cacert
/
cacert-webdb
8
0
Fork 0
Code Issues Pull Requests 4 Projects Releases 2 Wiki Activity

Fixed XSS

Browse Source
pull/1/head
root 17 years ago
parent 27d3f15e2f
commit 920b3b44f8
1 changed files with 45 additions and 41 deletions
Show Stats Download Patch File Download Diff File

86
pages/wot/7-old.php
Unescape Escape View File

@ -27,43 +27,47 @@ if($_GET['action'] != "update")
echo "<a href='wot.php?id=7'>"._("Home")." ("._("Listed").": $total1)</a>\n"; echo "<a href='wot.php?id=7'>"._("Home")." ("._("Listed").": $total1)</a>\n";
$display = ""; $display = "";
if(intval($_GET['locid']) > 0) $ccid=intval($_GET['ccid']);
$locid=intval($_GET['locid']);
$regid=intval($_GET['regid']);
if($locid > 0)
{ {
$total4 = mysql_num_rows(mysql_query("select * from `users`,`notary` where `listme`='1' and `locid`='".$_GET['locid']."' and $total4 = mysql_num_rows(mysql_query("select * from `users`,`notary` where `listme`='1' and `locid`='".$locid."' and
`users`.`id`=`notary`.`to` group by `notary`.`to` HAVING SUM(`points`) >= 100")); `users`.`id`=`notary`.`to` group by `notary`.`to` HAVING SUM(`points`) >= 100"));
$loc = mysql_fetch_assoc(mysql_query("select * from `locations` where `id`='".$_GET['locid']."'")); $loc = mysql_fetch_assoc(mysql_query("select * from `locations` where `id`='".$locid."'"));
$display = "<ul class='top'>\n<li>\n". $display = "<ul class='top'>\n<li>\n".
"<a href='wot.php?id=7&locid=".$_GET['locid']."'>$loc[name] ("._("Listed").": $total4)</a>\n". "<a href='wot.php?id=7&locid=".$locid."'>$loc[name] ("._("Listed").": $total4)</a>\n".
$display; $display;
$_GET['regid'] = $loc['regid']; $regid = $loc['regid'];
} }
if(intval($_GET['regid']) > 0) if($regid > 0)
{ {
$total3 = mysql_num_rows(mysql_query("select * from `users`,`notary` where `listme`='1' and `regid`='".$_GET['regid']."' and $total3 = mysql_num_rows(mysql_query("select * from `users`,`notary` where `listme`='1' and `regid`='".$regid."' and
`users`.`id`=`notary`.`to` group by `notary`.`to` HAVING SUM(`points`) >= 100")); `users`.`id`=`notary`.`to` group by `notary`.`to` HAVING SUM(`points`) >= 100"));
$reg = mysql_fetch_assoc(mysql_query("select * from `regions` where `id`='".$_GET['regid']."'")); $reg = mysql_fetch_assoc(mysql_query("select * from `regions` where `id`='".$regid."'"));
$display = "<ul class='top'>\n<li>\n". $display = "<ul class='top'>\n<li>\n".
"<a href='wot.php?id=7&regid=".$_GET['regid']."'>$reg[name] ("._("Listed").": $total3)</a>\n". "<a href='wot.php?id=7&regid=".$regid."'>$reg[name] ("._("Listed").": $total3)</a>\n".
$display; $display;
$_GET['ccid'] = $reg['ccid']; $ccid = $reg['ccid'];
} }
if(intval($_GET['ccid']) > 0) if($ccid > 0)
{ {
$total2 = mysql_num_rows(mysql_query("select * from `users`,`notary` where `listme`='1' and $total2 = mysql_num_rows(mysql_query("select * from `users`,`notary` where `listme`='1' and
`ccid`='".$_GET['ccid']."' and `users`.`id`=`notary`.`to` `ccid`='".$ccid."' and `users`.`id`=`notary`.`to`
group by `notary`.`to` HAVING SUM(`points`) >= 100")); group by `notary`.`to` HAVING SUM(`points`) >= 100"));
$cnt = mysql_fetch_assoc(mysql_query("select * from `countries` where `id`='".$_GET['ccid']."'")); $cnt = mysql_fetch_assoc(mysql_query("select * from `countries` where `id`='".$ccid."'"));
$display = "<ul class='top'>\n<li>\n". $display = "<ul class='top'>\n<li>\n".
"<a href='wot.php?id=7&ccid=".$_GET['ccid']."'>$cnt[name] ("._("Listed").": $total2)</a>\n". "<a href='wot.php?id=7&ccid=".$ccid."'>$cnt[name] ("._("Listed").": $total2)</a>\n".
$display; $display;
} }
if($display) if($display)
echo $display; echo $display;
if(intval($_GET['ccid']) <= 0) if($ccid <= 0)
{ {
echo "<ul>\n"; echo "<ul>\n";
$query = "select * from `countries` order by `name`"; $query = "select * from `countries` order by `name`";
@ -72,44 +76,44 @@ if($_GET['action'] != "update")
echo "<li><a href='wot.php?id=7&ccid=$row[id]'>$row[name]</a></li>\n"; echo "<li><a href='wot.php?id=7&ccid=$row[id]'>$row[name]</a></li>\n";
echo "</ul>\n</li>\n</ul></div>\n<br>\n"; echo "</ul>\n</li>\n</ul></div>\n<br>\n";
} elseif(intval($_GET['regid']) <= 0) { } elseif($regid <= 0) {
echo "<ul>\n"; echo "<ul>\n";
$query = "select * from `regions` where `ccid`='".$_GET['ccid']."' order by `name`"; $query = "select * from `regions` where `ccid`='".$ccid."' order by `name`";
$res = mysql_query($query); $res = mysql_query($query);
while($row = mysql_fetch_assoc($res)) while($row = mysql_fetch_assoc($res))
echo "<li><a href='wot.php?id=7&regid=$row[id]'>$row[name]</a></li>\n"; echo "<li><a href='wot.php?id=7&regid=$row[id]'>$row[name]</a></li>\n";
echo "</ul>\n</li>\n</ul>\n</li>\n</ul></div>\n<br>\n"; echo "</ul>\n</li>\n</ul>\n</li>\n</ul></div>\n<br>\n";
} elseif(intval($_GET['locid']) <= 0) { } elseif($locid <= 0) {
echo "<ul>\n"; echo "<ul>\n";
if($town != "") if($town != "")
{ {
$query = "select * from `locations` where `regid`='".$_GET['regid']."' and `name` < '$town'"; $query = "select * from `locations` where `regid`='".$regid."' and `name` < '$town'";
$start = mysql_num_rows(mysql_query($query)); $start = mysql_num_rows(mysql_query($query));
} }
$query = "select * from `locations` where `regid`='".$_GET['regid']."' order by `name` limit $start, $limit"; $query = "select * from `locations` where `regid`='".$regid."' order by `name` limit $start, $limit";
$res = mysql_query($query); $res = mysql_query($query);
while($row = mysql_fetch_assoc($res)) while($row = mysql_fetch_assoc($res))
echo "<li><a href='wot.php?id=7&locid=$row[id]'>$row[name]</a></li>\n"; echo "<li><a href='wot.php?id=7&locid=$row[id]'>$row[name]</a></li>\n";
echo "</ul>\n</li>\n</ul>\n</li>\n</ul></div>\n<br>\n"; echo "</ul>\n</li>\n</ul>\n</li>\n</ul></div>\n<br>\n";
$rc = mysql_num_rows(mysql_query("select * from `locations` where `regid`='".$_GET['regid']."'")); $rc = mysql_num_rows(mysql_query("select * from `locations` where `regid`='".$regid."'"));
if($start > 0) if($start > 0)
{ {
$prev = $start - $limit; $prev = $start - $limit;
if($prev < 0) if($prev < 0)
$prev = 0; $prev = 0;
$st = "[ <a href='wot.php?id=7&regid=".$_GET['regid']."'><< Start</a> ] "; $st = "[ <a href='wot.php?id=7&regid=".$regid."'><< Start</a> ] ";
$prev = "[ <a href='wot.php?id=7&regid=".$_GET['regid']."&start=$prev'>< Previous $limit</a> ] "; $prev = "[ <a href='wot.php?id=7&regid=".$regid."&start=$prev'>< Previous $limit</a> ] ";
} }
if($start < $rc - $limit) if($start < $rc - $limit)
{ {
$next = $start + $limit; $next = $start + $limit;
$last = $rc - $limit; $last = $rc - $limit;
$next = "[ <a href='wot.php?id=7&regid=".$_GET['regid']."&start=$next'>Next $limit ></a> ] "; $next = "[ <a href='wot.php?id=7&regid=".$regid."&start=$next'>Next $limit ></a> ] ";
$end = "[ <a href='wot.php?id=7&regid=".$_GET['regid']."&start=$last'>End >></a> ]"; $end = "[ <a href='wot.php?id=7&regid=".$regid."&start=$last'>End >></a> ]";
} }
echo "<div id='search1'>$st</div><div id='search3'>$end</div>\n"; echo "<div id='search1'>$st</div><div id='search3'>$end</div>\n";
echo "<div id='search2'>$prev</div><div id='search4'>$next</div>\n"; echo "<div id='search2'>$prev</div><div id='search4'>$next</div>\n";
@ -122,20 +126,20 @@ if($_GET['action'] != "update")
</tr> </tr>
<tr> <tr>
<td class="DataTD" width="125"><?=_("Location Name")?>: </td> <td class="DataTD" width="125"><?=_("Location Name")?>: </td>
<td class="DataTD" width="125"><input type="text" name="town" value="<?=$_GET['town']?>" size="10"></td> <td class="DataTD" width="125"><input type="text" name="town" value="<?=sanitizeHTML($_GET['town'])?>" size="10"></td>
</tr> </tr>
<tr> <tr>
<td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Search")?>"></td> <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Search")?>"></td>
</tr> </tr>
</table> </table>
<input type="hidden" name="regid" value="<?=$_GET['regid']?>"> <input type="hidden" name="regid" value="<?=$regid?>">
<input type="hidden" name="id" value="7"> <input type="hidden" name="id" value="7">
</form> </form>
</div> </div>
<? <?
} else { } else {
echo "</ul>\n</li>\n</ul>\n</li>\n</ul>\n</li>\n</ul>\n<br>\n"; echo "</ul>\n</li>\n</ul>\n</li>\n</ul>\n</li>\n</ul>\n<br>\n";
echo "<p><a href='wot.php?id=7&action=update&locid=".$_GET['locid']."'>"; echo "<p><a href='wot.php?id=7&action=update&locid=".$locid."'>";
echo _("Make my location here"); echo _("Make my location here");
echo "</a></p>\n"; echo "</a></p>\n";
echo "<p>"._("If you are happy with this location, click 'Make my location here' to update your location details.")."</p><br>\n"; echo "<p>"._("If you are happy with this location, click 'Make my location here' to update your location details.")."</p><br>\n";
@ -144,31 +148,31 @@ if($_GET['action'] != "update")
$total1 = mysql_num_rows(mysql_query("select * from `users`,`notary` where `listme`='1' and `users`.`id`=`notary`.`to` $total1 = mysql_num_rows(mysql_query("select * from `users`,`notary` where `listme`='1' and `users`.`id`=`notary`.`to`
group by `notary`.`to` HAVING SUM(`points`) >= 100")); group by `notary`.`to` HAVING SUM(`points`) >= 100"));
if(intval($_GET['locid']) > 0) if($locid > 0)
{ {
$total4 = mysql_num_rows(mysql_query("select * from `users`,`notary` where `listme`='1' and `locid`='".$_GET['locid']."' and $total4 = mysql_num_rows(mysql_query("select * from `users`,`notary` where `listme`='1' and `locid`='".$locid."' and
`users`.`id`=`notary`.`to` group by `notary`.`to` HAVING SUM(`points`) >= 100")); `users`.`id`=`notary`.`to` group by `notary`.`to` HAVING SUM(`points`) >= 100"));
$loc = mysql_fetch_assoc(mysql_query("select * from `locations` where `id`='".$_GET['locid']."'")); $loc = mysql_fetch_assoc(mysql_query("select * from `locations` where `id`='".$locid."'"));
$_GET['regid'] = $loc['regid']; $regid = $loc['regid'];
} }
if(intval($_GET['regid']) > 0) if($regid) > 0)
{ {
$total3 = mysql_num_rows(mysql_query("select * from `users`,`notary` where `listme`='1' and `regid`='".$_GET['regid']."' and $total3 = mysql_num_rows(mysql_query("select * from `users`,`notary` where `listme`='1' and `regid`='".$regid."' and
`users`.`id`=`notary`.`to` group by `notary`.`to` HAVING SUM(`points`) >= 100")); `users`.`id`=`notary`.`to` group by `notary`.`to` HAVING SUM(`points`) >= 100"));
$reg = mysql_fetch_assoc(mysql_query("select * from `regions` where `id`='".$_GET['regid']."'")); $reg = mysql_fetch_assoc(mysql_query("select * from `regions` where `id`='".$regid."'"));
$_GET['ccid'] = $reg['ccid']; $ccid = $reg['ccid'];
} }
$total2 = mysql_num_rows(mysql_query("select * from `users`,`notary` where `listme`='1' and $total2 = mysql_num_rows(mysql_query("select * from `users`,`notary` where `listme`='1' and
`ccid`='".$_GET['ccid']."' and `users`.`id`=`notary`.`to` `ccid`='".$ccid."' and `users`.`id`=`notary`.`to`
group by `notary`.`to` HAVING SUM(`points`) >= 100")); group by `notary`.`to` HAVING SUM(`points`) >= 100"));
$_SESSION['profile']['ccid'] = $_GET['ccid']; $_SESSION['profile']['ccid'] = $ccid;
$_SESSION['profile']['regid'] = $_GET['regid']; $_SESSION['profile']['regid'] = $regid;
$_SESSION['profile']['locid'] = $_GET['locid']; $_SESSION['profile']['locid'] = $locid;
mysql_query("update `users` set `ccid`='".$_GET['ccid']."',`regid`='".$_GET['regid']."',`locid`='".$_GET['locid']."' mysql_query("update `users` set `ccid`='".$ccid."',`regid`='".$regid."',`locid`='".$locid."'
where `id`='".$_SESSION['profile']['id']."'"); where `id`='".$_SESSION['profile']['id']."'");
echo _("Your details have been updated."); echo _("Your details have been updated.");

Write Preview
Loading…
Cancel
Save