diff options
| author | Benny Baumann <BenBE@geshi.org> | 2014-04-30 20:13:28 +0200 |
|---|---|---|
| committer | Benny Baumann <BenBE@geshi.org> | 2014-04-30 20:18:56 +0200 |
| commit | 7f02d479140d2c47e9359191ed2a7d687c6b9a33 (patch) | |
| tree | fd72a22729f6fb9575396a3a4443e2c0f76c3991 /www/wot.php | |
| parent | 2801b166026e48e2133ac5e8ba68f3d699c4dbd2 (diff) | |
| download | cacert-devel-7f02d479140d2c47e9359191ed2a7d687c6b9a33.tar.gz cacert-devel-7f02d479140d2c47e9359191ed2a7d687c6b9a33.tar.xz cacert-devel-7f02d479140d2c47e9359191ed2a7d687c6b9a33.zip | |
bug 1138: And yet another bunch of escaping
Diffstat (limited to 'www/wot.php')
| -rw-r--r-- | www/wot.php | 50 |
1 files changed, 25 insertions, 25 deletions
diff --git a/www/wot.php b/www/wot.php index dec4246..7ce757d 100644 --- a/www/wot.php +++ b/www/wot.php @@ -224,8 +224,8 @@ function send_reminder() exit; } - $query = "select * from `notary` where `from`='".$_SESSION['profile']['id']."' and - `to`='".$_SESSION['_config']['notarise']['id']."' and `deleted` = 0"; + $query = "select * from `notary` where `from`='".intval($_SESSION['profile']['id'])."' and + `to`='".intval($_SESSION['_config']['notarise']['id'])."' and `deleted` = 0"; $res = mysql_query($query); if(mysql_num_rows($res) > 0) { @@ -310,7 +310,7 @@ $iecho= "c"; exit; } - $query = "select * from `users` where `id`='".$_SESSION['_config']['notarise']['id']."'"; + $query = "select * from `users` where `id`='".intval($_SESSION['_config']['notarise']['id'])."'"; $res = mysql_query($query); $row = mysql_fetch_assoc($res); $name = $row['fname']." ".$row['mname']." ".$row['lname']." ".$row['suffix']; @@ -332,7 +332,7 @@ $iecho= "c"; if($newpoints < 0) $newpoints = $awarded = 0; - $query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['_config']['notarise']['id']."' and `deleted` = 0 group by `to`"; + $query = "select sum(`points`) as `total` from `notary` where `to`='".intval($_SESSION['_config']['notarise']['id'])."' and `deleted` = 0 group by `to`"; $res = mysql_query($query); $drow = mysql_fetch_assoc($res); @@ -345,14 +345,14 @@ $iecho= "c"; if($newpoints < 0) $newpoints = 0; - if(mysql_escape_string(stripslashes($_POST['date'])) == "") + if(mysql_real_escape_string(stripslashes($_POST['date'])) == "") $_POST['date'] = date("Y-m-d H:i:s"); - $query = "select * from `notary` where `from`='".$_SESSION['profile']['id']."' AND - `to`='".$_SESSION['_config']['notarise']['id']."' AND - `awarded`='$awarded' AND - `location`='".mysql_escape_string(stripslashes($_POST['location']))."' AND - `date`='".mysql_escape_string(stripslashes($_POST['date']))."' AND + $query = "select * from `notary` where `from`='".intval($_SESSION['profile']['id'])."' AND + `to`='".intval($_SESSION['_config']['notarise']['id'])."' AND + `awarded`='".intval($awarded)."' AND + `location`='".mysql_real_escape_string(stripslashes($_POST['location']))."' AND + `date`='".mysql_real_escape_string(stripslashes($_POST['date']))."' AND `deleted`=0"; $res = mysql_query($query); if(mysql_num_rows($res) > 0) @@ -364,11 +364,11 @@ $iecho= "c"; if($oldid == 6) { - $query = "insert into `notary` set `from`='".$_SESSION['profile']['id']."', - `to`='".$_SESSION['_config']['notarise']['id']."', - `points`='$newpoints', `awarded`='$awarded', - `location`='".mysql_escape_string(stripslashes($_POST['location']))."', - `date`='".mysql_escape_string(stripslashes($_POST['date']))."', + $query = "insert into `notary` set `from`='".intval($_SESSION['profile']['id'])."', + `to`='".intval($_SESSION['_config']['notarise']['id'])."', + `points`='".intval($newpoints)."', `awarded`='".intval($awarded)."', + `location`='".mysql_real_escape_string(stripslashes($_POST['location']))."', + `date`='".mysql_real_escape_string(stripslashes($_POST['date']))."', `when`=NOW()"; //record active acceptance by Assurer if (check_date_format(trim($_REQUEST['date']),2010)) { @@ -389,11 +389,11 @@ $iecho= "c"; $addpoints = 2; else if($_SESSION['profile']['points'] == 149 && $_SESSION['profile']['points'] >= 100) $addpoints = 1; - $query = "insert into `notary` set `from`='".$_SESSION['profile']['id']."', - `to`='".$_SESSION['profile']['id']."', - `points`='$addpoints', `awarded`='$addpoints', - `location`='".mysql_escape_string(stripslashes($_POST['location']))."', - `date`='".mysql_escape_string(stripslashes($_POST['date']))."', + $query = "insert into `notary` set `from`='".intval($_SESSION['profile']['id'])."', + `to`='".intval($_SESSION['profile']['id'])."', + `points`='".intval($addpoints)."', `awarded`='".intval($addpoints)."', + `location`='".mysql_real_escape_string(stripslashes($_POST['location']))."', + `date`='".mysql_real_escape_string(stripslashes($_POST['date']))."', `method`='Administrative Increase', `when`=NOW()"; mysql_query($query); @@ -479,7 +479,7 @@ $iecho= "c"; { csrf_check("chgcontact"); - $info = mysql_escape_string(strip_tags(stripslashes($_POST['contactinfo']))); + $info = mysql_real_escape_string(strip_tags(stripslashes($_POST['contactinfo']))); $listme = intval($_POST['listme']); if($listme < 0 || $listme > 1) $listme = 0; @@ -487,7 +487,7 @@ $iecho= "c"; $_SESSION['profile']['listme'] = $listme; $_SESSION['profile']['contactinfo'] = $info; - $query = "update `users` set `listme`='$listme',`contactinfo`='$info' where `id`='".$_SESSION['profile']['id']."'"; + $query = "update `users` set `listme`='$listme',`contactinfo`='$info' where `id`='".intval($_SESSION['profile']['id'])."'"; mysql_query($query); showheader(_("My CAcert.org Account!")); @@ -508,9 +508,9 @@ $iecho= "c"; $body = $_REQUEST['message']; $subject = $_REQUEST['subject']; $userid = intval($_REQUEST['userid']); - $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$userid' and `listme`=1")); + $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($userid)."' and `listme`=1")); $points = mysql_num_rows(mysql_query("select sum(`points`) as `total` from `notary` - where `to`='".$user['id']."' and `deleted` = 0 group by `to` HAVING SUM(`points`) > 0")); + where `to`='".intval($user['id'])."' and `deleted` = 0 group by `to` HAVING SUM(`points`) > 0")); if($points > 0) { $my_translation = L10n::get_translation(); @@ -546,7 +546,7 @@ $iecho= "c"; showheader(_("My CAcert.org Account!"));?> <p> - <? printf(_("Your email has been sent to %s."), $user['fname']); ?> + <? printf(_("Your email has been sent to %s."), sanitizeHTML($user['fname'])); ?> </p> <p>[ <a href='javascript:history.go(-2)'><?= _("Go Back") ?></a> ]</p> <? |