claunia/qemudb
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix and enable input filtering through include/filter.php

Browse Source
This commit is contained in:
Chris Morgan
2007-01-04 02:35:01 +00:00
committed by WineHQ
parent 582ee561fc
commit a1a41d6b87
58 changed files with 129 additions and 385 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
include/application.php
View File

@@ -358,11 +358,8 @@ class Application {
function mailSubmitter($sAction="add")
{
$aClean = array(); //array of filtered user input
if(isset($_REQUEST['sReplyText']))
$aClean['sReplyText'] = makeSafe($_REQUEST['sReplyText']);
else
global $aClean;
if(!isset($aClean['sReplyText']))
$aClean['sReplyText'] = "";
if($this->iSubmitterId)
@@ -432,11 +429,8 @@ class Application {
function SendNotificationMail($sAction="add",$sMsg=null)
{
$aClean = array(); //array of filtered user input
if(isset($_REQUEST['sReplyText']))
$aClean['sReplyText'] = makeSafe($_REQUEST['sReplyText']);
else
global $aClean;
if(!isset($aClean['sReplyText']))
$aClean['sReplyText'] = "";
switch($sAction)
@@ -581,7 +575,7 @@ class Application {
return $errors;
}
/* retrieves values from $_REQUEST that were output by OutputEditor() */
/* retrieves values from $aValues that were output by OutputEditor() */
/* $aValues can be $_REQUEST or any array with the values from OutputEditor() */
function GetOutputEditorValues($aValues)
{

10
include/bugs.php
View File

@@ -191,9 +191,9 @@ class Bug {
function mailSubmitter($bRejected=false)
{
$aClean = array(); //array of filtered user input
$aClean['sReplyText'] = makeSafe($_REQUEST['sReplyText']);
global $aClean;
if(!isset($aClean['sReplyText']))
$aClean['sReplyText'] = "";
if($this->iSubmitterId)
{
@@ -298,9 +298,7 @@ class Bug {
function view_version_bugs($iVersionId = null, $aBuglinkIds)
{
$aClean = array(); //array of filtered user input
$aClean['buglinkId'] = makeSafe($_REQUEST['buglinkId']);
global $aClean;
$bCanEdit = FALSE;
$oVersion = new Version($iVersionId);

5
include/comment.php
View File

@@ -366,10 +366,7 @@ class Comment {
function view_app_comments($versionId, $threadId = 0)
{
$aClean = array(); //array of filtered user input
$aClean['sCmode'] = makeSafe($_REQUEST['sCmode']);
$aClean['sMode'] = makeSafe($_REQUEST['sMode']);
global $aClean;
// count posts
$hResult = query_parameters("SELECT commentId FROM appComments WHERE versionId = '?'", $versionId);

8
include/distribution.php
View File

@@ -257,10 +257,7 @@ class distribution{
function mailSubmitter($sAction="add")
{
$aClean = array(); //array of filtered user input
$aClean['sReplyText'] = makeSafe($_REQUEST['sReplyText']);
global $aClean;
if($this->iSubmitterId)
{
@@ -301,9 +298,8 @@ class distribution{
function SendNotificationMail($sAction="add",$sMsg=null)
{
$aClean = array(); //array of filtered user input
global $aClean;
$aClean['sReplyText'] = makeSafe($_REQUEST['sReplyText']);
switch($sAction)
{
case "add":

21
include/filter.php
View File

@@ -9,8 +9,19 @@ function filter_gpc()
{
global $aClean;
$aKeys = array_keys($_REQUEST);
for($i=0;$i<sizeof($aKeys);$i++)
for($i=0; $i < sizeof($aKeys); $i++)
{
// Special cases for variables that don't fit our filtering scheme
// don't filter the AppDB session cookie and MAX_FILE_SIZE
// and the DialogX values that xinha uses
if($aKeys[$i] == "whq_appdb" || ($aKeys[$i] == "MAX_FILE_SIZE") || ($aKeys[$i] == "PHPSESSID")
|| (strpos($aKeys[$i], "Dialog") == 0) || (strpos($aKeys[$i], "pref_") == 0))
{
// copy the key over to the clean array
$aClean[$aKeys[$i]] = trim(strip_tags($_REQUEST[$aKeys[$i]]));
continue; // go to the next entry
}
switch($aKeys[$i][0])
{
case "i": // integer
@@ -47,13 +58,7 @@ function filter_gpc()
util_show_error_page_and_exit("Fatal error: ".$aKeys[$i]." should be an array.");
break;
default:
// don't filter the AppDB session cookie and MAX_FILE_SIZE
// and the DialogX values that xinha uses
if($aKeys[$i]!="whq_appdb" && $aKeys[$i]!="MAX_FILE_SIZE" && $aKeys[$i]!="PHPSESSID"
&& strpos($aKeys[$i], "Dialog") == 0)
{
util_show_error_page_and_exit("Fatal error: type of variable ".$aKeys[$i]." is not recognized.");
}
util_show_error_page_and_exit("Fatal error: type of variable ".$aKeys[$i]." is not recognized.");
break;
}
}

3
include/form_edit.php
View File

@@ -1,9 +1,6 @@
<?php
require_once(BASE."include/util.php");
$aClean = array(); //array of filtered user input
$aClean['iUserId'] = makeSafe($_REQUEST['iUserId']);
/*********************/
/* Edit Account Form */
/*********************/

4
include/form_login.php
View File

@@ -1,10 +1,6 @@
<?php
require_once(BASE."include/util.php");
$aClean = array(); //array of filtered user input
$aClean['sUserEmail'] = makeSafe($_POST['sUserEmail']);
/**************/
/* Login Form */
/**************/

6
include/form_new.php
View File

@@ -1,12 +1,6 @@
<?php
require_once(BASE."include/util.php");
$aClean = array(); //array of filtered user input
$aClean['sUserEmail'] = makeSafe($_POST['sUserEmail']);
$aClean['sUserRealname'] = makeSafe($_POST['realname']);
/********************/
/* New Account Form */
/********************/

9
include/incl.php
View File

@@ -82,6 +82,9 @@ if(isset($_REQUEST['mode']))
/* End backwards compatibility code */
// include filter.php to filter all REQUEST input
require(BASE."include/filter.php");
// create arrays
$sidebar_func_list = array();
@@ -285,7 +288,11 @@ function dumpmsgbuffer()
$session = new session("whq_appdb");
$session->register("current");
if(!isset($_SESSION['current'])) $_SESSION['current'] = new User();
if(!isset($_SESSION['current']))
{
echo "Session not set, creating new user";
$_SESSION['current'] = new User();
}
// if we are debugging we need to see all errors
if($_SESSION['current']->showDebuggingInfos()) error_reporting(E_ALL ^ E_NOTICE);

8
include/note.php
View File

@@ -2,12 +2,6 @@
require_once(BASE."include/util.php");
require_once(BASE."include/version.php");
$aClean = array(); //array of filtered user input
if(isset($_REQUEST['sReplyText']))
$aClean['sReplyText'] = makeSafe( $_REQUEST['sReplyText'] );
else
$aClean['sReplyText'] = "";
/************************************/
/* note class and related functions */
/************************************/
@@ -257,7 +251,7 @@ class Note {
echo html_frame_end();
}
/* retrieves values from $_REQUEST that were output by OutputEditor() */
/* retrieves values from $aValue that were output by OutputEditor() */
/* $aValues can be $_REQUEST or any array with the values from OutputEditor() */
function GetOutputEditorValues($aValues)
{

4
include/screenshot.php
View File

@@ -302,9 +302,7 @@ class Screenshot {
function mailSubmitter($bRejected=false)
{
$aClean = array(); //array of filtered user input
$aClean['sReplyText'] = makeSafe($_REQUEST['sReplyText']);
global $aClean;
if($this->iSubmitterId)
{

8
include/sidebar.php
View File

@@ -6,11 +6,9 @@ require_once(BASE."include/distribution.php");
require_once(BASE."include/vendor.php");
require_once(BASE."include/util.php");
function global_sidebar_menu() {
$aClean = array(); //array of filtered user input
$aClean['sSearchQuery'] = makeSafe($_REQUEST['sSearchQuery']);
function global_sidebar_menu()
{
global $aClean;
$g = new htmlmenu(APPDB_OWNER." Menu");
$g->add(APPDB_OWNER, APPDB_OWNER_URL);

18
include/testData.php
View File

@@ -245,10 +245,7 @@ class testData{
function mailSubmitter($sAction="add")
{
$aClean = array(); //array of filtered user input
$aClean = makeSafe($_REQUEST['sReplyText']);
global $aClean;
if($this->iSubmitterId)
{
@@ -290,9 +287,7 @@ class testData{
function SendNotificationMail($sAction="add",$sMsg=null)
{
$aClean = array(); //array of filtered user input
$aClean['sReplyText'] = makeSafe($_REQUEST['sReplyText']);
global $aClean;
$oVersion = new Version($this->iVersionId);
$oApp = new Application($oVersion->iAppId);
@@ -374,13 +369,12 @@ class testData{
// Show the Test results for a application version
function ShowVersionsTestingTable($link, $iDisplayLimit)
{
global $aClean;
/* escape input parameters */
$link = mysql_real_escape_string($link);
$iDisplayLimit = mysql_real_escape_string($iDisplayLimit);
$aClean = array(); //array of filtered user input
$aClean['showAll'] = makeSafe($_REQUEST['showAll']);
$showAll = $aClean['showAll'];
$sQuery = "SELECT *
@@ -559,7 +553,7 @@ class testData{
echo html_frame_end();
}
/* $aValues can be $_REQUEST or any array with the values from OutputEditor() */
/* $aValues can be $aValues or any array with the values from OutputEditor() */
function CheckOutputEditorInput($aValues, $sDistribution="")
{
$errors = "";
@@ -603,7 +597,7 @@ class testData{
}
/* retrieves values from $_REQUEST that were output by OutputEditor() */
/* retrieves values from $aValues that were output by OutputEditor() */
/* $aValues can be $_REQUEST or any array with the values from OutputEditor() */
function GetOutputEditorValues($aValues)
{

8
include/url.php
View File

@@ -51,10 +51,7 @@ class Url {
*/
function create($sDescription = null, $sUrl = null, $iVersionId = null, $iAppId = null)
{
$aClean = array(); //array of filtered user input
$aClean['iVersionId'] = makeSafe($_REQUEST['iVersionId']);
$aClean['iAppId'] = makeSafe($_REQUEST['iAppId']);
global $aClean;
// Security, if we are not an administrator or a maintainer, the url must be queued.
if(!($_SESSION['current']->hasPriv("admin") || $_SESSION['current']->isMaintainer($aClean['iVersionId']) || $_SESSION['current']->isSupermaintainer($aClean['iAppId'])))
@@ -180,9 +177,8 @@ class Url {
function mailSubmitter($bRejected=false)
{
$aClean = array(); //array of filtered user input
global $aClean;
$aClean['sReplyText'] = makeSafe($_REQUEST['sReplyText']);
if($this->iSubmitterId)
{
$sAppName = Application::lookup_name($this->appId)." ".Version::lookup_name($this->versionId);

78
include/util.php
View File

@@ -552,91 +552,93 @@ function outputSearchTableForhResult($search_words, $hResult)
/* pass in $isVersion of true if we are processing changes for an app version */
/* or false if processing changes for an application family */
function process_app_version_changes($isVersion)
function process_app_version_changes($bIsVersion)
{
global $aClean;
/* load up the version or application depending on which values are set */
if($isVersion)
$oVersion = new Version($_REQUEST['iVersionId']);
if($bIsVersion)
$oVersion = new Version($aClean['iVersionId']);
else
$oApp = new Application($_REQUEST['iAppId']);
$oApp = new Application($aClean['iAppId']);
// commit changes of form to database
if(($_REQUEST['sSubmit'] == "Update Database") && $isVersion) /* is a version */
if(($aClean['sSubmit'] == "Update Database") && $bIsVersion) /* is a version */
{
$oVersion->GetOutputEditorValues($_REQUEST);
$oVersion->GetOutputEditorValues($aClean);
$oVersion->update();
} else if(($_REQUEST['sSubmit'] == "Update Database") && !$isVersion) /* is an application */
} else if(($aClean['sSubmit'] == "Update Database") && !$bIsVersion) /* is an application */
{
$oApp->GetOutputEditorValues($_REQUEST);
$oApp->GetOutputEditorValues($aClean);
$oApp->update();
} else if($_REQUEST['sSubmit'] == "Update URL")
} else if($aClean['sSubmit'] == "Update URL")
{
$sWhatChanged = "";
$bAppChanged = false;
if (!empty($_REQUEST['sUrlDesc']) && !empty($_REQUEST['sUrl']) )
if (!empty($aClean['sUrlDesc']) && !empty($aClean['sUrl']) )
{
// process added URL
if($_SESSION['current']->showDebuggingInfos()) { echo "<p align=center><b>{$_REQUEST['sUrl']}:</b> {$_REQUEST['sUrlDesc']} </p>"; }
if($_SESSION['current']->showDebuggingInfos()) { echo "<p align=center><b>{$aClean['sUrl']}:</b> {$aClean['sUrlDesc']} </p>"; }
if($isVersion)
if($bIsVersion)
{
$hResult = query_parameters("INSERT INTO appData (versionId, type, description, url) ".
"VALUES ('?', '?', '?', '?')",
$_REQUEST['iVersionId'], "url", $_REQUEST['sUrlDesc'],
$_REQUEST['sUrl']);
$aClean['iVersionId'], "url", $aClean['sUrlDesc'],
$aClean['sUrl']);
} else
{
$hResult = query_parameters("INSERT INTO appData (appId, type, description, url) ".
"VALUES ('?', '?', '?', '?')",
$_REQUEST['iAppId'], "url", $_REQUEST['sUrlDesc'],
$_REQUEST['sUrl']);
$aClean['iAppId'], "url", $aClean['sUrlDesc'],
$aClean['sUrl']);
}
if ($hResult)
{
addmsg("The URL was successfully added into the database", "green");
$sWhatChanged .= " Added Url: Description: ".stripslashes($_REQUEST['sUrlDesc'])."\n";
$sWhatChanged .= " Url: ".stripslashes($_REQUEST['sUrl'])."\n";
$sWhatChanged .= " Added Url: Description: ".stripslashes($aClean['sUrlDesc'])."\n";
$sWhatChanged .= " Url: ".stripslashes($aClean['sUrl'])."\n";
$bAppChanged = true;
}
}
// Process changed URLs
for($i = 0; $i < $_REQUEST['iRows']; $i++)
for($i = 0; $i < $aClean['iRows']; $i++)
{
if($_SESSION['current']->showDebuggingInfos()) { echo "<p align=center><b>{$_REQUEST['adescription'][$i]}:</b> {$_REQUEST['aURL'][$i]}: {$_REQUEST['adelete'][$i]} : {$_REQUEST['aId'][$i]} : .{$_REQUEST['aOldDesc'][$i]}. : {$_REQUEST['aOldURL'][$i]}</p>"; }
if($_SESSION['current']->showDebuggingInfos()) { echo "<p align=center><b>{$aClean['adescription'][$i]}:</b> {$aClean['aURL'][$i]}: {$aClean['adelete'][$i]} : {$aClean['aId'][$i]} : .{$aClean['aOldDesc'][$i]}. : {$aClean['aOldURL'][$i]}</p>"; }
if ($_REQUEST['adelete'][$i] == "on")
if ($aClean['adelete'][$i] == "on")
{
$hResult = query_parameters("DELETE FROM appData WHERE id = '?'", $_REQUEST['aId'][$i]);
$hResult = query_parameters("DELETE FROM appData WHERE id = '?'", $aClean['aId'][$i]);
if($hResult)
{
addmsg("<p><b>Successfully deleted URL ".$_REQUEST['aOldDesc'][$i]." (".$_REQUEST['aOldURL'][$i].")</b></p>\n",'green');
$sWhatChanged .= "Deleted Url: Description: ".stripslashes($_REQUEST['aOldDesc'][$i])."\n";
$sWhatChanged .= " url: ".stripslashes($_REQUEST['aOldURL'][$i])."\n";
addmsg("<p><b>Successfully deleted URL ".$aClean['aOldDesc'][$i]." (".$aClean['aOldURL'][$i].")</b></p>\n",'green');
$sWhatChanged .= "Deleted Url: Description: ".stripslashes($aClean['aOldDesc'][$i])."\n";
$sWhatChanged .= " url: ".stripslashes($aClean['aOldURL'][$i])."\n";
$bAppChanged = true;
}
}
else if( $_REQUEST['aURL'][$i] != $_REQUEST['aOldURL'][$i] || $_REQUEST['adescription'][$i] != $_REQUEST['aOldDesc'][$i])
else if( $aClean['aURL'][$i] != $aClean['aOldURL'][$i] || $aClean['adescription'][$i] != $aClean['aOldDesc'][$i])
{
if(empty($_REQUEST['aURL'][$i]) || empty($_REQUEST['adescription'][$i]))
if(empty($aClean['aURL'][$i]) || empty($aClean['adescription'][$i]))
addmsg("The URL or description was blank. URL not changed in the database", "red");
else
{
if (query_parameters("UPDATE appData SET description = '?', url = '?' WHERE id = '?'",
$_REQUEST['adescription'][$i], $_REQUEST['aURL'][$i],
$_REQUEST['aId'][$i]))
$aClean['adescription'][$i], $aClean['aURL'][$i],
$aClean['aId'][$i]))
{
addmsg("<p><b>Successfully updated ".$_REQUEST['aOldDesc'][$i]." (".$_REQUEST['aOldURL'][$i].")</b></p>\n",'green');
$sWhatChanged .= "Changed Url: Old Description: ".stripslashes($_REQUEST['aOldDesc'][$i])."\n";
$sWhatChanged .= " Old Url: ".stripslashes($_REQUEST['aOldURL'][$i])."\n";
$sWhatChanged .= " New Description: ".stripslashes($_REQUEST['adescription'][$i])."\n";
$sWhatChanged .= " New url: ".stripslashes($_REQUEST['aURL'][$i])."\n";
addmsg("<p><b>Successfully updated ".$aClean['aOldDesc'][$i]." (".$aClean['aOldURL'][$i].")</b></p>\n",'green');
$sWhatChanged .= "Changed Url: Old Description: ".stripslashes($aClean['aOldDesc'][$i])."\n";
$sWhatChanged .= " Old Url: ".stripslashes($aClean['aOldURL'][$i])."\n";
$sWhatChanged .= " New Description: ".stripslashes($aClean['adescription'][$i])."\n";
$sWhatChanged .= " New url: ".stripslashes($aClean['aURL'][$i])."\n";
$bAppChanged = true;
}
}
@@ -644,16 +646,16 @@ function process_app_version_changes($isVersion)
}
if ($bAppChanged)
{
$sEmail = User::get_notify_email_address_list($_REQUEST['iAppId']);
$oApp = new Application($_REQUEST['iAppId']);
$sEmail = User::get_notify_email_address_list($aClean['iAppId']);
$oApp = new Application($aClean['iAppId']);
if($sEmail)
{
if($isVersion)
if($bIsVersion)
$sSubject = "Links for ".$oApp->sName." ".$oVersion->sName." have been updated by ".$_SESSION['current']->sRealname;
else
$sSubject = "Links for ".$oApp->sName." have been updated by ".$_SESSION['current']->sRealname;
$sMsg = APPDB_ROOT."appview.php?iAppId=".$_REQUEST['iAppId']."\n";
$sMsg = APPDB_ROOT."appview.php?iAppId=".$aClean['iAppId']."\n";
$sMsg .= "\n";
$sMsg .= "The following changes have been made:";
$sMsg .= "\n";

14
include/version.php
View File

@@ -393,12 +393,10 @@ class Version {
function mailSubmitter($sAction="add")
{
$aClean = array(); //array of filtered user input
global $aClean; //FIXME: we should pass the sReplyText value in
// use 'sReplyText' if it is defined, otherwise define the value as an empty string
if(isset($_REQUEST['sReplyText']))
$aClean['sReplyText'] = makeSafe($_REQUEST['sReplyText']);
else
if(!isset($aClean['sReplyText']))
$aClean['sReplyText'] = "";
if($this->iSubmitterId)
@@ -436,12 +434,10 @@ class Version {
function SendNotificationMail($sAction="add",$sMsg=null)
{
$aClean = array(); //array of filtered user input
global $aClean;
// use 'sReplyText' if it is defined, otherwise define the value as an empty string
if(isset($_REQUEST['sReplyText']))
$aClean['sReplyText'] = makeSafe($_REQUEST['sReplyText']);
else
if(!isset($aClean['sReplyText']))
$aClean['sReplyText'] = "";
$oApp = new Application($this->iAppId);
@@ -601,7 +597,7 @@ class Version {
return $errors;
}
/* retrieves values from $_REQUEST that were output by OutputEditor() */
/* retrieves values from $aValues that were output by OutputEditor() */
/* $aValues can be $_REQUEST or any array with the values from OutputEditor() */
function GetOutputEditorValues($aValues)
{

6
include/vote.php
View File

@@ -9,7 +9,6 @@ define('MAX_VOTES',3);
*/
function vote_count($iAppId, $iUserId = null)
{
if(!$iUserId)
{
if($_SESSION['current']->isLoggedIn())
@@ -78,7 +77,6 @@ function vote_add($iAppId, $iSlot, $iUserId = null)
*/
function vote_remove($iSlot, $iUserId = null)
{
if(!$iUserId)
{
if($_SESSION['current']->isLoggedIn())
@@ -114,9 +112,7 @@ function vote_get_user_votes($iUserId = null)
function vote_menu()
{
$aClean = array(); //array of filtered user input
$aClean['iAppId'] = makeSafe($_REQUEST['iAppId']);
global $aClean;
$m = new htmlmenu("Votes","updatevote.php");