claunia/qemudb
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix and enable input filtering through include/filter.php

Browse Source
This commit is contained in:
Chris Morgan
2007-01-04 02:35:01 +00:00
committed by WineHQ
parent 582ee561fc
commit a1a41d6b87
58 changed files with 129 additions and 385 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
account.php
View File

@@ -20,7 +20,6 @@
// application environment
require("path.php");
require(BASE."include/incl.php");
require(BASE."include/filter.php");
require_once(BASE."include/mail.php");
// set http header to not cache

1
addcomment.php
View File

@@ -14,7 +14,6 @@
// application environment
require("path.php");
require(BASE."include/incl.php");
require(BASE."include/filter.php");
require_once(BASE."include/comment.php");
// you must be logged in to submit comments

9
admin/addAppNote.php
View File

@@ -7,13 +7,6 @@ require("path.php");
require(BASE."include/incl.php");
require_once(BASE."include/note.php");
$aClean = array(); //array of filtered user input
$aClean['iVersionId'] = makeSafe($_REQUEST['iVersionId']);
$aClean['iAppId'] = makeSafe( $_REQUEST['iAppId']);
$aClean['sSub'] = makeSafe($_REQUEST['sSub']);
$aClean['sSubmit'] = makeSafe($_REQUEST['sSubmit']);
//FIXME: get rid of appId references everywhere, as version is enough.
$sQuery = "SELECT appId FROM appVersion WHERE versionId = '?'";
$hResult = query_parameters($sQuery, $aClean['iVersionId']);
@@ -37,7 +30,7 @@ else
exit;
$oNote = new Note();
$oNote->GetOutputEditorValues($_REQUEST);
$oNote->GetOutputEditorValues($aClean);
if($aClean['sSub'] == "Submit")
{

8
admin/addCategory.php
View File

@@ -3,14 +3,6 @@ require("path.php");
require(BASE."include/incl.php");
require_once(BASE."include/category.php");
$aClean = array(); //array of filtered user input
$aClean['iCatId'] = makeSafe($_REQUEST['iCatId']);
$aClean['sName'] = makeSafe($_REQUEST['sName']);
$aClean['sDescription'] = makeSafe($_REQUEST['sDescription']);
$aClean['iParentId'] = makeSafe($_REQUEST['iParentId']);
$aClean['sSubmit'] = makeSafe($_REQUEST['sSubmit']);
if(!$_SESSION['current']->hasPriv("admin"))
util_show_error_page_and_exit();

9
admin/adminAppDataQueue.php
View File

@@ -11,15 +11,6 @@ require_once(BASE."include/application.php");
require_once(BASE."include/version.php");
require_once(BASE."include/user.php");
$aClean = array(); //array of user input
$aClean['iId'] = makeSafe($_REQUEST['iId']);
$aClean['sSub'] = makeSafe($_REQUEST['sSub']);
$aClean['sAdd'] = makeSafe($_REQUEST['sAdd']);
$aClean['sDescription'] = makeSafe($_REQUEST['sDescription']);
$aClean['sReplyText'] = makeSafe($_REQUEST['sReplyText']);
$aClean['sReject'] = makeSafe($_REQUEST['sReject']);
// deny access if not admin or at least some kind of maintainer
if(!$_SESSION['current']->hasPriv("admin") && !$_SESSION['current']->isMaintainer())
util_show_error_page_and_exit("Insufficient privileges.");

27
admin/adminAppQueue.php
View File

@@ -9,21 +9,6 @@ require_once(BASE."include/tableve.php");
require_once(BASE."include/application.php");
require_once(BASE."include/testData.php");
$aClean = array(); //array of filtered user input
$aClean['iTestingId'] = makeSafe($_REQUEST['iTestingId']);
$aClean['sSub'] = makeSafe($_REQUEST['sSub'] );
$aClean['sAppType'] = makeSafe($_REQUEST['sAppType']);
$aClean['iAppId'] = makeSafe($_REQUEST['iAppId']);
$aClean['iVersionId'] = makeSafe($_REQUEST['iVersionId']);
$aClean['sAppVendorName'] = makeSafe($_REQUEST['sAppVendorName']);
$aClean['iAppVendorId'] = makeSafe($_REQUEST['iAppVendorId']);
$aClean['sAppWebpage'] = makeSafe($_REQUEST['sAppWebpage']);
$aClean['iAppIdMergeTo'] = makeSafe($_REQUEST['iAppIdMergeTo']);
$aClean['sReplyText'] = makeSafe($_REQUEST['sReplyText']);
$aClean['iVersionIdMergeTo'] = makeSafe($_REQUEST['iVersionIdMergeTo']);
$aClean['sDistribution'] = makeSafe($_REQUEST['sDistribution']);
function get_vendor_from_keywords($sKeywords)
{
$aKeywords = explode(" *** ",$sKeywords);
@@ -188,12 +173,12 @@ if ($aClean['sSub'])
{
$oVersion = new Version($aClean['iVersionId']);
$oTest = new testData($aClean['iTestingId']);
$oVersion->GetOutputEditorValues($_REQUEST);
$oTest->GetOutputEditorValues($_REQUEST);
$oVersion->GetOutputEditorValues($aClean);
$oTest->GetOutputEditorValues($aClean);
if ($aClean['sAppType'] == "application") // application
{
$oApp = new Application($aClean['iAppId']);
$oApp->GetOutputEditorValues($_REQUEST); // load the values from $_REQUEST
$oApp->GetOutputEditorValues($aClean); // load the values from $aClean
// add new vendor
if($aClean['sAppVendorName'] and !$aClean['iAppVendorId'])
{
@@ -267,12 +252,12 @@ if ($aClean['sSub'])
{
$oVersion = new Version($aClean['iVersionId']);
$oTest = new testData($aClean['iTestingId']);
$oVersion->GetOutputEditorValues($_REQUEST);
$oTest->GetOutputEditorValues($_REQUEST);
$oVersion->GetOutputEditorValues($aClean);
$oTest->GetOutputEditorValues($aClean);
if ($aClean['sAppType'] == "application") // application
{
$oApp = new Application($aClean['iAppId']);
$oApp->GetOutputEditorValues($_REQUEST); // load the values from $_REQUEST
$oApp->GetOutputEditorValues($aClean); // load the values from $aClean
$oApp->update(true);
$oApp->reject();
}

9
admin/adminBugs.php
View File

@@ -10,15 +10,6 @@ require("path.php");
require(BASE."include/incl.php");
require_once(BASE."include/bugs.php");
$aClean = array(); //array of filtered user input
$aClean['sSub'] = makeSafe($_REQUEST['sSub']);
$aClean['iBuglinkId'] = makeSafe($_REQUEST['iBuglinkId']);
$aClean['iItemsPerPage'] = makeSafe($_REQUEST['iItemsPerPage']);
$aClean['sQueuedOnly'] = makeSafe($_REQUEST['sQueuedOnly']);
$aClean['iPage'] = makeSafe($_REQUEST['iPage']);
// deny access if not logged in
if(!$_SESSION['current']->hasPriv("admin"))
util_show_error_page_and_exit("Insufficient privileges.");

5
admin/adminCommentView.php
View File

@@ -15,11 +15,6 @@ $pageRange = 10;
$ItemsPerPage = 10;
$currentPage = 1;
$aClean = array(); //array of filtered user input
$aClean['iItemsPerPage'] = makeSafe($_REQUEST['iItemsPerPage']);
$aClean['iPage'] = makeSafe($_REQUEST['iPage']);
if($aClean['iItemsPerPage'])
$ItemsPerPage = $aClean['iItemsPerPage'];
if($aClean['iPage'])

8
admin/adminMaintainerQueue.php
View File

@@ -14,14 +14,6 @@ require_once(BASE."include/mail.php");
/* The initial help text displayed in the admin's response field */
$sReplyTextHelp = "Enter a personalized reason for accepting or rejecting the user's maintainer request here";
$aClean = array(); //array of filtered user input
$aClean['sSub'] = makeSafe( $_REQUEST['sSub'] );
$aClean['iMaintainerId'] = makeSafe( $_REQUEST['iMaintainerId'] );
$aClean['sAdd'] = makeSafe( $_REQUEST['sAdd'] );
$aClean['sReject'] = makeSafe( $_REQUEST['sReject'] );
$aClean['sReplyText'] = makeSafe( $_REQUEST['sReplyText'] );
/* If the admin's response text has not been modified, it should not be included in the e-mail sent to the rejected/accepted maintainer */
if($aClean['sReplyText'] == $sReplyTextHelp)
$aClean['sReplyText'] = "";

5
admin/adminMaintainers.php
View File

@@ -9,11 +9,6 @@
require("path.php");
require(BASE."include/incl.php");
$aClean = array(); //array of filtered user input
$aClean['sSub'] = makeSafe($_REQUEST['sSub']);
$aClean['iMaintainerId'] = makeSafe($_REQUEST['iMaintainerId']);
// deny access if not logged in
if(!$_SESSION['current']->hasPriv("admin"))
util_show_error_page_and_exit("Insufficient privileges.");

9
admin/adminScreenshots.php
View File

@@ -9,15 +9,6 @@ require(BASE."include/incl.php");
require_once(BASE."include/screenshot.php");
require_once(BASE."include/application.php");
$aClean = array(); //array of filtered user input
$aClean['sCmd'] = makeSafe($_REQUEST['sCmd']);
$aClean['iImageId'] = makeSafe($_REQUEST['iImageId']);
$aClean['iItemsPerPage'] = makeSafe($_REQUEST['iItemsPerPage']);
$aClean['iPage'] = makeSafe($_REQUEST['iPage']);
$aClean['bRegenerate'] = makeSafe($_REQUEST['bRegenerate']);
$aClean['iVersionId'] = makeSafe($_REQUEST['iVersionId']);
// deny access if not admin
if(!$_SESSION['current']->hasPriv("admin"))
util_show_error_page_and_exit("Insufficient privileges.");

7
admin/adminTestResults.php
View File

@@ -11,11 +11,6 @@ require_once(BASE."include/version.php");
require_once(BASE."include/testData.php");
require_once(BASE."include/distribution.php");
$aClean = array();
$aClean['sSub'] = makeSafe($_REQUEST['sSub']);
$aClean['iTestingId'] = makeSafe($_REQUEST['iTestingId']);
if ($aClean['sSub'])
{
$oTest = new testData($aClean['iTestingId']);
@@ -29,7 +24,7 @@ if ($aClean['sSub'])
if(is_numeric($aClean['iTestingId']))
{
$oTest = new testData($aClean['iTestingId']);
$oTest->GetOutputEditorValues($_REQUEST);
$oTest->GetOutputEditorValues($aClean);
if($aClean['sSub'] == 'Submit') // submit the test results
{

9
admin/adminUsers.php
View File

@@ -6,15 +6,6 @@
require("path.php");
require(BASE."include/incl.php");
$aClean = array(); //filtered user input
$aClean['sAction'] = makeSafe($_REQUEST['sAction']);
$aClean['iUserId'] = makeSafe($_REQUEST['iUserId']);
$aClean['sSearch'] = makeSafe($_REQUEST['sSearch']);
$aClean['iLimit'] = makeSafe($_REQUEST['iLimit']);
$aClean['sOrderBy'] = makeSafe($_REQUEST['sOrderBy']);
$aClean['sSubmit'] = makeSafe($_REQUEST['sSubmit']);
apidb_header("Admin Users Management");
if(!$_SESSION['current']->hasPriv("admin"))

8
admin/deleteAny.php
View File

@@ -13,14 +13,6 @@ require_once(BASE."include/application.php");
require_once(BASE."include/monitor.php");
require_once(BASE."include/testData.php");
$aClean = array(); //filtered user input
$aClean['sConfirmed'] = makeSafe($_REQUEST['sConfirmed']);
$aClean['sWhat'] = makeSafe($_REQUEST['sWhat']);
$aClean['iCatId'] = makeSafe($_REQUEST['iCatId']);
$aClean['iAppId'] = makeSafe($_REQUEST['iAppId']);
$aClean['iVersionId'] = makeSafe($_REQUEST['iVersionId']);
if($aClean['sConfirmed'] != "yes")
{
// ask for confirmation

5
admin/editAppFamily.php
View File

@@ -9,11 +9,6 @@ require_once(BASE."include/tableve.php");
require_once(BASE."include/application.php");
require_once(BASE."include/category.php");
$aClean = array(); //array of filtered user input
$aClean['iAppId'] = makeSafe($_REQUEST['iAppId']);
$aClean['sSubmit'] = makeSafe($_REQUEST['sSubmit']);
if(!is_numeric($aClean['iAppId']))
util_show_error_page_and_exit("Wrong ID");

11
admin/editAppNote.php
View File

@@ -7,13 +7,6 @@ require("path.php");
require(BASE."include/incl.php");
require_once(BASE."include/note.php");
$aClean = array(); //array of filtered user input
$aClean['iNoteId'] = makeSafe($_REQUEST['iNoteId']);
$aClean['sSub'] = makeSafe($_REQUEST['sSub']);
$aClean['sSubmit'] = makeSafe($_REQUEST['sSubmit']);
$aClean['sPreview'] = makeSafe($_REQUEST['sPreview']);
if(!is_numeric($aClean['iNoteId']))
util_show_error_page_and_exit('Wrong note ID');
@@ -26,7 +19,7 @@ if(!$_SESSION['current']->hasPriv("admin") && !$_SESSION['current']->isMaintaine
if(!empty($aClean['sSub']))
{
$oNote->GetOutputEditorValues($_REQUEST); /* retrieve the updated values */
$oNote->GetOutputEditorValues($aClean); /* retrieve the updated values */
if ($aClean['sSub'] == 'Delete')
{
@@ -45,7 +38,7 @@ if(!empty($aClean['sSub']))
/* if preview is set display the note for review */
if($aClean['sPreview'])
{
$oNote->GetOutputEditorValues($_REQUEST); /* retrieve the updated values */
$oNote->GetOutputEditorValues($aClean); /* retrieve the updated values */
$oNote->show(true);
}

6
admin/editAppVersion.php
View File

@@ -5,12 +5,6 @@ require_once(BASE."include/tableve.php");
require_once(BASE."include/application.php");
require_once(BASE."include/version.php");
$aClean = array(); //array of filtered user input
$aClean['iAppId'] = makeSafe($_REQUEST['iAppId']);
$aClean['iVersionId'] = makeSafe($_REQUEST['iVersionId']);
$aClean['sSubmit'] = makeSafe($_REQUEST['sSubmit']);
if(!is_numeric($aClean['iAppId']) OR !is_numeric($aClean['iVersionId']))
util_show_error_page_and_exit("Wrong ID");

20
admin/editBundle.php
View File

@@ -18,25 +18,25 @@ function build_app_list()
echo "</select>\n";
}
if($_REQUEST['sCmd'])
if($aClean['sCmd'])
{
if($_REQUEST['sCmd'] == "delete")
if($aClean['sCmd'] == "delete")
{
$hResult = query_parameters("DELETE FROM appBundle WHERE appId ='?' AND bundleId = '?'",
$_REQUEST['iAppId'], $_REQUEST['iBundleId']);
$aClean['iAppId'], $aClean['iBundleId']);
if($hResult)
addmsg("App deleted from bundle", "green");
else
addmsg("Failed to delete app from bundle!", "red");
}
if($_REQUEST['sCmd'] == "add")
if($aClean['sCmd'] == "add")
{
$hResult = query_parameters("INSERT INTO appBundle (bundleId, appId) VALUES".
"('?', '?')",
$_REQUEST['iBundleId'],
$_REQUEST['iAppId']);
$aClean['iBundleId'],
$aClean['iAppId']);
if($hResult)
addmsg("App $appId added to Bundle".$_REQUEST['iBundleId'], "green");
addmsg("App $appId added to Bundle".$aClean['iBundleId'], "green");
}
}
@@ -45,7 +45,7 @@ apidb_header("Edit Application Bundle");
$hResult = query_parameters("SELECT bundleId, appBundle.appId, appName FROM appBundle, appFamily ".
"WHERE bundleId = '?' AND appFamily.appId = appBundle.appId",
$_REQUEST['iBundleId']);
$aClean['iBundleId']);
echo html_frame_start("Apps in this Bundle","300",'',0);
echo "<table width='100%' border=0 cellpadding=3 cellspacing=0>\n\n";
@@ -63,7 +63,7 @@ if($hResult && mysql_num_rows($hResult))
//set row color
if ($c % 2 == 1) { $bgcolor = 'color0'; } else { $bgcolor = 'color1'; }
$delete_link = "[<a href='editBundle.php?sCmd=delete&iBundleId=".$_REQUEST['iBundleId']."&iAppId=$oRow->appId'>delete</a>]";
$delete_link = "[<a href='editBundle.php?sCmd=delete&iBundleId=".$aClean['iBundleId']."&iAppId=$oRow->appId'>delete</a>]";
echo "<tr class=$bgcolor>\n";
echo " <td>$oRow->appName &nbsp;</td>\n";
@@ -89,7 +89,7 @@ echo html_frame_start("Application List (double click to add)","",'',2);
build_app_list();
echo html_frame_end();
echo "<input type=\"hidden\" name=\"iBundleId\" value=\"".$_REQUEST['iBundleId']."\">\n";
echo "<input type=\"hidden\" name=\"iBundleId\" value=\"".$aClean['iBundleId']."\">\n";
echo "<input type=\"hidden\" name=\"sCmd\" value=\"add\">\n";
echo "</form>\n";

8
admin/editDistribution.php
View File

@@ -3,19 +3,13 @@ require("path.php");
require(BASE."include/incl.php");
require_once(BASE."include/distribution.php");
$aClean = array(); //array of filtered user input
$aClean['iDistributionId'] = makeSafe($_REQUEST['iDistributionId']);
$aClean['sSubmit'] = makeSafe($_REQUEST['sSubmit']);
if(!$_SESSION['current']->hasPriv("admin"))
util_show_error_page_and_exit("Insufficient privileges.");
$oDistribution = new distribution($aClean['iDistributionId']);
if($aClean['sSubmit'])
{
$oDistribution->GetOutputEditorValues($_REQUEST);
$oDistribution->GetOutputEditorValues($aClean);
if($oDistribution->iDistributionId)
$oDistribution->update();

6
admin/editVendor.php
View File

@@ -3,12 +3,6 @@ require("path.php");
require(BASE."include/incl.php");
require_once(BASE."include/vendor.php");
$aClean = array(); //array of filtered user input
$aClean['iVendorId'] = makeSafe($_REQUEST['iVendorId']);
$aClean['sSubmit'] = makeSafe($_REQUEST['sSubmit']);
$aClean['sName'] = makeSafe($_REQUEST['sName']);
$aClean['sWebpage'] = makeSafe($_REQUEST['sWebpage']);
if(!$_SESSION['current']->hasPriv("admin"))
util_show_error_page_and_exit();

6
admin/moveAppVersion.php
View File

@@ -5,12 +5,6 @@ require_once(BASE."include/tableve.php");
require_once(BASE."include/application.php");
require_once(BASE."include/version.php");
$aClean = array(); //array of filtered user input
$aClean['iAppId'] = makeSafe($_REQUEST['iAppId']);
$aClean['iVersionId'] = makeSafe($_REQUEST['iVersionId']);
$aClean['sAction'] = makeSafe($_REQUEST['sAction']);
if(!is_numeric($aClean['iAppId']) OR !is_numeric($aClean['iVersionId']))
util_show_error_page_and_exit("Wrong ID");

1
appbrowse.php
View File

@@ -9,7 +9,6 @@
// application environment
require("path.php");
require(BASE."include/"."incl.php");
require(BASE."include/filter.php");
require_once(BASE."include/"."appdb.php");
require_once(BASE."include/"."category.php");

1
appimage.php
View File

@@ -17,7 +17,6 @@
// application environment
require("path.php");
require(BASE."include/incl.php");
require(BASE."include/filter.php");
require_once(BASE."include/screenshot.php");
// an image doesn't have a link, so a cookie makes no sense

26
appsubmit.php
View File

@@ -33,20 +33,6 @@ require_once(BASE."include/tableve.php");
require_once(BASE."include/application.php");
require_once(BASE."include/testData.php");
$aClean = array(); //array of filtered user input
$aClean['sAppType'] = makeSafe($_REQUEST['sAppType']);
$aClean['sSub'] = makeSafe($_REQUEST['sSub']);
$aClean['iAppId'] = makeSafe($_REQUEST['iAppId']);
$aClean['iVersionId'] = makeSafe($_REQUEST['iVersionId']);
$aClean['iTestingId'] = makeSafe($_REQUEST['iTestingId']);
$aClean['sAppVendorName'] = makeSafe($_REQUEST['sAppVendorName']);
$aClean['iVendorId'] = makeSafe($_REQUEST['iVendorId']);
$aClean['sAppWebpage'] = makeSafe($_REQUEST['sAppWebpage']);
$aClean['sAppKeywords'] = makeSafe($_REQUEST['sAppKeywords']);
$aClean['iDistributionId'] = makeSafe($_REQUEST['iDistributionId']);
$aClean['sDistribution'] = makeSafe($_REQUEST['sDistribution']);
function get_vendor_from_keywords($sKeywords)
{
$aKeywords = explode(" *** ",$sKeywords);
@@ -158,15 +144,15 @@ if ($aClean['sSub'])
$errors = "";
$oVersion = new Version($aClean['iVersionId']);
$oTest = new testData($aClean['iTestingId']);
$errors .= $oVersion->CheckOutputEditorInput($_REQUEST);
$errors .= $oTest->CheckOutputEditorInput($_REQUEST);
$oVersion->GetOutputEditorValues($_REQUEST);
$oTest->GetOutputEditorValues($_REQUEST);
$errors .= $oVersion->CheckOutputEditorInput($aClean);
$errors .= $oTest->CheckOutputEditorInput($aClean);
$oVersion->GetOutputEditorValues($aClean);
$oTest->GetOutputEditorValues($aClean);
if ($aClean['sAppType'] == "application") // application
{
$oApp = new Application($aClean['iAppId']);
$errors .= $oApp->CheckOutputEditorInput($_REQUEST);
$oApp->GetOutputEditorValues($_REQUEST); // load the values from $_REQUEST
$errors .= $oApp->CheckOutputEditorInput($aClean);
$oApp->GetOutputEditorValues($aClean); // load the values from $aClean
if(empty($errors))
{

8
appview.php
View File

@@ -27,14 +27,6 @@ require_once(BASE."include/category.php");
require_once(BASE."include/maintainer.php");
require_once(BASE."include/monitor.php");
$aClean = array(); //array of filtered user input
$aClean['iAppId'] = makeSafe($_REQUEST['iAppId']);
$aClean['iVersionId'] = makeSafe($_REQUEST['iVersionId']);
$aClean['sSub'] = makeSafe($_REQUEST['sSub']);
$aClean['iBuglinkId'] = makeSafe($_REQUEST['iBuglinkId']);
$aClean['iTestingId'] = makeSafe($_REQUEST['iTestingId']);
$oApp = new Application($aClean['iAppId']);
$oVersion = new Version($aClean['iVersionId']);

1
browse_by_rating.php
View File

@@ -7,7 +7,6 @@
// application environment
require("path.php");
require(BASE."include/incl.php");
require(BASE."include/filter.php");
require_once(BASE."include/application.php");
apidb_header("Browse Applications by Rating");

1
browse_newest_apps.php
View File

@@ -6,7 +6,6 @@
require("path.php");
require(BASE."include/incl.php");
require(BASE."include/filter.php");
/* Set default value */
if(empty($aClean['iNumVersions']) || $aClean['iNumVersions'] > 200 || $aClean['iNumVersions'] < 0)

1
commentview.php
View File

@@ -10,7 +10,6 @@
*/
require("path.php");
require(BASE."include/incl.php");
require(BASE."include/filter.php");
require_once(BASE."include/comment.php");
apidb_header("Comments");

1
deletecomment.php
View File

@@ -13,7 +13,6 @@
// application environment
require("path.php");
require(BASE."include/incl.php");
require(BASE."include/filter.php");
require_once(BASE.'include/comment.php');
$oComment = new Comment($aClean['iCommentId']);

1
distributionView.php
View File

@@ -8,7 +8,6 @@
*/
require("path.php");
require(BASE."include/incl.php");
require(BASE."include/filter.php");
require_once(BASE."include/distribution.php");
require_once(BASE."include/testData.php");

10
help/index.php
View File

@@ -8,9 +8,9 @@ require(BASE."include/"."incl.php");
$help_path = BASE."/help";
if($_GET['sTopic'])
if($aClean['sTopic'])
{
display_help($_GET['sTopic']);
display_help($aClean['sTopic']);
} else {
display_index();
}
@@ -81,17 +81,17 @@ function get_help_title ($file)
{
$fp = @fopen($file, "r");
if(!$fp)
return null;
return null;
$line = fgets($fp, 1024);
if(!$line)
return null;
return null;
$line = trim($line);
if(eregi("^<!--TITLE: (.+)-->$", $line, $arr))
{
return $arr[1];
return $arr[1];
}
return "Internal Error: missing title";
}

16
include/application.php
View File

@@ -358,11 +358,8 @@ class Application {
function mailSubmitter($sAction="add")
{
$aClean = array(); //array of filtered user input
if(isset($_REQUEST['sReplyText']))
$aClean['sReplyText'] = makeSafe($_REQUEST['sReplyText']);
else
global $aClean;
if(!isset($aClean['sReplyText']))
$aClean['sReplyText'] = "";
if($this->iSubmitterId)
@@ -432,11 +429,8 @@ class Application {
function SendNotificationMail($sAction="add",$sMsg=null)
{
$aClean = array(); //array of filtered user input
if(isset($_REQUEST['sReplyText']))
$aClean['sReplyText'] = makeSafe($_REQUEST['sReplyText']);
else
global $aClean;
if(!isset($aClean['sReplyText']))
$aClean['sReplyText'] = "";
switch($sAction)
@@ -581,7 +575,7 @@ class Application {
return $errors;
}
/* retrieves values from $_REQUEST that were output by OutputEditor() */
/* retrieves values from $aValues that were output by OutputEditor() */
/* $aValues can be $_REQUEST or any array with the values from OutputEditor() */
function GetOutputEditorValues($aValues)
{

10
include/bugs.php
View File

@@ -191,9 +191,9 @@ class Bug {
function mailSubmitter($bRejected=false)
{
$aClean = array(); //array of filtered user input
$aClean['sReplyText'] = makeSafe($_REQUEST['sReplyText']);
global $aClean;
if(!isset($aClean['sReplyText']))
$aClean['sReplyText'] = "";
if($this->iSubmitterId)
{
@@ -298,9 +298,7 @@ class Bug {
function view_version_bugs($iVersionId = null, $aBuglinkIds)
{
$aClean = array(); //array of filtered user input
$aClean['buglinkId'] = makeSafe($_REQUEST['buglinkId']);
global $aClean;
$bCanEdit = FALSE;
$oVersion = new Version($iVersionId);

5
include/comment.php
View File

@@ -366,10 +366,7 @@ class Comment {
function view_app_comments($versionId, $threadId = 0)
{
$aClean = array(); //array of filtered user input
$aClean['sCmode'] = makeSafe($_REQUEST['sCmode']);
$aClean['sMode'] = makeSafe($_REQUEST['sMode']);
global $aClean;
// count posts
$hResult = query_parameters("SELECT commentId FROM appComments WHERE versionId = '?'", $versionId);

8
include/distribution.php
View File

@@ -257,10 +257,7 @@ class distribution{
function mailSubmitter($sAction="add")
{
$aClean = array(); //array of filtered user input
$aClean['sReplyText'] = makeSafe($_REQUEST['sReplyText']);
global $aClean;
if($this->iSubmitterId)
{
@@ -301,9 +298,8 @@ class distribution{
function SendNotificationMail($sAction="add",$sMsg=null)
{
$aClean = array(); //array of filtered user input
global $aClean;
$aClean['sReplyText'] = makeSafe($_REQUEST['sReplyText']);
switch($sAction)
{
case "add":

21
include/filter.php
View File

@@ -9,8 +9,19 @@ function filter_gpc()
{
global $aClean;
$aKeys = array_keys($_REQUEST);
for($i=0;$i<sizeof($aKeys);$i++)
for($i=0; $i < sizeof($aKeys); $i++)
{
// Special cases for variables that don't fit our filtering scheme
// don't filter the AppDB session cookie and MAX_FILE_SIZE
// and the DialogX values that xinha uses
if($aKeys[$i] == "whq_appdb" || ($aKeys[$i] == "MAX_FILE_SIZE") || ($aKeys[$i] == "PHPSESSID")
|| (strpos($aKeys[$i], "Dialog") == 0) || (strpos($aKeys[$i], "pref_") == 0))
{
// copy the key over to the clean array
$aClean[$aKeys[$i]] = trim(strip_tags($_REQUEST[$aKeys[$i]]));
continue; // go to the next entry
}
switch($aKeys[$i][0])
{
case "i": // integer
@@ -47,13 +58,7 @@ function filter_gpc()
util_show_error_page_and_exit("Fatal error: ".$aKeys[$i]." should be an array.");
break;
default:
// don't filter the AppDB session cookie and MAX_FILE_SIZE
// and the DialogX values that xinha uses
if($aKeys[$i]!="whq_appdb" && $aKeys[$i]!="MAX_FILE_SIZE" && $aKeys[$i]!="PHPSESSID"
&& strpos($aKeys[$i], "Dialog") == 0)
{
util_show_error_page_and_exit("Fatal error: type of variable ".$aKeys[$i]." is not recognized.");
}
util_show_error_page_and_exit("Fatal error: type of variable ".$aKeys[$i]." is not recognized.");
break;
}
}

3
include/form_edit.php
View File

@@ -1,9 +1,6 @@
<?php
require_once(BASE."include/util.php");
$aClean = array(); //array of filtered user input
$aClean['iUserId'] = makeSafe($_REQUEST['iUserId']);
/*********************/
/* Edit Account Form */
/*********************/

4
include/form_login.php
View File

@@ -1,10 +1,6 @@
<?php
require_once(BASE."include/util.php");
$aClean = array(); //array of filtered user input
$aClean['sUserEmail'] = makeSafe($_POST['sUserEmail']);
/**************/
/* Login Form */
/**************/

6
include/form_new.php
View File

@@ -1,12 +1,6 @@
<?php
require_once(BASE."include/util.php");
$aClean = array(); //array of filtered user input
$aClean['sUserEmail'] = makeSafe($_POST['sUserEmail']);
$aClean['sUserRealname'] = makeSafe($_POST['realname']);
/********************/
/* New Account Form */
/********************/

9
include/incl.php
View File

@@ -82,6 +82,9 @@ if(isset($_REQUEST['mode']))
/* End backwards compatibility code */
// include filter.php to filter all REQUEST input
require(BASE."include/filter.php");
// create arrays
$sidebar_func_list = array();
@@ -285,7 +288,11 @@ function dumpmsgbuffer()
$session = new session("whq_appdb");
$session->register("current");
if(!isset($_SESSION['current'])) $_SESSION['current'] = new User();
if(!isset($_SESSION['current']))
{
echo "Session not set, creating new user";
$_SESSION['current'] = new User();
}
// if we are debugging we need to see all errors
if($_SESSION['current']->showDebuggingInfos()) error_reporting(E_ALL ^ E_NOTICE);

8
include/note.php
View File

@@ -2,12 +2,6 @@
require_once(BASE."include/util.php");
require_once(BASE."include/version.php");
$aClean = array(); //array of filtered user input
if(isset($_REQUEST['sReplyText']))
$aClean['sReplyText'] = makeSafe( $_REQUEST['sReplyText'] );
else
$aClean['sReplyText'] = "";
/************************************/
/* note class and related functions */
/************************************/
@@ -257,7 +251,7 @@ class Note {
echo html_frame_end();
}
/* retrieves values from $_REQUEST that were output by OutputEditor() */
/* retrieves values from $aValue that were output by OutputEditor() */
/* $aValues can be $_REQUEST or any array with the values from OutputEditor() */
function GetOutputEditorValues($aValues)
{

4
include/screenshot.php
View File

@@ -302,9 +302,7 @@ class Screenshot {
function mailSubmitter($bRejected=false)
{
$aClean = array(); //array of filtered user input
$aClean['sReplyText'] = makeSafe($_REQUEST['sReplyText']);
global $aClean;
if($this->iSubmitterId)
{

8
include/sidebar.php
View File

@@ -6,11 +6,9 @@ require_once(BASE."include/distribution.php");
require_once(BASE."include/vendor.php");
require_once(BASE."include/util.php");
function global_sidebar_menu() {
$aClean = array(); //array of filtered user input
$aClean['sSearchQuery'] = makeSafe($_REQUEST['sSearchQuery']);
function global_sidebar_menu()
{
global $aClean;
$g = new htmlmenu(APPDB_OWNER." Menu");
$g->add(APPDB_OWNER, APPDB_OWNER_URL);

18
include/testData.php
View File

@@ -245,10 +245,7 @@ class testData{
function mailSubmitter($sAction="add")
{
$aClean = array(); //array of filtered user input
$aClean = makeSafe($_REQUEST['sReplyText']);
global $aClean;
if($this->iSubmitterId)
{
@@ -290,9 +287,7 @@ class testData{
function SendNotificationMail($sAction="add",$sMsg=null)
{
$aClean = array(); //array of filtered user input
$aClean['sReplyText'] = makeSafe($_REQUEST['sReplyText']);
global $aClean;
$oVersion = new Version($this->iVersionId);
$oApp = new Application($oVersion->iAppId);
@@ -374,13 +369,12 @@ class testData{
// Show the Test results for a application version
function ShowVersionsTestingTable($link, $iDisplayLimit)
{
global $aClean;
/* escape input parameters */
$link = mysql_real_escape_string($link);
$iDisplayLimit = mysql_real_escape_string($iDisplayLimit);
$aClean = array(); //array of filtered user input
$aClean['showAll'] = makeSafe($_REQUEST['showAll']);
$showAll = $aClean['showAll'];
$sQuery = "SELECT *
@@ -559,7 +553,7 @@ class testData{
echo html_frame_end();
}
/* $aValues can be $_REQUEST or any array with the values from OutputEditor() */
/* $aValues can be $aValues or any array with the values from OutputEditor() */
function CheckOutputEditorInput($aValues, $sDistribution="")
{
$errors = "";
@@ -603,7 +597,7 @@ class testData{
}
/* retrieves values from $_REQUEST that were output by OutputEditor() */
/* retrieves values from $aValues that were output by OutputEditor() */
/* $aValues can be $_REQUEST or any array with the values from OutputEditor() */
function GetOutputEditorValues($aValues)
{

8
include/url.php
View File

@@ -51,10 +51,7 @@ class Url {
*/
function create($sDescription = null, $sUrl = null, $iVersionId = null, $iAppId = null)
{
$aClean = array(); //array of filtered user input
$aClean['iVersionId'] = makeSafe($_REQUEST['iVersionId']);
$aClean['iAppId'] = makeSafe($_REQUEST['iAppId']);
global $aClean;
// Security, if we are not an administrator or a maintainer, the url must be queued.
if(!($_SESSION['current']->hasPriv("admin") || $_SESSION['current']->isMaintainer($aClean['iVersionId']) || $_SESSION['current']->isSupermaintainer($aClean['iAppId'])))
@@ -180,9 +177,8 @@ class Url {
function mailSubmitter($bRejected=false)
{
$aClean = array(); //array of filtered user input
global $aClean;
$aClean['sReplyText'] = makeSafe($_REQUEST['sReplyText']);
if($this->iSubmitterId)
{
$sAppName = Application::lookup_name($this->appId)." ".Version::lookup_name($this->versionId);

78
include/util.php
View File

@@ -552,91 +552,93 @@ function outputSearchTableForhResult($search_words, $hResult)
/* pass in $isVersion of true if we are processing changes for an app version */
/* or false if processing changes for an application family */
function process_app_version_changes($isVersion)
function process_app_version_changes($bIsVersion)
{
global $aClean;
/* load up the version or application depending on which values are set */
if($isVersion)
$oVersion = new Version($_REQUEST['iVersionId']);
if($bIsVersion)
$oVersion = new Version($aClean['iVersionId']);
else
$oApp = new Application($_REQUEST['iAppId']);
$oApp = new Application($aClean['iAppId']);
// commit changes of form to database
if(($_REQUEST['sSubmit'] == "Update Database") && $isVersion) /* is a version */
if(($aClean['sSubmit'] == "Update Database") && $bIsVersion) /* is a version */
{
$oVersion->GetOutputEditorValues($_REQUEST);
$oVersion->GetOutputEditorValues($aClean);
$oVersion->update();
} else if(($_REQUEST['sSubmit'] == "Update Database") && !$isVersion) /* is an application */
} else if(($aClean['sSubmit'] == "Update Database") && !$bIsVersion) /* is an application */
{
$oApp->GetOutputEditorValues($_REQUEST);
$oApp->GetOutputEditorValues($aClean);
$oApp->update();
} else if($_REQUEST['sSubmit'] == "Update URL")
} else if($aClean['sSubmit'] == "Update URL")
{
$sWhatChanged = "";
$bAppChanged = false;
if (!empty($_REQUEST['sUrlDesc']) && !empty($_REQUEST['sUrl']) )
if (!empty($aClean['sUrlDesc']) && !empty($aClean['sUrl']) )
{
// process added URL
if($_SESSION['current']->showDebuggingInfos()) { echo "<p align=center><b>{$_REQUEST['sUrl']}:</b> {$_REQUEST['sUrlDesc']} </p>"; }
if($_SESSION['current']->showDebuggingInfos()) { echo "<p align=center><b>{$aClean['sUrl']}:</b> {$aClean['sUrlDesc']} </p>"; }
if($isVersion)
if($bIsVersion)
{
$hResult = query_parameters("INSERT INTO appData (versionId, type, description, url) ".
"VALUES ('?', '?', '?', '?')",
$_REQUEST['iVersionId'], "url", $_REQUEST['sUrlDesc'],
$_REQUEST['sUrl']);
$aClean['iVersionId'], "url", $aClean['sUrlDesc'],
$aClean['sUrl']);
} else
{
$hResult = query_parameters("INSERT INTO appData (appId, type, description, url) ".
"VALUES ('?', '?', '?', '?')",
$_REQUEST['iAppId'], "url", $_REQUEST['sUrlDesc'],
$_REQUEST['sUrl']);
$aClean['iAppId'], "url", $aClean['sUrlDesc'],
$aClean['sUrl']);
}
if ($hResult)
{
addmsg("The URL was successfully added into the database", "green");
$sWhatChanged .= " Added Url: Description: ".stripslashes($_REQUEST['sUrlDesc'])."\n";
$sWhatChanged .= " Url: ".stripslashes($_REQUEST['sUrl'])."\n";
$sWhatChanged .= " Added Url: Description: ".stripslashes($aClean['sUrlDesc'])."\n";
$sWhatChanged .= " Url: ".stripslashes($aClean['sUrl'])."\n";
$bAppChanged = true;
}
}
// Process changed URLs
for($i = 0; $i < $_REQUEST['iRows']; $i++)
for($i = 0; $i < $aClean['iRows']; $i++)
{
if($_SESSION['current']->showDebuggingInfos()) { echo "<p align=center><b>{$_REQUEST['adescription'][$i]}:</b> {$_REQUEST['aURL'][$i]}: {$_REQUEST['adelete'][$i]} : {$_REQUEST['aId'][$i]} : .{$_REQUEST['aOldDesc'][$i]}. : {$_REQUEST['aOldURL'][$i]}</p>"; }
if($_SESSION['current']->showDebuggingInfos()) { echo "<p align=center><b>{$aClean['adescription'][$i]}:</b> {$aClean['aURL'][$i]}: {$aClean['adelete'][$i]} : {$aClean['aId'][$i]} : .{$aClean['aOldDesc'][$i]}. : {$aClean['aOldURL'][$i]}</p>"; }
if ($_REQUEST['adelete'][$i] == "on")
if ($aClean['adelete'][$i] == "on")
{
$hResult = query_parameters("DELETE FROM appData WHERE id = '?'", $_REQUEST['aId'][$i]);
$hResult = query_parameters("DELETE FROM appData WHERE id = '?'", $aClean['aId'][$i]);
if($hResult)
{
addmsg("<p><b>Successfully deleted URL ".$_REQUEST['aOldDesc'][$i]." (".$_REQUEST['aOldURL'][$i].")</b></p>\n",'green');
$sWhatChanged .= "Deleted Url: Description: ".stripslashes($_REQUEST['aOldDesc'][$i])."\n";
$sWhatChanged .= " url: ".stripslashes($_REQUEST['aOldURL'][$i])."\n";
addmsg("<p><b>Successfully deleted URL ".$aClean['aOldDesc'][$i]." (".$aClean['aOldURL'][$i].")</b></p>\n",'green');
$sWhatChanged .= "Deleted Url: Description: ".stripslashes($aClean['aOldDesc'][$i])."\n";
$sWhatChanged .= " url: ".stripslashes($aClean['aOldURL'][$i])."\n";
$bAppChanged = true;
}
}
else if( $_REQUEST['aURL'][$i] != $_REQUEST['aOldURL'][$i] || $_REQUEST['adescription'][$i] != $_REQUEST['aOldDesc'][$i])
else if( $aClean['aURL'][$i] != $aClean['aOldURL'][$i] || $aClean['adescription'][$i] != $aClean['aOldDesc'][$i])
{
if(empty($_REQUEST['aURL'][$i]) || empty($_REQUEST['adescription'][$i]))
if(empty($aClean['aURL'][$i]) || empty($aClean['adescription'][$i]))
addmsg("The URL or description was blank. URL not changed in the database", "red");
else
{
if (query_parameters("UPDATE appData SET description = '?', url = '?' WHERE id = '?'",
$_REQUEST['adescription'][$i], $_REQUEST['aURL'][$i],
$_REQUEST['aId'][$i]))
$aClean['adescription'][$i], $aClean['aURL'][$i],
$aClean['aId'][$i]))
{
addmsg("<p><b>Successfully updated ".$_REQUEST['aOldDesc'][$i]." (".$_REQUEST['aOldURL'][$i].")</b></p>\n",'green');
$sWhatChanged .= "Changed Url: Old Description: ".stripslashes($_REQUEST['aOldDesc'][$i])."\n";
$sWhatChanged .= " Old Url: ".stripslashes($_REQUEST['aOldURL'][$i])."\n";
$sWhatChanged .= " New Description: ".stripslashes($_REQUEST['adescription'][$i])."\n";
$sWhatChanged .= " New url: ".stripslashes($_REQUEST['aURL'][$i])."\n";
addmsg("<p><b>Successfully updated ".$aClean['aOldDesc'][$i]." (".$aClean['aOldURL'][$i].")</b></p>\n",'green');
$sWhatChanged .= "Changed Url: Old Description: ".stripslashes($aClean['aOldDesc'][$i])."\n";
$sWhatChanged .= " Old Url: ".stripslashes($aClean['aOldURL'][$i])."\n";
$sWhatChanged .= " New Description: ".stripslashes($aClean['adescription'][$i])."\n";
$sWhatChanged .= " New url: ".stripslashes($aClean['aURL'][$i])."\n";
$bAppChanged = true;
}
}
@@ -644,16 +646,16 @@ function process_app_version_changes($isVersion)
}
if ($bAppChanged)
{
$sEmail = User::get_notify_email_address_list($_REQUEST['iAppId']);
$oApp = new Application($_REQUEST['iAppId']);
$sEmail = User::get_notify_email_address_list($aClean['iAppId']);
$oApp = new Application($aClean['iAppId']);
if($sEmail)
{
if($isVersion)
if($bIsVersion)
$sSubject = "Links for ".$oApp->sName." ".$oVersion->sName." have been updated by ".$_SESSION['current']->sRealname;
else
$sSubject = "Links for ".$oApp->sName." have been updated by ".$_SESSION['current']->sRealname;
$sMsg = APPDB_ROOT."appview.php?iAppId=".$_REQUEST['iAppId']."\n";
$sMsg = APPDB_ROOT."appview.php?iAppId=".$aClean['iAppId']."\n";
$sMsg .= "\n";
$sMsg .= "The following changes have been made:";
$sMsg .= "\n";

14
include/version.php
View File

@@ -393,12 +393,10 @@ class Version {
function mailSubmitter($sAction="add")
{
$aClean = array(); //array of filtered user input
global $aClean; //FIXME: we should pass the sReplyText value in
// use 'sReplyText' if it is defined, otherwise define the value as an empty string
if(isset($_REQUEST['sReplyText']))
$aClean['sReplyText'] = makeSafe($_REQUEST['sReplyText']);
else
if(!isset($aClean['sReplyText']))
$aClean['sReplyText'] = "";
if($this->iSubmitterId)
@@ -436,12 +434,10 @@ class Version {
function SendNotificationMail($sAction="add",$sMsg=null)
{
$aClean = array(); //array of filtered user input
global $aClean;
// use 'sReplyText' if it is defined, otherwise define the value as an empty string
if(isset($_REQUEST['sReplyText']))
$aClean['sReplyText'] = makeSafe($_REQUEST['sReplyText']);
else
if(!isset($aClean['sReplyText']))
$aClean['sReplyText'] = "";
$oApp = new Application($this->iAppId);
@@ -601,7 +597,7 @@ class Version {
return $errors;
}
/* retrieves values from $_REQUEST that were output by OutputEditor() */
/* retrieves values from $aValues that were output by OutputEditor() */
/* $aValues can be $_REQUEST or any array with the values from OutputEditor() */
function GetOutputEditorValues($aValues)
{

6
include/vote.php
View File

@@ -9,7 +9,6 @@ define('MAX_VOTES',3);
*/
function vote_count($iAppId, $iUserId = null)
{
if(!$iUserId)
{
if($_SESSION['current']->isLoggedIn())
@@ -78,7 +77,6 @@ function vote_add($iAppId, $iSlot, $iUserId = null)
*/
function vote_remove($iSlot, $iUserId = null)
{
if(!$iUserId)
{
if($_SESSION['current']->isLoggedIn())
@@ -114,9 +112,7 @@ function vote_get_user_votes($iUserId = null)
function vote_menu()
{
$aClean = array(); //array of filtered user input
$aClean['iAppId'] = makeSafe($_REQUEST['iAppId']);
global $aClean;
$m = new htmlmenu("Votes","updatevote.php");

7
maintainerdelete.php
View File

@@ -23,13 +23,6 @@ require(BASE."include/incl.php");
require_once(BASE."include/category.php");
require_once(BASE."include/application.php");
$aClean = array(); //array of filtered user input
$aClean['iAppId'] = makeSafe($_POST['iAppId']);
$aClean['iVersionId'] = makeSafe($_POST['iVersionId']);
$aClean['iConfirmed'] = makeSafe($_POST['iConfirmed']);
$aClean['iSuperMaintainer'] = makeSafe($_POST['iSuperMaintainer']);
if(!$_SESSION['current']->isLoggedIn())
util_show_error_page_and_exit("You need to be logged in to resign from being a maintainer.");

7
maintainersubmit.php
View File

@@ -21,13 +21,6 @@ require(BASE."include/incl.php");
require_once(BASE."include/application.php");
require_once(BASE.'include/version.php');
$aClean = array(); //array of filtered user input
$aClean['sMaintainReason'] = makeSafe($_REQUEST['sMaintainReason']);
$aClean['iAppId'] = makeSafe($_POST['iAppId']);
$aClean['iVersionId'] = makeSafe(strip_tags($_POST['iVersionId']));
$aClean['iSuperMaintainer'] = makeSafe($_POST['iSuperMaintainer']);
/**
* Check the input of a submitted form. And output with a list

28
preferences.php
View File

@@ -71,28 +71,6 @@ function show_user_fields($oUser)
}
$aClean = array(); //array of filtered user input
$aClean['iUserId'] = makeSafe($_REQUEST['iUserId']);
$aClean['iLimit'] = makeSafe($_REQUEST['iLimit']);
$aClean['sOrderBy'] = makeSafe($_REQUEST['sOrderBy']);
$aClean['sUserPassword'] = makeSafe($_REQUEST['sUserPassword']);
$aClean['sUserPassword2'] = makeSafe($_REQUEST['sUserPassword2']);
$aClean['sUserEmail'] = makeSafe($_REQUEST['sUserEmail']);
$aClean['sUserRealname'] = makeSafe($_REQUEST['sUserRealname']);
$aClean['sWineRelease'] = makeSafe($_REQUEST['sWineRelease']);
$aClean['sHasAdmin'] = makeSafe($_POST['sHasAdmin']);
/* filter all of the preferences */
while(list($sKey, $sValue) = each($_REQUEST))
{
if(ereg("^pref_(.+)$", $sKey, $arr))
$aClean[$sKey] = makeSafe($sValue);
}
if(!$_SESSION['current']->isLoggedIn())
util_show_error_page_and_exit("You must be logged in to edit preferences");
@@ -109,8 +87,8 @@ if($_SESSION['current']->hasPriv("admin") &&
$oUser = &$_SESSION['current'];
}
if($_POST)
{
if($aClean['sSubmit'] == "Update")
{
while(list($sKey, $sValue) = each($aClean))
{
/* if a parameter lacks 'pref_' at its head it isn't a */
@@ -184,7 +162,7 @@ if($oUser->iUserId != $aClean['iUserId']) build_prefs_list($oUser);
echo html_table_end();
echo html_frame_end();
echo "<br /> <div align=center> <input type=\"submit\" value=\"Update\" /> </div> <br />\n";
echo "<br /> <div align=center> <input type=\"submit\" name='sSubmit' value=\"Update\" /> </div> <br />\n";
echo "</form>\n";
apidb_footer();

1
screenshots.php
View File

@@ -21,7 +21,6 @@
// application environment
require("path.php");
require(BASE."include/incl.php");
require(BASE."include/filter.php");
require_once(BASE."include/screenshot.php");
require_once(BASE."include/application.php");
require_once(BASE."include/version.php");

1
search.php
View File

@@ -12,7 +12,6 @@
// application environment
require("path.php");
require(BASE."include/incl.php");
require(BASE."include/filter.php");
apidb_header("Search Results");
perform_search_and_output_results($aClean['sSearchQuery']);

12
testResults.php
View File

@@ -10,14 +10,6 @@ require_once(BASE."include/application.php");
require_once(BASE."include/testData.php");
require_once(BASE."include/distribution.php");
$aClean = array(); //array of filtered user input
$aClean['sSub'] = makeSafe($_REQUEST['sSub']);
$aClean['iTestingId'] = makeSafe($_REQUEST['iTestingId']);
$aClean['iVersionId'] = makeSafe($_REQUEST['iVersionId']);
$aClean['iDistributionId'] = makeSafe($_REQUEST['iDistributionId']);
$aClean['sDistribution'] = makeSafe($_REQUEST['sDistribution']);
//deny access if not logged on
if(!$_SESSION['current']->isLoggedIn())
util_show_error_page_and_exit("Insufficient privileges to create test results. Are you sure you are logged in?");
@@ -33,8 +25,8 @@ if ($aClean['sSub'])
// Submit or Resubmit the new test results
if (($aClean['sSub'] == 'Submit') || ($aClean['sSub'] == 'Resubmit'))
{
$errors = $oTest->CheckOutputEditorInput($_REQUEST);
$oTest->GetOutputEditorValues($_REQUEST); // retrieve the values from the current $_REQUEST
$errors = $oTest->CheckOutputEditorInput($aClean);
$oTest->GetOutputEditorValues($aClean); // retrieve the values from the current $aClean
if(empty($errors))
{
if(!$aClean['iDistributionId'])

1
vendorview.php
View File

@@ -8,7 +8,6 @@
*/
require("path.php");
require(BASE."include/incl.php");
require(BASE."include/filter.php");
require_once(BASE."include/application.php");
require_once(BASE."include/vendor.php");

1
viewScreenshots.php
View File

@@ -6,7 +6,6 @@
require("path.php");
require(BASE."include/incl.php");
require(BASE."include/filter.php");
require_once(BASE."include/screenshot.php");
require_once(BASE."include/application.php");

1
viewbugs.php
View File

@@ -12,7 +12,6 @@
// application environment
require("path.php");
require(BASE."include/incl.php");
require(BASE."include/filter.php");
/* code to View versions affected by a Bug */

1
votestats.php
View File

@@ -10,7 +10,6 @@
// application environment
require("path.php");
require(BASE."include/incl.php");
require(BASE."include/filter.php");
require_once(BASE."include/category.php");
// set default values and check if the value makes sense