claunia/qemudb
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Filter all user input to reduce the security impact of manipulated data

Browse Source
This commit is contained in:
EA Durbin
2006-06-17 06:10:10 +00:00
committed by WineHQ
parent 02c5682c01
commit f982c8459e
53 changed files with 988 additions and 542 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
deletecomment.php
View File

@@ -11,7 +11,13 @@ require(BASE."include/incl.php");
require(BASE."include/application.php");
require(BASE."include/mail.php");
$oComment = new Comment($_REQUEST['commentId']);
$aClean = array(); //array of filtered user input
$aClean['str_why'] = makeSafe($_REQUEST['str_why']);
$aClean['commentId'] = makeSafe($_REQUEST['commentId']);
$aClean['int_delete_it'] = makeSafe($_REQUEST['int_delete_it']);
$oComment = new Comment($aClean['commentId']);
/* if we aren't an admin or the maintainer of this app we shouldn't be */
/* allowed to delete any comments */
@@ -23,7 +29,7 @@ if (!$_SESSION['current']->hasPriv("admin")
exit;
}
if($_SESSION['current']->getPref("confirm_comment_deletion") != "no" && !isset($_REQUEST['int_delete_it']))
if($_SESSION['current']->getPref("confirm_comment_deletion") != "no" && !isset($aClean['int_delete_it']))
{
apidb_header("Delete Comment");
$mesTitle = "<b>Please state why you are deleting the following comment</b>";
@@ -47,7 +53,7 @@ if($_SESSION['current']->getPref("confirm_comment_deletion") != "no" && !isset($
apidb_footer();
} else
{
$oComment->delete($_REQUEST['str_why']);
$oComment->delete($aClean['str_why']);
redirect(apidb_fullurl("appview.php?versionId=".$oComment->iVersionId));
}
?>