Added SQL-Injection protection

This commit is contained in:
root 2008-11-18 00:06:34 +00:00
parent dc79c6215b
commit 6e96aa01aa

View file

@ -2099,7 +2099,7 @@
$_SESSION['_config']['errmsg'] = sprintf(_("Wasn't able to match '%s' against any user in the system"), sanitizeHTML($_REQUEST['email'])); $_SESSION['_config']['errmsg'] = sprintf(_("Wasn't able to match '%s' against any user in the system"), sanitizeHTML($_REQUEST['email']));
} else { } else {
$row = mysql_fetch_assoc($res); $row = mysql_fetch_assoc($res);
mysql_query("insert into `org` set `memid`='".$row['id']."', `orgid`='".intval($_SESSION['_config']['orgid'])."', mysql_query("insert into `org` set `memid`='".intval($row['id'])."', `orgid`='".intval($_SESSION['_config']['orgid'])."',
`masteracc`='$masteracc', `OU`='$OU', `comments`='$comments'"); `masteracc`='$masteracc', `OU`='$OU', `comments`='$comments'");
} }
} }
@ -2358,7 +2358,7 @@
{ {
if($_REQUEST['userid'] != "") if($_REQUEST['userid'] != "")
$_REQUEST['userid'] = intval($_REQUEST['userid']); $_REQUEST['userid'] = intval($_REQUEST['userid']);
$row = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".$_REQUEST['userid']."'")); $row = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($_REQUEST['userid'])."'"));
if($row['email'] == "") if($row['email'] == "")
$id = 42; $id = 42;
else else
@ -2373,7 +2373,7 @@
echo _("No such user found."); echo _("No such user found.");
} else { } else {
mysql_query("update `users` set `password`=sha1('".mysql_real_escape_string(stripslashes($_REQUEST['newpass']))."') where `id`='".intval($_REQUEST['userid'])."'"); mysql_query("update `users` set `password`=sha1('".mysql_real_escape_string(stripslashes($_REQUEST['newpass']))."') where `id`='".intval($_REQUEST['userid'])."'");
$row = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".$_REQUEST['userid']."'")); $row = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($_REQUEST['userid'])."'"));
printf(_("The password for %s has been updated successfully in the system."), sanitizeHTML($row['email'])); printf(_("The password for %s has been updated successfully in the system."), sanitizeHTML($row['email']));
@ -2608,7 +2608,7 @@
if(array_key_exists('userid',$_REQUEST) && $_REQUEST['userid'] != "") if(array_key_exists('userid',$_REQUEST) && $_REQUEST['userid'] != "")
$_REQUEST['userid'] = intval($_REQUEST['userid']); $_REQUEST['userid'] = intval($_REQUEST['userid']);
$row = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".$_REQUEST['userid']."'")); $row = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($_REQUEST['userid'])."'"));
if($row['email'] == "") if($row['email'] == "")
$id = 42; $id = 42;
else else