mirror of
https://github.com/CAcertOrg/cats.git
synced 2024-11-22 05:14:04 +00:00
Added missing parameters to htmlspecialchars
This commit is contained in:
parent
c47c026f6b
commit
5a80f36ef1
3 changed files with 25 additions and 13 deletions
|
@ -14,6 +14,12 @@ if(($_SESSION['profile']['loggedin']==1) &&($_SESSION['profile']['admin']==1)){
|
||||||
// Überprüfung auf String / Wertzuweisung
|
// Überprüfung auf String / Wertzuweisung
|
||||||
$action=''; if(isset($_GET['action'])) $action=strval($_GET['action']);
|
$action=''; if(isset($_GET['action'])) $action=strval($_GET['action']);
|
||||||
|
|
||||||
|
// Fetch encoding from session, simplifies future switch to utf-8 encoding.
|
||||||
|
$encoding = $_SESSION['_config']['encoding'];
|
||||||
|
if (!$encoding) {
|
||||||
|
$encoding = "iso-8859-1"; // Backwards compatibility
|
||||||
|
}
|
||||||
|
|
||||||
// Auswahl der gewählten Aktionen
|
// Auswahl der gewählten Aktionen
|
||||||
switch ($action){
|
switch ($action){
|
||||||
|
|
||||||
|
@ -23,10 +29,10 @@ if(($_SESSION['profile']['loggedin']==1) &&($_SESSION['profile']['admin']==1)){
|
||||||
// Wertzuweisung
|
// Wertzuweisung
|
||||||
$_SESSION ['values']['question']['t_id']=0; if($_POST["t_id"])$_SESSION ['values']['question']['t_id'] =abs(intval($_REQUEST["t_id"]));
|
$_SESSION ['values']['question']['t_id']=0; if($_POST["t_id"])$_SESSION ['values']['question']['t_id'] =abs(intval($_REQUEST["t_id"]));
|
||||||
$_SESSION ['values']['question']['qt']=0;if($_POST["qt"])$_SESSION ['values']['question']['qt'] =abs(intval($_REQUEST["qt"]));
|
$_SESSION ['values']['question']['qt']=0;if($_POST["qt"])$_SESSION ['values']['question']['qt'] =abs(intval($_REQUEST["qt"]));
|
||||||
$_SESSION ['values']['question']['questionText']=''; if($_POST["questionText"])$_SESSION ['values']['question']['questionText']= htmlspecialchars($_REQUEST["questionText"]); // Umwandlung von Sonderzeichen in HTML-Code
|
$_SESSION ['values']['question']['questionText']=''; if($_POST["questionText"])$_SESSION ['values']['question']['questionText']= htmlspecialchars($_REQUEST["questionText"], ENT_COMPAT | ENT_HTML401, $encoding); // Umwandlung von Sonderzeichen in HTML-Code
|
||||||
$new=""; if($_REQUEST["new"])$new= htmlspecialchars($_POST["new"]); // Umwandlung von Sonderzeichen in HTML-Code
|
$new=""; if($_REQUEST["new"])$new= htmlspecialchars($_POST["new"], ENT_COMPAT | ENT_HTML401, $encoding); // Umwandlung von Sonderzeichen in HTML-Code
|
||||||
$_SESSION ['values']['question']['description']=0; if($_POST["description"])$_SESSION ['values']['question']['description']=abs(intval($_POST["description"]));
|
$_SESSION ['values']['question']['description']=0; if($_POST["description"])$_SESSION ['values']['question']['description']=abs(intval($_POST["description"]));
|
||||||
$_SESSION ['values']['question']['descriptionText']="";if($_POST["descriptionText"])$_SESSION ['values']['question']['descriptionText']=htmlspecialchars($_POST["descriptionText"]);
|
$_SESSION ['values']['question']['descriptionText']="";if($_POST["descriptionText"])$_SESSION ['values']['question']['descriptionText']=htmlspecialchars($_POST["descriptionText"], ENT_COMPAT | ENT_HTML401, $encoding);
|
||||||
|
|
||||||
// Session Variable setzen
|
// Session Variable setzen
|
||||||
$_SESSION ['values']['question']['new']=1;
|
$_SESSION ['values']['question']['new']=1;
|
||||||
|
@ -124,9 +130,9 @@ if(($_SESSION['profile']['loggedin']==1) &&($_SESSION['profile']['admin']==1)){
|
||||||
|
|
||||||
// Wertzuweisung
|
// Wertzuweisung
|
||||||
$qt_id=0; if(isset($_GET['qt_id'])) $qt_id=abs(intval($_GET['qt_id']));
|
$qt_id=0; if(isset($_GET['qt_id'])) $qt_id=abs(intval($_GET['qt_id']));
|
||||||
$error=""; if(isset($_GET["error"])) $error= htmlspecialchars($_GET["error"]); // Umwandlung von Sonderzeichen in HTML-Code
|
$error=""; if(isset($_GET["error"])) $error= htmlspecialchars($_GET["error"], ENT_COMPAT | ENT_HTML401, $encoding); // Umwandlung von Sonderzeichen in HTML-Code
|
||||||
$new=""; if(isset($_GET['new'])) $new=htmlspecialchars($_GET['new']);
|
$new=""; if(isset($_GET['new'])) $new=htmlspecialchars($_GET['new'], ENT_COMPAT | ENT_HTML401, $encoding);
|
||||||
$questionText=""; if(isset($_REQUEST["questionText"])) $questionText= htmlspecialchars($_REQUEST["questionText"]);
|
$questionText=""; if(isset($_REQUEST["questionText"])) $questionText= htmlspecialchars($_REQUEST["questionText"], ENT_COMPAT | ENT_HTML401, $encoding);
|
||||||
|
|
||||||
// Sessionvariable setzen
|
// Sessionvariable setzen
|
||||||
$_SESSION['values']['error']=$error;
|
$_SESSION['values']['error']=$error;
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
#!/usr/local/bin/perl
|
#!/usr/bin/perl
|
||||||
use Socket;
|
use Socket;
|
||||||
use Net::SSLeay qw(die_now die_if_ssl_error) ;
|
use Net::SSLeay qw(die_now die_if_ssl_error) ;
|
||||||
use DBI;
|
use DBI;
|
||||||
|
@ -8,7 +8,7 @@ my $KeyFile = "key_200808.pem";
|
||||||
my $CAfile = "CAcert_roots.pem";
|
my $CAfile = "CAcert_roots.pem";
|
||||||
my $TargetHost="secure.cacert.org";
|
my $TargetHost="secure.cacert.org";
|
||||||
my $TargetScript="cats/cats_import.php";
|
my $TargetScript="cats/cats_import.php";
|
||||||
my $ConnectInc="/home/cats/public_html/includes/db_connect.inc";
|
my $ConnectInc="/var/www/cats1.it-sls.de/training/public/includes/db_connect.inc";
|
||||||
|
|
||||||
sub url_encode($)
|
sub url_encode($)
|
||||||
{
|
{
|
||||||
|
|
14
topic.php
14
topic.php
|
@ -34,6 +34,12 @@ if(($_SESSION['profile']['loggedin']==1) &&($_SESSION['profile']['admin']==1)){
|
||||||
$site="site=topic&action=getQuestions&t_id=$t_id";
|
$site="site=topic&action=getQuestions&t_id=$t_id";
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Fetch encoding from session, simplifies future switch to utf-8 encoding.
|
||||||
|
$encoding = $_SESSION['_config']['encoding'];
|
||||||
|
if (!$encoding) {
|
||||||
|
$encoding = "iso-8859-1"; // Backwards compatibility
|
||||||
|
}
|
||||||
|
|
||||||
// Löschen der Session Variable
|
// Löschen der Session Variable
|
||||||
if (isset($_SESSION['values']['question']['new'])) unset($_SESSION['values']['question']['new']);
|
if (isset($_SESSION['values']['question']['new'])) unset($_SESSION['values']['question']['new']);
|
||||||
|
|
||||||
|
@ -45,7 +51,7 @@ if(($_SESSION['profile']['loggedin']==1) &&($_SESSION['profile']['admin']==1)){
|
||||||
// Wertzuweisung
|
// Wertzuweisung
|
||||||
$questPerQuiz=0; if(isset($_REQUEST["questPerQuiz"]))$questPerQuiz =abs(intval($_REQUEST["questPerQuiz"]));
|
$questPerQuiz=0; if(isset($_REQUEST["questPerQuiz"]))$questPerQuiz =abs(intval($_REQUEST["questPerQuiz"]));
|
||||||
$rawToPass=0; if(isset($_REQUEST["rawToPass"]))$rawToPass =abs(intval($_REQUEST["rawToPass"]));
|
$rawToPass=0; if(isset($_REQUEST["rawToPass"]))$rawToPass =abs(intval($_REQUEST["rawToPass"]));
|
||||||
$name=""; if(isset($_REQUEST["new_topic"]))$name= htmlspecialchars($_REQUEST["new_topic"]); // Umwandlung von Sonderzeichen in HTML-Code
|
$name=""; if(isset($_REQUEST["new_topic"]))$name= htmlspecialchars($_REQUEST["new_topic"], ENT_COMPAT | ENT_HTML401, $encoding); // Umwandlung von Sonderzeichen in HTML-Code
|
||||||
|
|
||||||
$topics->setTopicName($name);
|
$topics->setTopicName($name);
|
||||||
$checkNum=$topics->setNumOfQu($questPerQuiz);
|
$checkNum=$topics->setNumOfQu($questPerQuiz);
|
||||||
|
@ -157,8 +163,8 @@ if(($_SESSION['profile']['loggedin']==1) &&($_SESSION['profile']['admin']==1)){
|
||||||
case 'updateQuestion': { // Question updaten
|
case 'updateQuestion': { // Question updaten
|
||||||
|
|
||||||
// Wertzuweisung
|
// Wertzuweisung
|
||||||
$questionText=""; if(isset($_REQUEST["question"]))$questionText= htmlspecialchars($_REQUEST["question"]);
|
$questionText=""; if(isset($_REQUEST["question"]))$questionText= htmlspecialchars($_REQUEST["question"], ENT_COMPAT | ENT_HTML401, $encoding);
|
||||||
$descriptionText=""; if(isset($_REQUEST["descriptionText"]))$descriptionText= htmlspecialchars($_REQUEST["descriptionText"]);
|
$descriptionText=""; if(isset($_REQUEST["descriptionText"]))$descriptionText= htmlspecialchars($_REQUEST["descriptionText"], ENT_COMPAT | ENT_HTML401, $encoding);
|
||||||
$description=0; if(isset($_REQUEST["description"]))$description=$_REQUEST["description"];
|
$description=0; if(isset($_REQUEST["description"]))$description=$_REQUEST["description"];
|
||||||
|
|
||||||
$question->setID($q_id);
|
$question->setID($q_id);
|
||||||
|
@ -234,7 +240,7 @@ if(($_SESSION['profile']['loggedin']==1) &&($_SESSION['profile']['admin']==1)){
|
||||||
case 'updateTopic':{ // Topic updaten
|
case 'updateTopic':{ // Topic updaten
|
||||||
|
|
||||||
//Wertzuweisung
|
//Wertzuweisung
|
||||||
$name=""; if(isset($_REQUEST["new_topic"]))$name= htmlspecialchars($_REQUEST["new_topic"]);
|
$name=""; if(isset($_REQUEST["new_topic"]))$name= htmlspecialchars($_REQUEST["new_topic"], ENT_COMPAT | ENT_HTML401, $encoding);
|
||||||
$numofQuiz=0; if(isset($_REQUEST["questPerQuiz"]))$numOfQuiz =abs(intval($_REQUEST["questPerQuiz"]));
|
$numofQuiz=0; if(isset($_REQUEST["questPerQuiz"]))$numOfQuiz =abs(intval($_REQUEST["questPerQuiz"]));
|
||||||
$rawToPass=0; if(isset($_REQUEST["rawToPass"])) $rawToPass =abs(intval($_REQUEST["rawToPass"]));
|
$rawToPass=0; if(isset($_REQUEST["rawToPass"])) $rawToPass =abs(intval($_REQUEST["rawToPass"]));
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue