Improved register_globals

16 years ago · 6aa73b1e72
parent df70d9e4fe
commit 6aa73b1e72
4 changed files with 12 additions and 9 deletions
--- a/pages/account/12.php
+++ b/pages/account/12.php
@ -15,10 +15,11 @@
    along with this program; if not, write to the Free Software
    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
 */ ?>
+<? $viewall=0; if(array_key_exists('viewall',$_REQUEST)) $viewall=intval($_REQUEST['viewall']); ?>
 <form method="post" action="account.php">
 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
  <tr>
-    <td colspan="5" class="title"><?=_("Domain Certificates")?> - <a href="account.php?id=12&viewall=<?=intval(!$_GET['viewall'])?>"><?=_("View all certificates")?></a></td>
+    <td colspan="5" class="title"><?=_("Domain Certificates")?> - <a href="account.php?id=12&viewall=<?=!$viewall?>"><?=_("View all certificates")?></a></td>
  </tr>
  <tr>
    <td class="DataTD"><?=_("Renew/Revoke/Delete")?></td>
@ -35,7 +36,7 @@
 			UNIX_TIMESTAMP(`revoked`) as `revoked`, `CN`, `domaincerts`.`id` as `id`
 			from `domaincerts`,`domains`
 			where `memid`='".intval($_SESSION['profile']['id'])."' and `deleted`=0 and `domaincerts`.`domid`=`domains`.`id` ";
-	if($_GET['viewall'] != 1)
+	if($viewall != 1)
 	{
 		$query .= "AND `revoked`=0 AND `renewed`=0 ";
 		$query .= "HAVING `timeleft` > 0 ";
--- a/pages/account/16.php
+++ b/pages/account/16.php
@ -25,7 +25,7 @@
  <tr>
    <td class="DataTD"><?=_("Add")?></td>
    <td class="DataTD"><?=_("Address")?></td>
-<? if(is_array($_SESSION['_config']['emails']))
+<? if(array_key_exists('emails',$_SESSION['_config']) && is_array($_SESSION['_config']['emails']))
 	foreach($_SESSION['_config']['emails'] as $val) { ?>
  <tr>
    <td class="DataTD"><?=_("Email")?>:</td>
@ -38,11 +38,11 @@
  </tr>
  <tr>
    <td class="DataTD"><?=_("Name")?>:</td>
-    <td class="DataTD"><input type="text" name="name" value="<?=$_SESSION['_config']['name']?>"></td>
+    <td class="DataTD"><input type="text" name="name" value="<?=array_key_exists('name',$_SESSION['_config'])?sanitizeHTML($_SESSION['_config']['name']):''?>"></td>
  </tr>
  <tr>
    <td class="DataTD"><?=_("Department")?>:</td>
-    <td class="DataTD"><input type="text" name="OU" value="<?=$_SESSION['_config']['OU']?>"></td>
+    <td class="DataTD"><input type="text" name="OU" value="<?=array_key_exists('OU',$_SESSION['_config'])?sanitizeHTML($_SESSION['_config']['OU']):''?>"></td>
  </tr>
  <tr>
    <td class="DataTD" colspan="2" align="left">
--- a/pages/account/18.php
+++ b/pages/account/18.php
@ -15,10 +15,11 @@
    along with this program; if not, write to the Free Software
    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
 */ ?>
+<? $viewall=0; if(array_key_exists('viewall',$_REQUEST)) $viewall=intval($_REQUEST['viewall']); ?>
 <form method="post" action="account.php">
 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
  <tr>
-    <td colspan="5" class="title"><?=_("Client Certificates")?> - <a href="account.php?id=18&viewall=<?=intval(!$_GET['viewall'])?>"><?=_("View all certificates")?></a></td>
+    <td colspan="5" class="title"><?=_("Client Certificates")?> - <a href="account.php?id=18&viewall=<?=!viewall?>"><?=_("View all certificates")?></a></td>
  </tr>
  <tr>
    <td class="DataTD"><?=_("Renew/Revoke/Delete")?></td>
@ -36,7 +37,7 @@
 			from `orgemailcerts`, `org`
 			where `memid`='".$_SESSION['profile']['id']."' and
 				`org`.`orgid`=`orgemailcerts`.`orgid` ";
-	if($_GET['viewall'] != 1)
+	if($viewall != 1)
 	{
 		$query .= "AND `revoked`=0 AND `renewed`=0 ";
 		$query .= "HAVING `timeleft` > 0 AND `revoked`=0 ";
--- a/pages/account/22.php
+++ b/pages/account/22.php
@ -15,10 +15,11 @@
    along with this program; if not, write to the Free Software
    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
 */ ?>
+<? $viewall=0; if(array_key_exists('viewall',$_REQUEST)) $viewall=intval($_REQUEST['viewall']); ?>
 <form method="post" action="account.php">
 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
  <tr>
-    <td colspan="5" class="title"><?=_("Domain Certificates")?> - <a href="account.php?id=22&viewall=<?=intval(!$_GET['viewall'])?>"><?=_("View all certificates")?></a></td>
+    <td colspan="5" class="title"><?=_("Domain Certificates")?> - <a href="account.php?id=22&viewall=<?=!viewall?>"><?=_("View all certificates")?></a></td>
  </tr>
  <tr>
    <td class="DataTD"><?=_("Renew/Revoke/Delete")?></td>
@ -35,7 +36,7 @@
 			UNIX_TIMESTAMP(`revoked`) as `revoked`, `CN`, `orgdomaincerts`.`id` as `id`
 			from `orgdomaincerts`,`org`
 			where `org`.`memid`='".$_SESSION['profile']['id']."' and `orgdomaincerts`.`orgid`=`org`.`orgid` ";
-	if($_GET['viewall'] != 1)
+	if($viewall != 1)
 	{
 		$query .= "AND `revoked`=0 AND `renewed`=0 ";
 		$query .= "HAVING `timeleft` > 0 ";