claunia/qemudb
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Filter all user input to reduce the security impact of manipulated data

Browse Source
This commit is contained in:
EA Durbin
2006-06-17 06:10:10 +00:00
committed by WineHQ
parent 02c5682c01
commit f982c8459e
53 changed files with 988 additions and 542 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
vendorview.php
View File

@@ -11,9 +11,13 @@ require_once(BASE."include/incl.php");
require_once(BASE."include/application.php");
require_once(BASE."include/vendor.php");
$oVendor = new Vendor($_REQUEST['vendorId']);
$aClean = array(); //array of filtered user input
$aClean['vendorId'] = makeSafe($_REQUEST['vendorId']);
$aClean['sub'] = makeSafe($_REQUEST['sub']);
if ($_REQUEST['sub'])
$oVendor = new Vendor($aClean['vendorId']);
if ($aClean['sub'])
{
if(!$_SESSION['current']->hasPriv("admin"))
{
@@ -21,7 +25,7 @@ if ($_REQUEST['sub'])
exit;
}
if($_REQUEST['sub'] == 'delete')
if($aClean['sub'] == 'delete')
{
$oVendor->delete();
redirect($_SERVER['PHP_SELF']);
@@ -55,7 +59,7 @@ if($oVendor->iVendorId)
$oApp = new application($iAppId);
echo '<li> <a href="appview.php?appId='.$oApp->iAppId.'">'.$oApp->sName.'</a> </li>',"\n";
}
echo '.</ol>',"\n";
echo '</ol>',"\n";
}