claunia/qemudb
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Filter all user input to reduce the security impact of manipulated data

Browse Source
This commit is contained in:
EA Durbin
2006-06-17 06:10:10 +00:00
committed by WineHQ
parent 02c5682c01
commit f982c8459e
53 changed files with 988 additions and 542 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
admin/addAppNote.php
View File

@@ -8,36 +8,45 @@ require(BASE."include/incl.php");
require(BASE."include/application.php");
require(BASE."include/mail.php");
$aClean = array(); //array of filtered user input
$aClean['versionId'] = makeSafe($_REQUEST['versionId']);
$aClean['appId'] = makeSafe( $_REQUEST['appId']);
$aClean['sub'] = makeSafe($_REQUEST['sub']);
$aClean['submit'] = makeSafe($_REQUEST['submit']);
$aClean['noteTitle'] = makeSafe($_REQUEST['noteTitle']);
$aClean['noteDesc'] = makeSafe($_REQUEST['noteDesc']);
//FIXME: get rid of appId references everywhere, as version is enough.
$sQuery = "SELECT appId FROM appVersion WHERE versionId = '".$_REQUEST['versionId']."'";
$sQuery = "SELECT appId FROM appVersion WHERE versionId = '".$aClean['versionId']."'";
$hResult = query_appdb($sQuery);
$oRow = mysql_fetch_object($hResult);
$appId = $oRow->appId;
//check for admin privs
if(!$_SESSION['current']->hasPriv("admin") && !$_SESSION['current']->isMaintainer($_REQUEST['versionId']) && !$_SESSION['current']->isSuperMaintainer($_REQUEST['appId']))
if(!$_SESSION['current']->hasPriv("admin") && !$_SESSION['current']->isMaintainer($aClean['versionId']) && !$_SESSION['current']->isSuperMaintainer($aClean['appId']))
{
errorpage("Insufficient Privileges!");
exit;
}
//set link for version
if(is_numeric($_REQUEST['versionId']) and !empty($_REQUEST['versionId']))
if(is_numeric($aClean['versionId']) and !empty($aClean['versionId']))
{
$versionLink = "versionId={$_REQUEST['versionId']}";
$versionLink = "versionId={$aClean['versionId']}";
}
else
exit;
if($_REQUEST['sub'] == "Submit")
if($aClean['sub'] == "Submit")
{
$oNote = new Note();
$oNote->create($_REQUEST['noteTitle'], $_REQUEST['noteDesc'], $_REQUEST['versionId']);
$oNote->create($aClean['noteTitle'], $aClean['noteDesc'], $aClean['versionId']);
redirect(apidb_fullurl("appview.php?".$versionLink));
exit;
}
else if($_REQUEST['sub'] == 'Preview' OR empty($_REQUEST['submit']))
else if($aClean['sub'] == 'Preview' OR empty($aClean['submit']))
{
HtmlAreaLoaderScript(array("editor"));
@@ -47,22 +56,22 @@ else if($_REQUEST['sub'] == 'Preview' OR empty($_REQUEST['submit']))
echo html_frame_start("Add Application Note", "90%","",0);
echo html_table_begin("width='100%' border=0 align=left cellpadding=6 cellspacing=0 class='box-body'");
echo "<input type=\"hidden\" name=\"versionId\" value=\"{$_REQUEST['versionId']}\">";
echo add_br($_REQUEST['noteDesc']);
echo "<input type=\"hidden\" name=\"versionId\" value=\"{$aClean['versionId']}\">";
echo add_br($aClean['noteDesc']);
if ($_REQUEST['noteTitle'] == "HOWTO" || $_REQUEST['noteTitle'] == "WARNING")
if ($aClean['noteTitle'] == "HOWTO" || $aClean['noteTitle'] == "WARNING")
{
echo "<input type=hidden name='noteTitle' value='{$_REQUEST['noteTitle']}'>";
echo "<tr><td class=color1>Type</td><td class=color0>{$_REQUEST['noteTitle']}</td></tr>\n";
echo "<input type=hidden name='noteTitle' value='{$aClean['noteTitle']}'>";
echo "<tr><td class=color1>Type</td><td class=color0>{$aClean['noteTitle']}</td></tr>\n";
}
else
{
echo "<tr><td class=color1>Title</td><td class=color0><input size='80%' type='text' name='noteTitle' type='text' value='{$_REQUEST['noteTitle']}'></td></tr>\n";
echo "<tr><td class=color1>Title</td><td class=color0><input size='80%' type='text' name='noteTitle' type='text' value='{$aClean['noteTitle']}'></td></tr>\n";
}
echo '<tr><td class="color4">Description</td><td class="color0">', "\n";
if(trim(strip_tags($_REQUEST['noteDesc']))=="") $_REQUEST['noteDesc']="<p>Enter note here</p>";
if ( $aClean['noteDesc'] == "" ) $aClean['noteDesc']="<p>Enter note here</p>";
echo '<p style="width:700px">', "\n";
echo '<textarea cols="80" rows="20" id="editor" name="noteDesc">'.stripslashes($_REQUEST['noteDesc']).'</textarea>',"\n";
echo '<textarea cols="80" rows="20" id="editor" name="noteDesc">'.stripslashes($aClean['noteDesc']).'</textarea>',"\n";
echo '</p>';
echo '</td></tr><tr><td colspan="2" align="center" class="color3">',"\n";
echo '<input type="submit" name="sub" value="Preview">&nbsp',"\n";