bug 1138: Add quite some instances of mising escaping
authorBenny Baumann <BenBE@geshi.org>
Tue, 29 Apr 2014 22:42:23 +0000 (00:42 +0200)
committerBenny Baumann <BenBE@geshi.org>
Wed, 30 Apr 2014 18:18:55 +0000 (20:18 +0200)
includes/notary.inc.php

index bab5bc0..50ba756 100644 (file)
@@ -1847,7 +1847,7 @@ function output_client_cert($row, $support=0, $readonly=true){
                if ($verified === _("Pending")) {
                        ?>
                        <td class="DataTD">
-                               <input type="checkbox" name="delid[]" value="<?=$row['id']?>">
+                               <input type="checkbox" name="delid[]" value="<?=intval($row['id'])?>">
                        </td>
                        <?
 
@@ -1859,7 +1859,7 @@ function output_client_cert($row, $support=0, $readonly=true){
                } else {
                        ?>
                        <td class="DataTD">
-                               <input type="checkbox" name="revokeid[]" value="<?=$row['id']?>">
+                               <input type="checkbox" name="revokeid[]" value="<?=intval($row['id'])?>">
                        </td>
                        <?
                }
@@ -1871,13 +1871,13 @@ function output_client_cert($row, $support=0, $readonly=true){
 
        if ($verified === _("Pending")) {
                ?>
-               <td class="DataTD"><?=(trim($row['CN'])=="" ? _("empty") : $row['CN'])?></td>
+               <td class="DataTD"><?=(trim($row['CN'])=="" ? _("empty") : htmlspecialchars($row['CN']))?></td>
                <?
        } else {
                ?>
                <td class="DataTD">
-                       <a href="account.php?id=6&amp;cert=<?=$row['id']?>">
-                               <?=(trim($row['CN'])=="" ? _("empty") : $row['CN'])?>
+                       <a href="account.php?id=6&amp;cert=<?=intval($row['id'])?>">
+                               <?=(trim($row['CN'])=="" ? _("empty") : htmlspecialchars($row['CN']))?>
                        </a>
                </td>
                <?
@@ -1888,21 +1888,21 @@ function output_client_cert($row, $support=0, $readonly=true){
        <td class="DataTD"><?=$row['revoke']?></td>
        <td class="DataTD"><?=$row['expire']?></td>
        <td class="DataTD">
-               <input type="checkbox" name="disablelogin_<?=$row['id']?>" value="1" <?=$row['disablelogin']?"":"checked='checked'"?> <?=$readonly?'disabled="disabled"':''?>/>
-               <input type="hidden" name="cert_<?=$row['id']?>" value="1" />
+               <input type="checkbox" name="disablelogin_<?=intval($row['id'])?>" value="1" <?=$row['disablelogin']?"":"checked='checked'"?> <?=$readonly?'disabled="disabled"':''?>/>
+               <input type="hidden" name="cert_<?=intval($row['id'])?>" value="1" />
        </td>
        <?
 
        if (1 != $support) {
                ?>
                <td class="DataTD">
-                       <input name="comment_<?=$row['id']?>" type="text" value="<?=htmlspecialchars($row['description'])?>" />
+                       <input name="comment_<?=intval($row['id'])?>" type="text" value="<?=htmlspecialchars($row['description'])?>" />
                </td>
                <?
                if (!$readonly) {
                        ?>
                        <td class="DataTD">
-                               <input type="checkbox" name="check_comment_<?=$row['id']?>" />
+                               <input type="checkbox" name="check_comment_<?=intval($row['id'])?>" />
                        </td>
                        <?
                }
@@ -1977,7 +1977,7 @@ function output_server_certs($row, $support=0, $readonly=true){
                if ($verified === _("Pending")) {
                        ?>
                        <td class="DataTD">
-                               <input type="checkbox" name="delid[]" value="<?=$row['id']?>"/>
+                               <input type="checkbox" name="delid[]" value="<?=intval($row['id'])?>"/>
                        </td>
                        <?
                } elseif($verified === _("Revoked")) {
@@ -1987,7 +1987,7 @@ function output_server_certs($row, $support=0, $readonly=true){
                } else {
                        ?>
                        <td class="DataTD">
-                               <input type="checkbox" name="revokeid[]" value="<?=$row['id']?>"/>
+                               <input type="checkbox" name="revokeid[]" value="<?=intval($row['id'])?>"/>
                        </td>
                        <?
                }
@@ -1999,13 +1999,13 @@ function output_server_certs($row, $support=0, $readonly=true){
 
        if ($verified === _("Pending")) {
                ?>
-               <td class="DataTD"><?=$row['CN']?></td>
+               <td class="DataTD"><?=htmlspecialchars($row['CN'])?></td>
                <?
        } else {
                ?>
                <td class="DataTD">
-                       <a href="account.php?id=15&amp;cert=<?=$row['id']?>">
-                               <?=$row['CN']?>
+                       <a href="account.php?id=15&amp;cert=<?=intval($row['id'])?>">
+                               <?=htmlspecialchars($row['CN'])?>
                        </a>
                </td>
                <?
@@ -2020,13 +2020,13 @@ function output_server_certs($row, $support=0, $readonly=true){
        if (1 != $support) {
                ?>
                <td class="DataTD">
-                       <input name="comment_<?=$row['id']?>" type="text" value="<?=htmlspecialchars($row['description'])?>" />
+                       <input name="comment_<?=intval($row['id'])?>" type="text" value="<?=htmlspecialchars($row['description'])?>" />
                </td>
                <?
                if (!$readonly) {
                        ?>
                        <td class="DataTD">
-                               <input type="checkbox" name="check_comment_<?=$row['id']?>" />
+                               <input type="checkbox" name="check_comment_<?=intval($row['id'])?>" />
                        </td>
                        <?
                }
@@ -2087,13 +2087,13 @@ function output_gpg_certs($row, $support=0, $readonly=true){
 
        if($verified == _("Pending")) {
                ?>
-               <td class="DataTD"><?=$row['email']?></td>
+               <td class="DataTD"><?=htmlspecialchars($row['email'])?></td>
                <?
        } else {
                ?>
                <td class="DataTD">
-                       <a href="gpg.php?id=3&amp;cert=<?=$row['id']?>">
-                               <?=$row['email']?>
+                       <a href="gpg.php?id=3&amp;cert=<?=intval($row['id'])?>">
+                               <?=htmlspecialchars($row['email'])?>
                        </a>
                </td>
                <?
@@ -2105,13 +2105,13 @@ function output_gpg_certs($row, $support=0, $readonly=true){
 
        if($verified == _("Pending")) {
                ?>
-               <td class="DataTD"><?=$row['keyid']?></td>
+               <td class="DataTD"><?=htmlspecialchars($row['keyid'])?></td>
                <?
        } else {
                ?>
                <td class="DataTD">
-                       <a href="gpg.php?id=3&amp;cert=<?=$row['id']?>">
-                               <?=$row['keyid']?>
+                       <a href="gpg.php?id=3&amp;cert=<?=intval($row['id'])?>">
+                               <?=htmlspecialchars($row['keyid'])?>
                        </a>
                </td>
                <?
@@ -2120,13 +2120,13 @@ function output_gpg_certs($row, $support=0, $readonly=true){
        if (1 != $support) {
                ?>
                <td class="DataTD">
-                       <input name="comment_<?=$row['id']?>" type="text" value="<?=htmlspecialchars($row['description'])?>" />
+                       <input name="comment_<?=intval($row['id'])?>" type="text" value="<?=htmlspecialchars($row['description'])?>" />
                </td>
                <?
                if (!$readonly) {
                        ?>
                        <td class="DataTD">
-                               <input type="checkbox" name="check_comment_<?=$row['id']?>" />
+                               <input type="checkbox" name="check_comment_<?=intval($row['id'])?>" />
                        </td>
                        <?
                }