claunia/qemudb
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Filter all user input to reduce the security impact of manipulated data

Browse Source
This commit is contained in:
EA Durbin
2006-06-17 06:10:10 +00:00
committed by WineHQ
parent 02c5682c01
commit f982c8459e
53 changed files with 988 additions and 542 deletions
Download Patch File Download Diff File Expand all files Collapse all files

88
include/application.php
View File

@@ -6,6 +6,7 @@
require_once(BASE."include/version.php");
require_once(BASE."include/vendor.php");
require_once(BASE."include/url.php");
require_once(BASE."include/util.php");
/**
* Application class for handling applications.
@@ -308,6 +309,10 @@ class Application {
function mailSubmitter($sAction="add")
{
$aClean = array(); //array of filtered user input
$aClean['replyText'] = makeSafe($_REQUEST['replyText']);
if($this->iSubmitterId)
{
$oSubmitter = new User($this->iSubmitterId);
@@ -332,7 +337,7 @@ class Application {
$sMsg .= "Reason given:\n";
break;
$sMsg .= $_REQUEST['replyText']."\n";
$sMsg .= $aClean['replyText']."\n";
$sMsg .= "We appreciate your help in making the Application Database better for all users.";
}
mail_appdb($oSubmitter->sEmail, $sSubject ,$sMsg);
@@ -342,6 +347,10 @@ class Application {
function SendNotificationMail($sAction="add",$sMsg=null)
{
$aClean = array(); //array of filtered user input
$aClean['replyText'] = makeSafe($_REQUEST['replyText']);
switch($sAction)
{
case "add":
@@ -355,10 +364,10 @@ class Application {
$sMsg .= "This application has been submitted by ".$oSubmitter->sRealname.".";
$sMsg .= "\n";
}
if($_REQUEST['replyText'])
if($aClean['replyText'])
{
$sMsg .= "Appdb admin reply text:\n";
$sMsg .= $_REQUEST['replyText']."\n"; // append the reply text, if there is any
$sMsg .= $aClean['replyText']."\n"; // append the reply text, if there is any
}
addmsg("The application was successfully added into the database.", "green");
@@ -379,10 +388,10 @@ class Application {
$sSubject = $this->sName." has been deleted by ".$_SESSION['current']->sRealname;
// if replyText is set we should report the reason the application was deleted
if($_REQUEST['replyText'])
if($aClean['replyText'])
{
$sMsg .= "Reason given:\n";
$sMsg .= $_REQUEST['replyText']."\n"; // append the reply text, if there is any
$sMsg .= $aClean['replyText']."\n"; // append the reply text, if there is any
}
addmsg("Application deleted.", "green");
@@ -392,10 +401,10 @@ class Application {
$sMsg .= APPDB_ROOT."appsubmit.php?apptype=application&sub=view&appId=".$this->iAppId."\n";
// if replyText is set we should report the reason the application was rejected
if($_REQUEST['replyText'])
if($aClean['replyText'])
{
$sMsg .= "Reason given:\n";
$sMsg .= $_REQUEST['replyText']."\n"; // append the reply text, if there is any
$sMsg .= $aClean['replyText']."\n"; // append the reply text, if there is any
}
addmsg("Application rejected.", "green");
@@ -457,22 +466,31 @@ class Application {
function CheckOutputEditorInput()
{
$aClean = array(); //array of filtered user input
$aClean['appCatId'] = makeSafe($_REQUEST['appCatId']);
$aClean['appName'] = makeSafe($_REQUEST['appName']);
$aClean['appVendorName'] = makeSafe($_REQUEST['appVendorName']);
$aClean['appVendorId'] = makeSafe($_REQUEST['appVendorId']);
$aClean['appDescription'] = makeSafe($_REQUEST['appDescription']);
$errors = "";
if (empty($_REQUEST['appCatId']))
if (empty($aClean['appCatId']))
$errors .= "<li>Please enter a category for your application.</li>\n";
if (strlen($_REQUEST['appName']) > 200 )
if (strlen($aClean['appName']) > 200 )
$errors .= "<li>Your application name is too long.</li>\n";
if (empty($_REQUEST['appName']))
if (empty($aClean['appName']))
$errors .= "<li>Please enter an application name.</li>\n";
// No vendor entered, and nothing in the list is selected
if (empty($_REQUEST['appVendorName']) && !$_REQUEST['appVendorId'])
if (empty($aClean['appVendorName']) && !$aClean['appVendorId'])
$errors .= "<li>Please enter a vendor.</li>\n";
if (empty($_REQUEST['appDescription']))
if (empty($aClean['appDescription']))
$errors .= "<li>Please enter a description of your application.</li>\n";
return $errors;
@@ -481,30 +499,44 @@ class Application {
/* retrieves values from $_REQUEST that were output by OutputEditor() */
function GetOutputEditorValues()
{
$aClean = array(); //array of filtered user input
$aClean['appId'] = makeSafe($_REQUEST['appId']);
$aClean['appVendorId'] = makeSafe($_REQUEST['appVendorId']);
$aClean['appName'] = makeSafe($_REQUEST['appName']);
$aClean['appDescription'] = makeSafe($_REQUEST['appDescription']);
$aClean['appCatId'] = makeSafe($_REQUEST['appCatId']);
$aClean['appWebpage'] = makeSafe($_REQUEST['appWebpage']);
$aClean['appKeywords'] = makeSafe($_REQUEST['appKeywords']);
if(get_magic_quotes_gpc())
{
$this->iAppId = stripslashes($_REQUEST['appId']);
$this->sName = stripslashes($_REQUEST['appName']);
$this->sDescription = stripslashes($_REQUEST['appDescription']);
$this->iCatId = stripslashes($_REQUEST['appCatId']);
$this->iVendorId = stripslashes($_REQUEST['appVendorId']);
$this->sWebpage = stripslashes($_REQUEST['appWebpage']);
$this->sKeywords = stripslashes($_REQUEST['appKeywords']);
$this->iAppId = stripslashes($aClean['appId']);
$this->sName = stripslashes($aClean['appName']);
$this->sDescription = stripslashes($aClean['appDescription']);
$this->iCatId = stripslashes($aClean['appCatId']);
$this->iVendorId = stripslashes($aClean['appVendorId']);
$this->sWebpage = stripslashes($aClean['appWebpage']);
$this->sKeywords = stripslashes($aClean['appKeywords']);
} else
{
$this->iAppId = $_REQUEST['appId'];
$this->sName = $_REQUEST['appName'];
$this->sDescription = $_REQUEST['appDescription'];
$this->iCatId = $_REQUEST['appCatId'];
$this->iVendorId = $_REQUEST['appVendorId'];
$this->sWebpage = $_REQUEST['appWebpage'];
$this->sKeywords = $_REQUEST['appKeywords'];
$this->iAppId = $aClean['appId'];
$this->sName = $aClean['appName'];
$this->sDescription = $aClean['appDescription'];
$this->iCatId = $aClean['appCatId'];
$this->iVendorId = $aClean['appVendorId'];
$this->sWebpage = $aClean['appWebpage'];
$this->sKeywords = $aClean['appKeywords'];
}
}
/* display this application */
function display()
{
$aClean = array(); //array of filtered user input
$aClean['appId'] = makeSafe($_REQUEST['appId']);
/* is this user supposed to view this version? */
if(!$_SESSION['current']->canViewApplication($this))
{
@@ -546,7 +578,7 @@ class Application {
echo " <tr class=\"color1\"><td><b>URL</b></td><td>".$appLinkURL."</td></tr>\n";
// optional links
$result = query_appdb("SELECT * FROM appData WHERE appId = ".$_REQUEST['appId']." AND versionID = 0 AND type = 'url'");
$result = query_appdb("SELECT * FROM appData WHERE appId = ".$aClean['appId']." AND versionID = 0 AND type = 'url'");
if($result && mysql_num_rows($result) > 0)
{
echo " <tr class=\"color1\"><td> <b>Links</b></td><td>\n";
@@ -603,7 +635,7 @@ class Application {
if($_SESSION['current']->isSuperMaintainer($this->iAppId) || $_SESSION['current']->hasPriv("admin"))
{
echo ' <form method="post" name="edit" action="admin/editAppFamily.php"><input type="hidden" name="appId" value="'.$_REQUEST['appId'].'"><input type="submit" value="Edit Application" class="button"></form>';
echo ' <form method="post" name="edit" action="admin/editAppFamily.php"><input type="hidden" name="appId" value="'.$aClean['appId'].'"><input type="submit" value="Edit Application" class="button"></form>';
}
if($_SESSION['current']->isLoggedIn())
{

13
include/bugs.php
View File

@@ -1,4 +1,5 @@
<?php
require_once(BASE."include/util.php");
/******************************************/
/* bug class and related functions */
/******************************************/
@@ -190,6 +191,10 @@ class Bug {
function mailSubmitter($bRejected=false)
{
$aClean = array(); //array of filtered user input
$aClean['replyText'] = makeSafe($_REQUEST['replyText']);
if($this->iSubmitterId)
{
$oSubmitter = new User($this->iSubmitterId);
@@ -202,7 +207,7 @@ class Bug {
$sSubject = "Submitted Bug Link rejected";
$sMsg = "The Bug Link you submitted for ".lookup_app_name($this->iAppId)." ".lookup_version_name($this->iVersionId)." has been rejected.";
}
$sMsg .= $_REQUEST['replyText']."\n";
$sMsg .= $aClean['replyText']."\n";
$sMsg .= "We appreciate your help in making the Application Database better for all users.";
mail_appdb($oSubmitter->sEmail, $sSubject ,$sMsg);
@@ -255,6 +260,10 @@ class Bug {
function view_version_bugs($iVersionId = null, $aBuglinkIds)
{
$aClean = array(); //array of filtered user input
$aClean['buglinkId'] = makeSafe($_REQUEST['buglinkId']);
$bCanEdit = FALSE;
$oVersion = new Version($iVersionId);
@@ -325,7 +334,7 @@ function view_version_bugs($iVersionId = null, $aBuglinkIds)
{
echo '<input type="hidden" name="versionId" value="'.$iVersionId.'">',"\n";
echo '<tr class=color3><td align=center>',"\n";
echo '<input type="text" name="buglinkId" value="'.$_REQUEST['buglinkId'].'" size="8"></td>',"\n";
echo '<input type="text" name="buglinkId" value="'.$aClean['buglinkId'].'" size="8"></td>',"\n";
echo '<td><input type="submit" name="sub" value="Submit a new bug link."></td>',"\n";
echo '<td colspan=6></td></tr></form>',"\n";
}

12
include/comment.php
View File

@@ -367,6 +367,12 @@ function display_comments_flat($versionId)
function view_app_comments($versionId, $threadId = 0)
{
$aClean = array(); //array of filtered user input
$aClean['cmode'] = makeSafe($_REQUEST['cmode']);
$aClean['mode'] = makeSafe($_REQUEST['mode']);
// count posts
$result = query_appdb("SELECT commentId FROM appComments WHERE versionId = $versionId");
$messageCount = mysql_num_rows($result);
@@ -381,8 +387,8 @@ function view_app_comments($versionId, $threadId = 0)
if ($_SESSION['current']->isLoggedIn())
{
// FIXME we need to change this so not logged in users can change current view as well
if (isset($_REQUEST['cmode']))
$_SESSION['current']->setPref("comments:mode", $_REQUEST['cmode']);
if (!empty($aClean['cmode']))
$_SESSION['current']->setPref("comments:mode", $aClean['cmode']);
$sel[$_SESSION['current']->getPref("comments:mode", "threaded")] = 'selected';
echo '<td><form method="post" name="smode" action="appview.php">',"\n";
@@ -422,7 +428,7 @@ function view_app_comments($versionId, $threadId = 0)
else
$mode = "threaded"; /* default non-logged in users to threaded comment display mode */
if ($_REQUEST['mode']=="nested")
if ($aClean['mode']=="nested")
$mode = "nested";
switch ($mode)

42
include/distributions.php
View File

@@ -3,6 +3,7 @@
/* this class represents Distributions */
/***************************************/
require_once(BASE."include/mail.php");
require_once(BASE."include/util.php");
// Testing class for handling Distributions.
@@ -231,6 +232,11 @@ class distribution{
function mailSubmitter($sAction="add")
{
$aClean = array(); //array of filtered user input
$aClean['replyText'] = makeSafe($_REQUEST['replyText']);
if($this->iSubmitterId)
{
$oSubmitter = new User($this->iSubmitterId);
@@ -248,7 +254,7 @@ class distribution{
$sMsg = "The Distribution you submitted (".$this->sName.") has been rejected.";
$sMsg .= APPDB_ROOT."testingData.php?sub=view&versionId=".$this->iVersionId."\n";
$sMsg .= "Reason given:\n";
$sMsg .= $_REQUEST['replyText']."\n"; // append the reply text, if there is any
$sMsg .= $aClean['replyText']."\n"; // append the reply text, if there is any
}
break;
@@ -257,7 +263,7 @@ class distribution{
$sSubject = "Submitted Distribution deleted";
$sMsg = "The Distribution you submitted (".$this->sName.") has been deleted.";
$sMsg .= "Reason given:\n";
$sMsg .= $_REQUEST['replyText']."\n"; // append the reply text, if there is any
$sMsg .= $aClean['replyText']."\n"; // append the reply text, if there is any
}
break;
}
@@ -270,6 +276,9 @@ class distribution{
function SendNotificationMail($sAction="add",$sMsg=null)
{
$aClean = array(); //array of filtered user input
$aClean['replyText'] = makeSafe($_REQUEST['replyText']);
switch($sAction)
{
case "add":
@@ -283,7 +292,7 @@ class distribution{
$sMsg .= "This Distribution has been submitted by ".$oSubmitter->sRealname.".";
$sMsg .= "\n";
$sMsg .= "Appdb admin reply text:\n";
$sMsg .= $_REQUEST['replyText']."\n"; // append the reply text, if there is any
$sMsg .= $aClean['replyText']."\n"; // append the reply text, if there is any
}
addmsg("The Distribution was successfully added into the database.", "green");
} else // testing data queued.
@@ -303,10 +312,10 @@ class distribution{
$sSubject = "Distribution ".$this->sName." has been deleted by ".$_SESSION['current']->sRealname;
// if replyText is set we should report the reason the data was deleted
if($_REQUEST['replyText'])
if($aClean['replyText'])
{
$sMsg .= "Reason given:\n";
$sMsg .= $_REQUEST['replyText']."\n"; // append the reply text, if there is any
$sMsg .= $aClean['replyText']."\n"; // append the reply text, if there is any
}
addmsg("Distribution deleted.", "green");
@@ -316,10 +325,10 @@ class distribution{
$sMsg = APPDB_ROOT."distributionView.php?iDistributionId=".$this->iDistributionId."\n";
// if replyText is set we should report the reason the data was rejected
if($_REQUEST['replyText'])
if($aClean['replyText'])
{
$sMsg .= "Reason given:\n";
$sMsg .= $_REQUEST['replyText']."\n"; // append the reply text, if there is any
$sMsg .= $aClean['replyText']."\n"; // append the reply text, if there is any
}
addmsg("Distribution rejected.", "green");
@@ -351,16 +360,23 @@ class distribution{
/* retrieves values from $_REQUEST that were output by OutputEditor() */
function GetOutputEditorValues()
{
$aClean = array(); //array of filtered user input
$aClean['iDistributionId'] = makeSafe($_REQUEST['iDistributionId']);
$aClean['sName'] = makeSafe($_REQUEST['sName']);
$aClean['sUrl'] = makeSafe($_REQUEST['sUrl']);
if(get_magic_quotes_gpc())
{
$this->iDistributionId = stripslashes($_REQUEST['iDistributionId']);
$this->sName = stripslashes($_REQUEST['sName']);
$this->sUrl = stripslashes($_REQUEST['sUrl']);
$this->iDistributionId = stripslashes($aClean['iDistributionId']);
$this->sName = stripslashes($aClean['sName']);
$this->sUrl = stripslashes($aClean['sUrl']);
} else
{
$this->iDistributionId = $_REQUEST['iDistributionId'];
$this->sName = $_REQUEST['sName'];
$this->sUrl = $_REQUEST['sUrl'];
$this->iDistributionId = $aClean['iDistributionId'];
$this->sName = $aClean['sName'];
$this->sUrl = $aClean['sUrl'];
}
}

7
include/form_edit.php
View File

@@ -1,4 +1,9 @@
<?php
require_once(BASE."include/util.php");
$aClean = array(); //array of filtered user input
$aClean['userId'] = makeSafe($_REQUEST['userId']);
/*********************/
/* Edit Account Form */
/*********************/
@@ -23,7 +28,7 @@
</tr>
<?php
// if we manage another user we can give him administrator rights
if($oUser->iUserId == $_REQUEST['userId'])
if($oUser->iUserId == $aClean['userId'])
{
?>
<tr>

8
include/form_login.php
View File

@@ -1,4 +1,10 @@
<?php
require_once(BASE."include/util.php");
$aClean = array(); //array of filtered user input
$aClean['ext_email'] = makeSafe($_POST['ext_email']);
/**************/
/* Login Form */
/**************/
@@ -19,7 +25,7 @@ function cmd_send_passwd() {
<table border="0" width="100%" cellspacing=0 cellpadding="10">
<tr>
<td class=color1> E-mail </td>
<td class=color0> <input type="text" name="ext_email" value='<?php if(isset($_POST['ext_email'])) echo $_POST['ext_email']?>'> </td>
<td class=color0> <input type="text" name="ext_email" value='<?php if(!empty($aClean['ext_email'])) echo $aClean['ext_email']?>'> </td>
</tr>
<tr>
<td class=color1> Password </td>

12
include/form_new.php
View File

@@ -1,4 +1,12 @@
<?php
require_once(BASE."include/util.php");
$aClean = array(); //array of filtered user input
$aClean['ext_email'] = makeSafe($_POST['ext_email']);
$aClean['ext_realname'] = makeSafe($_POST['realname']);
/********************/
/* New Account Form */
/********************/
@@ -11,7 +19,7 @@ echo html_frame_start("Create New Application DB Account","400","",0)
<table border=0 width="100%" cellspacing=0 cellpadding=20>
<tr>
<td class=color1> E-mail </td>
<td class=color0> <input type="text" name="ext_email" value='<?php if(isset($_POST['ext_email'])) echo $_POST['ext_email']?>'> </td>
<td class=color0> <input type="text" name="ext_email" value='<?php if(!empty($aClean['ext_email'])) echo $aClean['ext_email']?>'> </td>
</tr>
<tr>
<td class=color1> Password </td>
@@ -23,7 +31,7 @@ echo html_frame_start("Create New Application DB Account","400","",0)
</tr>
<tr>
<td class=color1> Real Name </td>
<td class=color0> <input type="text" name="ext_realname" value='<?php if(isset($_POST['ext_realname'])) echo $_POST['ext_realname']?>'> </td>
<td class=color0> <input type="text" name="ext_realname" value='<?php if(!empty($aClean['ext_realname'])) echo $aClean['ext_realname']?>'> </td>
</tr>
<?php

9
include/note.php
View File

@@ -1,4 +1,9 @@
<?php
require_once(BASE."include/util.php");
$aClean = array(); //array of filtered user input
$aClean['replyText'] = makeSafe( $_REQUEST['replyText'] );
/************************************/
/* note class and related functions */
/************************************/
@@ -140,8 +145,8 @@ class Note {
$sMsg .= $this->sBody."\n";
$sMsg .= "\n";
$sMsg .= "Because:\n";
if($_REQUEST['replyText'])
$sMsg .= $_REQUEST['replyText']."\n";
if($aClean['replyText'])
$sMsg .= $aClean['replyText']."\n";
else
$sMsg .= "No reason given.\n";

8
include/screenshot.php
View File

@@ -3,7 +3,9 @@
/* screenshot class and related functions */
/******************************************/
require_once(BASE."include/util.php");
require_once(BASE."include/image.php");
// load the watermark
$watermark = new image("/images/watermark.png");
@@ -233,6 +235,10 @@ class Screenshot {
function mailSubmitter($bRejected=false)
{
$aClean = array(); //array of filtered user input
$aClean['replyText'] = makeSafe($_REQUEST['replyText']);
if($this->iSubmitterId)
{
$oSubmitter = new User($this->iSubmitterId);
@@ -245,7 +251,7 @@ class Screenshot {
$sSubject = "Submitted screenshot rejected";
$sMsg = "The screenshot you submitted for ".lookup_app_name($this->iAppId)." ".lookup_version_name($this->iVersionId)." has been rejected.";
}
$sMsg .= $_REQUEST['replyText']."\n";
$sMsg .= $aClean['replyText']."\n";
$sMsg .= "We appreciate your help in making the Application Database better for all users.";
mail_appdb($oSubmitter->sEmail, $sSubject ,$sMsg);

9
include/sidebar.php
View File

@@ -4,9 +4,14 @@
/***********/
require_once(BASE."include/distributions.php");
require_once(BASE."include/vendor.php");
require_once(BASE."include/util.php");
function global_sidebar_menu() {
$aClean = array(); //array of filtered user input
$aClean['q'] = makeSafe($_REQUEST['q']);
$g = new htmlmenu(APPDB_OWNER." Menu");
$g->add(APPDB_OWNER, APPDB_OWNER_URL);
$g->add("AppDB", BASE);
@@ -29,7 +34,7 @@ function global_sidebar_menu() {
$g->done();
$g = new htmlmenu("Search");
$g->addmisc(app_search_box(isset($_REQUEST['q']) ? $_REQUEST['q'] : ''));
$g->addmisc(app_search_box(!empty($aClean['q']) ? $aClean['q'] : ''));
$g->done();
}

129
include/testResults.php
View File

@@ -3,7 +3,7 @@
/* this class represents Testing results */
/*****************************************/
require_once(BASE."include/distributions.php");
require_once(BASE."include/util.php");
// Testing class for handling Testing History.
class testData{
@@ -228,6 +228,11 @@ class testData{
function mailSubmitter($sAction="add")
{
$aClean = array(); //array of filtered user input
$aClean = makeSafe($_REQUEST['replyText']);
if($this->iSubmitterId)
{
$oSubmitter = new User($this->iSubmitterId);
@@ -251,7 +256,7 @@ class testData{
$sMsg .= "Reason given:\n";
break;
}
$sMsg .= $_REQUEST['replyText']."\n";
$sMsg .= $aClean['replyText']."\n";
$sMsg .= "We appreciate your help in making the Application Database better for all users.";
mail_appdb($oSubmitter->sEmail, $sSubject ,$sMsg);
@@ -261,6 +266,10 @@ class testData{
function SendNotificationMail($sAction="add",$sMsg=null)
{
$aClean = array(); //array of filtered user input
$aClean['replyText'] = makeSafe($_REQUEST['replyText']);
$oVersion = new Version($this->iVersionId);
$oApp = new Application($oVersion->iAppId);
switch($sAction)
@@ -276,10 +285,10 @@ class testData{
$sMsg .= "This Testing data has been submitted by ".$oSubmitter->sRealname.".";
$sMsg .= "\n";
}
if($_REQUEST['replyText'])
if($aClean['replyText'])
{
$sMsg .= "Appdb admin reply text:\n";
$sMsg .= $_REQUEST['replyText']."\n"; // append the reply text, if there is any
$sMsg .= $aClean['replyText']."\n"; // append the reply text, if there is any
}
addmsg("The testing data was successfully added into the database.", "green");
} else // testing data queued.
@@ -299,10 +308,10 @@ class testData{
case "delete":
$sSubject = "Test Results deleted for version ".$oVersion->sName." of ".$oApp->sName." submitted by ".$_SESSION['current']->sRealname;
// if replyText is set we should report the reason the data was deleted
if($_REQUEST['replyText'])
if($aClean['replyText'])
{
$sMsg .= "Reason given:\n";
$sMsg .= $_REQUEST['replyText']."\n"; // append the reply text, if there is any
$sMsg .= $aClean['replyText']."\n"; // append the reply text, if there is any
}
addmsg("testing data deleted.", "green");
@@ -311,10 +320,10 @@ class testData{
$sSubject = "Test Results rejected for version ".$oVersion->sName." of ".$oApp->sName." submitted by ".$_SESSION['current']->sRealname;
$sMsg .= APPDB_ROOT."admin/adminTestResults.php?sub=view&iTestingId=".$this->iTestingId."\n";
// if replyText is set we should report the reason the data was rejected
if($_REQUEST['replyText'])
if($aClean['replyText'])
{
$sMsg .= "Reason given:\n";
$sMsg .= $_REQUEST['replyText']."\n"; // append the reply text, if there is any
$sMsg .= $aClean['replyText']."\n"; // append the reply text, if there is any
}
addmsg("testing data rejected.", "green");
break;
@@ -351,7 +360,10 @@ class testData{
// Show the Test results for a application version
function ShowVersionsTestingTable($iVersionId, $iCurrentTest, $link, $iDisplayLimit)
{
$showAll = $_REQUEST['showAll'];
$aClean = array(); //array of filtered user input
$aClean['showAll'] = makeSafe($_REQUEST['showAll']);
$showAll = $aClean['showAll'];
$sQuery = "SELECT *
FROM testResults
@@ -500,38 +512,46 @@ class testData{
function CheckOutputEditorInput($sDistribution="")
{
$errors = "";
$sWhatWorks = trim($_REQUEST['sWhatWorks']);
$sWhatDoesnt = trim($_REQUEST['sWhatDoesnt']);
$sWhatNotTested = trim($_REQUEST['sWhatNotTested']);
$sDistribution = trim($_REQUEST['sDistribution']);
$aClean = array(); //array of filtered user input
$aClean['sWhatWorks'] = makeSafe($_REQUEST['sWhatWorks']);
$aClean['sWhatDoesnt'] = makeSafe($_REQUEST['sWhatDoesnt']);
$aClean['sWhatNotTested'] = makeSafe($_REQUEST['sWhatNotTested']);
$aClean['sDistribution'] = makeSafe($_REQUEST['sDistribution']);
$aClean['sTestedDate'] = makeSafe($_REQUEST['sTestedDate']);
$aClean['sTestedRelease'] = makeSafe($_REQUEST['sTestedRelease']);
$aClean['iDistributionId'] = makeSafe($_REQUEST['iDistributionId']);
$aClean['sInstalls'] = makeSafe($_REQUEST['sInstalls']);
$aClean['sRuns'] = makeSafe($_REQUEST['sRuns']);
$aClean['sTestedRating'] = makeSafe($_REQUEST['sTestedRating']);
if (empty($sWhatWorks))
$errors = "";
if (empty($aClean['sWhatWorks']))
$errors .= "<li>Please enter what worked.</li>\n";
if (empty($sWhatDoesnt))
if (empty($aClean['sWhatDoesnt']))
$errors .= "<li>Please enter what did not work.</li>\n";
if (empty($sWhatNotTested))
if (empty($aClean['sWhatNotTested']))
$errors .= "<li>Please enter what was not tested.</li>\n";
if (empty($_REQUEST['sTestedDate']))
if (empty($aClean['sTestedDate']))
$errors .= "<li>Please enter the date and time when you tested.</li>\n";
if (empty($_REQUEST['sTestedRelease']))
if (empty($aClean['sTestedRelease']))
$errors .= "<li>Please enter the version of Wine that you tested with.</li>\n";
// No Distribution entered, and nothing in the list is selected
if (empty($sDistribution) && !$_REQUEST['iDistributionId'])
if (empty($sDistribution) && !$aClean['iDistributionId'])
$errors .= "<li>Please enter a distribution.</li>\n";
if (empty($_REQUEST['sInstalls']))
if (empty($aClean['sInstalls']))
$errors .= "<li>Please enter whether this application installs or not.</li>\n";
if (empty($_REQUEST['sRuns']))
if (empty($aClean['sRuns']))
$errors .= "<li>Please enter whether this application runs or not.</li>\n";
if (empty($_REQUEST['sTestedRating']))
if (empty($aClean['sTestedRating']))
$errors .= "<li>Please enter a rating based on how well this application runs.</li>\n";
return $errors;
@@ -541,34 +561,49 @@ class testData{
/* retrieves values from $_REQUEST that were output by OutputEditor() */
function GetOutputEditorValues()
{
$aClean = array(); //array of filtered user input
$aClean['iTestingId'] = makeSafe($_REQUEST['iTestingId']);
$aClean['iVersionId'] = makeSafe($_REQUEST['iVersionId']);
$aClean['sWhatWorks'] = makeSafe($_REQUEST['sWhatWorks']);
$aClean['sWhatDoesnt'] = makeSafe($_REQUEST['sWhatDoesnt']);
$aClean['sWhatNotTested'] = makeSafe($_REQUEST['sWhatNotTested']);
$aClean['sTestedDate'] = makeSafe($_REQUEST['sTestedDate']);
$aClean['iDistributionId'] = makeSafe($_REQUEST['iDistributionId']);
$aClean['sTestedRelease'] = makeSafe($_REQUEST['sTestedRelease']);
$aClean['sInstalls'] = makeSafe($_REQUEST['sInstalls']);
$aClean['sRuns'] = makeSafe($_REQUEST['sRuns']);
$aClean['sTestedRating'] = makeSafe($_REQUEST['sTestedRating']);
$aClean['sComments'] = makeSafe($_REQUEST['sComments']);
if(get_magic_quotes_gpc())
{
$this->iTestingId = stripslashes($_REQUEST['iTestingId']);
$this->iVersionId = stripslashes($_REQUEST['iVersionId']);
$this->sWhatWorks = stripslashes($_REQUEST['sWhatWorks']);
$this->sWhatDoesnt = stripslashes($_REQUEST['sWhatDoesnt']);
$this->sWhatNotTested = stripslashes($_REQUEST['sWhatNotTested']);
$this->sTestedDate = stripslashes($_REQUEST['sTestedDate']);
$this->iDistributionId = stripslashes($_REQUEST['iDistributionId']);
$this->sTestedRelease = stripslashes($_REQUEST['sTestedRelease']);
$this->sInstalls = stripslashes($_REQUEST['sInstalls']);
$this->sRuns = stripslashes($_REQUEST['sRuns']);
$this->sTestedRating = stripslashes($_REQUEST['sTestedRating']);
$this->sComments = stripslashes($_REQUEST['sComments']);
$this->iTestingId = stripslashes($aClean['iTestingId']);
$this->iVersionId = stripslashes($aClean['iVersionId']);
$this->sWhatWorks = stripslashes($aClean['sWhatWorks']);
$this->sWhatDoesnt = stripslashes($aClean['sWhatDoesnt']);
$this->sWhatNotTested = stripslashes($aClean['sWhatNotTested']);
$this->sTestedDate = stripslashes($aClean['sTestedDate']);
$this->iDistributionId = stripslashes($aClean['iDistributionId']);
$this->sTestedRelease = stripslashes($aClean['sTestedRelease']);
$this->sInstalls = stripslashes($aClean['sInstalls']);
$this->sRuns = stripslashes($aClean['sRuns']);
$this->sTestedRating = stripslashes($aClean['sTestedRating']);
$this->sComments = stripslashes($aClean['sComments']);
} else
{
$this->iTestingId = $_REQUEST['iTestingId'];
$this->iVersionId = $_REQUEST['iVersionId'];
$this->sWhatWorks = $_REQUEST['sWhatWorks'];
$this->sWhatDoesnt = $_REQUEST['sWhatDoesnt'];
$this->sWhatNotTested = $_REQUEST['sWhatNotTested'];
$this->sTestedDate = $_REQUEST['sTestedDate'];
$this->iDistributionId = $_REQUEST['iDistributionId'];
$this->sTestedRelease = $_REQUEST['sTestedRelease'];
$this->sInstalls = $_REQUEST['sInstalls'];
$this->sRuns = $_REQUEST['sRuns'];
$this->sTestedRating = $_REQUEST['sTestedRating'];
$this->sComments = $_REQUEST['sComments'];
$this->iTestingId = $aClean['iTestingId'];
$this->iVersionId = $aClean['iVersionId'];
$this->sWhatWorks = $aClean['sWhatWorks'];
$this->sWhatDoesnt = $aClean['sWhatDoesnt'];
$this->sWhatNotTested = $aClean['sWhatNotTested'];
$this->sTestedDate = $aClean['sTestedDate'];
$this->iDistributionId = $aClean['iDistributionId'];
$this->sTestedRelease = $aClean['sTestedRelease'];
$this->sInstalls = $aClean['sInstalls'];
$this->sRuns = $aClean['sRuns'];
$this->sTestedRating = $aClean['sTestedRating'];
$this->sComments = $aClean['sComments'];
}
}

14
include/url.php
View File

@@ -2,7 +2,7 @@
/***************************************/
/* url class and related functions */
/***************************************/
require_once(BASE."include/util.php");
/**
* Url class for handling urls
@@ -51,8 +51,13 @@ class Url {
*/
function create($sDescription = null, $sUrl = null, $iVersionId = null, $iAppId = null)
{
$aClean = array(); //array of filtered user input
$aClean['versionId'] = makeSafe($_REQUEST['versionId']);
$aClean['appId'] = makeSafe($_REQUEST['appId']);
// Security, if we are not an administrator or a maintainer, the url must be queued.
if(!($_SESSION['current']->hasPriv("admin") || $_SESSION['current']->isMaintainer($_REQUEST['versionId']) || $_SESSION['current']->isSupermaintainer($_REQUEST['appId'])))
if(!($_SESSION['current']->hasPriv("admin") || $_SESSION['current']->isMaintainer($aClean['versionId']) || $_SESSION['current']->isSupermaintainer($aClean['appId'])))
{
$this->bQueued = true;
}
@@ -177,6 +182,9 @@ class Url {
function mailSubmitter($bRejected=false)
{
$aClean = array(); //array of filtered user input
$aClean['replyText'] = makeSafe($_REQUEST['replyText']);
if($this->iSubmitterId)
{
$oSubmitter = new User($this->iSubmitterId);
@@ -189,7 +197,7 @@ class Url {
$sSubject = "Submitted url rejected";
$sMsg = "The url you submitted for ".lookup_app_name($this->appId)." ".lookup_version_name($this->versionId)." has been rejected.";
}
$sMsg .= $_REQUEST['replyText']."\n";
$sMsg .= $aClean['replyText']."\n";
$sMsg .= "We appreciate your help in making the Application Database better for all users.";
mail_appdb($oSubmitter->sEmail, $sSubject ,$sMsg);

7
include/user.php
View File

@@ -4,6 +4,7 @@
/************************************/
require_once(BASE."include/version.php");
require_once(BASE."include/util.php");
/**
* User class for handling users
@@ -267,6 +268,10 @@ class User {
*/
function addAsMaintainer($iAppId, $iVersionId, $bSuperMaintainer, $iQueueId)
{
$aClean = array();
$aClean['replyText'] = makeSafe($_REQUEST['replyText']);
/* if the user isn't already a supermaintainer of the application and */
/* if they are trying to become a maintainer and aren't already a maintainer of */
/* the version, then continue processing the request */
@@ -295,7 +300,7 @@ class User {
{
$sSubject = "Application Maintainer Request Report";
$sMsg = "Your application to be the maintainer of ".$oApp->sName." ".$oVersion->sName." has been accepted. ";
$sMsg .= $_REQUEST['replyText'];
$sMsg .= $aClean['replyText'];
$sMsg .= "We appreciate your help in making the Application Database better for all users.\n\n";
mail_appdb($sEmail, $sSubject ,$sMsg);

7
include/util.php
View File

@@ -1,4 +1,11 @@
<?php
function makeSafe($var)
{
$var = trim(addslashes($var));
return $var;
}
function build_urlarg($vars)
{
$arr = array();

69
include/version.php
View File

@@ -8,6 +8,7 @@ require_once(BASE."include/comment.php");
require_once(BASE."include/url.php");
require_once(BASE."include/screenshot.php");
require_once(BASE."include/bugs.php");
require_once(BASE."include/util.php");
/**
* Version class for handling versions.
@@ -414,6 +415,9 @@ class Version {
function mailSubmitter($sAction="add")
{
$aClean = array(); //array of filtered user input
$aClean['replyText'] = makeSafe($_REQUEST['replyText']);
if($this->iSubmitterId)
{
$oApp = new Application($this->iAppId);
@@ -439,7 +443,7 @@ class Version {
$sMsg .= "Reason given:\n";
break;
}
$sMsg .= $_REQUEST['replyText']."\n";
$sMsg .= $aClean['replyText']."\n";
$sMsg .= "We appreciate your help in making the Version Database better for all users.";
mail_appdb($oSubmitter->sEmail, $sSubject ,$sMsg);
@@ -449,6 +453,9 @@ class Version {
function SendNotificationMail($sAction="add",$sMsg=null)
{
$aClean = array(); //array of filtered user input
$aClean['replyText'] = makeSafe($_REQUEST['replyText']);
$oApp = new Application($this->iAppId);
switch($sAction)
{
@@ -463,10 +470,10 @@ class Version {
$sMsg .= "This version has been submitted by ".$oSubmitter->sRealname.".";
$sMsg .= "\n";
}
if($_REQUEST['replyText'])
if($aClean['replyText'])
{
$sMsg .= "Appdb admin reply text:\n";
$sMsg .= $_REQUEST['replyText']."\n"; // append the reply text, if there is any
$sMsg .= $aClean['replyText']."\n"; // append the reply text, if there is any
}
addmsg("The version was successfully added into the database.", "green");
@@ -487,10 +494,10 @@ class Version {
$sSubject = "Version '".$this->sName."' of '".$oApp->sName."' has been deleted by ".$_SESSION['current']->sRealname;
// if replyText is set we should report the reason the application was deleted
if($_REQUEST['replyText'])
if($aClean['replyText'])
{
$sMsg .= "Reason given:\n";
$sMsg .= $_REQUEST['replyText']."\n"; // append the reply text, if there is any
$sMsg .= $aClean['replyText']."\n"; // append the reply text, if there is any
}
addmsg("Version deleted.", "green");
@@ -500,10 +507,10 @@ class Version {
$sMsg .= APPDB_ROOT."appsubmit.php?apptype=application&sub=view&versionId=".$this->iVersionId."\n";
// if replyText is set we should report the reason the version was rejected
if($_REQUEST['replyText'])
if($aClean['replyText'])
{
$sMsg .= "Reason given:\n";
$sMsg .= $_REQUEST['replyText']."\n"; // append the reply text, if there is any
$sMsg .= $aClean['replyText']."\n"; // append the reply text, if there is any
}
addmsg("Version rejected.", "green");
@@ -580,12 +587,17 @@ class Version {
function CheckOutputEditorInput()
{
$aClean = array(); //array of filtered user input
$aClean['versionName'] = makeSafe($_REQUEST['versionName']);
$aClean['versionDescription'] = makeSafe($_REQUEST['versionDescription']);
$errors = "";
if (empty($_REQUEST['versionName']))
if (empty($aClean['versionName']))
$errors .= "<li>Please enter an application version.</li>\n";
if (empty($_REQUEST['versionDescription']))
if (empty($aClean['versionDescription']))
$errors .= "<li>Please enter a version description.</li>\n";
return $errors;
@@ -594,29 +606,40 @@ class Version {
/* retrieves values from $_REQUEST that were output by OutputEditor() */
function GetOutputEditorValues()
{
$aClean = array(); //array of filtered user input
$aClean['appid'] = makeSafe($_REQUEST['appId']);
$aClean['versionId'] = makeSafe($_REQUEST['versionId']);
$aClean['versionName'] = makeSafe($_REQUEST['versionName']);
$aClean['versionDescription'] = makeSafe($_REQUEST['versionDescription']);
$aClean['maintainer_rating'] = makeSafe($_REQUEST['maintainer_rating']);
$aClean['maintainer_release'] = makeSafe($_REQUEST['maintainer_release']);
if(get_magic_quotes_gpc())
{
$this->iAppId = stripslashes($_REQUEST['appId']);
$this->iVersionId = stripslashes($_REQUEST['versionId']);
$this->sName = stripslashes($_REQUEST['versionName']);
$this->sDescription = stripslashes($_REQUEST['versionDescription']);
$this->sTestedRating = stripslashes($_REQUEST['maintainer_rating']);
$this->sTestedRelease = stripslashes($_REQUEST['maintainer_release']);
$this->iAppId = stripslashes($aClean['appId']);
$this->iVersionId = stripslashes($aClean['versionId']);
$this->sName = stripslashes($aClean['versionName']);
$this->sDescription = stripslashes($aClean['versionDescription']);
$this->sTestedRating = stripslashes($aClean['maintainer_rating']);
$this->sTestedRelease = stripslashes($aClean['maintainer_release']);
} else
{
$this->iAppId = $_REQUEST['appId'];
$this->iVersionId = $_REQUEST['versionId'];
$this->sName = $_REQUEST['versionName'];
$this->sDescription = $_REQUEST['versionDescription'];
$this->iAppId = $aClean['appId'];
$this->iVersionId = $aClean['versionId'];
$this->sName = $aClean['versionName'];
$this->sDescription = $aClean['versionDescription'];
$this->sTestedRating = $_REQUEST['maintainer_rating'];
$this->sTestedRelease = $_REQUEST['maintainer_release'];
$this->sTestedRating = $aClean['maintainer_rating'];
$this->sTestedRelease = $aClean['maintainer_release'];
}
}
function display()
{
$aClean = array(); //array of filtered user input
$aClean['iTestingId'] = makeSafe($_REQUEST['iTestingId']);
/* is this user supposed to view this version? */
if(!$_SESSION['current']->canViewVersion($this))
{
@@ -801,7 +824,7 @@ class Version {
echo $this->sDescription;
// Show testing data
$oTest = new TestData($_REQUEST['iTestingId']);
$oTest = new TestData($aClean['iTestingId']);
$iCurrentTest = $oTest->ShowTestResult($oTest->iTestingId, $this->iVersionId);
if($iCurrentTest)
{

8
include/vote.php
View File

@@ -1,5 +1,5 @@
<?php
require_once(BASE."include/util.php");
/* max votes per user */
define('MAX_VOTES',3);
@@ -111,6 +111,10 @@ function vote_get_user_votes($userId = null)
function vote_menu()
{
$aClean = array(); //array of filtered user input
$aClean['appid'] = makeSafe($_REQUEST['appId']);
$m = new htmlmenu("Votes","updatevote.php");
$votes = vote_get_user_votes();
@@ -132,7 +136,7 @@ function vote_menu()
$m->add("<input type=submit name=clear value=' Clear Vote ' class=votebutton>");
$m->add("<input type=submit name=vote value='Vote for App' class=votebutton>");
$m->addmisc("<input type=hidden name=appId value={$_REQUEST['appId']}>");
$m->addmisc("<input type=hidden name=appId value={$aClean['appId']}>");
$m->add("View Results", BASE."votestats.php");
$m->add("Voting Help", BASE."help/?topic=voting");