cacert
/
cacert-webdb
8
0
Fork 0
Code Issues Pull Requests 4 Projects Releases 2 Wiki Activity

Improved register_globals

Browse Source
pull/1/head
root 16 years ago
parent 745da10a47
commit 770e67c7bc
1 changed files with 18 additions and 16 deletions
Show Stats Download Patch File Download Diff File

34
www/wot.php
Unescape Escape View File

@ -26,6 +26,8 @@
if(array_key_exists('location',$_POST) && $_POST['location'] != "") if(array_key_exists('location',$_POST) && $_POST['location'] != "")
$_SESSION['_config']['location'] = $_POST['location']; $_SESSION['_config']['location'] = $_POST['location'];
$oldid=array_key_exists('oldid',$_REQUEST)?intval($_REQUEST['oldid']):0;
if($oldid == 12) if($oldid == 12)
{ {
$id = $oldid; $id = $oldid;
@ -41,11 +43,11 @@
if($oldid == 6 && intval($_SESSION['_config']['notarise']['id']) <= 0) if($oldid == 6 && intval($_SESSION['_config']['notarise']['id']) <= 0)
{ {
unset($oldid); $oldid=0;
$id = 5; $id = 5;
} }
if($oldid == 5 && $_POST['reminder'] != "") if($oldid == 5 && array_key_exists('reminder',$_POST) && $_POST['reminder'] != "")
{ {
$body = ""; $body = "";
if($_POST['reminder-lang'] != "" && $_POST['reminder-lang'] != "en_AU") if($_POST['reminder-lang'] != "" && $_POST['reminder-lang'] != "en_AU")
@ -80,7 +82,7 @@
$_SESSION['_config']['error'] = _("A reminder notice has been sent."); $_SESSION['_config']['error'] = _("A reminder notice has been sent.");
$id = $oldid; $id = $oldid;
unset($oldid); $oldid=0;
} }
if($oldid == 5) if($oldid == 5)
@ -91,7 +93,7 @@
if(mysql_num_rows($res) != 1) if(mysql_num_rows($res) != 1)
{ {
$id = $oldid; $id = $oldid;
unset($oldid); $oldid=0;
$_SESSION['_config']['error'] = _("I'm sorry, there was no email matching what you entered in the system. Please double check your information."); $_SESSION['_config']['error'] = _("I'm sorry, there was no email matching what you entered in the system. Please double check your information.");
$_SESSION['_config']['noemailfound'] = 1; $_SESSION['_config']['noemailfound'] = 1;
} else { } else {
@ -101,7 +103,7 @@
if($oldid == 5 || $oldid == 6) if($oldid == 5 || $oldid == 6)
{ {
if($_REQUEST['cancel'] != "") if(array_key_exists('cancel',$_REQUEST) && $_REQUEST['cancel'] != "")
{ {
header("location: wot.php"); header("location: wot.php");
exit; exit;
@ -110,7 +112,7 @@
if($_SESSION['_config']['notarise']['id'] == $_SESSION['profile']['id']) if($_SESSION['_config']['notarise']['id'] == $_SESSION['profile']['id'])
{ {
$id = 5; $id = 5;
unset($oldid); $oldid=0;
$_SESSION['_config']['error'] = _("You are never allowed to Assure yourself!"); $_SESSION['_config']['error'] = _("You are never allowed to Assure yourself!");
} }
} }
@ -124,7 +126,7 @@
if(mysql_num_rows($res) > 0 && $_SESSION['profile']['points'] < 200) if(mysql_num_rows($res) > 0 && $_SESSION['profile']['points'] < 200)
{ {
$id = 5; $id = 5;
unset($oldid); $oldid=0;
$_SESSION['_config']['error'] = _("You are only allowed to Assure someone once!"); $_SESSION['_config']['error'] = _("You are only allowed to Assure someone once!");
} elseif($oldid == 5) { } elseif($oldid == 5) {
$id = 6; $id = 6;
@ -153,17 +155,17 @@
if($oldid == 6) if($oldid == 6)
{ {
if($_POST['assertion'] != 1 || $_POST['rules'] != 1) if(!array_key_exists('assertion',$_POST) || $_POST['assertion'] != 1 || !array_key_exists('rules',$_POST) || $_POST['rules'] != 1)
{ {
$id = $oldid; $id = $oldid;
unset($oldid); $oldid=0;
$_SESSION['_config']['error'] = _("You failed to check all boxes to validate your adherence to the rules and policies of CAcert"); $_SESSION['_config']['error'] = _("You failed to check all boxes to validate your adherence to the rules and policies of CAcert");
} }
if($_POST['certify'] != 1 && $_SESSION['profile']['ttpadmin'] != 1) if($_POST['certify'] != 1 && $_SESSION['profile']['ttpadmin'] != 1)
{ {
$id = $oldid; $id = $oldid;
unset($oldid); $oldid=0;
$_SESSION['_config']['error'] = _("You failed to check all boxes to validate your adherence to the rules and policies of CAcert"); $_SESSION['_config']['error'] = _("You failed to check all boxes to validate your adherence to the rules and policies of CAcert");
} }
} }
@ -173,7 +175,7 @@
if($_POST['location'] == "") if($_POST['location'] == "")
{ {
$id = $oldid; $id = $oldid;
unset($oldid); $oldid=0;
$_SESSION['_config']['error'] = _("You failed to enter a location of your meeting."); $_SESSION['_config']['error'] = _("You failed to enter a location of your meeting.");
} }
} }
@ -187,7 +189,7 @@
if($_SESSION['_config']['wothash'] != md5($name."-".$row['dob']) || $_SESSION['_config']['wothash'] != $_REQUEST['pagehash']) if($_SESSION['_config']['wothash'] != md5($name."-".$row['dob']) || $_SESSION['_config']['wothash'] != $_REQUEST['pagehash'])
{ {
$id = $oldid; $id = $oldid;
unset($oldid); $oldid=0;
$_SESSION['_config']['error'] = _("Race condition discovered, user altered details during assurance procedure. PLEASE MAKE SURE THE NEW DETAILS BELOW MATCH THE ID DOCUMENTS."); $_SESSION['_config']['error'] = _("Race condition discovered, user altered details during assurance procedure. PLEASE MAKE SURE THE NEW DETAILS BELOW MATCH THE ID DOCUMENTS.");
} }
} }
@ -195,7 +197,7 @@
if($oldid == 6 && $_REQUEST['points'] == "") if($oldid == 6 && $_REQUEST['points'] == "")
{ {
$id = $oldid; $id = $oldid;
unset($oldid); $oldid=0;
$_SESSION['_config']['error'] = _("You must enter the number of points you wish to allocate to this person."); $_SESSION['_config']['error'] = _("You must enter the number of points you wish to allocate to this person.");
} }
@ -269,7 +271,7 @@
if(mysql_num_rows($res) > 0) if(mysql_num_rows($res) > 0)
{ {
$id = $oldid; $id = $oldid;
unset($oldid); $oldid=0;
$_SESSION['_config']['error'] = _("Identical Assurance attempted, will not continue."); $_SESSION['_config']['error'] = _("Identical Assurance attempted, will not continue.");
} }
} }
@ -426,7 +428,7 @@
{ {
if($_SESSION['_config']['pagehash'] != $_REQUEST['pageid']) if($_SESSION['_config']['pagehash'] != $_REQUEST['pageid'])
{ {
unset($oldid); $oldid=0;
$id = 9; $id = 9;
$error = _("It looks like you were trying to contact multiple people, this isn't allowed due to data security reasons."); $error = _("It looks like you were trying to contact multiple people, this isn't allowed due to data security reasons.");
} else { } else {
@ -453,7 +455,7 @@
} }
} }
} elseif($oldid == 9) { } elseif($oldid == 9) {
unset($oldid); $oldid=0;
$error = _("There was an error and I couldn't proceed"); $error = _("There was an error and I couldn't proceed");
$id = 9; $id = 9;
} }

Write Preview
Loading…
Cancel
Save