cacert
/
cacert-webdb
8
0
Fork 0
Code Issues Pull Requests 7 Projects Releases 2 Wiki Activity

Fixed XSS

Browse Source
pull/1/head
root 17 years ago
parent 27d3f15e2f
commit 920b3b44f8
1 changed files with 45 additions and 41 deletions
Show Stats Download Patch File Download Diff File

86
pages/wot/7-old.php
Unescape Escape View File

@ -27,43 +27,47 @@ if($_GET['action'] != "update")
echo "<a href='wot.php?id=7'>"._("Home")." ("._("Listed").": $total1)</a>\n";
$display = "";
if(intval($_GET['locid']) > 0)
$ccid=intval($_GET['ccid']);
$locid=intval($_GET['locid']);
$regid=intval($_GET['regid']);
if($locid > 0)
{
$total4 = mysql_num_rows(mysql_query("select * from `users`,`notary` where `listme`='1' and `locid`='".$_GET['locid']."' and
$total4 = mysql_num_rows(mysql_query("select * from `users`,`notary` where `listme`='1' and `locid`='".$locid."' and
`users`.`id`=`notary`.`to` group by `notary`.`to` HAVING SUM(`points`) >= 100"));
$loc = mysql_fetch_assoc(mysql_query("select * from `locations` where `id`='".$_GET['locid']."'"));
$loc = mysql_fetch_assoc(mysql_query("select * from `locations` where `id`='".$locid."'"));
$display = "<ul class='top'>\n<li>\n".
"<a href='wot.php?id=7&locid=".$_GET['locid']."'>$loc[name] ("._("Listed").": $total4)</a>\n".
"<a href='wot.php?id=7&locid=".$locid."'>$loc[name] ("._("Listed").": $total4)</a>\n".
$display;
$_GET['regid'] = $loc['regid'];
$regid = $loc['regid'];
}
if(intval($_GET['regid']) > 0)
if($regid > 0)
{
$total3 = mysql_num_rows(mysql_query("select * from `users`,`notary` where `listme`='1' and `regid`='".$_GET['regid']."' and
$total3 = mysql_num_rows(mysql_query("select * from `users`,`notary` where `listme`='1' and `regid`='".$regid."' and
`users`.`id`=`notary`.`to` group by `notary`.`to` HAVING SUM(`points`) >= 100"));
$reg = mysql_fetch_assoc(mysql_query("select * from `regions` where `id`='".$_GET['regid']."'"));
$reg = mysql_fetch_assoc(mysql_query("select * from `regions` where `id`='".$regid."'"));
$display = "<ul class='top'>\n<li>\n".
"<a href='wot.php?id=7&regid=".$_GET['regid']."'>$reg[name] ("._("Listed").": $total3)</a>\n".
"<a href='wot.php?id=7&regid=".$regid."'>$reg[name] ("._("Listed").": $total3)</a>\n".
$display;
$_GET['ccid'] = $reg['ccid'];
$ccid = $reg['ccid'];
}
if(intval($_GET['ccid']) > 0)
if($ccid > 0)
{
$total2 = mysql_num_rows(mysql_query("select * from `users`,`notary` where `listme`='1' and
`ccid`='".$_GET['ccid']."' and `users`.`id`=`notary`.`to`
`ccid`='".$ccid."' and `users`.`id`=`notary`.`to`
group by `notary`.`to` HAVING SUM(`points`) >= 100"));
$cnt = mysql_fetch_assoc(mysql_query("select * from `countries` where `id`='".$_GET['ccid']."'"));
$cnt = mysql_fetch_assoc(mysql_query("select * from `countries` where `id`='".$ccid."'"));
$display = "<ul class='top'>\n<li>\n".
"<a href='wot.php?id=7&ccid=".$_GET['ccid']."'>$cnt[name] ("._("Listed").": $total2)</a>\n".
"<a href='wot.php?id=7&ccid=".$ccid."'>$cnt[name] ("._("Listed").": $total2)</a>\n".
$display;
}
if($display)
echo $display;
if(intval($_GET['ccid']) <= 0)
if($ccid <= 0)
{
echo "<ul>\n";
$query = "select * from `countries` order by `name`";
@ -72,44 +76,44 @@ if($_GET['action'] != "update")
echo "<li><a href='wot.php?id=7&ccid=$row[id]'>$row[name]</a></li>\n";
echo "</ul>\n</li>\n</ul></div>\n<br>\n";
} elseif(intval($_GET['regid']) <= 0) {
} elseif($regid <= 0) {
echo "<ul>\n";
$query = "select * from `regions` where `ccid`='".$_GET['ccid']."' order by `name`";
$query = "select * from `regions` where `ccid`='".$ccid."' order by `name`";
$res = mysql_query($query);
while($row = mysql_fetch_assoc($res))
echo "<li><a href='wot.php?id=7&regid=$row[id]'>$row[name]</a></li>\n";
echo "</ul>\n</li>\n</ul>\n</li>\n</ul></div>\n<br>\n";
} elseif(intval($_GET['locid']) <= 0) {
} elseif($locid <= 0) {
echo "<ul>\n";
if($town != "")
{
$query = "select * from `locations` where `regid`='".$_GET['regid']."' and `name` < '$town'";
$query = "select * from `locations` where `regid`='".$regid."' and `name` < '$town'";
$start = mysql_num_rows(mysql_query($query));
}
$query = "select * from `locations` where `regid`='".$_GET['regid']."' order by `name` limit $start, $limit";
$query = "select * from `locations` where `regid`='".$regid."' order by `name` limit $start, $limit";
$res = mysql_query($query);
while($row = mysql_fetch_assoc($res))
echo "<li><a href='wot.php?id=7&locid=$row[id]'>$row[name]</a></li>\n";
echo "</ul>\n</li>\n</ul>\n</li>\n</ul></div>\n<br>\n";
$rc = mysql_num_rows(mysql_query("select * from `locations` where `regid`='".$_GET['regid']."'"));
$rc = mysql_num_rows(mysql_query("select * from `locations` where `regid`='".$regid."'"));
if($start > 0)
{
$prev = $start - $limit;
if($prev < 0)
$prev = 0;
$st = "[ <a href='wot.php?id=7&regid=".$_GET['regid']."'><< Start</a> ] ";
$prev = "[ <a href='wot.php?id=7&regid=".$_GET['regid']."&start=$prev'>< Previous $limit</a> ] ";
$st = "[ <a href='wot.php?id=7&regid=".$regid."'><< Start</a> ] ";
$prev = "[ <a href='wot.php?id=7&regid=".$regid."&start=$prev'>< Previous $limit</a> ] ";
}
if($start < $rc - $limit)
{
$next = $start + $limit;
$last = $rc - $limit;
$next = "[ <a href='wot.php?id=7&regid=".$_GET['regid']."&start=$next'>Next $limit ></a> ] ";
$end = "[ <a href='wot.php?id=7&regid=".$_GET['regid']."&start=$last'>End >></a> ]";
$next = "[ <a href='wot.php?id=7&regid=".$regid."&start=$next'>Next $limit ></a> ] ";
$end = "[ <a href='wot.php?id=7&regid=".$regid."&start=$last'>End >></a> ]";
}
echo "<div id='search1'>$st</div><div id='search3'>$end</div>\n";
echo "<div id='search2'>$prev</div><div id='search4'>$next</div>\n";
@ -122,20 +126,20 @@ if($_GET['action'] != "update")
</tr>
<tr>
<td class="DataTD" width="125"><?=_("Location Name")?>: </td>
<td class="DataTD" width="125"><input type="text" name="town" value="<?=$_GET['town']?>" size="10"></td>
<td class="DataTD" width="125"><input type="text" name="town" value="<?=sanitizeHTML($_GET['town'])?>" size="10"></td>
</tr>
<tr>
<td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Search")?>"></td>
</tr>
</table>
<input type="hidden" name="regid" value="<?=$_GET['regid']?>">
<input type="hidden" name="regid" value="<?=$regid?>">
<input type="hidden" name="id" value="7">
</form>
</div>
<?
} else {
echo "</ul>\n</li>\n</ul>\n</li>\n</ul>\n</li>\n</ul>\n<br>\n";
echo "<p><a href='wot.php?id=7&action=update&locid=".$_GET['locid']."'>";
echo "<p><a href='wot.php?id=7&action=update&locid=".$locid."'>";
echo _("Make my location here");
echo "</a></p>\n";
echo "<p>"._("If you are happy with this location, click 'Make my location here' to update your location details.")."</p><br>\n";
@ -144,31 +148,31 @@ if($_GET['action'] != "update")
$total1 = mysql_num_rows(mysql_query("select * from `users`,`notary` where `listme`='1' and `users`.`id`=`notary`.`to`
group by `notary`.`to` HAVING SUM(`points`) >= 100"));
if(intval($_GET['locid']) > 0)
if($locid > 0)
{
$total4 = mysql_num_rows(mysql_query("select * from `users`,`notary` where `listme`='1' and `locid`='".$_GET['locid']."' and
$total4 = mysql_num_rows(mysql_query("select * from `users`,`notary` where `listme`='1' and `locid`='".$locid."' and
`users`.`id`=`notary`.`to` group by `notary`.`to` HAVING SUM(`points`) >= 100"));
$loc = mysql_fetch_assoc(mysql_query("select * from `locations` where `id`='".$_GET['locid']."'"));
$_GET['regid'] = $loc['regid'];
$loc = mysql_fetch_assoc(mysql_query("select * from `locations` where `id`='".$locid."'"));
$regid = $loc['regid'];
}
if(intval($_GET['regid']) > 0)
if($regid) > 0)
{
$total3 = mysql_num_rows(mysql_query("select * from `users`,`notary` where `listme`='1' and `regid`='".$_GET['regid']."' and
$total3 = mysql_num_rows(mysql_query("select * from `users`,`notary` where `listme`='1' and `regid`='".$regid."' and
`users`.`id`=`notary`.`to` group by `notary`.`to` HAVING SUM(`points`) >= 100"));
$reg = mysql_fetch_assoc(mysql_query("select * from `regions` where `id`='".$_GET['regid']."'"));
$_GET['ccid'] = $reg['ccid'];
$reg = mysql_fetch_assoc(mysql_query("select * from `regions` where `id`='".$regid."'"));
$ccid = $reg['ccid'];
}
$total2 = mysql_num_rows(mysql_query("select * from `users`,`notary` where `listme`='1' and
`ccid`='".$_GET['ccid']."' and `users`.`id`=`notary`.`to`
`ccid`='".$ccid."' and `users`.`id`=`notary`.`to`
group by `notary`.`to` HAVING SUM(`points`) >= 100"));
$_SESSION['profile']['ccid'] = $_GET['ccid'];
$_SESSION['profile']['regid'] = $_GET['regid'];
$_SESSION['profile']['locid'] = $_GET['locid'];
$_SESSION['profile']['ccid'] = $ccid;
$_SESSION['profile']['regid'] = $regid;
$_SESSION['profile']['locid'] = $locid;
mysql_query("update `users` set `ccid`='".$_GET['ccid']."',`regid`='".$_GET['regid']."',`locid`='".$_GET['locid']."'
mysql_query("update `users` set `ccid`='".$ccid."',`regid`='".$regid."',`locid`='".$locid."'
where `id`='".$_SESSION['profile']['id']."'");
echo _("Your details have been updated.");

Write Preview
Loading…
Cancel
Save