summaryrefslogtreecommitdiff
path: root/www/wot.php
diff options
context:
space:
mode:
Diffstat (limited to 'www/wot.php')
-rw-r--r--www/wot.php50
1 files changed, 25 insertions, 25 deletions
diff --git a/www/wot.php b/www/wot.php
index dec4246..7ce757d 100644
--- a/www/wot.php
+++ b/www/wot.php
@@ -224,8 +224,8 @@ function send_reminder()
exit;
}
- $query = "select * from `notary` where `from`='".$_SESSION['profile']['id']."' and
- `to`='".$_SESSION['_config']['notarise']['id']."' and `deleted` = 0";
+ $query = "select * from `notary` where `from`='".intval($_SESSION['profile']['id'])."' and
+ `to`='".intval($_SESSION['_config']['notarise']['id'])."' and `deleted` = 0";
$res = mysql_query($query);
if(mysql_num_rows($res) > 0)
{
@@ -310,7 +310,7 @@ $iecho= "c";
exit;
}
- $query = "select * from `users` where `id`='".$_SESSION['_config']['notarise']['id']."'";
+ $query = "select * from `users` where `id`='".intval($_SESSION['_config']['notarise']['id'])."'";
$res = mysql_query($query);
$row = mysql_fetch_assoc($res);
$name = $row['fname']." ".$row['mname']." ".$row['lname']." ".$row['suffix'];
@@ -332,7 +332,7 @@ $iecho= "c";
if($newpoints < 0)
$newpoints = $awarded = 0;
- $query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['_config']['notarise']['id']."' and `deleted` = 0 group by `to`";
+ $query = "select sum(`points`) as `total` from `notary` where `to`='".intval($_SESSION['_config']['notarise']['id'])."' and `deleted` = 0 group by `to`";
$res = mysql_query($query);
$drow = mysql_fetch_assoc($res);
@@ -345,14 +345,14 @@ $iecho= "c";
if($newpoints < 0)
$newpoints = 0;
- if(mysql_escape_string(stripslashes($_POST['date'])) == "")
+ if(mysql_real_escape_string(stripslashes($_POST['date'])) == "")
$_POST['date'] = date("Y-m-d H:i:s");
- $query = "select * from `notary` where `from`='".$_SESSION['profile']['id']."' AND
- `to`='".$_SESSION['_config']['notarise']['id']."' AND
- `awarded`='$awarded' AND
- `location`='".mysql_escape_string(stripslashes($_POST['location']))."' AND
- `date`='".mysql_escape_string(stripslashes($_POST['date']))."' AND
+ $query = "select * from `notary` where `from`='".intval($_SESSION['profile']['id'])."' AND
+ `to`='".intval($_SESSION['_config']['notarise']['id'])."' AND
+ `awarded`='".intval($awarded)."' AND
+ `location`='".mysql_real_escape_string(stripslashes($_POST['location']))."' AND
+ `date`='".mysql_real_escape_string(stripslashes($_POST['date']))."' AND
`deleted`=0";
$res = mysql_query($query);
if(mysql_num_rows($res) > 0)
@@ -364,11 +364,11 @@ $iecho= "c";
if($oldid == 6)
{
- $query = "insert into `notary` set `from`='".$_SESSION['profile']['id']."',
- `to`='".$_SESSION['_config']['notarise']['id']."',
- `points`='$newpoints', `awarded`='$awarded',
- `location`='".mysql_escape_string(stripslashes($_POST['location']))."',
- `date`='".mysql_escape_string(stripslashes($_POST['date']))."',
+ $query = "insert into `notary` set `from`='".intval($_SESSION['profile']['id'])."',
+ `to`='".intval($_SESSION['_config']['notarise']['id'])."',
+ `points`='".intval($newpoints)."', `awarded`='".intval($awarded)."',
+ `location`='".mysql_real_escape_string(stripslashes($_POST['location']))."',
+ `date`='".mysql_real_escape_string(stripslashes($_POST['date']))."',
`when`=NOW()";
//record active acceptance by Assurer
if (check_date_format(trim($_REQUEST['date']),2010)) {
@@ -389,11 +389,11 @@ $iecho= "c";
$addpoints = 2;
else if($_SESSION['profile']['points'] == 149 && $_SESSION['profile']['points'] >= 100)
$addpoints = 1;
- $query = "insert into `notary` set `from`='".$_SESSION['profile']['id']."',
- `to`='".$_SESSION['profile']['id']."',
- `points`='$addpoints', `awarded`='$addpoints',
- `location`='".mysql_escape_string(stripslashes($_POST['location']))."',
- `date`='".mysql_escape_string(stripslashes($_POST['date']))."',
+ $query = "insert into `notary` set `from`='".intval($_SESSION['profile']['id'])."',
+ `to`='".intval($_SESSION['profile']['id'])."',
+ `points`='".intval($addpoints)."', `awarded`='".intval($addpoints)."',
+ `location`='".mysql_real_escape_string(stripslashes($_POST['location']))."',
+ `date`='".mysql_real_escape_string(stripslashes($_POST['date']))."',
`method`='Administrative Increase',
`when`=NOW()";
mysql_query($query);
@@ -479,7 +479,7 @@ $iecho= "c";
{
csrf_check("chgcontact");
- $info = mysql_escape_string(strip_tags(stripslashes($_POST['contactinfo'])));
+ $info = mysql_real_escape_string(strip_tags(stripslashes($_POST['contactinfo'])));
$listme = intval($_POST['listme']);
if($listme < 0 || $listme > 1)
$listme = 0;
@@ -487,7 +487,7 @@ $iecho= "c";
$_SESSION['profile']['listme'] = $listme;
$_SESSION['profile']['contactinfo'] = $info;
- $query = "update `users` set `listme`='$listme',`contactinfo`='$info' where `id`='".$_SESSION['profile']['id']."'";
+ $query = "update `users` set `listme`='$listme',`contactinfo`='$info' where `id`='".intval($_SESSION['profile']['id'])."'";
mysql_query($query);
showheader(_("My CAcert.org Account!"));
@@ -508,9 +508,9 @@ $iecho= "c";
$body = $_REQUEST['message'];
$subject = $_REQUEST['subject'];
$userid = intval($_REQUEST['userid']);
- $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$userid' and `listme`=1"));
+ $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($userid)."' and `listme`=1"));
$points = mysql_num_rows(mysql_query("select sum(`points`) as `total` from `notary`
- where `to`='".$user['id']."' and `deleted` = 0 group by `to` HAVING SUM(`points`) > 0"));
+ where `to`='".intval($user['id'])."' and `deleted` = 0 group by `to` HAVING SUM(`points`) > 0"));
if($points > 0)
{
$my_translation = L10n::get_translation();
@@ -546,7 +546,7 @@ $iecho= "c";
showheader(_("My CAcert.org Account!"));?>
<p>
- <? printf(_("Your email has been sent to %s."), $user['fname']); ?>
+ <? printf(_("Your email has been sent to %s."), sanitizeHTML($user['fname'])); ?>
</p>
<p>[ <a href='javascript:history.go(-2)'><?= _("Go Back") ?></a> ]</p>
<?