From dc79c6215b0b75e321a20b02eb02a75e01a7af1c Mon Sep 17 00:00:00 2001 From: root Date: Mon, 17 Nov 2008 21:24:42 +0000 Subject: [PATCH] Added prevention --- includes/account.php | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/includes/account.php b/includes/account.php index 0158851..3a7d40e 100644 --- a/includes/account.php +++ b/includes/account.php @@ -129,7 +129,7 @@ $query = "update `users` set `email`='".$row['email']."' where `id`='".$_SESSION['profile']['id']."'"; mysql_query($query); showheader(_("My CAcert.org Account!")); - printf(_("Your default email address has been updated to '%s'."), $row['email']); + printf(_("Your default email address has been updated to '%s'."), sanitizeHTML($row['email'])); showfooter(); exit; } @@ -1948,7 +1948,7 @@ { mysql_query("insert into `orgdomains` set `orgid`='".intval($_SESSION['_config']['orgid'])."', `domain`='$domain'"); showheader(_("My CAcert.org Account!")); - printf(_("'%s' has just been successfully added to the database."), $domain); + printf(_("'%s' has just been successfully added to the database."), sanitizeHTML($domain)); echo "

"._("Click here")." "._("to continue."); showfooter(); exit; @@ -1962,7 +1962,7 @@ $res2 = mysql_query("select * from `domains` where `domain` like '$domain' and `deleted`=0"); if(mysql_num_rows($res1) > 0 || mysql_num_rows($res2) > 0) { - $_SESSION['_config']['errmsg'] = sprintf(_("The domain '%s' is already in the system and is listed as valid. Can't continue."), $domain); + $_SESSION['_config']['errmsg'] = sprintf(_("The domain '%s' is already in the system and is listed as valid. Can't continue."), sanitizeHTML($domain)); $id = $oldid; $oldid=0; } @@ -1992,7 +1992,7 @@ $row = mysql_fetch_assoc(mysql_query("select * from `orgdomains` where `id`='".intval($_SESSION['_config']['domid'])."'")); mysql_query("update `orgdomains` set `domain`='$domain' where `id`='".intval($_SESSION['_config']['domid'])."'"); showheader(_("My CAcert.org Account!")); - printf(_("'%s' has just been successfully updated in the database."), $domain); + printf(_("'%s' has just been successfully updated in the database."), sanitizeHTML($domain)); echo "

"._("Click here")." "._("to continue."); showfooter(); exit; @@ -2004,7 +2004,7 @@ $domain = $row['domain']; mysql_query("delete from `orgdomains` where `id`='".intval($_SESSION['_config']['domid'])."'"); showheader(_("My CAcert.org Account!")); - printf(_("'%s' has just been successfully deleted from the database."), $domain); + printf(_("'%s' has just been successfully deleted from the database."), sanitizeHTML($domain)); echo "

"._("Click here")." "._("to continue."); showfooter(); exit; @@ -2096,7 +2096,7 @@ { $id = $oldid; $oldid=0; - $_SESSION['_config']['errmsg'] = sprintf(_("Wasn't able to match '%s' against any user in the system"), $_REQUEST['email']); + $_SESSION['_config']['errmsg'] = sprintf(_("Wasn't able to match '%s' against any user in the system"), sanitizeHTML($_REQUEST['email'])); } else { $row = mysql_fetch_assoc($res); mysql_query("insert into `org` set `memid`='".$row['id']."', `orgid`='".intval($_SESSION['_config']['orgid'])."', @@ -2374,7 +2374,7 @@ } else { mysql_query("update `users` set `password`=sha1('".mysql_real_escape_string(stripslashes($_REQUEST['newpass']))."') where `id`='".intval($_REQUEST['userid'])."'"); $row = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".$_REQUEST['userid']."'")); - printf(_("The password for %s has been updated successfully in the system."), $row['email']); + printf(_("The password for %s has been updated successfully in the system."), sanitizeHTML($row['email'])); $body = sprintf(_("Hi %s,"),$row['fname'])."\n";