Security fixes. Ensure that numeric values are actually numeric using is_numeric

so users can't login as admin by passing in non-numeric values.
2005-03-23 23:56:38 +00:00
parent d4bde62c23
commit 06ea1b6d3d
6 changed files with 8 additions and 8 deletions
--- a/include/application.php
+++ b/include/application.php
@@ -31,7 +31,7 @@ class Application {
    function Application($iAppId = null)
    {
        // we are working on an existing application
-        if($iAppId)
+        if(is_numeric($iAppId))
        {
            /*
             * We fetch application data and versionsIds. 
--- a/include/comment.php
+++ b/include/comment.php
@@ -25,7 +25,7 @@ class Comment {
     */
    function Comment($iCommentId="")
    {
-        if($iCommentId)
+        if(is_numeric($iCommentId))
        {

            $sQuery = "SELECT appComments.*, appVersion.appId AS appId
--- a/include/screenshot.php
+++ b/include/screenshot.php
@@ -28,7 +28,7 @@ class Screenshot {
    function Screenshot($iScreenshotId = null)
    {
        // we are working on an existing screenshot
-        if($iScreenshotId)
+        if(is_numeric($iScreenshotId))
        {
            $sQuery = "SELECT appData.*, appVersion.appId AS appId
                       FROM appData, appVersion 
--- a/include/user.php
+++ b/include/user.php
@@ -22,7 +22,7 @@ class User {
    function User($iUserId="")
    {
        $this->sRealname = "an anonymous user";
-        if($iUserId)
+        if(is_numeric($iUserId))
        {
            $sQuery = "SELECT *
                       FROM user_list
@@ -47,8 +47,8 @@ class User {
    {
        $sQuery = "SELECT *
                   FROM user_list
-                   WHERE email = '".$sEmail."'
-                   AND password = password('".$sPassword."')";
+                   WHERE email = '".addslashes($sEmail)."'
+                   AND password = password('".addslashes($sPassword)."')";
        $hResult = query_appdb($sQuery);
        $oRow = mysql_fetch_object($hResult);
        $this->iUserId = $oRow->userid;
--- a/include/vendor.php
+++ b/include/vendor.php
@@ -18,7 +18,7 @@ class Vendor {
    function Vendor($iVendorId = null)
    {
        // we are working on an existing vendor
-        if($iVendorId)
+        if(is_numeric($iVendorId))
        {
            /*
             * We fetch the data related to this vendor.
--- a/include/version.php
+++ b/include/version.php
@@ -32,7 +32,7 @@ class Version {
    function Version($iVersionId = null)
    {
        // we are working on an existing version
-        if($iVersionId)
+        if(is_numeric($iVersionId))
        {
            /*
             * We fetch the data related to this version.