claunia/qemudb
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix and enable input filtering through include/filter.php

Browse Source
This commit is contained in:
Chris Morgan
2007-01-04 02:35:01 +00:00
committed by WineHQ
parent 582ee561fc
commit a1a41d6b87
58 changed files with 129 additions and 385 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
admin/addAppNote.php
View File

@@ -7,13 +7,6 @@ require("path.php");
require(BASE."include/incl.php");
require_once(BASE."include/note.php");
$aClean = array(); //array of filtered user input
$aClean['iVersionId'] = makeSafe($_REQUEST['iVersionId']);
$aClean['iAppId'] = makeSafe( $_REQUEST['iAppId']);
$aClean['sSub'] = makeSafe($_REQUEST['sSub']);
$aClean['sSubmit'] = makeSafe($_REQUEST['sSubmit']);
//FIXME: get rid of appId references everywhere, as version is enough.
$sQuery = "SELECT appId FROM appVersion WHERE versionId = '?'";
$hResult = query_parameters($sQuery, $aClean['iVersionId']);
@@ -37,7 +30,7 @@ else
exit;
$oNote = new Note();
$oNote->GetOutputEditorValues($_REQUEST);
$oNote->GetOutputEditorValues($aClean);
if($aClean['sSub'] == "Submit")
{

8
admin/addCategory.php
View File

@@ -3,14 +3,6 @@ require("path.php");
require(BASE."include/incl.php");
require_once(BASE."include/category.php");
$aClean = array(); //array of filtered user input
$aClean['iCatId'] = makeSafe($_REQUEST['iCatId']);
$aClean['sName'] = makeSafe($_REQUEST['sName']);
$aClean['sDescription'] = makeSafe($_REQUEST['sDescription']);
$aClean['iParentId'] = makeSafe($_REQUEST['iParentId']);
$aClean['sSubmit'] = makeSafe($_REQUEST['sSubmit']);
if(!$_SESSION['current']->hasPriv("admin"))
util_show_error_page_and_exit();

9
admin/adminAppDataQueue.php
View File

@@ -11,15 +11,6 @@ require_once(BASE."include/application.php");
require_once(BASE."include/version.php");
require_once(BASE."include/user.php");
$aClean = array(); //array of user input
$aClean['iId'] = makeSafe($_REQUEST['iId']);
$aClean['sSub'] = makeSafe($_REQUEST['sSub']);
$aClean['sAdd'] = makeSafe($_REQUEST['sAdd']);
$aClean['sDescription'] = makeSafe($_REQUEST['sDescription']);
$aClean['sReplyText'] = makeSafe($_REQUEST['sReplyText']);
$aClean['sReject'] = makeSafe($_REQUEST['sReject']);
// deny access if not admin or at least some kind of maintainer
if(!$_SESSION['current']->hasPriv("admin") && !$_SESSION['current']->isMaintainer())
util_show_error_page_and_exit("Insufficient privileges.");

27
admin/adminAppQueue.php
View File

@@ -9,21 +9,6 @@ require_once(BASE."include/tableve.php");
require_once(BASE."include/application.php");
require_once(BASE."include/testData.php");
$aClean = array(); //array of filtered user input
$aClean['iTestingId'] = makeSafe($_REQUEST['iTestingId']);
$aClean['sSub'] = makeSafe($_REQUEST['sSub'] );
$aClean['sAppType'] = makeSafe($_REQUEST['sAppType']);
$aClean['iAppId'] = makeSafe($_REQUEST['iAppId']);
$aClean['iVersionId'] = makeSafe($_REQUEST['iVersionId']);
$aClean['sAppVendorName'] = makeSafe($_REQUEST['sAppVendorName']);
$aClean['iAppVendorId'] = makeSafe($_REQUEST['iAppVendorId']);
$aClean['sAppWebpage'] = makeSafe($_REQUEST['sAppWebpage']);
$aClean['iAppIdMergeTo'] = makeSafe($_REQUEST['iAppIdMergeTo']);
$aClean['sReplyText'] = makeSafe($_REQUEST['sReplyText']);
$aClean['iVersionIdMergeTo'] = makeSafe($_REQUEST['iVersionIdMergeTo']);
$aClean['sDistribution'] = makeSafe($_REQUEST['sDistribution']);
function get_vendor_from_keywords($sKeywords)
{
$aKeywords = explode(" *** ",$sKeywords);
@@ -188,12 +173,12 @@ if ($aClean['sSub'])
{
$oVersion = new Version($aClean['iVersionId']);
$oTest = new testData($aClean['iTestingId']);
$oVersion->GetOutputEditorValues($_REQUEST);
$oTest->GetOutputEditorValues($_REQUEST);
$oVersion->GetOutputEditorValues($aClean);
$oTest->GetOutputEditorValues($aClean);
if ($aClean['sAppType'] == "application") // application
{
$oApp = new Application($aClean['iAppId']);
$oApp->GetOutputEditorValues($_REQUEST); // load the values from $_REQUEST
$oApp->GetOutputEditorValues($aClean); // load the values from $aClean
// add new vendor
if($aClean['sAppVendorName'] and !$aClean['iAppVendorId'])
{
@@ -267,12 +252,12 @@ if ($aClean['sSub'])
{
$oVersion = new Version($aClean['iVersionId']);
$oTest = new testData($aClean['iTestingId']);
$oVersion->GetOutputEditorValues($_REQUEST);
$oTest->GetOutputEditorValues($_REQUEST);
$oVersion->GetOutputEditorValues($aClean);
$oTest->GetOutputEditorValues($aClean);
if ($aClean['sAppType'] == "application") // application
{
$oApp = new Application($aClean['iAppId']);
$oApp->GetOutputEditorValues($_REQUEST); // load the values from $_REQUEST
$oApp->GetOutputEditorValues($aClean); // load the values from $aClean
$oApp->update(true);
$oApp->reject();
}

9
admin/adminBugs.php
View File

@@ -10,15 +10,6 @@ require("path.php");
require(BASE."include/incl.php");
require_once(BASE."include/bugs.php");
$aClean = array(); //array of filtered user input
$aClean['sSub'] = makeSafe($_REQUEST['sSub']);
$aClean['iBuglinkId'] = makeSafe($_REQUEST['iBuglinkId']);
$aClean['iItemsPerPage'] = makeSafe($_REQUEST['iItemsPerPage']);
$aClean['sQueuedOnly'] = makeSafe($_REQUEST['sQueuedOnly']);
$aClean['iPage'] = makeSafe($_REQUEST['iPage']);
// deny access if not logged in
if(!$_SESSION['current']->hasPriv("admin"))
util_show_error_page_and_exit("Insufficient privileges.");

5
admin/adminCommentView.php
View File

@@ -15,11 +15,6 @@ $pageRange = 10;
$ItemsPerPage = 10;
$currentPage = 1;
$aClean = array(); //array of filtered user input
$aClean['iItemsPerPage'] = makeSafe($_REQUEST['iItemsPerPage']);
$aClean['iPage'] = makeSafe($_REQUEST['iPage']);
if($aClean['iItemsPerPage'])
$ItemsPerPage = $aClean['iItemsPerPage'];
if($aClean['iPage'])

8
admin/adminMaintainerQueue.php
View File

@@ -14,14 +14,6 @@ require_once(BASE."include/mail.php");
/* The initial help text displayed in the admin's response field */
$sReplyTextHelp = "Enter a personalized reason for accepting or rejecting the user's maintainer request here";
$aClean = array(); //array of filtered user input
$aClean['sSub'] = makeSafe( $_REQUEST['sSub'] );
$aClean['iMaintainerId'] = makeSafe( $_REQUEST['iMaintainerId'] );
$aClean['sAdd'] = makeSafe( $_REQUEST['sAdd'] );
$aClean['sReject'] = makeSafe( $_REQUEST['sReject'] );
$aClean['sReplyText'] = makeSafe( $_REQUEST['sReplyText'] );
/* If the admin's response text has not been modified, it should not be included in the e-mail sent to the rejected/accepted maintainer */
if($aClean['sReplyText'] == $sReplyTextHelp)
$aClean['sReplyText'] = "";

5
admin/adminMaintainers.php
View File

@@ -9,11 +9,6 @@
require("path.php");
require(BASE."include/incl.php");
$aClean = array(); //array of filtered user input
$aClean['sSub'] = makeSafe($_REQUEST['sSub']);
$aClean['iMaintainerId'] = makeSafe($_REQUEST['iMaintainerId']);
// deny access if not logged in
if(!$_SESSION['current']->hasPriv("admin"))
util_show_error_page_and_exit("Insufficient privileges.");

9
admin/adminScreenshots.php
View File

@@ -9,15 +9,6 @@ require(BASE."include/incl.php");
require_once(BASE."include/screenshot.php");
require_once(BASE."include/application.php");
$aClean = array(); //array of filtered user input
$aClean['sCmd'] = makeSafe($_REQUEST['sCmd']);
$aClean['iImageId'] = makeSafe($_REQUEST['iImageId']);
$aClean['iItemsPerPage'] = makeSafe($_REQUEST['iItemsPerPage']);
$aClean['iPage'] = makeSafe($_REQUEST['iPage']);
$aClean['bRegenerate'] = makeSafe($_REQUEST['bRegenerate']);
$aClean['iVersionId'] = makeSafe($_REQUEST['iVersionId']);
// deny access if not admin
if(!$_SESSION['current']->hasPriv("admin"))
util_show_error_page_and_exit("Insufficient privileges.");

7
admin/adminTestResults.php
View File

@@ -11,11 +11,6 @@ require_once(BASE."include/version.php");
require_once(BASE."include/testData.php");
require_once(BASE."include/distribution.php");
$aClean = array();
$aClean['sSub'] = makeSafe($_REQUEST['sSub']);
$aClean['iTestingId'] = makeSafe($_REQUEST['iTestingId']);
if ($aClean['sSub'])
{
$oTest = new testData($aClean['iTestingId']);
@@ -29,7 +24,7 @@ if ($aClean['sSub'])
if(is_numeric($aClean['iTestingId']))
{
$oTest = new testData($aClean['iTestingId']);
$oTest->GetOutputEditorValues($_REQUEST);
$oTest->GetOutputEditorValues($aClean);
if($aClean['sSub'] == 'Submit') // submit the test results
{

9
admin/adminUsers.php
View File

@@ -6,15 +6,6 @@
require("path.php");
require(BASE."include/incl.php");
$aClean = array(); //filtered user input
$aClean['sAction'] = makeSafe($_REQUEST['sAction']);
$aClean['iUserId'] = makeSafe($_REQUEST['iUserId']);
$aClean['sSearch'] = makeSafe($_REQUEST['sSearch']);
$aClean['iLimit'] = makeSafe($_REQUEST['iLimit']);
$aClean['sOrderBy'] = makeSafe($_REQUEST['sOrderBy']);
$aClean['sSubmit'] = makeSafe($_REQUEST['sSubmit']);
apidb_header("Admin Users Management");
if(!$_SESSION['current']->hasPriv("admin"))

8
admin/deleteAny.php
View File

@@ -13,14 +13,6 @@ require_once(BASE."include/application.php");
require_once(BASE."include/monitor.php");
require_once(BASE."include/testData.php");
$aClean = array(); //filtered user input
$aClean['sConfirmed'] = makeSafe($_REQUEST['sConfirmed']);
$aClean['sWhat'] = makeSafe($_REQUEST['sWhat']);
$aClean['iCatId'] = makeSafe($_REQUEST['iCatId']);
$aClean['iAppId'] = makeSafe($_REQUEST['iAppId']);
$aClean['iVersionId'] = makeSafe($_REQUEST['iVersionId']);
if($aClean['sConfirmed'] != "yes")
{
// ask for confirmation

5
admin/editAppFamily.php
View File

@@ -9,11 +9,6 @@ require_once(BASE."include/tableve.php");
require_once(BASE."include/application.php");
require_once(BASE."include/category.php");
$aClean = array(); //array of filtered user input
$aClean['iAppId'] = makeSafe($_REQUEST['iAppId']);
$aClean['sSubmit'] = makeSafe($_REQUEST['sSubmit']);
if(!is_numeric($aClean['iAppId']))
util_show_error_page_and_exit("Wrong ID");

11
admin/editAppNote.php
View File

@@ -7,13 +7,6 @@ require("path.php");
require(BASE."include/incl.php");
require_once(BASE."include/note.php");
$aClean = array(); //array of filtered user input
$aClean['iNoteId'] = makeSafe($_REQUEST['iNoteId']);
$aClean['sSub'] = makeSafe($_REQUEST['sSub']);
$aClean['sSubmit'] = makeSafe($_REQUEST['sSubmit']);
$aClean['sPreview'] = makeSafe($_REQUEST['sPreview']);
if(!is_numeric($aClean['iNoteId']))
util_show_error_page_and_exit('Wrong note ID');
@@ -26,7 +19,7 @@ if(!$_SESSION['current']->hasPriv("admin") && !$_SESSION['current']->isMaintaine
if(!empty($aClean['sSub']))
{
$oNote->GetOutputEditorValues($_REQUEST); /* retrieve the updated values */
$oNote->GetOutputEditorValues($aClean); /* retrieve the updated values */
if ($aClean['sSub'] == 'Delete')
{
@@ -45,7 +38,7 @@ if(!empty($aClean['sSub']))
/* if preview is set display the note for review */
if($aClean['sPreview'])
{
$oNote->GetOutputEditorValues($_REQUEST); /* retrieve the updated values */
$oNote->GetOutputEditorValues($aClean); /* retrieve the updated values */
$oNote->show(true);
}

6
admin/editAppVersion.php
View File

@@ -5,12 +5,6 @@ require_once(BASE."include/tableve.php");
require_once(BASE."include/application.php");
require_once(BASE."include/version.php");
$aClean = array(); //array of filtered user input
$aClean['iAppId'] = makeSafe($_REQUEST['iAppId']);
$aClean['iVersionId'] = makeSafe($_REQUEST['iVersionId']);
$aClean['sSubmit'] = makeSafe($_REQUEST['sSubmit']);
if(!is_numeric($aClean['iAppId']) OR !is_numeric($aClean['iVersionId']))
util_show_error_page_and_exit("Wrong ID");

20
admin/editBundle.php
View File

@@ -18,25 +18,25 @@ function build_app_list()
echo "</select>\n";
}
if($_REQUEST['sCmd'])
if($aClean['sCmd'])
{
if($_REQUEST['sCmd'] == "delete")
if($aClean['sCmd'] == "delete")
{
$hResult = query_parameters("DELETE FROM appBundle WHERE appId ='?' AND bundleId = '?'",
$_REQUEST['iAppId'], $_REQUEST['iBundleId']);
$aClean['iAppId'], $aClean['iBundleId']);
if($hResult)
addmsg("App deleted from bundle", "green");
else
addmsg("Failed to delete app from bundle!", "red");
}
if($_REQUEST['sCmd'] == "add")
if($aClean['sCmd'] == "add")
{
$hResult = query_parameters("INSERT INTO appBundle (bundleId, appId) VALUES".
"('?', '?')",
$_REQUEST['iBundleId'],
$_REQUEST['iAppId']);
$aClean['iBundleId'],
$aClean['iAppId']);
if($hResult)
addmsg("App $appId added to Bundle".$_REQUEST['iBundleId'], "green");
addmsg("App $appId added to Bundle".$aClean['iBundleId'], "green");
}
}
@@ -45,7 +45,7 @@ apidb_header("Edit Application Bundle");
$hResult = query_parameters("SELECT bundleId, appBundle.appId, appName FROM appBundle, appFamily ".
"WHERE bundleId = '?' AND appFamily.appId = appBundle.appId",
$_REQUEST['iBundleId']);
$aClean['iBundleId']);
echo html_frame_start("Apps in this Bundle","300",'',0);
echo "<table width='100%' border=0 cellpadding=3 cellspacing=0>\n\n";
@@ -63,7 +63,7 @@ if($hResult && mysql_num_rows($hResult))
//set row color
if ($c % 2 == 1) { $bgcolor = 'color0'; } else { $bgcolor = 'color1'; }
$delete_link = "[<a href='editBundle.php?sCmd=delete&iBundleId=".$_REQUEST['iBundleId']."&iAppId=$oRow->appId'>delete</a>]";
$delete_link = "[<a href='editBundle.php?sCmd=delete&iBundleId=".$aClean['iBundleId']."&iAppId=$oRow->appId'>delete</a>]";
echo "<tr class=$bgcolor>\n";
echo " <td>$oRow->appName &nbsp;</td>\n";
@@ -89,7 +89,7 @@ echo html_frame_start("Application List (double click to add)","",'',2);
build_app_list();
echo html_frame_end();
echo "<input type=\"hidden\" name=\"iBundleId\" value=\"".$_REQUEST['iBundleId']."\">\n";
echo "<input type=\"hidden\" name=\"iBundleId\" value=\"".$aClean['iBundleId']."\">\n";
echo "<input type=\"hidden\" name=\"sCmd\" value=\"add\">\n";
echo "</form>\n";

8
admin/editDistribution.php
View File

@@ -3,19 +3,13 @@ require("path.php");
require(BASE."include/incl.php");
require_once(BASE."include/distribution.php");
$aClean = array(); //array of filtered user input
$aClean['iDistributionId'] = makeSafe($_REQUEST['iDistributionId']);
$aClean['sSubmit'] = makeSafe($_REQUEST['sSubmit']);
if(!$_SESSION['current']->hasPriv("admin"))
util_show_error_page_and_exit("Insufficient privileges.");
$oDistribution = new distribution($aClean['iDistributionId']);
if($aClean['sSubmit'])
{
$oDistribution->GetOutputEditorValues($_REQUEST);
$oDistribution->GetOutputEditorValues($aClean);
if($oDistribution->iDistributionId)
$oDistribution->update();

6
admin/editVendor.php
View File

@@ -3,12 +3,6 @@ require("path.php");
require(BASE."include/incl.php");
require_once(BASE."include/vendor.php");
$aClean = array(); //array of filtered user input
$aClean['iVendorId'] = makeSafe($_REQUEST['iVendorId']);
$aClean['sSubmit'] = makeSafe($_REQUEST['sSubmit']);
$aClean['sName'] = makeSafe($_REQUEST['sName']);
$aClean['sWebpage'] = makeSafe($_REQUEST['sWebpage']);
if(!$_SESSION['current']->hasPriv("admin"))
util_show_error_page_and_exit();

6
admin/moveAppVersion.php
View File

@@ -5,12 +5,6 @@ require_once(BASE."include/tableve.php");
require_once(BASE."include/application.php");
require_once(BASE."include/version.php");
$aClean = array(); //array of filtered user input
$aClean['iAppId'] = makeSafe($_REQUEST['iAppId']);
$aClean['iVersionId'] = makeSafe($_REQUEST['iVersionId']);
$aClean['sAction'] = makeSafe($_REQUEST['sAction']);
if(!is_numeric($aClean['iAppId']) OR !is_numeric($aClean['iVersionId']))
util_show_error_page_and_exit("Wrong ID");