cca2f6f..f458114 100644 --- a/pages/account/5.php +++ b/pages/account/5.php @@ -19,7 +19,7 @@ <form method="post" action="account.php"> <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> <tr> - <td colspan="10" class="title"><?=_("Client Certificates")?> - <a href="account.php?id=5&viewall=<?=!$viewall?>"><?=$viewall?_("Hide old certificates"):_("View all certificates")?></a></td> + <td colspan="10" class="title"><?=_("Client Certificates")?> - <a href="account.php?id=5&viewall=<?=intval(!$viewall)?>"><?=$viewall?_("Hide old certificates"):_("View all certificates")?></a></td> </tr> <tr> <td class="DataTD"><?=_("Renew/Revoke/Delete")?></td> @@ -43,7 +43,7 @@ `emailcerts`.`disablelogin` as `disablelogin`, `emailcerts`.`description` from `emailcerts` - where `emailcerts`.`memid`='".$_SESSION['profile']['id']."' + where `emailcerts`.`memid`='".intval($_SESSION['profile']['id'])."' "; if($viewall != 1) $query .= " AND `revoked`=0 AND `renewed`=0 "; @@ -75,32 +75,32 @@ ?> <tr> <? if($verified != _("Pending") && $verified != _("Revoked")) { ?> - <td class="DataTD"><input type="checkbox" name="revokeid[]" value="<?=$row['id']?>"></td> + <td class="DataTD"><input type="checkbox" name="revokeid[]" value="<?=intval($row['id'])?>"></td> <td class="DataTD"><?=$verified?></td> - <td class="DataTD"><a href="account.php?id=6&cert=<?=$row['id']?>"><?=(trim($row['CN'])=="" ? _("empty") : $row['CN'])?></a></td> + <td class="DataTD"><a href="account.php?id=6&cert=<?=intval($row['id'])?>"><?=(trim($row['CN'])=="" ? _("empty") : sanitizeHTML($row['CN']))?></a></td> <? } else if($verified != _("Revoked")) { ?> - <td class="DataTD"><input type="checkbox" name="delid[]" value="<?=$row['id']?>"></td> + <td class="DataTD"><input type="checkbox" name="delid[]" value="<?=intval($row['id'])?>"></td> <td class="DataTD"><?=$verified?></td> - <td class="DataTD"><?=(trim($row['CN'])=="" ? _("empty") : $row['CN'])?></td> + <td class="DataTD"><?=(trim($row['CN'])=="" ? _("empty") : sanitizeHTML($row['CN']))?></td> <? } else { ?> <td class="DataTD"> </td> <td class="DataTD"><?=$verified?></td> - <td class="DataTD"><?=(trim($row['CN'])=="" ? _("empty") : $row['CN'])?></td> + <td class="DataTD"><?=(trim($row['CN'])=="" ? _("empty") : sanitizeHTML($row['CN']))?></td> <? } ?> - <td class="DataTD"><?=$row['serial']?></td> - <td class="DataTD"><?=$row['revoke']?></td> - <td class="DataTD"><?=$row['expire']?></td> + <td class="DataTD"><?=sanitizeHTML($row['serial'])?></td> + <td class="DataTD"><?=sanitizeHTML($row['revoke'])?></td> + <td class="DataTD"><?=sanitizeHTML($row['expire'])?></td> <td class="DataTD"> - <input type="checkbox" name="disablelogin_<?=$row['id']?>" value="1" <?=$row['disablelogin']?"":'checked="checked"'?>/> - <input type="hidden" name="cert_<?=$row['id']?>" value="1" /> + <input type="checkbox" name="disablelogin_<?=intval($row['id'])?>" value="1" <?=$row['disablelogin']?"":'checked="checked"'?>/> + <input type="hidden" name="cert_<?=intval($row['id'])?>" value="1" /> </td> - <td class="DataTD"><input name="comment_<?=$row['id']?>" type="text" value="<?=htmlspecialchars($row['description'])?>" /></td> - <td class="DataTD"><input type="checkbox" name="check_comment_<?=$row['id']?>" /></td> + <td class="DataTD"><input name="comment_<?=intval($row['id'])?>" type="text" value="<?=htmlspecialchars($row['description'])?>" /></td> + <td class="DataTD"><input type="checkbox" name="check_comment_<?=intval($row['id'])?>" /></td> </tr> <? } ?> <tr> <td class="DataTD" colspan="9"> - <a href="account.php?id=5&viewall=<?=!$viewall?>"><b><?=$viewall?_("Hide old certificates"):_("View all certificates")?></b></a> + <a href="account.php?id=5&viewall=<?=intval(!$viewall)?>"><b><?=$viewall?_("Hide old certificates"):_("View all certificates")?></b></a> </td> </tr> @@ -119,7 +119,7 @@ </tr> <? } ?> </table> -<input type="hidden" name="oldid" value="<?=$id?>" /> +<input type="hidden" name="oldid" value="<?=intval($id)?>" /> <input type="hidden" name="csrf" value="<?=make_csrf('clicerchange')?>" /> </form> <p><?=_("From here you can delete pending requests, or revoke valid certificates.")?></p> diff --git a/pages/account/52.php b/pages/account/52.php index ce2025f..cb35548 100644 --- a/pages/account/52.php +++ b/pages/account/52.php @@ -18,14 +18,14 @@ <? if($_SESSION['profile']['tverify'] <= 0) { echo _("You don't have access to this area."); } else { ?> <? $uid = intval($_GET['uid']); - $query = "select * from `tverify` where `id`='$uid' and `modified`=0"; + $query = "select * from `tverify` where `id`='".intval($uid)."' and `modified`=0"; $res = mysql_query($query); if(mysql_num_rows($res) > 0) { $row = mysql_fetch_assoc($res); $memid = intval($row['memid']); - $query2 = "select * from `tverify-vote` where `tverify`='$uid' and `memid`='".intval($_SESSION['profile']['id'])."'"; + $query2 = "select * from `tverify-vote` where `tverify`='".intval($uid)."' and `memid`='".intval($_SESSION['profile']['id'])."'"; $rc2 = mysql_num_rows(mysql_query($query2)); if($rc2 > 0) { @@ -35,9 +35,9 @@ exit; } - $query = "select sum(`points`) as `points` from `notary` where `to`='$memid' and `deleted` = 0"; + $query = "select sum(`points`) as `points` from `notary` where `to`='".intval($memid)."' and `deleted` = 0"; $notary = mysql_fetch_assoc(mysql_query($query)); - $query = "select * from `users` where `id`='$memid'"; + $query = "select * from `users` where `id`='".intval($memid)."'"; $user = mysql_fetch_assoc(mysql_query($query)); $tobe = 50 - $notary['points']; if($row['URL'] != '' && $row['photoid'] != '') @@ -48,9 +48,9 @@ $tobe = 0; ?> <?=_("Request Details")?>:<br> -<?=_("Name on file")?>: <?=$user['fname']." ".$user['mname']." ".$user['lname']." ".$user['suffix']?><br> -<?=_("Primary email address")?>: <?=$user['email']." (".$user['id'].")"?><br> -<?=_("Certificate Subject")?>: <?=$row['CN']?><br> +<?=_("Name on file")?>: <?=sanitizeHTML($user['fname']." ".$user['mname']." ".$user['lname']." ".$user['suffix'])?><br> +<?=_("Primary email address")?>: <?=sanitizeHTML($user['email'])." (".intval($user['id']).")"?><br> +<?=_("Certificate Subject")?>: <?=sanitizeHTML($row['CN'])?><br> <? if($row['URL'] != '') { ?><?=_("Notary URL")?>: <a href="<?=$row['URL']?>"><?=$row['URL']?></a><br><? } ?> <? if($row['photoid'] != '') { ?><?=_("Photo ID URL")?>: <a href="/account.php?id=51&photoid=<?=intval($row['id'])?>"><?=_("Here")?></a><br><? } ?> <?=_("Current Points")?>: <?=intval($notary['points'])?><br> @@ -63,10 +63,10 @@ <input type="submit" name="agree" value="<?=_("I agree with this Application")?>"> <input type="submit" name="disagree" value="<?=_("I don't agree with this Application")?>"> <input type="hidden" name="oldid" value="<?=intval($_GET['id'])?>"> -<input type="hidden" name="uid" value="<?=$uid?>"> +<input type="hidden" name="uid" value="<?=intval($uid)?>"> </form> <? } else { - $query = "select * from `tverify` where `id`='$uid' and `modified`=1"; + $query = "select * from `tverify` where `id`='".intval($uid)."' and `modified`=1"; $res = mysql_query($query); if(mysql_num_rows($res) > 0) { @@ -84,7 +84,7 @@ while($row = mysql_fetch_assoc($res)) { $uid=intval($row['id']); - $query3 = "select * from `tverify-vote` where `tverify`='$uid' and `memid`='".intval($_SESSION['profile']['id'])."'"; + $query3 = "select * from `tverify-vote` where `tverify`='".intval($uid)."' and `memid`='".intval($_SESSION['profile']['id'])."'"; $rc3 = mysql_num_rows(mysql_query($query3)); if($rc3 <= 0) { diff --git a/pages/account/55.php b/pages/account/55.php index 7e9710c..d110601 100644 --- a/pages/account/55.php +++ b/pages/account/55.php @@ -58,7 +58,7 @@ <?
$query = "SELECT `CP`.`pass_date`, `CT`.`type_text`, `CV`.`test_text` ".
" FROM `cats_passed` AS CP, `cats_variant` AS CV, `cats_type` AS CT ".
- " WHERE `CP`.`variant_id`=`CV`.`id` AND `CV`.`type_id`=`CT`.`id` AND `CP`.`user_id` ='".(int)$user_id."'".
+ " WHERE `CP`.`variant_id`=`CV`.`id` AND `CV`.`type_id`=`CT`.`id` AND `CP`.`user_id` ='".intval($user_id)."'".
" ORDER BY `CP`.`pass_date`";
$res = mysql_query($query);
@@ -71,9 +71,9 @@ }
?>
<tr>
- <td class="DataTD"><?=$row[0]?></td>
- <td class="DataTD"><?=$row[1]?></td>
- <td class="DataTD"><?=$row[2]?></td>
+ <td class="DataTD"><?=sanitizeHTML($row[0])?></td>
+ <td class="DataTD"><?=sanitizeHTML($row[1])?></td>
+ <td class="DataTD"><?=sanitizeHTML($row[2])?></td>
</tr>
<? }
?>
@@ -84,7 +84,7 @@ <?
if ($_SESSION['profile']['admin'] == 1 && array_key_exists('userid',$_REQUEST) && intval($_REQUEST['userid']) > 0) {
?>
- <tr><td colspan="3" class="DataTD"><a href="account.php?id=43&userid=<?=$user_id ?>">back</a></td></tr>
+ <tr><td colspan="3" class="DataTD"><a href="account.php?id=43&userid=<?=intval($user_id)?>">back</a></td></tr>
<? } else {
$query = 'SELECT `u`.id, `u`.`assurer`, SUM(`points`) FROM `users` AS `u`, `notary` AS `n` '.
' WHERE `u`.`id` = \''.(int)intval($_SESSION['profile']['id']).'\' AND `n`.`to` = `u`.`id` AND `expire` < now() and and `n`.`deleted` = 0'. diff --git a/pages/account/57.php b/pages/account/57.php index c6a490f..9db7ccf 100644 --- a/pages/account/57.php +++ b/pages/account/57.php @@ -98,7 +98,7 @@ <? if ($_SESSION['profile']['admin'] == 1 && array_key_exists('userid',$_REQUEST) && intval($_REQUEST['userid']) > 0) { ?> - <tr><td colspan="3" class="DataTD"><a href="account.php?id=43&userid=<?=$user_id ?>">back</a></td></tr> + <tr><td colspan="3" class="DataTD"><a href="account.php?id=43&userid=<?=intval($user_id)?>">back</a></td></tr> <? } ?> </table> <? diff --git a/pages/account/59.php b/pages/account/59.php index f8bae4a..1c73ae5 100644 --- a/pages/account/59.php +++ b/pages/account/59.php @@ -65,14 +65,14 @@ if ($userid != $_SESSION['profile']['id']) { if (!valid_ticket_number($ticketno)) { printf(_("I'm sorry, you did not enter a ticket number! %s Support is not allowed to view the account history without a ticket number."), '<br/>'); - echo '<br/><a href="account.php?id=43&userid='.$userid.'">'. _('Back to previous page.') .'</a>'; + echo '<br/><a href="account.php?id=43&userid='.intval($userid).'">'. _('Back to previous page.') .'</a>'; showfooter(); exit; } if (!write_se_log($userid, $_SESSION['profile']['id'], 'SE View account history', $ticketno)) { echo _("Writing to the admin log failed. Can't continue."); - echo '<br/><a href="account.php?id=43&userid='.$userid.'">'. _('Back to previous page.') .'</a>'; + echo '<br/><a href="account.php?id=43&userid='.intval($userid).'">'. _('Back to previous page.') .'</a>'; showfooter(); exit; } @@ -89,11 +89,11 @@ if ($userid != $_SESSION['profile']['id']) { </tr> <tr> <td class="DataTD"><?=_('User name')?></td> - <td class="DataTD"><?=$username?></td> + <td class="DataTD"><?=sanitizeHTML($username)?></td> </tr> <tr> <td class="DataTD"><?=_('Date of Birth')?></td> - <td class="DataTD"><?=$dob?></td> + <td class="DataTD"><?=sanitizeHTML($dob)?></td> </tr> <tr> <td class="DataTD"><?=_("Is Assurer")?>:</td> @@ -378,7 +378,7 @@ if (mysql_num_rows($dres) > 0) { ?> <tr> <td colspan="<?=$colspan?>" > - <a href="account.php?id=<?=$oldid?intval($oldid):($support?43:13)?>&userid=<?=$userid?>"><?= _('Back to previous page.')?></a> + <a href="account.php?id=<?=$oldid?intval($oldid):($support?43:13)?>&userid=<?=intval($userid)?>"><?= _('Back to previous page.')?></a> </td> </tr> diff --git a/pages/account/6.php b/pages/account/6.php index 0803406..305fccb 100644 --- a/pages/account/6.php +++ b/pages/account/6.php @@ -137,11 +137,11 @@ if (array_key_exists('format', $_REQUEST)) { </tr> <tr> <td class="DataTD"><?=_("Email Address")?></td> - <td class="DataTD"><?=(trim($row['CN'])=="" ? _("empty") : $row['CN'])?></td> + <td class="DataTD"><?=(trim($row['CN'])=="" ? _("empty") : sanitizeHTML($row['CN']))?></td> </tr> <tr> <td class="DataTD"><?=_("SerialNumber")?></td> - <td class="DataTD"><?=$row['serial']?></td> + <td class="DataTD"><?=sanitizeHTML($row['serial'])?></td> </tr> <tr> <td class="DataTD"><?=_("Revoked")?></td> |