claunia/qemudb
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Filter all user input to reduce the security impact of manipulated data

Browse Source
This commit is contained in:
EA Durbin
2006-06-17 06:10:10 +00:00
committed by WineHQ
parent 02c5682c01
commit f982c8459e
53 changed files with 988 additions and 542 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
admin/editAppVersion.php
View File

@@ -5,28 +5,34 @@ require(BASE."include/tableve.php");
require(BASE."include/application.php");
require(BASE."include/mail.php");
if(!is_numeric($_REQUEST['appId']) OR !is_numeric($_REQUEST['versionId']))
$aClean = array(); //array of filtered user input
$aClean['appId'] = makeSafe($_REQUEST['appId']);
$aClean['versionId'] = makeSafe($_REQUEST['versionId']);
$aClean['submit'] = makeSafe($_REQUEST['submit']);
if(!is_numeric($aClean['appId']) OR !is_numeric($aClean['versionId']))
{
errorpage("Wrong ID");
exit;
}
/* Check for admin privs */
if(!$_SESSION['current']->hasPriv("admin") && !$_SESSION['current']->isMaintainer($_REQUEST['versionId']) && !$_SESSION['current']->isSuperMaintainer($_REQUEST['appId']))
if(!$_SESSION['current']->hasPriv("admin") && !$_SESSION['current']->isMaintainer($aClean['versionId']) && !$_SESSION['current']->isSuperMaintainer($aClean['appId']))
{
errorpage("Insufficient Privileges!");
exit;
}
/* process the changes the user entered into the web form */
if(isset($_REQUEST['submit']))
if(!empty($aClean['submit']))
{
process_app_version_changes(true);
redirect(apidb_fullurl("appview.php?versionId=".$_REQUEST['versionId']));
redirect(apidb_fullurl("appview.php?versionId=".$aClean['versionId']));
} else /* or display the webform for making changes */
{
$oVersion = new Version($_REQUEST['versionId']);
$oVersion = new Version($aClean['versionId']);
apidb_header("Edit Application Version");