cacert
/
cacert-webdb
8
0
Fork 0
Code Issues Pull Requests 5 Projects Releases Wiki Activity

Added XSS protections

Browse Source
pull/1/head
root 16 years ago
parent 22daf443b5
commit 6f397008ee
2 changed files with 24 additions and 24 deletions
Show Stats Download Patch File Download Diff File

36
pages/account/43.php
Unescape Escape View File

@ -49,8 +49,8 @@
while($row = mysql_fetch_assoc($res))
{ ?>
<tr>
<td class="DataTD"><a href="account.php?id=43&amp;userid=<?=$row['id']?>"><?=intval($row['id'])?></a></td>
<td class="DataTD"><a href="account.php?id=43&amp;userid=<?=$row['id']?>"><?=sanitizeHTML($row['email'])?></a></td>
<td class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($row['id'])?>"><?=intval($row['id'])?></a></td>
<td class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($row['id'])?>"><?=sanitizeHTML($row['email'])?></a></td>
</tr>
<? } if(mysql_num_rows($res) >= 100) { ?>
<tr>
@ -80,14 +80,14 @@
echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are a foot!");
} else {
$row = mysql_fetch_assoc($res);
$query = "select sum(`points`) as `points` from `notary` where `to`='".$row['id']."'";
$query = "select sum(`points`) as `points` from `notary` where `to`='".intval($row['id'])."'";
$dres = mysql_query($query);
$drow = mysql_fetch_assoc($dres);
$alerts = mysql_fetch_assoc(mysql_query("select * from `alerts` where `memid`='".$row['id']."'"));
$alerts = mysql_fetch_assoc(mysql_query("select * from `alerts` where `memid`='".intval($row['id'])."'"));
?>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<td colspan="5" class="title"><? printf(_("%s's Account Details"), $row['email']); ?></td>
<td colspan="5" class="title"><? printf(_("%s's Account Details"), sanitizeHTML($row['email'])); ?></td>
</tr>
<tr>
<td class="DataTD"><?=_("Email")?>:</td>
@ -97,22 +97,22 @@
<td class="DataTD"><?=_("First Name")?>:</td>
<td class="DataTD"><form method="post" action="account.php" onSubmit="if(!confirm('Are you sure you want to modify this DOB and/or last name?')) return false;">
<input type="hidden" name="csrf" value="<?=make_csrf('admchangepers')?>" />
<input type="text" name="fname" value="<?=$row['fname']?>"></td>
<input type="text" name="fname" value="<?=sanitizeHTML($row['fname'])?>"></td>
</tr>
<tr>
<td class="DataTD"><?=_("Middle Name")?>:</td>
<td class="DataTD"><input type="text" name="mname" value="<?=$row['mname']?>"></td>
<td class="DataTD"><input type="text" name="mname" value="<?=sanitizeHTML($row['mname'])?>"></td>
</tr>
<tr>
<td class="DataTD"><?=_("Last Name")?>:</td>
<td class="DataTD"> <input type="hidden" name="oldid" value="43">
<input type="hidden" name="action" value="updatedob">
<input type="hidden" name="userid" value="<?=$id?>">
<input type="text" name="lname" value="<?=$row['lname']?>"></td>
<input type="hidden" name="userid" value="<?=intval($id)?>">
<input type="text" name="lname" value="<?=sanitizeHTML($row['lname'])?>"></td>
</tr>
<tr>
<td class="DataTD"><?=_("Suffix")?>:</td>
<td class="DataTD"><input type="text" name="suffix" value="<?=$row['suffix']?>"></td>
<td class="DataTD"><input type="text" name="suffix" value="<?=sanitizeHTML($row['suffix'])?>"></td>
</tr>
<tr>
<td class="DataTD"><?=_("Date of Birth")?>:</td>
@ -152,7 +152,7 @@
</tr>
<tr>
<td class="DataTD"><?=_("Is Assurer")?>:</td>
<td class="DataTD"><a href="account.php?id=43&amp;assurer=<?=intval($row['id'])?>&amp;codesign=<?=$row['id']?>&amp;csrf=<?=make_csrf('admsetassuret')?>"><?=$row['assurer']?></a></td>
<td class="DataTD"><a href="account.php?id=43&amp;assurer=<?=intval($row['id'])?>&amp;csrf=<?=make_csrf('admsetassuret')?>"><?=$row['assurer']?></a></td>
</tr>
<tr>
<td class="DataTD"><?=_("Blocked Assurer")?>:</td>
@ -164,15 +164,15 @@
</tr>
<tr>
<td class="DataTD"><?=_("Code Signing")?>:</td>
<td class="DataTD"><a href="account.php?id=43&amp;codesign=<?=$row['id']?>&amp;codesign=<?=$row['id']?>&amp;csrf=<?=make_csrf('admcodesign')?>"><?=$row['codesign']?></a></td>
<td class="DataTD"><a href="account.php?id=43&amp;codesign=<?=$row['id']?>&amp;csrf=<?=make_csrf('admcodesign')?>"><?=$row['codesign']?></a></td>
</tr>
<tr>
<td class="DataTD"><?=_("Org Admin")?>:</td>
<td class="DataTD"><a href="account.php?id=43&amp;orgadmin=<?=$row['id']?>&amp;codesign=<?=$row['id']?>&amp;csrf=<?=make_csrf('admorgadmin')?>"><?=$row['orgadmin']?></a></td>
<td class="DataTD"><a href="account.php?id=43&amp;orgadmin=<?=$row['id']?>&amp;csrf=<?=make_csrf('admorgadmin')?>"><?=$row['orgadmin']?></a></td>
</tr>
<tr>
<td class="DataTD"><?=_("TTP Admin")?>:</td>
<td class="DataTD"><a href="account.php?id=43&amp;ttpadmin=<?=$row['id']?>&amp;codesign=<?=$row['id']?>&amp;csrf=<?=make_csrf('admttpadmin')?>"><?=$row['ttpadmin']?></a></td>
<td class="DataTD"><a href="account.php?id=43&amp;ttpadmin=<?=$row['id']?>&amp;csrf=<?=make_csrf('admttpadmin')?>"><?=$row['ttpadmin']?></a></td>
</tr>
<tr>
<td class="DataTD"><?=_("Location Admin")?>:</td>
@ -180,7 +180,7 @@
</tr>
<tr>
<td class="DataTD"><?=_("Admin")?>:</td>
<td class="DataTD"><a href="account.php?id=43&amp;admin=<?=$row['id']?>&amp;codesign=<?=$row['id']?>&amp;csrf=<?=make_csrf('admsetadmin')?>"><?=$row['admin']?></a></td>
<td class="DataTD"><a href="account.php?id=43&amp;admin=<?=$row['id']?>&amp;csrf=<?=make_csrf('admsetadmin')?>"><?=$row['admin']?></a></td>
</tr>
<tr>
<td class="DataTD"><?=_("Ad Admin")?>:</td>
@ -212,7 +212,7 @@
</tr>
<tr>
<td class="DataTD"><?=_("Delete Account")?>:</td>
<td class="DataTD"><a href="account.php?id=50&amp;userid=<?=$row['id']?>&amp;codesign=<?=$row['id']?>&amp;csrf=<?=make_csrf('admdelaccount')?>"><?=_("Delete Account")?></a></td>
<td class="DataTD"><a href="account.php?id=50&amp;userid=<?=$row['id']?>&amp;csrf=<?=make_csrf('admdelaccount')?>"><?=_("Delete Account")?></a></td>
</tr>
<?
// This is intensionally a $_GET for audit purposes. DO NOT CHANGE!!!
@ -333,7 +333,7 @@
<td class="DataTD"><?=intval($drow['points'])?></td>
<td class="DataTD"><?=sanitizeHTML($drow['location'])?></td>
<td class="DataTD"><?=sanitizeHTML($drow['method'])?></td>
<td class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($drow['to'])?>&amp;assurance=<?=intval($drow['id'])?>&amp;codesign=<?=$row['id']?>&amp;csrf=<?=make_csrf('admdelassurance')?>" onclick="return confirm('<?=_("Are you sure you want to revoke this assurance?")?>');"><?=_("Revoke")?></a></td>
<td class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($drow['to'])?>&amp;assurance=<?=intval($drow['id'])?>&amp;csrf=<?=make_csrf('admdelassurance')?>" onclick="return confirm('<?=_("Are you sure you want to revoke this assurance?")?>');"><?=_("Revoke")?></a></td>
</tr>
<? } ?>
<tr>
@ -370,7 +370,7 @@
<td class="DataTD"><?=$drow['points']?></td>
<td class="DataTD"><?=$drow['location']?></td>
<td class="DataTD"><?=$drow['method']?></td>
<td class="DataTD"><a href="account.php?id=43&userid=<?=$drow['from']?>&assurance=<?=$drow['id']?>&amp;codesign=<?=$row['id']?>&amp;csrf=<?=make_csrf('admdelassurance')?>" onclick="return confirm('<?=_("Are you sure you want to revoke this assurance?")?>');"><?=_("Revoke")?></a></td>
<td class="DataTD"><a href="account.php?id=43&userid=<?=$drow['from']?>&assurance=<?=$drow['id']?>&amp;csrf=<?=make_csrf('admdelassurance')?>" onclick="return confirm('<?=_("Are you sure you want to revoke this assurance?")?>');"><?=_("Revoke")?></a></td>
</tr>
<? } ?>
<tr>

12
pages/account/54.php
Unescape Escape View File

@ -29,7 +29,7 @@
</tr>
<tr>
<td class="DataTD"><?=_("Region")?>:</td>
<td class="DataTD"><input type="text" name="name" value="<?=$name?>"></td>
<td class="DataTD"><input type="text" name="name" value="<?=sanitizeHTML($name)?>"></td>
</tr>
<tr>
<td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Add")?>"></td>
@ -51,7 +51,7 @@
</tr>
<tr>
<td class="DataTD"><?=_("Region")?>:</td>
<td class="DataTD"><input type="text" name="name" value="<?=$name?>"></td>
<td class="DataTD"><input type="text" name="name" value="<?=sanitizeHTML($name)?>"></td>
</tr>
<tr>
<td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Update")?>"></td>
@ -69,7 +69,7 @@
</tr>
<tr>
<td class="DataTD"><?=_("Location")?>:</td>
<td class="DataTD"><input type="text" name="name" value="<?=$name?>"></td>
<td class="DataTD"><input type="text" name="name" value="<?=sanitizeHTML($name)?>"></td>
</tr>
<tr>
<td class="DataTD"><?=_("Longitude")?>:</td>
@ -105,7 +105,7 @@
</tr>
<tr>
<td class="DataTD"><?=_("Location")?>:</td>
<td class="DataTD"><input type="text" name="name" value="<?=$name?>"></td>
<td class="DataTD"><input type="text" name="name" value="<?=sanitizeHTML($name)?>"></td>
</tr>
<tr>
<td class="DataTD"><?=_("Longitude")?>:</td>
@ -124,7 +124,7 @@
<input type="hidden" name="oldid" value="54">
</form>
<? } if($locid > 0 && $_REQUEST['action'] == "aliases") {
$query = "select * from `localias` where `locid`='$locid'";
$query = "select * from `localias` where `locid`='".intval($locid)."'";
$res = mysql_query($query);
$rc = mysql_num_rows($res);
?>
@ -137,7 +137,7 @@
<form method="post" action="account.php" ACCEPTCHARSET="utf-8">
<?=_("Location Alias")?>: <input type="text" name="name"> <input type="submit" value="Add">
<input type="hidden" name="action" value="alias">
<input type="hidden" name="locid" value="<?=$locid?>">
<input type="hidden" name="locid" value="<?=intval($locid)?>">
<input type="hidden" name="oldid" value="54">
</form>
</td>

Write Preview
Loading…
Cancel
Save