Added XSS prevention

pull/1/head
root 16 years ago
parent 31c57ef051
commit 790f59fa1a

@ -28,17 +28,17 @@
$query = "select sum(`points`) as `points` from `notary` where `to`='$memid' group by `to`";
$row = mysql_fetch_assoc(mysql_query($query));
$points = $row['points'];
echo "CS=".$user['codesign']."\n";
echo "CS=".intval($user['codesign'])."\n";
echo "NAME=CAcert WoT User\n";
if($points >= 50)
{
echo "NAME=".$user['fname']." ".$user['lname']."\n";
echo "NAME=".sanitizeHTML($user['fname'])." ".sanitizeHTML($user['lname'])."\n";
if($user['mname'] != "")
echo "NAME=".$user['fname']." ".$user['mname']." ".$user['lname']."\n";
echo "NAME=".sanitizeHTML($user['fname'])." ".sanitizeHTML($user['mname'])." ".sanitizeHTML($user['lname'])."\n";
if($user['suffix'] != "")
echo "NAME=".$user['fname']." ".$user['lname']." ".$user['suffix']."\n";
echo "NAME=".sanitizeHTML($user['fname'])." ".sanitizeHTML($user['lname'])." ".sanitizeHTML($user['suffix'])."\n";
if($user['mname'] != "" && $user['suffix'] != "")
echo "NAME=".$user['fname']." ".$user['mname']." ".$user['lname']." ".$user['suffix']."\n";
echo "NAME=".sanitizeHTML($user['fname'])." ".sanitizeHTML($user['mname'])." ".sanitizeHTML($user['lname'])." ".sanitizeHTML($user['suffix'])."\n";
}
$query = "select * from `email` where `memid`='$memid' and `hash`='' and `deleted`=0";
$res = mysql_query($query);

Loading…
Cancel
Save