cacert
/
cacert-webdb
8
0
Fork 0
Code Issues Pull Requests 7 Projects Releases 2 Wiki Activity

Improved register_globals

Browse Source
pull/1/head
root 16 years ago
parent 3cb6b420cf
commit 0627bdd8d3
5 changed files with 18 additions and 18 deletions
Show Stats Download Patch File Download Diff File

2
pages/wot/1.php
Unescape Escape View File

@ -104,7 +104,7 @@
<td class="DataTD" width="100"><nobr><?=$row['fname']?> <?=substr($row['lname'], 0, 1)?></nobr></td>
<td class="DataTD"><?=maxpoints($row['id'])?></td>
<td class="DataTD"><?=$row['contactinfo']?></td>
<td class="DataTD"><a href="wot.php?id=9&userid=<?=$row['id']?>"><?=_("Email Me")?></a></td>
<td class="DataTD"><a href="wot.php?id=9&amp;userid=<?=intval($row['id'])?>"><?=_("Email Me")?></a></td>
</tr>
<? } ?>
</table>

22
pages/wot/10.php
Unescape Escape View File

@ -25,10 +25,10 @@
<?
$query = "SELECT `users`. *, count(*) AS `list` FROM `users`, `notary`
WHERE `users`.`id` = `notary`.`from` AND `notary`.`from` != `notary`.`to`
AND `from`='".$_SESSION['profile']['id']."' GROUP BY `notary`.`from`";
AND `from`='".intval($_SESSION['profile']['id'])."' GROUP BY `notary`.`from`";
$res = mysql_query($query);
$row = mysql_fetch_assoc($res);
$rc = $row['list'];
$rc = intval($row['list']);
$query = "SELECT `users`. *, count(*) AS `list` FROM `users`, `notary`
WHERE `users`.`id` = `notary`.`from` AND `notary`.`from` != `notary`.`to`
GROUP BY `notary`.`from` HAVING count(*) > '$rc' ORDER BY `notary`.`when` DESC";
@ -51,16 +51,16 @@
<td class="DataTD"><b><?=_("Method")?></b></td>
</tr>
<?
$query = "select * from `notary` where `to`='".$_SESSION['profile']['id']."'";
$query = "select * from `notary` where `to`='".intval($_SESSION['profile']['id'])."'";
$res = mysql_query($query);
while($row = mysql_fetch_assoc($res))
{
$fromuser = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".$row['from']."'"));
$fromuser = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($row['from'])."'"));
?>
<tr>
<td class="DataTD"><?=$row['id']?></td>
<td class="DataTD"><?=$row['date']?></td>
<td class="DataTD"><a href="wot.php?id=9&userid=<?=$row['from']?>"><?=$fromuser['fname']." ".$fromuser['lname']?></td>
<td class="DataTD"><a href="wot.php?id=9&amp;userid=<?=intval($row['from'])?>"><?=$fromuser['fname']." ".$fromuser['lname']?></td>
<td class="DataTD"><?=$row['points']?></td>
<td class="DataTD"><?=$row['location']?></td>
<td class="DataTD"><?=_(sprintf("%s", $row['method']))?></td>
@ -68,7 +68,7 @@
<? } ?>
<tr>
<td class="DataTD" colspan="3"><b><?=_("Total Points")?>:</b></td>
<td class="DataTD"><?=$_SESSION['profile']['points']?></td>
<td class="DataTD"><?=intval($_SESSION['profile']['points'])?></td>
<td class="DataTD" colspan="2">&nbsp;</td>
</tr>
</table>
@ -87,23 +87,23 @@
</tr>
<?
$points = 0;
$query = "select * from `notary` where `from`='".$_SESSION['profile']['id']."' and `to`!='".$_SESSION['profile']['id']."'";
$query = "select * from `notary` where `from`='".intval($_SESSION['profile']['id'])."' and `to`!='".intval($_SESSION['profile']['id'])."'";
$res = mysql_query($query);
while($row = mysql_fetch_assoc($res))
{
$fromuser = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".$row['to']."'"));
$fromuser = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($row['to'])."'"));
$points += $row['points'];
$name = trim($fromuser['fname']." ".$fromuser['lname']);
if($name == "")
$name = _("Deleted before Verification");
else
$name = "<a href='wot.php?id=9&userid=".$row['to']."'>$name</a>";
$name = "<a href='wot.php?id=9&amp;userid=".intval($row['to'])."'>$name</a>";
?>
<tr>
<td class="DataTD"><?=$row['id']?></td>
<td class="DataTD"><?=intval($row['id'])?></td>
<td class="DataTD"><?=$row['date']?></td>
<td class="DataTD"><?=$name?></td>
<td class="DataTD"><?=$row['points']?></td>
<td class="DataTD"><?=intval($row['points'])?></td>
<td class="DataTD"><?=$row['location']?></td>
<td class="DataTD"><?=$row['method']==""?"":_(sprintf("%s", $row['method']))?></td>
</tr>

2
pages/wot/12.php
Unescape Escape View File

@ -130,7 +130,7 @@ document.f.location.focus();
<td class="DataTD"><?=$row['distance']?>km</td>
<td class="DataTD"><?=$points?></td>
<td class="DataTD"><?=$row['contactinfo']?></td>
<td class="DataTD"><a href="wot.php?id=9&userid=<?=$row['uid']?>"><?=_("Email Me")?></a></td>
<td class="DataTD"><a href="wot.php?id=9&amp;userid=<?=$row['uid']?>"><?=_("Email Me")?></a></td>
</tr>
<? } ?>
</table>

8
pages/wot/14.php
Unescape Escape View File

@ -23,15 +23,15 @@
<p><?=sprintf(_("To get assured with your Signaturecard, you need the Software from <a href='http://www.buergerkarte.at/bku/'>http://www.buergerkarte.at/bku/</a>. To activate your E-Card, please go to <a href='https://www.sozialversicherung.at/signon2-Registrierung/'>https://www.sozialversicherung.at/signon2-Registrierung/</a>."))?></p>
<pre><?=$_REQUEST['XMLResponse']?></pre>
<pre><?=sanitizeHTML($_REQUEST['XMLResponse'])?></pre>
<h1>1. Step: Assurance form</h1>
<form name="form" method="post" action="http://localhost:3495/http-security-layer-request"/>
<input type="submit" name="Weiter" value="Start Assurance">
<input type="hidden" name="XMLRequest" value="&lt;CreateXMLSignatureRequest xmlns='http://www.buergerkarte.at/namespaces/securitylayer/20020831#' xmlns:dsig='http://www.w3.org/2000/09/xmldsig#' xmlns:sl10='http://www.buergerkarte.at/namespaces/securitylayer/20020225#'>&lt;KeyboxIdentifier>CertifiedKeypair&lt;/KeyboxIdentifier>&lt;DataObjectInfo Structure='enveloping'>&lt;sl10:DataObject>&lt;sl10:XMLContent>Mit dieser Signatur beantragen Sie die Assurance ihres CAcert Accounts '<?=$_SESSION[profile][email]?>' mit ihrer Buergerkarte.&lt;/sl10:XMLContent>&lt;/sl10:DataObject>&lt;sl10:TransformsInfo>&lt;sl10:FinalDataMetaInfo>&lt;sl10:MimeType>text/plain&lt;/sl10:MimeType>&lt;/sl10:FinalDataMetaInfo>&lt;/sl10:TransformsInfo>&lt;/DataObjectInfo>&lt;/CreateXMLSignatureRequest>"/>
<input type="hidden" name="XMLRequest" value="&lt;CreateXMLSignatureRequest xmlns='http://www.buergerkarte.at/namespaces/securitylayer/20020831#' xmlns:dsig='http://www.w3.org/2000/09/xmldsig#' xmlns:sl10='http://www.buergerkarte.at/namespaces/securitylayer/20020225#'>&lt;KeyboxIdentifier>CertifiedKeypair&lt;/KeyboxIdentifier>&lt;DataObjectInfo Structure='enveloping'>&lt;sl10:DataObject>&lt;sl10:XMLContent>Mit dieser Signatur beantragen Sie die Assurance ihres CAcert Accounts '<?=$_SESSION['profile']['email']?>' mit ihrer Buergerkarte.&lt;/sl10:XMLContent>&lt;/sl10:DataObject>&lt;sl10:TransformsInfo>&lt;sl10:FinalDataMetaInfo>&lt;sl10:MimeType>text/plain&lt;/sl10:MimeType>&lt;/sl10:FinalDataMetaInfo>&lt;/sl10:TransformsInfo>&lt;/DataObjectInfo>&lt;/CreateXMLSignatureRequest>"/>
<input type="hidden" name="actualtest_" value="4"/>
<input type="hidden" name="DataURL" value="https://www.cacert.org/tverify/seclayer.php?id=14&amp;user=<?=$_SESSION[profile][email]?>"/>
<input type="hidden" name="DataURL" value="https://www.cacert.org/tverify/seclayer.php?id=14&amp;user=<?=$_SESSION['profile']['email']?>"/>
<input type="hidden" name="TestResult_" value="&lt;strong&gt;TestResult&lt;/strong&gt;"/>
</form>
@ -41,7 +41,7 @@
<input type="submit" name="Weiter" value="Read birthday from Card">
<input type="hidden" name="XMLRequest" value="&lt;InfoboxReadRequest xmlns=&quot;http://www.buergerkarte.at/namespaces/securitylayer/20020225#&quot;&gt;&lt;InfoboxIdentifier&gt;IdentityLink&lt;/InfoboxIdentifier&gt;&lt;BinaryFileParameters ContentIsXMLEntity=&quot;true&quot;/&gt;&lt;/InfoboxReadRequest&gt;"/>
<input type="hidden" name="actualtest_" value="4"/>
<input type="hidden" name="DataURL" value="https://www.cacert.org/tverify/seclayer.php?id=14&amp;user=<?=$_SESSION[profile][email]?>"/>
<input type="hidden" name="DataURL" value="https://www.cacert.org/tverify/seclayer.php?id=14&amp;user=<?=$_SESSION['profile']['email']?>"/>
<input type="hidden" name="TestResult_" value="&lt;strong&gt;TestResult&lt;/strong&gt;"/>
</form>

2
pages/wot/6.php
Unescape Escape View File

@ -121,7 +121,7 @@
<td class="DataTD"><nobr><?=_("Sponsoring Member")?>:</td>
<td class="DataTD"><select name="sponsor">
<?
$query = "select * from `users` where `board`='1' and `id`!='".$_SESSION['profile']['id']."'";
$query = "select * from `users` where `board`='1' and `id`!='".intval($_SESSION['profile']['id'])."'";
$res = mysql_query($query);
while($row = mysql_fetch_assoc($res))
{

Write Preview
Loading…
Cancel
Save