Filter all user input to reduce the security impact of manipulated data
This commit is contained in:
EA Durbin
WineHQ
@@ -9,6 +9,19 @@
|
||||
include("path.php");
|
||||
include(BASE."include/"."incl.php");
|
||||
|
||||
$aClean = array(); //array of filtered user input
|
||||
|
||||
$aClean['userId'] = makeSafe($REQUEST['userId']);
|
||||
$aClean['iLimit'] = makeSafe($REQUEST['iLimit']);
|
||||
$aClean['sOrderBy'] = makeSafe($REQUEST['sOrderBy']);
|
||||
$aClean['ext_password'] = makeSafe($REQUEST['ext_password']);
|
||||
$aClean['ext_password2'] = makeSafe($REQUEST['ext_password2']);
|
||||
$aClean['ext_email'] = makeSafe($REQUEST['ext_email']);
|
||||
$aClean['ext_realname'] = makeSafe($REQUEST['ext_realname']);
|
||||
$aClean['CVSrelease'] = makeSafe($REQUEST['CVSrelease']);
|
||||
$aClean['ext_hasadmin'] = makeSafe($POST['ext_hasadmin']);
|
||||
|
||||
|
||||
if(!$_SESSION['current']->isLoggedIn())
|
||||
{
|
||||
errorpage("You must be logged in to edit preferences");
|
||||
@@ -17,12 +30,12 @@ if(!$_SESSION['current']->isLoggedIn())
|
||||
|
||||
// we come from the administration to edit an user
|
||||
if($_SESSION['current']->hasPriv("admin") &&
|
||||
is_numeric($_REQUEST['userId']) &&
|
||||
is_numeric($_REQUEST['iLimit']) &&
|
||||
in_array($_REQUEST['sOrderBy'],array("email","realname","created"))
|
||||
is_numeric($aClean['userId']) &&
|
||||
is_numeric($aClean['iLimit']) &&
|
||||
in_array($aClean['sOrderBy'],array("email","realname","created"))
|
||||
)
|
||||
{
|
||||
$oUser = new User($_REQUEST['userId']);
|
||||
$oUser = new User($aClean['userId']);
|
||||
} else
|
||||
{
|
||||
$oUser = &$_SESSION['current'];
|
||||
@@ -80,32 +93,32 @@ function show_user_fields()
|
||||
|
||||
if($_POST)
|
||||
{
|
||||
while(list($key, $value) = each($_REQUEST))
|
||||
while(list($key, $value) = each($aClean))
|
||||
{
|
||||
if(!ereg("^pref_(.+)$", $key, $arr))
|
||||
continue;
|
||||
$oUser->setPref($arr[1], $value);
|
||||
}
|
||||
|
||||
if ($_REQUEST['ext_password'] == $_REQUEST['ext_password2'])
|
||||
if ($aClean['ext_password'] == $aClean['ext_password2'])
|
||||
{
|
||||
$str_passwd = $_REQUEST['ext_password'];
|
||||
$str_passwd = $aClean['ext_password'];
|
||||
}
|
||||
else if ($_REQUEST['ext_password'])
|
||||
else if ($aClean['ext_password'])
|
||||
{
|
||||
addmsg("The Passwords you entered did not match.", "red");
|
||||
}
|
||||
if ($oUser->update($_REQUEST['ext_email'], $str_passwd, $_REQUEST['ext_realname'], $_REQUEST['CVSrelease']))
|
||||
if ($oUser->update($aClean['ext_email'], $str_passwd, $aClean['ext_realname'], $aClean['CVSrelease']))
|
||||
{
|
||||
addmsg("Preferences Updated", "green");
|
||||
// we were managing an user, let's go back to the admin after updating tha admin status
|
||||
if($oUser->iUserId == $_REQUEST['userId'] && $_SESSION['current']->hasPriv("admin"))
|
||||
if($oUser->iUserId == $aClean['userId'] && $_SESSION['current']->hasPriv("admin"))
|
||||
{
|
||||
if($_POST['ext_hasadmin']=="on")
|
||||
if($aClean['ext_hasadmin']=="on")
|
||||
$oUser->addPriv("admin");
|
||||
else
|
||||
$oUser->delPriv("admin");
|
||||
redirect(BASE."admin/adminUsers.php?userId=".$oUser->iUserId."&sSearch=".$_REQUEST['sSearch']."&iLimit=".$_REQUEST['iLimit']."&sOrderBy=".$_REQUEST['sOrderBy']."&sSubmit=true");
|
||||
redirect(BASE."admin/adminUsers.php?userId=".$oUser->iUserId."&sSearch=".$aClean['sSearch']."&iLimit=".$aClean['iLimit']."&sOrderBy=".$aClean['sOrderBy']."&sSubmit=true");
|
||||
}
|
||||
}
|
||||
else
|
||||
@@ -119,12 +132,12 @@ apidb_header("User Preferences");
|
||||
echo "<form method=\"post\" action=\"preferences.php\">\n";
|
||||
|
||||
// if we manage another user we give the parameters to go back to the admin
|
||||
if($oUser->iUserId == $_REQUEST['userId'])
|
||||
if($oUser->iUserId == $aClean['userId'])
|
||||
{
|
||||
echo "<input type=\"hidden\" name=\"iLimit\" value=\"".$_REQUEST['iLimit']."\">\n";
|
||||
echo "<input type=\"hidden\" name=\"sOrderBy\" value=\"".$_REQUEST['sOrderBy']."\">\n";
|
||||
echo "<input type=\"hidden\" name=\"sSearch\" value=\"".addslashes($_REQUEST['sSearch'])."\">\n";
|
||||
echo "<input type=\"hidden\" name=\"userId\" value=\"".$_REQUEST['userId']."\">\n";
|
||||
echo "<input type=\"hidden\" name=\"iLimit\" value=\"".$aClean['iLimit']."\">\n";
|
||||
echo "<input type=\"hidden\" name=\"sOrderBy\" value=\"".$aClean['sOrderBy']."\">\n";
|
||||
echo "<input type=\"hidden\" name=\"sSearch\" value=\"".$aClean['sSearch']."\">\n";
|
||||
echo "<input type=\"hidden\" name=\"userId\" value=\"".$aClean['userId']."\">\n";
|
||||
}
|
||||
|
||||
echo html_frame_start("Preferences for ".$oUser->sRealname, "80%");
|
||||
@@ -133,7 +146,7 @@ echo html_table_begin("width='100%' border=0 align=left cellspacing=0 class='box
|
||||
show_user_fields();
|
||||
|
||||
// if we don't manage another user
|
||||
if($oUser->iUserId != $_REQUEST['userId']) build_prefs_list();
|
||||
if($oUser->iUserId != $aClean['userId']) build_prefs_list();
|
||||
|
||||
echo html_table_end();
|
||||
echo html_frame_end();
|
||||
|
||||
Reference in New Issue
Block a user