Improved register_globals

16 years ago · df70d9e4fe
parent e06fd6069d
commit df70d9e4fe
6 changed files with 12 additions and 12 deletions
--- a/pages/account/12.php
+++ b/pages/account/12.php
@ -34,7 +34,7 @@
 			`domaincerts`.`expire` as `expires`, `revoked` as `revoke`,
 			UNIX_TIMESTAMP(`revoked`) as `revoked`, `CN`, `domaincerts`.`id` as `id`
 			from `domaincerts`,`domains`
-			where `memid`='".$_SESSION[profile][id]."' and `deleted`=0 and `domaincerts`.`domid`=`domains`.`id` ";
+			where `memid`='".intval($_SESSION['profile']['id'])."' and `deleted`=0 and `domaincerts`.`domid`=`domains`.`id` ";
 	if($_GET['viewall'] != 1)
 	{
 		$query .= "AND `revoked`=0 AND `renewed`=0 ";
--- a/pages/account/42.php
+++ b/pages/account/42.php
@ -15,7 +15,7 @@
    along with this program; if not, write to the Free Software
    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
 */ ?>
-<? if($_SESSION['_config']['error'] != "") { ?><div color="orange">ERROR: <?=$_SESSION['_config']['error']?></div><? unset($_SESSION['_config']['error']); } ?>
+<? if(array_key_exists('error',$_SESSION['_config']) && $_SESSION['_config']['error'] != "") { ?><div color="orange">ERROR: <?=$_SESSION['_config']['error']?></div><? unset($_SESSION['_config']['error']); } ?>
 <form method="post" action="account.php">
 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
  <tr>
@ -23,7 +23,7 @@
  </tr>
  <tr>
    <td class="DataTD"><?=_("Email")?>:</td>
-    <td class="DataTD"><input type="text" name="email" value="<?=sanitizeHTML($_POST['email'])?>"></td>
+    <td class="DataTD"><input type="text" name="email" value="<?=array_key_exists('email',$_POST)?sanitizeHTML($_POST['email']):''?>"></td>
  </tr>
  <tr>
    <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>"></td>
--- a/pages/account/48.php
+++ b/pages/account/48.php
@ -15,7 +15,7 @@
    along with this program; if not, write to the Free Software
    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
 */ ?>
-<? if($_SESSION['_config']['error'] != "") { ?><div color="orange">ERROR: <?=$_SESSION['_config']['error']?></div><? unset($_SESSION['_config']['error']); } ?>
+<? if(array_key_exists('error',$_SESSION['_config']) && $_SESSION['_config']['error'] != "") { ?><div color="orange">ERROR: <?=$_SESSION['_config']['error']?></div><? unset($_SESSION['_config']['error']); } ?>
 <form method="post" action="account.php">
 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
  <tr>
@ -23,7 +23,7 @@
  </tr>
  <tr>
    <td class="DataTD"><?=_("Domain")?>:</td>
-    <td class="DataTD"><input type="text" name="domain" value="<?=sanitizeHTML($_POST['domain'])?>"></td>
+    <td class="DataTD"><input type="text" name="domain" value="<?=array_key_exists('domain',$_POST)?sanitizeHTML($_POST['domain']):''?>"></td>
  </tr>
  <tr>
    <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>"></td>
--- a/pages/account/6.php
+++ b/pages/account/6.php
@ -17,7 +17,7 @@
 */ ?>
 <?
 	$certid = intval($cert);
-	$query = "select * from `emailcerts` where `id`='$certid' and `memid`='".$_SESSION[profile][id]."'";
+	$query = "select * from `emailcerts` where `id`='$certid' and `memid`='".intval($_SESSION['profile']['id'])."'";
 	$res = mysql_query($query);
 	if(mysql_num_rows($res) <= 0)
 	{
@ -30,7 +30,7 @@

 	$cert = `/usr/bin/openssl x509 -in $row[crt_name]`;

-	if($row[keytype] == "NS")
+	if($row['keytype'] == "NS")
 	{
 		if($install == 1)
 		{
--- a/pages/account/7.php
+++ b/pages/account/7.php
@ -24,7 +24,7 @@
  </tr>
  <tr>
    <td class="DataTD" width="125"><?=_("Domain")?>: </td>
-    <td class="DataTD" width="125"><input type="text" name="newdomain" value="<?=sanitizeHTML($_GET['newdomain'])?>"></td>
+    <td class="DataTD" width="125"><input type="text" name="newdomain" value="<?=array_key_exists('newdomain',$_GET)?sanitizeHTML($_GET['newdomain']):''?>"></td>
  </tr>

  <tr>
--- a/pages/account/9.php
+++ b/pages/account/9.php
@ -26,7 +26,7 @@
    <td class="DataTD"><?=_("Address")?></td>

 <?
-	$query = "select * from `domains` where `memid`='".$_SESSION[profile][id]."' and `deleted`=0";
+	$query = "select * from `domains` where `memid`='".$_SESSION['profile']['id']."' and `deleted`=0";
 	$res = mysql_query($query);
 	if(mysql_num_rows($res) <= 0)
 	{
@ -37,15 +37,15 @@
 <? } else {
 	while($row = mysql_fetch_assoc($res))
 	{
-		if($row[hash] == "")
+		if($row['hash'] == "")
 			$verified = _("Verified");
 		else
 			$verified = _("Unverified");
 ?>
  <tr>
-    <td class="DataTD"><input type="checkbox" name="delid[]" value="<?=$row[id]?>"></td>
+    <td class="DataTD"><input type="checkbox" name="delid[]" value="<?=$row['id']?>"></td>
    <td class="DataTD"><?=$verified?></td>
-    <td class="DataTD"><?=$row[domain]?></td>
+    <td class="DataTD"><?=$row['domain']?></td>
  </tr>
 <? } ?>
  <tr>