claunia/qemudb
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Filter all user input to reduce the security impact of manipulated data

Browse Source
This commit is contained in:
EA Durbin
2006-06-17 06:10:10 +00:00
committed by WineHQ
parent 02c5682c01
commit f982c8459e
53 changed files with 988 additions and 542 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
admin/adminMaintainers.php
View File

@@ -9,6 +9,11 @@
include("path.php");
require(BASE."include/incl.php");
$aClean = array(); //array of filtered user input
$aClean['sub'] = makeSafe($_REQUEST['sub']);
$aClean['maintainerId'] = makeSafe($_REQUEST['maintainerId']);
// deny access if not logged in
if(!$_SESSION['current']->hasPriv("admin"))
{
@@ -19,13 +24,13 @@ if(!$_SESSION['current']->hasPriv("admin"))
apidb_header("Admin Maintainers");
echo '<form name="qform" action="adminMaintainers.php" method="post" enctype="multipart/form-data">',"\n";
if ($_REQUEST['sub'])
if ($aClean['sub'])
{
if($_REQUEST['sub'] == 'delete')
if($aClean['sub'] == 'delete')
{
$sQuery = "DELETE FROM appMaintainers WHERE maintainerId = ".$_REQUEST['maintainerId'].";";
$sQuery = "DELETE FROM appMaintainers WHERE maintainerId = ".$aClean['maintainerId'].";";
$hResult = query_appdb($sQuery);
echo html_frame_start("Delete maintainer: ".$_REQUEST['maintainerId'],400,"",0);
echo html_frame_start("Delete maintainer: ".$aClean['maintainerId'],400,"",0);
if($hResult)
{
// success