Fixed XSS
This commit is contained in:
parent
27d3f15e2f
commit
920b3b44f8
1 changed files with 45 additions and 41 deletions
|
@ -27,43 +27,47 @@ if($_GET['action'] != "update")
|
|||
echo "<a href='wot.php?id=7'>"._("Home")." ("._("Listed").": $total1)</a>\n";
|
||||
|
||||
$display = "";
|
||||
if(intval($_GET['locid']) > 0)
|
||||
$ccid=intval($_GET['ccid']);
|
||||
$locid=intval($_GET['locid']);
|
||||
$regid=intval($_GET['regid']);
|
||||
|
||||
if($locid > 0)
|
||||
{
|
||||
$total4 = mysql_num_rows(mysql_query("select * from `users`,`notary` where `listme`='1' and `locid`='".$_GET['locid']."' and
|
||||
$total4 = mysql_num_rows(mysql_query("select * from `users`,`notary` where `listme`='1' and `locid`='".$locid."' and
|
||||
`users`.`id`=`notary`.`to` group by `notary`.`to` HAVING SUM(`points`) >= 100"));
|
||||
$loc = mysql_fetch_assoc(mysql_query("select * from `locations` where `id`='".$_GET['locid']."'"));
|
||||
$loc = mysql_fetch_assoc(mysql_query("select * from `locations` where `id`='".$locid."'"));
|
||||
$display = "<ul class='top'>\n<li>\n".
|
||||
"<a href='wot.php?id=7&locid=".$_GET['locid']."'>$loc[name] ("._("Listed").": $total4)</a>\n".
|
||||
"<a href='wot.php?id=7&locid=".$locid."'>$loc[name] ("._("Listed").": $total4)</a>\n".
|
||||
$display;
|
||||
$_GET['regid'] = $loc['regid'];
|
||||
$regid = $loc['regid'];
|
||||
}
|
||||
|
||||
if(intval($_GET['regid']) > 0)
|
||||
if($regid > 0)
|
||||
{
|
||||
$total3 = mysql_num_rows(mysql_query("select * from `users`,`notary` where `listme`='1' and `regid`='".$_GET['regid']."' and
|
||||
$total3 = mysql_num_rows(mysql_query("select * from `users`,`notary` where `listme`='1' and `regid`='".$regid."' and
|
||||
`users`.`id`=`notary`.`to` group by `notary`.`to` HAVING SUM(`points`) >= 100"));
|
||||
$reg = mysql_fetch_assoc(mysql_query("select * from `regions` where `id`='".$_GET['regid']."'"));
|
||||
$reg = mysql_fetch_assoc(mysql_query("select * from `regions` where `id`='".$regid."'"));
|
||||
$display = "<ul class='top'>\n<li>\n".
|
||||
"<a href='wot.php?id=7®id=".$_GET['regid']."'>$reg[name] ("._("Listed").": $total3)</a>\n".
|
||||
"<a href='wot.php?id=7®id=".$regid."'>$reg[name] ("._("Listed").": $total3)</a>\n".
|
||||
$display;
|
||||
$_GET['ccid'] = $reg['ccid'];
|
||||
$ccid = $reg['ccid'];
|
||||
}
|
||||
|
||||
if(intval($_GET['ccid']) > 0)
|
||||
if($ccid > 0)
|
||||
{
|
||||
$total2 = mysql_num_rows(mysql_query("select * from `users`,`notary` where `listme`='1' and
|
||||
`ccid`='".$_GET['ccid']."' and `users`.`id`=`notary`.`to`
|
||||
`ccid`='".$ccid."' and `users`.`id`=`notary`.`to`
|
||||
group by `notary`.`to` HAVING SUM(`points`) >= 100"));
|
||||
$cnt = mysql_fetch_assoc(mysql_query("select * from `countries` where `id`='".$_GET['ccid']."'"));
|
||||
$cnt = mysql_fetch_assoc(mysql_query("select * from `countries` where `id`='".$ccid."'"));
|
||||
$display = "<ul class='top'>\n<li>\n".
|
||||
"<a href='wot.php?id=7&ccid=".$_GET['ccid']."'>$cnt[name] ("._("Listed").": $total2)</a>\n".
|
||||
"<a href='wot.php?id=7&ccid=".$ccid."'>$cnt[name] ("._("Listed").": $total2)</a>\n".
|
||||
$display;
|
||||
}
|
||||
|
||||
if($display)
|
||||
echo $display;
|
||||
|
||||
if(intval($_GET['ccid']) <= 0)
|
||||
if($ccid <= 0)
|
||||
{
|
||||
echo "<ul>\n";
|
||||
$query = "select * from `countries` order by `name`";
|
||||
|
@ -72,44 +76,44 @@ if($_GET['action'] != "update")
|
|||
echo "<li><a href='wot.php?id=7&ccid=$row[id]'>$row[name]</a></li>\n";
|
||||
|
||||
echo "</ul>\n</li>\n</ul></div>\n<br>\n";
|
||||
} elseif(intval($_GET['regid']) <= 0) {
|
||||
} elseif($regid <= 0) {
|
||||
echo "<ul>\n";
|
||||
$query = "select * from `regions` where `ccid`='".$_GET['ccid']."' order by `name`";
|
||||
$query = "select * from `regions` where `ccid`='".$ccid."' order by `name`";
|
||||
$res = mysql_query($query);
|
||||
while($row = mysql_fetch_assoc($res))
|
||||
echo "<li><a href='wot.php?id=7®id=$row[id]'>$row[name]</a></li>\n";
|
||||
|
||||
echo "</ul>\n</li>\n</ul>\n</li>\n</ul></div>\n<br>\n";
|
||||
} elseif(intval($_GET['locid']) <= 0) {
|
||||
} elseif($locid <= 0) {
|
||||
echo "<ul>\n";
|
||||
if($town != "")
|
||||
{
|
||||
$query = "select * from `locations` where `regid`='".$_GET['regid']."' and `name` < '$town'";
|
||||
$query = "select * from `locations` where `regid`='".$regid."' and `name` < '$town'";
|
||||
$start = mysql_num_rows(mysql_query($query));
|
||||
}
|
||||
$query = "select * from `locations` where `regid`='".$_GET['regid']."' order by `name` limit $start, $limit";
|
||||
$query = "select * from `locations` where `regid`='".$regid."' order by `name` limit $start, $limit";
|
||||
$res = mysql_query($query);
|
||||
while($row = mysql_fetch_assoc($res))
|
||||
echo "<li><a href='wot.php?id=7&locid=$row[id]'>$row[name]</a></li>\n";
|
||||
|
||||
echo "</ul>\n</li>\n</ul>\n</li>\n</ul></div>\n<br>\n";
|
||||
$rc = mysql_num_rows(mysql_query("select * from `locations` where `regid`='".$_GET['regid']."'"));
|
||||
$rc = mysql_num_rows(mysql_query("select * from `locations` where `regid`='".$regid."'"));
|
||||
if($start > 0)
|
||||
{
|
||||
$prev = $start - $limit;
|
||||
if($prev < 0)
|
||||
$prev = 0;
|
||||
|
||||
$st = "[ <a href='wot.php?id=7®id=".$_GET['regid']."'><< Start</a> ] ";
|
||||
$prev = "[ <a href='wot.php?id=7®id=".$_GET['regid']."&start=$prev'>< Previous $limit</a> ] ";
|
||||
$st = "[ <a href='wot.php?id=7®id=".$regid."'><< Start</a> ] ";
|
||||
$prev = "[ <a href='wot.php?id=7®id=".$regid."&start=$prev'>< Previous $limit</a> ] ";
|
||||
}
|
||||
if($start < $rc - $limit)
|
||||
{
|
||||
$next = $start + $limit;
|
||||
$last = $rc - $limit;
|
||||
|
||||
$next = "[ <a href='wot.php?id=7®id=".$_GET['regid']."&start=$next'>Next $limit ></a> ] ";
|
||||
$end = "[ <a href='wot.php?id=7®id=".$_GET['regid']."&start=$last'>End >></a> ]";
|
||||
$next = "[ <a href='wot.php?id=7®id=".$regid."&start=$next'>Next $limit ></a> ] ";
|
||||
$end = "[ <a href='wot.php?id=7®id=".$regid."&start=$last'>End >></a> ]";
|
||||
}
|
||||
echo "<div id='search1'>$st</div><div id='search3'>$end</div>\n";
|
||||
echo "<div id='search2'>$prev</div><div id='search4'>$next</div>\n";
|
||||
|
@ -122,20 +126,20 @@ if($_GET['action'] != "update")
|
|||
</tr>
|
||||
<tr>
|
||||
<td class="DataTD" width="125"><?=_("Location Name")?>: </td>
|
||||
<td class="DataTD" width="125"><input type="text" name="town" value="<?=$_GET['town']?>" size="10"></td>
|
||||
<td class="DataTD" width="125"><input type="text" name="town" value="<?=sanitizeHTML($_GET['town'])?>" size="10"></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Search")?>"></td>
|
||||
</tr>
|
||||
</table>
|
||||
<input type="hidden" name="regid" value="<?=$_GET['regid']?>">
|
||||
<input type="hidden" name="regid" value="<?=$regid?>">
|
||||
<input type="hidden" name="id" value="7">
|
||||
</form>
|
||||
</div>
|
||||
<?
|
||||
} else {
|
||||
echo "</ul>\n</li>\n</ul>\n</li>\n</ul>\n</li>\n</ul>\n<br>\n";
|
||||
echo "<p><a href='wot.php?id=7&action=update&locid=".$_GET['locid']."'>";
|
||||
echo "<p><a href='wot.php?id=7&action=update&locid=".$locid."'>";
|
||||
echo _("Make my location here");
|
||||
echo "</a></p>\n";
|
||||
echo "<p>"._("If you are happy with this location, click 'Make my location here' to update your location details.")."</p><br>\n";
|
||||
|
@ -144,31 +148,31 @@ if($_GET['action'] != "update")
|
|||
$total1 = mysql_num_rows(mysql_query("select * from `users`,`notary` where `listme`='1' and `users`.`id`=`notary`.`to`
|
||||
group by `notary`.`to` HAVING SUM(`points`) >= 100"));
|
||||
|
||||
if(intval($_GET['locid']) > 0)
|
||||
if($locid > 0)
|
||||
{
|
||||
$total4 = mysql_num_rows(mysql_query("select * from `users`,`notary` where `listme`='1' and `locid`='".$_GET['locid']."' and
|
||||
$total4 = mysql_num_rows(mysql_query("select * from `users`,`notary` where `listme`='1' and `locid`='".$locid."' and
|
||||
`users`.`id`=`notary`.`to` group by `notary`.`to` HAVING SUM(`points`) >= 100"));
|
||||
$loc = mysql_fetch_assoc(mysql_query("select * from `locations` where `id`='".$_GET['locid']."'"));
|
||||
$_GET['regid'] = $loc['regid'];
|
||||
$loc = mysql_fetch_assoc(mysql_query("select * from `locations` where `id`='".$locid."'"));
|
||||
$regid = $loc['regid'];
|
||||
}
|
||||
|
||||
if(intval($_GET['regid']) > 0)
|
||||
if($regid) > 0)
|
||||
{
|
||||
$total3 = mysql_num_rows(mysql_query("select * from `users`,`notary` where `listme`='1' and `regid`='".$_GET['regid']."' and
|
||||
$total3 = mysql_num_rows(mysql_query("select * from `users`,`notary` where `listme`='1' and `regid`='".$regid."' and
|
||||
`users`.`id`=`notary`.`to` group by `notary`.`to` HAVING SUM(`points`) >= 100"));
|
||||
$reg = mysql_fetch_assoc(mysql_query("select * from `regions` where `id`='".$_GET['regid']."'"));
|
||||
$_GET['ccid'] = $reg['ccid'];
|
||||
$reg = mysql_fetch_assoc(mysql_query("select * from `regions` where `id`='".$regid."'"));
|
||||
$ccid = $reg['ccid'];
|
||||
}
|
||||
|
||||
$total2 = mysql_num_rows(mysql_query("select * from `users`,`notary` where `listme`='1' and
|
||||
`ccid`='".$_GET['ccid']."' and `users`.`id`=`notary`.`to`
|
||||
`ccid`='".$ccid."' and `users`.`id`=`notary`.`to`
|
||||
group by `notary`.`to` HAVING SUM(`points`) >= 100"));
|
||||
|
||||
$_SESSION['profile']['ccid'] = $_GET['ccid'];
|
||||
$_SESSION['profile']['regid'] = $_GET['regid'];
|
||||
$_SESSION['profile']['locid'] = $_GET['locid'];
|
||||
$_SESSION['profile']['ccid'] = $ccid;
|
||||
$_SESSION['profile']['regid'] = $regid;
|
||||
$_SESSION['profile']['locid'] = $locid;
|
||||
|
||||
mysql_query("update `users` set `ccid`='".$_GET['ccid']."',`regid`='".$_GET['regid']."',`locid`='".$_GET['locid']."'
|
||||
mysql_query("update `users` set `ccid`='".$ccid."',`regid`='".$regid."',`locid`='".$locid."'
|
||||
where `id`='".$_SESSION['profile']['id']."'");
|
||||
|
||||
echo _("Your details have been updated.");
|
||||
|
|
Loading…
Reference in a new issue