diff options
| author | Benny Baumann <BenBE@geshi.org> | 2014-04-30 20:13:28 +0200 |
|---|---|---|
| committer | Benny Baumann <BenBE@geshi.org> | 2014-04-30 20:18:56 +0200 |
| commit | 7f02d479140d2c47e9359191ed2a7d687c6b9a33 (patch) | |
| tree | fd72a22729f6fb9575396a3a4443e2c0f76c3991 /pages | |
| parent | 2801b166026e48e2133ac5e8ba68f3d699c4dbd2 (diff) | |
| download | cacert-devel-7f02d479140d2c47e9359191ed2a7d687c6b9a33.tar.gz cacert-devel-7f02d479140d2c47e9359191ed2a7d687c6b9a33.tar.xz cacert-devel-7f02d479140d2c47e9359191ed2a7d687c6b9a33.zip | |
bug 1138: And yet another bunch of escaping
Diffstat (limited to 'pages')
| -rw-r--r-- | pages/wot/1.php | 4 | ||||
| -rw-r--r-- | pages/wot/10.php | 18 | ||||
| -rw-r--r-- | pages/wot/9.php | 16 |
3 files changed, 19 insertions, 19 deletions
diff --git a/pages/wot/1.php b/pages/wot/1.php index 99c2b9f..d6e298d 100644 --- a/pages/wot/1.php +++ b/pages/wot/1.php @@ -108,9 +108,9 @@ </tr> <? while($row = mysql_fetch_assoc($list)) { ?> <tr> - <td class="DataTD" width="100"><nobr><?=$row['fname']?> <?=substr($row['lname'], 0, 1)?></nobr></td> + <td class="DataTD" width="100"><nobr><?=sanitizeHTML($row['fname'])?> <?=substr($row['lname'], 0, 1)?>.</nobr></td> <td class="DataTD"><?=maxpoints($row['id'])?></td> - <td class="DataTD"><?=$row['contactinfo']?></td> + <td class="DataTD"><?=sanitizeHTML($row['contactinfo'])?></td> <td class="DataTD"><a href="wot.php?id=9&userid=<?=intval($row['id'])?>"><?=_("Email Me")?></a></td> <td class="DataTD"><?=$row['assurer']?_("Yes"):("<font color=\"#ff0000\">"._("Not yet!")."</font>")?></td> diff --git a/pages/wot/10.php b/pages/wot/10.php index c7e1ff1..b0dc739 100644 --- a/pages/wot/10.php +++ b/pages/wot/10.php @@ -71,11 +71,11 @@ $fromuser = mysql_fetch_assoc(mysql_query("select `fname`, `lname` from `users` where `id`='".intval($row['from'])."'")); ?> <tr> - <td class="DataTD"><?=$row['id']?></td> + <td class="DataTD"><?=intval($row['id'])?></td> <td class="DataTD"><?=$row['date']?></td> - <td class="DataTD"><a href="wot.php?id=9&userid=<?=intval($row['from'])?>"><?=$fromuser['fname']." ".$fromuser['lname']?></td> - <td class="DataTD"><?=$row['points']?></td> - <td class="DataTD"><?=$row['location']?></td> + <td class="DataTD"><a href="wot.php?id=9&userid=<?=intval($row['from'])?>"><?=sanitizeHTML(trim($fromuser['fname']." ".$fromuser['lname']))?></td> + <td class="DataTD"><?=intval($row['points'])?></td> + <td class="DataTD"><?=sanitizeHTML($row['location'])?></td> <td class="DataTD"><?=_(sprintf("%s", $row['method']))?></td> </tr> <? @@ -119,25 +119,25 @@ if ($thawte) while($row = mysql_fetch_assoc($res)) { $fromuser = mysql_fetch_assoc(mysql_query("select `fname`, `lname` from `users` where `id`='".intval($row['to'])."'")); - $points += $row['points']; + $points += intval($row['points']); $name = trim($fromuser['fname']." ".$fromuser['lname']); if($name == "") $name = _("Deleted before Verification"); else - $name = "<a href='wot.php?id=9&userid=".intval($row['to'])."'>$name</a>"; + $name = "<a href='wot.php?id=9&userid=".intval($row['to'])."'>".sanitizeHTML($name)."</a>"; ?> <tr> <td class="DataTD"><?=intval($row['id'])?></td> <td class="DataTD"><?=$row['date']?></td> - <td class="DataTD"><?=$name?></td> + <td class="DataTD"><?=sanitizeHTML($name)?></td> <td class="DataTD"><?=intval($row['points'])?></td> - <td class="DataTD"><?=$row['location']?></td> + <td class="DataTD"><?=sanitizeHTML($row['location'])?></td> <td class="DataTD"><?=$row['method']==""?"":_(sprintf("%s", $row['method']))?></td> </tr> <? } ?> <tr> <td class="DataTD" colspan="3"><b><?=_("Total Points Issued")?>:</b></td> - <td class="DataTD"><?=$points?></td> + <td class="DataTD"><?=intval($points)?></td> <td class="DataTD" colspan="2"> </td> </tr> </table> diff --git a/pages/wot/9.php b/pages/wot/9.php index b492ff6..e4fff21 100644 --- a/pages/wot/9.php +++ b/pages/wot/9.php @@ -28,7 +28,7 @@ $user = mysql_fetch_array($res); $userlang = $user['language']; $points = mysql_num_rows(mysql_query("select sum(`points`) as `total` from `notary` - where `to`='".$user['id']."' and `deleted`=0 group by `to` HAVING SUM(`points`) > 0")); + where `to`='".intval($user['id'])."' and `deleted`=0 group by `to` HAVING SUM(`points`) > 0")); if($points <= 0) { echo _("Sorry, I was unable to locate that user."); @@ -38,31 +38,31 @@ ?> <? if($_SESSION['_config']['error'] != "") { ?><font color="#ff0000" size="+1">ERROR: <?=$_SESSION['_config']['error']?></font><? unset($_SESSION['_config']['error']); } ?> <form method="post" action="wot.php"> -<input type="hidden" name="userid" value="<?=$user['id']?>"> +<input type="hidden" name="userid" value="<?=intval($user['id'])?>"> <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> <tr> <td colspan="2" class="title"><?=_("Contact Assurer")?></td> </tr> <tr> <td class="DataTD"><?=_("To")?>:</td> - <td class="DataTD" align="left"><?=$user['fname']?> <?=substr($user['lname'], 0, 1)?></td> + <td class="DataTD" align="left"><?=sanitizeHTML(trim($user['fname'].' '.substr($user['lname'], 0, 1)))?></td> </tr> <? if($userlang != "") { ?> <tr> <td class="DataTD"><?=_("Language")?>:</td> - <td class="DataTD" align="left"><? printf(_("%s prefers to be contacted in %s"), $user['fname'], L10n::$translations[$userlang]) ?></td> + <td class="DataTD" align="left"><? printf(_("%s prefers to be contacted in %s"), sanitizeHTML($user['fname']), L10n::$translations[$userlang]) ?></td> </tr> <? } ?> <? - $query = "select * from `addlang` where `userid`='".$user['id']."'"; + $query = "select * from `addlang` where `userid`='".intval($user['id'])."'"; $res = mysql_query($query); while($row = mysql_fetch_assoc($res)) { - $lang = mysql_fetch_assoc(mysql_query("select * from `languages` where `locale`='${row['lang']}'")); + $lang = mysql_fetch_assoc(mysql_query("select * from `languages` where `locale`='".mysql_real_escape_string($row['lang'])."'")); ?> <tr> <td class="DataTD"><?=_("Additional Language")?>:</td> - <td class="DataTD" align="left"><? printf(_("%s will also accept email in %s - %s"), $user['fname'], $lang['lang'], $lang['country']) ?></td> + <td class="DataTD" align="left"><? printf(_("%s will also accept email in %s - %s"), sanitizeHTML($user['fname']), sanitizeHTML($lang['lang']), sanitizeHTML($lang['country'])) ?></td> </tr> <? } ?> <tr> @@ -79,7 +79,7 @@ </table> <input type="hidden" name="pageid" value="<?=$_SESSION['_config']['pagehash']?>"> <input type="hidden" name="userid" value="<?=intval($_REQUEST['userid'])?>"> -<input type="hidden" name="oldid" value="<?=$id?>"> +<input type="hidden" name="oldid" value="<?=intval($id)?>"> </form> <p>[ <a href='javascript:history.go(-1)'><?=_("Go Back")?></a> ]</p> <? } } ?> |