From a1a41d6b87ac249ff9d9aa3ca5427e5d6ac20858 Mon Sep 17 00:00:00 2001 From: Chris Morgan Date: Thu, 4 Jan 2007 02:35:01 +0000 Subject: [PATCH] Fix and enable input filtering through include/filter.php --- account.php | 1 - addcomment.php | 1 - admin/addAppNote.php | 9 +--- admin/addCategory.php | 8 ---- admin/adminAppDataQueue.php | 9 ---- admin/adminAppQueue.php | 27 +++--------- admin/adminBugs.php | 9 ---- admin/adminCommentView.php | 5 --- admin/adminMaintainerQueue.php | 8 ---- admin/adminMaintainers.php | 5 --- admin/adminScreenshots.php | 9 ---- admin/adminTestResults.php | 7 +-- admin/adminUsers.php | 9 ---- admin/deleteAny.php | 8 ---- admin/editAppFamily.php | 5 --- admin/editAppNote.php | 11 +---- admin/editAppVersion.php | 6 --- admin/editBundle.php | 20 ++++----- admin/editDistribution.php | 8 +--- admin/editVendor.php | 6 --- admin/moveAppVersion.php | 6 --- appbrowse.php | 1 - appimage.php | 1 - appsubmit.php | 26 +++--------- appview.php | 8 ---- browse_by_rating.php | 1 - browse_newest_apps.php | 1 - commentview.php | 1 - deletecomment.php | 1 - distributionView.php | 1 - help/index.php | 10 ++--- include/application.php | 16 +++---- include/bugs.php | 10 ++--- include/comment.php | 5 +-- include/distribution.php | 8 +--- include/filter.php | 21 +++++---- include/form_edit.php | 3 -- include/form_login.php | 4 -- include/form_new.php | 6 --- include/incl.php | 9 +++- include/note.php | 8 +--- include/screenshot.php | 4 +- include/sidebar.php | 8 ++-- include/testData.php | 18 +++----- include/url.php | 8 +--- include/util.php | 78 +++++++++++++++++----------------- include/version.php | 14 +++--- include/vote.php | 6 +-- maintainerdelete.php | 7 --- maintainersubmit.php | 7 --- preferences.php | 28 ++---------- screenshots.php | 1 - search.php | 1 - testResults.php | 12 +----- vendorview.php | 1 - viewScreenshots.php | 1 - viewbugs.php | 1 - votestats.php | 1 - 58 files changed, 129 insertions(+), 385 deletions(-) diff --git a/account.php b/account.php index ded345d..6dfae1a 100644 --- a/account.php +++ b/account.php @@ -20,7 +20,6 @@ // application environment require("path.php"); require(BASE."include/incl.php"); -require(BASE."include/filter.php"); require_once(BASE."include/mail.php"); // set http header to not cache diff --git a/addcomment.php b/addcomment.php index 2c821b9..60b9375 100644 --- a/addcomment.php +++ b/addcomment.php @@ -14,7 +14,6 @@ // application environment require("path.php"); require(BASE."include/incl.php"); -require(BASE."include/filter.php"); require_once(BASE."include/comment.php"); // you must be logged in to submit comments diff --git a/admin/addAppNote.php b/admin/addAppNote.php index 99568d6..ef17cf4 100644 --- a/admin/addAppNote.php +++ b/admin/addAppNote.php @@ -7,13 +7,6 @@ require("path.php"); require(BASE."include/incl.php"); require_once(BASE."include/note.php"); -$aClean = array(); //array of filtered user input - -$aClean['iVersionId'] = makeSafe($_REQUEST['iVersionId']); -$aClean['iAppId'] = makeSafe( $_REQUEST['iAppId']); -$aClean['sSub'] = makeSafe($_REQUEST['sSub']); -$aClean['sSubmit'] = makeSafe($_REQUEST['sSubmit']); - //FIXME: get rid of appId references everywhere, as version is enough. $sQuery = "SELECT appId FROM appVersion WHERE versionId = '?'"; $hResult = query_parameters($sQuery, $aClean['iVersionId']); @@ -37,7 +30,7 @@ else exit; $oNote = new Note(); -$oNote->GetOutputEditorValues($_REQUEST); +$oNote->GetOutputEditorValues($aClean); if($aClean['sSub'] == "Submit") { diff --git a/admin/addCategory.php b/admin/addCategory.php index 64b8371..8438544 100644 --- a/admin/addCategory.php +++ b/admin/addCategory.php @@ -3,14 +3,6 @@ require("path.php"); require(BASE."include/incl.php"); require_once(BASE."include/category.php"); -$aClean = array(); //array of filtered user input - -$aClean['iCatId'] = makeSafe($_REQUEST['iCatId']); -$aClean['sName'] = makeSafe($_REQUEST['sName']); -$aClean['sDescription'] = makeSafe($_REQUEST['sDescription']); -$aClean['iParentId'] = makeSafe($_REQUEST['iParentId']); -$aClean['sSubmit'] = makeSafe($_REQUEST['sSubmit']); - if(!$_SESSION['current']->hasPriv("admin")) util_show_error_page_and_exit(); diff --git a/admin/adminAppDataQueue.php b/admin/adminAppDataQueue.php index 39e005a..99ef94b 100644 --- a/admin/adminAppDataQueue.php +++ b/admin/adminAppDataQueue.php @@ -11,15 +11,6 @@ require_once(BASE."include/application.php"); require_once(BASE."include/version.php"); require_once(BASE."include/user.php"); -$aClean = array(); //array of user input - -$aClean['iId'] = makeSafe($_REQUEST['iId']); -$aClean['sSub'] = makeSafe($_REQUEST['sSub']); -$aClean['sAdd'] = makeSafe($_REQUEST['sAdd']); -$aClean['sDescription'] = makeSafe($_REQUEST['sDescription']); -$aClean['sReplyText'] = makeSafe($_REQUEST['sReplyText']); -$aClean['sReject'] = makeSafe($_REQUEST['sReject']); - // deny access if not admin or at least some kind of maintainer if(!$_SESSION['current']->hasPriv("admin") && !$_SESSION['current']->isMaintainer()) util_show_error_page_and_exit("Insufficient privileges."); diff --git a/admin/adminAppQueue.php b/admin/adminAppQueue.php index 6079008..ba5df18 100644 --- a/admin/adminAppQueue.php +++ b/admin/adminAppQueue.php @@ -9,21 +9,6 @@ require_once(BASE."include/tableve.php"); require_once(BASE."include/application.php"); require_once(BASE."include/testData.php"); -$aClean = array(); //array of filtered user input - -$aClean['iTestingId'] = makeSafe($_REQUEST['iTestingId']); -$aClean['sSub'] = makeSafe($_REQUEST['sSub'] ); -$aClean['sAppType'] = makeSafe($_REQUEST['sAppType']); -$aClean['iAppId'] = makeSafe($_REQUEST['iAppId']); -$aClean['iVersionId'] = makeSafe($_REQUEST['iVersionId']); -$aClean['sAppVendorName'] = makeSafe($_REQUEST['sAppVendorName']); -$aClean['iAppVendorId'] = makeSafe($_REQUEST['iAppVendorId']); -$aClean['sAppWebpage'] = makeSafe($_REQUEST['sAppWebpage']); -$aClean['iAppIdMergeTo'] = makeSafe($_REQUEST['iAppIdMergeTo']); -$aClean['sReplyText'] = makeSafe($_REQUEST['sReplyText']); -$aClean['iVersionIdMergeTo'] = makeSafe($_REQUEST['iVersionIdMergeTo']); -$aClean['sDistribution'] = makeSafe($_REQUEST['sDistribution']); - function get_vendor_from_keywords($sKeywords) { $aKeywords = explode(" *** ",$sKeywords); @@ -188,12 +173,12 @@ if ($aClean['sSub']) { $oVersion = new Version($aClean['iVersionId']); $oTest = new testData($aClean['iTestingId']); - $oVersion->GetOutputEditorValues($_REQUEST); - $oTest->GetOutputEditorValues($_REQUEST); + $oVersion->GetOutputEditorValues($aClean); + $oTest->GetOutputEditorValues($aClean); if ($aClean['sAppType'] == "application") // application { $oApp = new Application($aClean['iAppId']); - $oApp->GetOutputEditorValues($_REQUEST); // load the values from $_REQUEST + $oApp->GetOutputEditorValues($aClean); // load the values from $aClean // add new vendor if($aClean['sAppVendorName'] and !$aClean['iAppVendorId']) { @@ -267,12 +252,12 @@ if ($aClean['sSub']) { $oVersion = new Version($aClean['iVersionId']); $oTest = new testData($aClean['iTestingId']); - $oVersion->GetOutputEditorValues($_REQUEST); - $oTest->GetOutputEditorValues($_REQUEST); + $oVersion->GetOutputEditorValues($aClean); + $oTest->GetOutputEditorValues($aClean); if ($aClean['sAppType'] == "application") // application { $oApp = new Application($aClean['iAppId']); - $oApp->GetOutputEditorValues($_REQUEST); // load the values from $_REQUEST + $oApp->GetOutputEditorValues($aClean); // load the values from $aClean $oApp->update(true); $oApp->reject(); } diff --git a/admin/adminBugs.php b/admin/adminBugs.php index 9b6a332..3aae1ec 100644 --- a/admin/adminBugs.php +++ b/admin/adminBugs.php @@ -10,15 +10,6 @@ require("path.php"); require(BASE."include/incl.php"); require_once(BASE."include/bugs.php"); -$aClean = array(); //array of filtered user input - -$aClean['sSub'] = makeSafe($_REQUEST['sSub']); -$aClean['iBuglinkId'] = makeSafe($_REQUEST['iBuglinkId']); -$aClean['iItemsPerPage'] = makeSafe($_REQUEST['iItemsPerPage']); -$aClean['sQueuedOnly'] = makeSafe($_REQUEST['sQueuedOnly']); -$aClean['iPage'] = makeSafe($_REQUEST['iPage']); - - // deny access if not logged in if(!$_SESSION['current']->hasPriv("admin")) util_show_error_page_and_exit("Insufficient privileges."); diff --git a/admin/adminCommentView.php b/admin/adminCommentView.php index a92a858..1af61fe 100644 --- a/admin/adminCommentView.php +++ b/admin/adminCommentView.php @@ -15,11 +15,6 @@ $pageRange = 10; $ItemsPerPage = 10; $currentPage = 1; -$aClean = array(); //array of filtered user input - -$aClean['iItemsPerPage'] = makeSafe($_REQUEST['iItemsPerPage']); -$aClean['iPage'] = makeSafe($_REQUEST['iPage']); - if($aClean['iItemsPerPage']) $ItemsPerPage = $aClean['iItemsPerPage']; if($aClean['iPage']) diff --git a/admin/adminMaintainerQueue.php b/admin/adminMaintainerQueue.php index 320c2f4..5cd8d7e 100644 --- a/admin/adminMaintainerQueue.php +++ b/admin/adminMaintainerQueue.php @@ -14,14 +14,6 @@ require_once(BASE."include/mail.php"); /* The initial help text displayed in the admin's response field */ $sReplyTextHelp = "Enter a personalized reason for accepting or rejecting the user's maintainer request here"; -$aClean = array(); //array of filtered user input - -$aClean['sSub'] = makeSafe( $_REQUEST['sSub'] ); -$aClean['iMaintainerId'] = makeSafe( $_REQUEST['iMaintainerId'] ); -$aClean['sAdd'] = makeSafe( $_REQUEST['sAdd'] ); -$aClean['sReject'] = makeSafe( $_REQUEST['sReject'] ); -$aClean['sReplyText'] = makeSafe( $_REQUEST['sReplyText'] ); - /* If the admin's response text has not been modified, it should not be included in the e-mail sent to the rejected/accepted maintainer */ if($aClean['sReplyText'] == $sReplyTextHelp) $aClean['sReplyText'] = ""; diff --git a/admin/adminMaintainers.php b/admin/adminMaintainers.php index a8118b6..4abee59 100644 --- a/admin/adminMaintainers.php +++ b/admin/adminMaintainers.php @@ -9,11 +9,6 @@ require("path.php"); require(BASE."include/incl.php"); -$aClean = array(); //array of filtered user input - -$aClean['sSub'] = makeSafe($_REQUEST['sSub']); -$aClean['iMaintainerId'] = makeSafe($_REQUEST['iMaintainerId']); - // deny access if not logged in if(!$_SESSION['current']->hasPriv("admin")) util_show_error_page_and_exit("Insufficient privileges."); diff --git a/admin/adminScreenshots.php b/admin/adminScreenshots.php index f509fc9..55b71ee 100644 --- a/admin/adminScreenshots.php +++ b/admin/adminScreenshots.php @@ -9,15 +9,6 @@ require(BASE."include/incl.php"); require_once(BASE."include/screenshot.php"); require_once(BASE."include/application.php"); -$aClean = array(); //array of filtered user input - -$aClean['sCmd'] = makeSafe($_REQUEST['sCmd']); -$aClean['iImageId'] = makeSafe($_REQUEST['iImageId']); -$aClean['iItemsPerPage'] = makeSafe($_REQUEST['iItemsPerPage']); -$aClean['iPage'] = makeSafe($_REQUEST['iPage']); -$aClean['bRegenerate'] = makeSafe($_REQUEST['bRegenerate']); -$aClean['iVersionId'] = makeSafe($_REQUEST['iVersionId']); - // deny access if not admin if(!$_SESSION['current']->hasPriv("admin")) util_show_error_page_and_exit("Insufficient privileges."); diff --git a/admin/adminTestResults.php b/admin/adminTestResults.php index cc38b6f..6efb39f 100644 --- a/admin/adminTestResults.php +++ b/admin/adminTestResults.php @@ -11,11 +11,6 @@ require_once(BASE."include/version.php"); require_once(BASE."include/testData.php"); require_once(BASE."include/distribution.php"); -$aClean = array(); - -$aClean['sSub'] = makeSafe($_REQUEST['sSub']); -$aClean['iTestingId'] = makeSafe($_REQUEST['iTestingId']); - if ($aClean['sSub']) { $oTest = new testData($aClean['iTestingId']); @@ -29,7 +24,7 @@ if ($aClean['sSub']) if(is_numeric($aClean['iTestingId'])) { $oTest = new testData($aClean['iTestingId']); - $oTest->GetOutputEditorValues($_REQUEST); + $oTest->GetOutputEditorValues($aClean); if($aClean['sSub'] == 'Submit') // submit the test results { diff --git a/admin/adminUsers.php b/admin/adminUsers.php index e919628..ec5251f 100644 --- a/admin/adminUsers.php +++ b/admin/adminUsers.php @@ -6,15 +6,6 @@ require("path.php"); require(BASE."include/incl.php"); -$aClean = array(); //filtered user input - -$aClean['sAction'] = makeSafe($_REQUEST['sAction']); -$aClean['iUserId'] = makeSafe($_REQUEST['iUserId']); -$aClean['sSearch'] = makeSafe($_REQUEST['sSearch']); -$aClean['iLimit'] = makeSafe($_REQUEST['iLimit']); -$aClean['sOrderBy'] = makeSafe($_REQUEST['sOrderBy']); -$aClean['sSubmit'] = makeSafe($_REQUEST['sSubmit']); - apidb_header("Admin Users Management"); if(!$_SESSION['current']->hasPriv("admin")) diff --git a/admin/deleteAny.php b/admin/deleteAny.php index 86531e7..8279ab9 100644 --- a/admin/deleteAny.php +++ b/admin/deleteAny.php @@ -13,14 +13,6 @@ require_once(BASE."include/application.php"); require_once(BASE."include/monitor.php"); require_once(BASE."include/testData.php"); -$aClean = array(); //filtered user input - -$aClean['sConfirmed'] = makeSafe($_REQUEST['sConfirmed']); -$aClean['sWhat'] = makeSafe($_REQUEST['sWhat']); -$aClean['iCatId'] = makeSafe($_REQUEST['iCatId']); -$aClean['iAppId'] = makeSafe($_REQUEST['iAppId']); -$aClean['iVersionId'] = makeSafe($_REQUEST['iVersionId']); - if($aClean['sConfirmed'] != "yes") { // ask for confirmation diff --git a/admin/editAppFamily.php b/admin/editAppFamily.php index 639187c..c06c065 100644 --- a/admin/editAppFamily.php +++ b/admin/editAppFamily.php @@ -9,11 +9,6 @@ require_once(BASE."include/tableve.php"); require_once(BASE."include/application.php"); require_once(BASE."include/category.php"); -$aClean = array(); //array of filtered user input - -$aClean['iAppId'] = makeSafe($_REQUEST['iAppId']); -$aClean['sSubmit'] = makeSafe($_REQUEST['sSubmit']); - if(!is_numeric($aClean['iAppId'])) util_show_error_page_and_exit("Wrong ID"); diff --git a/admin/editAppNote.php b/admin/editAppNote.php index d0e9773..391c8c7 100644 --- a/admin/editAppNote.php +++ b/admin/editAppNote.php @@ -7,13 +7,6 @@ require("path.php"); require(BASE."include/incl.php"); require_once(BASE."include/note.php"); -$aClean = array(); //array of filtered user input - -$aClean['iNoteId'] = makeSafe($_REQUEST['iNoteId']); -$aClean['sSub'] = makeSafe($_REQUEST['sSub']); -$aClean['sSubmit'] = makeSafe($_REQUEST['sSubmit']); -$aClean['sPreview'] = makeSafe($_REQUEST['sPreview']); - if(!is_numeric($aClean['iNoteId'])) util_show_error_page_and_exit('Wrong note ID'); @@ -26,7 +19,7 @@ if(!$_SESSION['current']->hasPriv("admin") && !$_SESSION['current']->isMaintaine if(!empty($aClean['sSub'])) { - $oNote->GetOutputEditorValues($_REQUEST); /* retrieve the updated values */ + $oNote->GetOutputEditorValues($aClean); /* retrieve the updated values */ if ($aClean['sSub'] == 'Delete') { @@ -45,7 +38,7 @@ if(!empty($aClean['sSub'])) /* if preview is set display the note for review */ if($aClean['sPreview']) { - $oNote->GetOutputEditorValues($_REQUEST); /* retrieve the updated values */ + $oNote->GetOutputEditorValues($aClean); /* retrieve the updated values */ $oNote->show(true); } diff --git a/admin/editAppVersion.php b/admin/editAppVersion.php index 8153826..39b0a01 100644 --- a/admin/editAppVersion.php +++ b/admin/editAppVersion.php @@ -5,12 +5,6 @@ require_once(BASE."include/tableve.php"); require_once(BASE."include/application.php"); require_once(BASE."include/version.php"); -$aClean = array(); //array of filtered user input - -$aClean['iAppId'] = makeSafe($_REQUEST['iAppId']); -$aClean['iVersionId'] = makeSafe($_REQUEST['iVersionId']); -$aClean['sSubmit'] = makeSafe($_REQUEST['sSubmit']); - if(!is_numeric($aClean['iAppId']) OR !is_numeric($aClean['iVersionId'])) util_show_error_page_and_exit("Wrong ID"); diff --git a/admin/editBundle.php b/admin/editBundle.php index ceda808..c7e289a 100644 --- a/admin/editBundle.php +++ b/admin/editBundle.php @@ -18,25 +18,25 @@ function build_app_list() echo "\n"; } -if($_REQUEST['sCmd']) +if($aClean['sCmd']) { - if($_REQUEST['sCmd'] == "delete") + if($aClean['sCmd'] == "delete") { $hResult = query_parameters("DELETE FROM appBundle WHERE appId ='?' AND bundleId = '?'", - $_REQUEST['iAppId'], $_REQUEST['iBundleId']); + $aClean['iAppId'], $aClean['iBundleId']); if($hResult) addmsg("App deleted from bundle", "green"); else addmsg("Failed to delete app from bundle!", "red"); } - if($_REQUEST['sCmd'] == "add") + if($aClean['sCmd'] == "add") { $hResult = query_parameters("INSERT INTO appBundle (bundleId, appId) VALUES". "('?', '?')", - $_REQUEST['iBundleId'], - $_REQUEST['iAppId']); + $aClean['iBundleId'], + $aClean['iAppId']); if($hResult) - addmsg("App $appId added to Bundle".$_REQUEST['iBundleId'], "green"); + addmsg("App $appId added to Bundle".$aClean['iBundleId'], "green"); } } @@ -45,7 +45,7 @@ apidb_header("Edit Application Bundle"); $hResult = query_parameters("SELECT bundleId, appBundle.appId, appName FROM appBundle, appFamily ". "WHERE bundleId = '?' AND appFamily.appId = appBundle.appId", - $_REQUEST['iBundleId']); + $aClean['iBundleId']); echo html_frame_start("Apps in this Bundle","300",'',0); echo "\n\n"; @@ -63,7 +63,7 @@ if($hResult && mysql_num_rows($hResult)) //set row color if ($c % 2 == 1) { $bgcolor = 'color0'; } else { $bgcolor = 'color1'; } - $delete_link = "[appId'>delete]"; + $delete_link = "[appId'>delete]"; echo "\n"; echo " \n"; @@ -89,7 +89,7 @@ echo html_frame_start("Application List (double click to add)","",'',2); build_app_list(); echo html_frame_end(); -echo "\n"; +echo "\n"; echo "\n"; echo "\n"; diff --git a/admin/editDistribution.php b/admin/editDistribution.php index 49a46da..a17aaac 100644 --- a/admin/editDistribution.php +++ b/admin/editDistribution.php @@ -3,19 +3,13 @@ require("path.php"); require(BASE."include/incl.php"); require_once(BASE."include/distribution.php"); -$aClean = array(); //array of filtered user input - -$aClean['iDistributionId'] = makeSafe($_REQUEST['iDistributionId']); -$aClean['sSubmit'] = makeSafe($_REQUEST['sSubmit']); - if(!$_SESSION['current']->hasPriv("admin")) util_show_error_page_and_exit("Insufficient privileges."); - $oDistribution = new distribution($aClean['iDistributionId']); if($aClean['sSubmit']) { - $oDistribution->GetOutputEditorValues($_REQUEST); + $oDistribution->GetOutputEditorValues($aClean); if($oDistribution->iDistributionId) $oDistribution->update(); diff --git a/admin/editVendor.php b/admin/editVendor.php index b28dbb7..8d1338a 100644 --- a/admin/editVendor.php +++ b/admin/editVendor.php @@ -3,12 +3,6 @@ require("path.php"); require(BASE."include/incl.php"); require_once(BASE."include/vendor.php"); -$aClean = array(); //array of filtered user input -$aClean['iVendorId'] = makeSafe($_REQUEST['iVendorId']); -$aClean['sSubmit'] = makeSafe($_REQUEST['sSubmit']); -$aClean['sName'] = makeSafe($_REQUEST['sName']); -$aClean['sWebpage'] = makeSafe($_REQUEST['sWebpage']); - if(!$_SESSION['current']->hasPriv("admin")) util_show_error_page_and_exit(); diff --git a/admin/moveAppVersion.php b/admin/moveAppVersion.php index b777b49..78dece5 100644 --- a/admin/moveAppVersion.php +++ b/admin/moveAppVersion.php @@ -5,12 +5,6 @@ require_once(BASE."include/tableve.php"); require_once(BASE."include/application.php"); require_once(BASE."include/version.php"); -$aClean = array(); //array of filtered user input - -$aClean['iAppId'] = makeSafe($_REQUEST['iAppId']); -$aClean['iVersionId'] = makeSafe($_REQUEST['iVersionId']); -$aClean['sAction'] = makeSafe($_REQUEST['sAction']); - if(!is_numeric($aClean['iAppId']) OR !is_numeric($aClean['iVersionId'])) util_show_error_page_and_exit("Wrong ID"); diff --git a/appbrowse.php b/appbrowse.php index 01a3c71..0a2a940 100644 --- a/appbrowse.php +++ b/appbrowse.php @@ -9,7 +9,6 @@ // application environment require("path.php"); require(BASE."include/"."incl.php"); -require(BASE."include/filter.php"); require_once(BASE."include/"."appdb.php"); require_once(BASE."include/"."category.php"); diff --git a/appimage.php b/appimage.php index 1481c7f..00cc6c4 100644 --- a/appimage.php +++ b/appimage.php @@ -17,7 +17,6 @@ // application environment require("path.php"); require(BASE."include/incl.php"); -require(BASE."include/filter.php"); require_once(BASE."include/screenshot.php"); // an image doesn't have a link, so a cookie makes no sense diff --git a/appsubmit.php b/appsubmit.php index 917a2a4..5a51dc3 100644 --- a/appsubmit.php +++ b/appsubmit.php @@ -33,20 +33,6 @@ require_once(BASE."include/tableve.php"); require_once(BASE."include/application.php"); require_once(BASE."include/testData.php"); -$aClean = array(); //array of filtered user input - -$aClean['sAppType'] = makeSafe($_REQUEST['sAppType']); -$aClean['sSub'] = makeSafe($_REQUEST['sSub']); -$aClean['iAppId'] = makeSafe($_REQUEST['iAppId']); -$aClean['iVersionId'] = makeSafe($_REQUEST['iVersionId']); -$aClean['iTestingId'] = makeSafe($_REQUEST['iTestingId']); -$aClean['sAppVendorName'] = makeSafe($_REQUEST['sAppVendorName']); -$aClean['iVendorId'] = makeSafe($_REQUEST['iVendorId']); -$aClean['sAppWebpage'] = makeSafe($_REQUEST['sAppWebpage']); -$aClean['sAppKeywords'] = makeSafe($_REQUEST['sAppKeywords']); -$aClean['iDistributionId'] = makeSafe($_REQUEST['iDistributionId']); -$aClean['sDistribution'] = makeSafe($_REQUEST['sDistribution']); - function get_vendor_from_keywords($sKeywords) { $aKeywords = explode(" *** ",$sKeywords); @@ -158,15 +144,15 @@ if ($aClean['sSub']) $errors = ""; $oVersion = new Version($aClean['iVersionId']); $oTest = new testData($aClean['iTestingId']); - $errors .= $oVersion->CheckOutputEditorInput($_REQUEST); - $errors .= $oTest->CheckOutputEditorInput($_REQUEST); - $oVersion->GetOutputEditorValues($_REQUEST); - $oTest->GetOutputEditorValues($_REQUEST); + $errors .= $oVersion->CheckOutputEditorInput($aClean); + $errors .= $oTest->CheckOutputEditorInput($aClean); + $oVersion->GetOutputEditorValues($aClean); + $oTest->GetOutputEditorValues($aClean); if ($aClean['sAppType'] == "application") // application { $oApp = new Application($aClean['iAppId']); - $errors .= $oApp->CheckOutputEditorInput($_REQUEST); - $oApp->GetOutputEditorValues($_REQUEST); // load the values from $_REQUEST + $errors .= $oApp->CheckOutputEditorInput($aClean); + $oApp->GetOutputEditorValues($aClean); // load the values from $aClean if(empty($errors)) { diff --git a/appview.php b/appview.php index 0bfd0ba..c9b59a9 100644 --- a/appview.php +++ b/appview.php @@ -27,14 +27,6 @@ require_once(BASE."include/category.php"); require_once(BASE."include/maintainer.php"); require_once(BASE."include/monitor.php"); -$aClean = array(); //array of filtered user input - -$aClean['iAppId'] = makeSafe($_REQUEST['iAppId']); -$aClean['iVersionId'] = makeSafe($_REQUEST['iVersionId']); -$aClean['sSub'] = makeSafe($_REQUEST['sSub']); -$aClean['iBuglinkId'] = makeSafe($_REQUEST['iBuglinkId']); -$aClean['iTestingId'] = makeSafe($_REQUEST['iTestingId']); - $oApp = new Application($aClean['iAppId']); $oVersion = new Version($aClean['iVersionId']); diff --git a/browse_by_rating.php b/browse_by_rating.php index 267599f..9b98793 100644 --- a/browse_by_rating.php +++ b/browse_by_rating.php @@ -7,7 +7,6 @@ // application environment require("path.php"); require(BASE."include/incl.php"); -require(BASE."include/filter.php"); require_once(BASE."include/application.php"); apidb_header("Browse Applications by Rating"); diff --git a/browse_newest_apps.php b/browse_newest_apps.php index f3b7617..996c727 100644 --- a/browse_newest_apps.php +++ b/browse_newest_apps.php @@ -6,7 +6,6 @@ require("path.php"); require(BASE."include/incl.php"); -require(BASE."include/filter.php"); /* Set default value */ if(empty($aClean['iNumVersions']) || $aClean['iNumVersions'] > 200 || $aClean['iNumVersions'] < 0) diff --git a/commentview.php b/commentview.php index 409558d..7f2e87f 100644 --- a/commentview.php +++ b/commentview.php @@ -10,7 +10,6 @@ */ require("path.php"); require(BASE."include/incl.php"); -require(BASE."include/filter.php"); require_once(BASE."include/comment.php"); apidb_header("Comments"); diff --git a/deletecomment.php b/deletecomment.php index 5fff396..a3104cd 100644 --- a/deletecomment.php +++ b/deletecomment.php @@ -13,7 +13,6 @@ // application environment require("path.php"); require(BASE."include/incl.php"); -require(BASE."include/filter.php"); require_once(BASE.'include/comment.php'); $oComment = new Comment($aClean['iCommentId']); diff --git a/distributionView.php b/distributionView.php index 8e502af..8466192 100644 --- a/distributionView.php +++ b/distributionView.php @@ -8,7 +8,6 @@ */ require("path.php"); require(BASE."include/incl.php"); -require(BASE."include/filter.php"); require_once(BASE."include/distribution.php"); require_once(BASE."include/testData.php"); diff --git a/help/index.php b/help/index.php index 1eaae5d..8757762 100644 --- a/help/index.php +++ b/help/index.php @@ -8,9 +8,9 @@ require(BASE."include/"."incl.php"); $help_path = BASE."/help"; -if($_GET['sTopic']) +if($aClean['sTopic']) { - display_help($_GET['sTopic']); + display_help($aClean['sTopic']); } else { display_index(); } @@ -81,17 +81,17 @@ function get_help_title ($file) { $fp = @fopen($file, "r"); if(!$fp) - return null; + return null; $line = fgets($fp, 1024); if(!$line) - return null; + return null; $line = trim($line); if(eregi("^$", $line, $arr)) { - return $arr[1]; + return $arr[1]; } return "Internal Error: missing title"; } diff --git a/include/application.php b/include/application.php index 7a5b2f2..33ebb6a 100644 --- a/include/application.php +++ b/include/application.php @@ -358,11 +358,8 @@ class Application { function mailSubmitter($sAction="add") { - $aClean = array(); //array of filtered user input - - if(isset($_REQUEST['sReplyText'])) - $aClean['sReplyText'] = makeSafe($_REQUEST['sReplyText']); - else + global $aClean; + if(!isset($aClean['sReplyText'])) $aClean['sReplyText'] = ""; if($this->iSubmitterId) @@ -432,11 +429,8 @@ class Application { function SendNotificationMail($sAction="add",$sMsg=null) { - $aClean = array(); //array of filtered user input - - if(isset($_REQUEST['sReplyText'])) - $aClean['sReplyText'] = makeSafe($_REQUEST['sReplyText']); - else + global $aClean; + if(!isset($aClean['sReplyText'])) $aClean['sReplyText'] = ""; switch($sAction) @@ -581,7 +575,7 @@ class Application { return $errors; } - /* retrieves values from $_REQUEST that were output by OutputEditor() */ + /* retrieves values from $aValues that were output by OutputEditor() */ /* $aValues can be $_REQUEST or any array with the values from OutputEditor() */ function GetOutputEditorValues($aValues) { diff --git a/include/bugs.php b/include/bugs.php index 8c6c3c1..8ca0ffe 100644 --- a/include/bugs.php +++ b/include/bugs.php @@ -191,9 +191,9 @@ class Bug { function mailSubmitter($bRejected=false) { - $aClean = array(); //array of filtered user input - - $aClean['sReplyText'] = makeSafe($_REQUEST['sReplyText']); + global $aClean; + if(!isset($aClean['sReplyText'])) + $aClean['sReplyText'] = ""; if($this->iSubmitterId) { @@ -298,9 +298,7 @@ class Bug { function view_version_bugs($iVersionId = null, $aBuglinkIds) { - $aClean = array(); //array of filtered user input - - $aClean['buglinkId'] = makeSafe($_REQUEST['buglinkId']); + global $aClean; $bCanEdit = FALSE; $oVersion = new Version($iVersionId); diff --git a/include/comment.php b/include/comment.php index d69df72..45a7020 100644 --- a/include/comment.php +++ b/include/comment.php @@ -366,10 +366,7 @@ class Comment { function view_app_comments($versionId, $threadId = 0) { - $aClean = array(); //array of filtered user input - - $aClean['sCmode'] = makeSafe($_REQUEST['sCmode']); - $aClean['sMode'] = makeSafe($_REQUEST['sMode']); + global $aClean; // count posts $hResult = query_parameters("SELECT commentId FROM appComments WHERE versionId = '?'", $versionId); diff --git a/include/distribution.php b/include/distribution.php index 638d8cb..35e3d89 100644 --- a/include/distribution.php +++ b/include/distribution.php @@ -257,10 +257,7 @@ class distribution{ function mailSubmitter($sAction="add") { - - $aClean = array(); //array of filtered user input - - $aClean['sReplyText'] = makeSafe($_REQUEST['sReplyText']); + global $aClean; if($this->iSubmitterId) { @@ -301,9 +298,8 @@ class distribution{ function SendNotificationMail($sAction="add",$sMsg=null) { - $aClean = array(); //array of filtered user input + global $aClean; - $aClean['sReplyText'] = makeSafe($_REQUEST['sReplyText']); switch($sAction) { case "add": diff --git a/include/filter.php b/include/filter.php index 422a9cf..02e2402 100644 --- a/include/filter.php +++ b/include/filter.php @@ -9,8 +9,19 @@ function filter_gpc() { global $aClean; $aKeys = array_keys($_REQUEST); - for($i=0;$iregister("current"); -if(!isset($_SESSION['current'])) $_SESSION['current'] = new User(); +if(!isset($_SESSION['current'])) +{ + echo "Session not set, creating new user"; + $_SESSION['current'] = new User(); +} // if we are debugging we need to see all errors if($_SESSION['current']->showDebuggingInfos()) error_reporting(E_ALL ^ E_NOTICE); diff --git a/include/note.php b/include/note.php index 29fdfb6..6bda7de 100644 --- a/include/note.php +++ b/include/note.php @@ -2,12 +2,6 @@ require_once(BASE."include/util.php"); require_once(BASE."include/version.php"); -$aClean = array(); //array of filtered user input -if(isset($_REQUEST['sReplyText'])) - $aClean['sReplyText'] = makeSafe( $_REQUEST['sReplyText'] ); -else - $aClean['sReplyText'] = ""; - /************************************/ /* note class and related functions */ /************************************/ @@ -257,7 +251,7 @@ class Note { echo html_frame_end(); } - /* retrieves values from $_REQUEST that were output by OutputEditor() */ + /* retrieves values from $aValue that were output by OutputEditor() */ /* $aValues can be $_REQUEST or any array with the values from OutputEditor() */ function GetOutputEditorValues($aValues) { diff --git a/include/screenshot.php b/include/screenshot.php index e6782a9..a25aadd 100644 --- a/include/screenshot.php +++ b/include/screenshot.php @@ -302,9 +302,7 @@ class Screenshot { function mailSubmitter($bRejected=false) { - $aClean = array(); //array of filtered user input - - $aClean['sReplyText'] = makeSafe($_REQUEST['sReplyText']); + global $aClean; if($this->iSubmitterId) { diff --git a/include/sidebar.php b/include/sidebar.php index d73c414..cba0c08 100644 --- a/include/sidebar.php +++ b/include/sidebar.php @@ -6,11 +6,9 @@ require_once(BASE."include/distribution.php"); require_once(BASE."include/vendor.php"); require_once(BASE."include/util.php"); -function global_sidebar_menu() { - - $aClean = array(); //array of filtered user input - - $aClean['sSearchQuery'] = makeSafe($_REQUEST['sSearchQuery']); +function global_sidebar_menu() +{ + global $aClean; $g = new htmlmenu(APPDB_OWNER." Menu"); $g->add(APPDB_OWNER, APPDB_OWNER_URL); diff --git a/include/testData.php b/include/testData.php index 628500c..274b58f 100644 --- a/include/testData.php +++ b/include/testData.php @@ -245,10 +245,7 @@ class testData{ function mailSubmitter($sAction="add") { - - $aClean = array(); //array of filtered user input - - $aClean = makeSafe($_REQUEST['sReplyText']); + global $aClean; if($this->iSubmitterId) { @@ -290,9 +287,7 @@ class testData{ function SendNotificationMail($sAction="add",$sMsg=null) { - $aClean = array(); //array of filtered user input - - $aClean['sReplyText'] = makeSafe($_REQUEST['sReplyText']); + global $aClean; $oVersion = new Version($this->iVersionId); $oApp = new Application($oVersion->iAppId); @@ -374,13 +369,12 @@ class testData{ // Show the Test results for a application version function ShowVersionsTestingTable($link, $iDisplayLimit) { + global $aClean; + /* escape input parameters */ $link = mysql_real_escape_string($link); $iDisplayLimit = mysql_real_escape_string($iDisplayLimit); - $aClean = array(); //array of filtered user input - $aClean['showAll'] = makeSafe($_REQUEST['showAll']); - $showAll = $aClean['showAll']; $sQuery = "SELECT * @@ -559,7 +553,7 @@ class testData{ echo html_frame_end(); } - /* $aValues can be $_REQUEST or any array with the values from OutputEditor() */ + /* $aValues can be $aValues or any array with the values from OutputEditor() */ function CheckOutputEditorInput($aValues, $sDistribution="") { $errors = ""; @@ -603,7 +597,7 @@ class testData{ } - /* retrieves values from $_REQUEST that were output by OutputEditor() */ + /* retrieves values from $aValues that were output by OutputEditor() */ /* $aValues can be $_REQUEST or any array with the values from OutputEditor() */ function GetOutputEditorValues($aValues) { diff --git a/include/url.php b/include/url.php index 82024bf..a4682d9 100644 --- a/include/url.php +++ b/include/url.php @@ -51,10 +51,7 @@ class Url { */ function create($sDescription = null, $sUrl = null, $iVersionId = null, $iAppId = null) { - $aClean = array(); //array of filtered user input - - $aClean['iVersionId'] = makeSafe($_REQUEST['iVersionId']); - $aClean['iAppId'] = makeSafe($_REQUEST['iAppId']); + global $aClean; // Security, if we are not an administrator or a maintainer, the url must be queued. if(!($_SESSION['current']->hasPriv("admin") || $_SESSION['current']->isMaintainer($aClean['iVersionId']) || $_SESSION['current']->isSupermaintainer($aClean['iAppId']))) @@ -180,9 +177,8 @@ class Url { function mailSubmitter($bRejected=false) { - $aClean = array(); //array of filtered user input + global $aClean; - $aClean['sReplyText'] = makeSafe($_REQUEST['sReplyText']); if($this->iSubmitterId) { $sAppName = Application::lookup_name($this->appId)." ".Version::lookup_name($this->versionId); diff --git a/include/util.php b/include/util.php index b985966..54ff814 100644 --- a/include/util.php +++ b/include/util.php @@ -552,91 +552,93 @@ function outputSearchTableForhResult($search_words, $hResult) /* pass in $isVersion of true if we are processing changes for an app version */ /* or false if processing changes for an application family */ -function process_app_version_changes($isVersion) +function process_app_version_changes($bIsVersion) { + global $aClean; + /* load up the version or application depending on which values are set */ - if($isVersion) - $oVersion = new Version($_REQUEST['iVersionId']); + if($bIsVersion) + $oVersion = new Version($aClean['iVersionId']); else - $oApp = new Application($_REQUEST['iAppId']); + $oApp = new Application($aClean['iAppId']); // commit changes of form to database - if(($_REQUEST['sSubmit'] == "Update Database") && $isVersion) /* is a version */ + if(($aClean['sSubmit'] == "Update Database") && $bIsVersion) /* is a version */ { - $oVersion->GetOutputEditorValues($_REQUEST); + $oVersion->GetOutputEditorValues($aClean); $oVersion->update(); - } else if(($_REQUEST['sSubmit'] == "Update Database") && !$isVersion) /* is an application */ + } else if(($aClean['sSubmit'] == "Update Database") && !$bIsVersion) /* is an application */ { - $oApp->GetOutputEditorValues($_REQUEST); + $oApp->GetOutputEditorValues($aClean); $oApp->update(); - } else if($_REQUEST['sSubmit'] == "Update URL") + } else if($aClean['sSubmit'] == "Update URL") { $sWhatChanged = ""; $bAppChanged = false; - if (!empty($_REQUEST['sUrlDesc']) && !empty($_REQUEST['sUrl']) ) + if (!empty($aClean['sUrlDesc']) && !empty($aClean['sUrl']) ) { // process added URL - if($_SESSION['current']->showDebuggingInfos()) { echo "

{$_REQUEST['sUrl']}: {$_REQUEST['sUrlDesc']}

"; } + if($_SESSION['current']->showDebuggingInfos()) { echo "

{$aClean['sUrl']}: {$aClean['sUrlDesc']}

"; } - if($isVersion) + if($bIsVersion) { $hResult = query_parameters("INSERT INTO appData (versionId, type, description, url) ". "VALUES ('?', '?', '?', '?')", - $_REQUEST['iVersionId'], "url", $_REQUEST['sUrlDesc'], - $_REQUEST['sUrl']); + $aClean['iVersionId'], "url", $aClean['sUrlDesc'], + $aClean['sUrl']); } else { $hResult = query_parameters("INSERT INTO appData (appId, type, description, url) ". "VALUES ('?', '?', '?', '?')", - $_REQUEST['iAppId'], "url", $_REQUEST['sUrlDesc'], - $_REQUEST['sUrl']); + $aClean['iAppId'], "url", $aClean['sUrlDesc'], + $aClean['sUrl']); } if ($hResult) { addmsg("The URL was successfully added into the database", "green"); - $sWhatChanged .= " Added Url: Description: ".stripslashes($_REQUEST['sUrlDesc'])."\n"; - $sWhatChanged .= " Url: ".stripslashes($_REQUEST['sUrl'])."\n"; + $sWhatChanged .= " Added Url: Description: ".stripslashes($aClean['sUrlDesc'])."\n"; + $sWhatChanged .= " Url: ".stripslashes($aClean['sUrl'])."\n"; $bAppChanged = true; } } // Process changed URLs - for($i = 0; $i < $_REQUEST['iRows']; $i++) + for($i = 0; $i < $aClean['iRows']; $i++) { - if($_SESSION['current']->showDebuggingInfos()) { echo "

{$_REQUEST['adescription'][$i]}: {$_REQUEST['aURL'][$i]}: {$_REQUEST['adelete'][$i]} : {$_REQUEST['aId'][$i]} : .{$_REQUEST['aOldDesc'][$i]}. : {$_REQUEST['aOldURL'][$i]}

"; } + if($_SESSION['current']->showDebuggingInfos()) { echo "

{$aClean['adescription'][$i]}: {$aClean['aURL'][$i]}: {$aClean['adelete'][$i]} : {$aClean['aId'][$i]} : .{$aClean['aOldDesc'][$i]}. : {$aClean['aOldURL'][$i]}

"; } - if ($_REQUEST['adelete'][$i] == "on") + if ($aClean['adelete'][$i] == "on") { - $hResult = query_parameters("DELETE FROM appData WHERE id = '?'", $_REQUEST['aId'][$i]); + $hResult = query_parameters("DELETE FROM appData WHERE id = '?'", $aClean['aId'][$i]); if($hResult) { - addmsg("

Successfully deleted URL ".$_REQUEST['aOldDesc'][$i]." (".$_REQUEST['aOldURL'][$i].")

\n",'green'); - $sWhatChanged .= "Deleted Url: Description: ".stripslashes($_REQUEST['aOldDesc'][$i])."\n"; - $sWhatChanged .= " url: ".stripslashes($_REQUEST['aOldURL'][$i])."\n"; + addmsg("

Successfully deleted URL ".$aClean['aOldDesc'][$i]." (".$aClean['aOldURL'][$i].")

\n",'green'); + $sWhatChanged .= "Deleted Url: Description: ".stripslashes($aClean['aOldDesc'][$i])."\n"; + $sWhatChanged .= " url: ".stripslashes($aClean['aOldURL'][$i])."\n"; $bAppChanged = true; } } - else if( $_REQUEST['aURL'][$i] != $_REQUEST['aOldURL'][$i] || $_REQUEST['adescription'][$i] != $_REQUEST['aOldDesc'][$i]) + else if( $aClean['aURL'][$i] != $aClean['aOldURL'][$i] || $aClean['adescription'][$i] != $aClean['aOldDesc'][$i]) { - if(empty($_REQUEST['aURL'][$i]) || empty($_REQUEST['adescription'][$i])) + if(empty($aClean['aURL'][$i]) || empty($aClean['adescription'][$i])) addmsg("The URL or description was blank. URL not changed in the database", "red"); else { if (query_parameters("UPDATE appData SET description = '?', url = '?' WHERE id = '?'", - $_REQUEST['adescription'][$i], $_REQUEST['aURL'][$i], - $_REQUEST['aId'][$i])) + $aClean['adescription'][$i], $aClean['aURL'][$i], + $aClean['aId'][$i])) { - addmsg("

Successfully updated ".$_REQUEST['aOldDesc'][$i]." (".$_REQUEST['aOldURL'][$i].")

\n",'green'); - $sWhatChanged .= "Changed Url: Old Description: ".stripslashes($_REQUEST['aOldDesc'][$i])."\n"; - $sWhatChanged .= " Old Url: ".stripslashes($_REQUEST['aOldURL'][$i])."\n"; - $sWhatChanged .= " New Description: ".stripslashes($_REQUEST['adescription'][$i])."\n"; - $sWhatChanged .= " New url: ".stripslashes($_REQUEST['aURL'][$i])."\n"; + addmsg("

Successfully updated ".$aClean['aOldDesc'][$i]." (".$aClean['aOldURL'][$i].")

\n",'green'); + $sWhatChanged .= "Changed Url: Old Description: ".stripslashes($aClean['aOldDesc'][$i])."\n"; + $sWhatChanged .= " Old Url: ".stripslashes($aClean['aOldURL'][$i])."\n"; + $sWhatChanged .= " New Description: ".stripslashes($aClean['adescription'][$i])."\n"; + $sWhatChanged .= " New url: ".stripslashes($aClean['aURL'][$i])."\n"; $bAppChanged = true; } } @@ -644,16 +646,16 @@ function process_app_version_changes($isVersion) } if ($bAppChanged) { - $sEmail = User::get_notify_email_address_list($_REQUEST['iAppId']); - $oApp = new Application($_REQUEST['iAppId']); + $sEmail = User::get_notify_email_address_list($aClean['iAppId']); + $oApp = new Application($aClean['iAppId']); if($sEmail) { - if($isVersion) + if($bIsVersion) $sSubject = "Links for ".$oApp->sName." ".$oVersion->sName." have been updated by ".$_SESSION['current']->sRealname; else $sSubject = "Links for ".$oApp->sName." have been updated by ".$_SESSION['current']->sRealname; - $sMsg = APPDB_ROOT."appview.php?iAppId=".$_REQUEST['iAppId']."\n"; + $sMsg = APPDB_ROOT."appview.php?iAppId=".$aClean['iAppId']."\n"; $sMsg .= "\n"; $sMsg .= "The following changes have been made:"; $sMsg .= "\n"; diff --git a/include/version.php b/include/version.php index 95009cf..6e6aea2 100644 --- a/include/version.php +++ b/include/version.php @@ -393,12 +393,10 @@ class Version { function mailSubmitter($sAction="add") { - $aClean = array(); //array of filtered user input + global $aClean; //FIXME: we should pass the sReplyText value in // use 'sReplyText' if it is defined, otherwise define the value as an empty string - if(isset($_REQUEST['sReplyText'])) - $aClean['sReplyText'] = makeSafe($_REQUEST['sReplyText']); - else + if(!isset($aClean['sReplyText'])) $aClean['sReplyText'] = ""; if($this->iSubmitterId) @@ -436,12 +434,10 @@ class Version { function SendNotificationMail($sAction="add",$sMsg=null) { - $aClean = array(); //array of filtered user input + global $aClean; // use 'sReplyText' if it is defined, otherwise define the value as an empty string - if(isset($_REQUEST['sReplyText'])) - $aClean['sReplyText'] = makeSafe($_REQUEST['sReplyText']); - else + if(!isset($aClean['sReplyText'])) $aClean['sReplyText'] = ""; $oApp = new Application($this->iAppId); @@ -601,7 +597,7 @@ class Version { return $errors; } - /* retrieves values from $_REQUEST that were output by OutputEditor() */ + /* retrieves values from $aValues that were output by OutputEditor() */ /* $aValues can be $_REQUEST or any array with the values from OutputEditor() */ function GetOutputEditorValues($aValues) { diff --git a/include/vote.php b/include/vote.php index 8de565b..6b3c108 100644 --- a/include/vote.php +++ b/include/vote.php @@ -9,7 +9,6 @@ define('MAX_VOTES',3); */ function vote_count($iAppId, $iUserId = null) { - if(!$iUserId) { if($_SESSION['current']->isLoggedIn()) @@ -78,7 +77,6 @@ function vote_add($iAppId, $iSlot, $iUserId = null) */ function vote_remove($iSlot, $iUserId = null) { - if(!$iUserId) { if($_SESSION['current']->isLoggedIn()) @@ -114,9 +112,7 @@ function vote_get_user_votes($iUserId = null) function vote_menu() { - - $aClean = array(); //array of filtered user input - $aClean['iAppId'] = makeSafe($_REQUEST['iAppId']); + global $aClean; $m = new htmlmenu("Votes","updatevote.php"); diff --git a/maintainerdelete.php b/maintainerdelete.php index 739653c..5f5d4f1 100644 --- a/maintainerdelete.php +++ b/maintainerdelete.php @@ -23,13 +23,6 @@ require(BASE."include/incl.php"); require_once(BASE."include/category.php"); require_once(BASE."include/application.php"); -$aClean = array(); //array of filtered user input - -$aClean['iAppId'] = makeSafe($_POST['iAppId']); -$aClean['iVersionId'] = makeSafe($_POST['iVersionId']); -$aClean['iConfirmed'] = makeSafe($_POST['iConfirmed']); -$aClean['iSuperMaintainer'] = makeSafe($_POST['iSuperMaintainer']); - if(!$_SESSION['current']->isLoggedIn()) util_show_error_page_and_exit("You need to be logged in to resign from being a maintainer."); diff --git a/maintainersubmit.php b/maintainersubmit.php index 26c6465..559a292 100644 --- a/maintainersubmit.php +++ b/maintainersubmit.php @@ -21,13 +21,6 @@ require(BASE."include/incl.php"); require_once(BASE."include/application.php"); require_once(BASE.'include/version.php'); -$aClean = array(); //array of filtered user input - -$aClean['sMaintainReason'] = makeSafe($_REQUEST['sMaintainReason']); -$aClean['iAppId'] = makeSafe($_POST['iAppId']); -$aClean['iVersionId'] = makeSafe(strip_tags($_POST['iVersionId'])); -$aClean['iSuperMaintainer'] = makeSafe($_POST['iSuperMaintainer']); - /** * Check the input of a submitted form. And output with a list diff --git a/preferences.php b/preferences.php index 53cc920..10f3de5 100644 --- a/preferences.php +++ b/preferences.php @@ -71,28 +71,6 @@ function show_user_fields($oUser) } -$aClean = array(); //array of filtered user input - -$aClean['iUserId'] = makeSafe($_REQUEST['iUserId']); -$aClean['iLimit'] = makeSafe($_REQUEST['iLimit']); -$aClean['sOrderBy'] = makeSafe($_REQUEST['sOrderBy']); -$aClean['sUserPassword'] = makeSafe($_REQUEST['sUserPassword']); -$aClean['sUserPassword2'] = makeSafe($_REQUEST['sUserPassword2']); -$aClean['sUserEmail'] = makeSafe($_REQUEST['sUserEmail']); -$aClean['sUserRealname'] = makeSafe($_REQUEST['sUserRealname']); -$aClean['sWineRelease'] = makeSafe($_REQUEST['sWineRelease']); -$aClean['sHasAdmin'] = makeSafe($_POST['sHasAdmin']); - -/* filter all of the preferences */ -while(list($sKey, $sValue) = each($_REQUEST)) -{ - if(ereg("^pref_(.+)$", $sKey, $arr)) - $aClean[$sKey] = makeSafe($sValue); -} - - - - if(!$_SESSION['current']->isLoggedIn()) util_show_error_page_and_exit("You must be logged in to edit preferences"); @@ -109,8 +87,8 @@ if($_SESSION['current']->hasPriv("admin") && $oUser = &$_SESSION['current']; } -if($_POST) -{ +if($aClean['sSubmit'] == "Update") +{ while(list($sKey, $sValue) = each($aClean)) { /* if a parameter lacks 'pref_' at its head it isn't a */ @@ -184,7 +162,7 @@ if($oUser->iUserId != $aClean['iUserId']) build_prefs_list($oUser); echo html_table_end(); echo html_frame_end(); -echo "

\n"; +echo "

\n"; echo "\n"; apidb_footer(); diff --git a/screenshots.php b/screenshots.php index 2d9d63b..f027242 100644 --- a/screenshots.php +++ b/screenshots.php @@ -21,7 +21,6 @@ // application environment require("path.php"); require(BASE."include/incl.php"); -require(BASE."include/filter.php"); require_once(BASE."include/screenshot.php"); require_once(BASE."include/application.php"); require_once(BASE."include/version.php"); diff --git a/search.php b/search.php index 936817b..4841ad0 100644 --- a/search.php +++ b/search.php @@ -12,7 +12,6 @@ // application environment require("path.php"); require(BASE."include/incl.php"); -require(BASE."include/filter.php"); apidb_header("Search Results"); perform_search_and_output_results($aClean['sSearchQuery']); diff --git a/testResults.php b/testResults.php index b829512..5bc37d4 100644 --- a/testResults.php +++ b/testResults.php @@ -10,14 +10,6 @@ require_once(BASE."include/application.php"); require_once(BASE."include/testData.php"); require_once(BASE."include/distribution.php"); -$aClean = array(); //array of filtered user input - -$aClean['sSub'] = makeSafe($_REQUEST['sSub']); -$aClean['iTestingId'] = makeSafe($_REQUEST['iTestingId']); -$aClean['iVersionId'] = makeSafe($_REQUEST['iVersionId']); -$aClean['iDistributionId'] = makeSafe($_REQUEST['iDistributionId']); -$aClean['sDistribution'] = makeSafe($_REQUEST['sDistribution']); - //deny access if not logged on if(!$_SESSION['current']->isLoggedIn()) util_show_error_page_and_exit("Insufficient privileges to create test results. Are you sure you are logged in?"); @@ -33,8 +25,8 @@ if ($aClean['sSub']) // Submit or Resubmit the new test results if (($aClean['sSub'] == 'Submit') || ($aClean['sSub'] == 'Resubmit')) { - $errors = $oTest->CheckOutputEditorInput($_REQUEST); - $oTest->GetOutputEditorValues($_REQUEST); // retrieve the values from the current $_REQUEST + $errors = $oTest->CheckOutputEditorInput($aClean); + $oTest->GetOutputEditorValues($aClean); // retrieve the values from the current $aClean if(empty($errors)) { if(!$aClean['iDistributionId']) diff --git a/vendorview.php b/vendorview.php index 0ce3737..c61bea1 100644 --- a/vendorview.php +++ b/vendorview.php @@ -8,7 +8,6 @@ */ require("path.php"); require(BASE."include/incl.php"); -require(BASE."include/filter.php"); require_once(BASE."include/application.php"); require_once(BASE."include/vendor.php"); diff --git a/viewScreenshots.php b/viewScreenshots.php index 61acb6b..8cb0f98 100644 --- a/viewScreenshots.php +++ b/viewScreenshots.php @@ -6,7 +6,6 @@ require("path.php"); require(BASE."include/incl.php"); -require(BASE."include/filter.php"); require_once(BASE."include/screenshot.php"); require_once(BASE."include/application.php"); diff --git a/viewbugs.php b/viewbugs.php index e09dbd1..10cf5f6 100644 --- a/viewbugs.php +++ b/viewbugs.php @@ -12,7 +12,6 @@ // application environment require("path.php"); require(BASE."include/incl.php"); -require(BASE."include/filter.php"); /* code to View versions affected by a Bug */ diff --git a/votestats.php b/votestats.php index 1fe1fab..8e23fd7 100644 --- a/votestats.php +++ b/votestats.php @@ -10,7 +10,6 @@ // application environment require("path.php"); require(BASE."include/incl.php"); -require(BASE."include/filter.php"); require_once(BASE."include/category.php"); // set default values and check if the value makes sense
$oRow->appName