From c5fc1b922233159f85839e89452df03c9acdb75d Mon Sep 17 00:00:00 2001 From: Mario Lipinski Date: Tue, 20 Aug 2013 02:28:14 +0200 Subject: [PATCH 1/3] #1203 session_register was removed as of PHP 5.4, usage did not make any sense there anyway. --- index.php.template | 1 - 1 file changed, 1 deletion(-) diff --git a/index.php.template b/index.php.template index fb246fb..1cbc177 100755 --- a/index.php.template +++ b/index.php.template @@ -1,6 +1,5 @@ Date: Tue, 21 Jan 2014 00:06:16 +0100 Subject: [PATCH 2/3] Fixed comment syntax --- database/update1.sql | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/database/update1.sql b/database/update1.sql index f575bc5..fb5354f 100644 --- a/database/update1.sql +++ b/database/update1.sql @@ -1,17 +1,17 @@ ---- create new table to record the database version +-- create new table to record the database version CREATE TABLE IF NOT EXISTS `schema_version` ( `id` int(11) PRIMARY KEY auto_increment, `version` int(11) NOT NULL UNIQUE, `when` datetime NOT NULL ) ENGINE=MyISAM DEFAULT CHARSET=latin1 COLLATE=latin1_general_ci; ---- alter learnprogress by one column +-- alter learnprogress by one column ALTER TABLE `learnprogress` ADD `passed` int(11) NOT NULL DEFAULT '0'; ---- update new column passed with -1 +-- update new column passed with -1 UPDATE `learnprogress` SET `passed`=-1; ---- update schema version number +-- update schema version number INSERT INTO `schema_version` (`version`, `when`) VALUES ('1' , NOW() ); From 5a80f36ef107dd0ce289898c2322620800a33768 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bernhard=20Fr=F6hlich?= Date: Mon, 10 Feb 2014 21:22:02 +0100 Subject: [PATCH 3/3] Added missing parameters to htmlspecialchars --- collect_question.php | 18 ++++++++++++------ functions/UploadResults.pl | 4 ++-- topic.php | 16 +++++++++++----- 3 files changed, 25 insertions(+), 13 deletions(-) diff --git a/collect_question.php b/collect_question.php index 348d4a1..8c7698e 100755 --- a/collect_question.php +++ b/collect_question.php @@ -14,6 +14,12 @@ if(($_SESSION['profile']['loggedin']==1) &&($_SESSION['profile']['admin']==1)){ // Überprüfung auf String / Wertzuweisung $action=''; if(isset($_GET['action'])) $action=strval($_GET['action']); + // Fetch encoding from session, simplifies future switch to utf-8 encoding. + $encoding = $_SESSION['_config']['encoding']; + if (!$encoding) { + $encoding = "iso-8859-1"; // Backwards compatibility + } + // Auswahl der gewählten Aktionen switch ($action){ @@ -23,10 +29,10 @@ if(($_SESSION['profile']['loggedin']==1) &&($_SESSION['profile']['admin']==1)){ // Wertzuweisung $_SESSION ['values']['question']['t_id']=0; if($_POST["t_id"])$_SESSION ['values']['question']['t_id'] =abs(intval($_REQUEST["t_id"])); $_SESSION ['values']['question']['qt']=0;if($_POST["qt"])$_SESSION ['values']['question']['qt'] =abs(intval($_REQUEST["qt"])); - $_SESSION ['values']['question']['questionText']=''; if($_POST["questionText"])$_SESSION ['values']['question']['questionText']= htmlspecialchars($_REQUEST["questionText"]); // Umwandlung von Sonderzeichen in HTML-Code - $new=""; if($_REQUEST["new"])$new= htmlspecialchars($_POST["new"]); // Umwandlung von Sonderzeichen in HTML-Code + $_SESSION ['values']['question']['questionText']=''; if($_POST["questionText"])$_SESSION ['values']['question']['questionText']= htmlspecialchars($_REQUEST["questionText"], ENT_COMPAT | ENT_HTML401, $encoding); // Umwandlung von Sonderzeichen in HTML-Code + $new=""; if($_REQUEST["new"])$new= htmlspecialchars($_POST["new"], ENT_COMPAT | ENT_HTML401, $encoding); // Umwandlung von Sonderzeichen in HTML-Code $_SESSION ['values']['question']['description']=0; if($_POST["description"])$_SESSION ['values']['question']['description']=abs(intval($_POST["description"])); - $_SESSION ['values']['question']['descriptionText']="";if($_POST["descriptionText"])$_SESSION ['values']['question']['descriptionText']=htmlspecialchars($_POST["descriptionText"]); + $_SESSION ['values']['question']['descriptionText']="";if($_POST["descriptionText"])$_SESSION ['values']['question']['descriptionText']=htmlspecialchars($_POST["descriptionText"], ENT_COMPAT | ENT_HTML401, $encoding); // Session Variable setzen $_SESSION ['values']['question']['new']=1; @@ -124,9 +130,9 @@ if(($_SESSION['profile']['loggedin']==1) &&($_SESSION['profile']['admin']==1)){ // Wertzuweisung $qt_id=0; if(isset($_GET['qt_id'])) $qt_id=abs(intval($_GET['qt_id'])); - $error=""; if(isset($_GET["error"])) $error= htmlspecialchars($_GET["error"]); // Umwandlung von Sonderzeichen in HTML-Code - $new=""; if(isset($_GET['new'])) $new=htmlspecialchars($_GET['new']); - $questionText=""; if(isset($_REQUEST["questionText"])) $questionText= htmlspecialchars($_REQUEST["questionText"]); + $error=""; if(isset($_GET["error"])) $error= htmlspecialchars($_GET["error"], ENT_COMPAT | ENT_HTML401, $encoding); // Umwandlung von Sonderzeichen in HTML-Code + $new=""; if(isset($_GET['new'])) $new=htmlspecialchars($_GET['new'], ENT_COMPAT | ENT_HTML401, $encoding); + $questionText=""; if(isset($_REQUEST["questionText"])) $questionText= htmlspecialchars($_REQUEST["questionText"], ENT_COMPAT | ENT_HTML401, $encoding); // Sessionvariable setzen $_SESSION['values']['error']=$error; diff --git a/functions/UploadResults.pl b/functions/UploadResults.pl index d24c0db..d760f8e 100755 --- a/functions/UploadResults.pl +++ b/functions/UploadResults.pl @@ -1,4 +1,4 @@ -#!/usr/local/bin/perl +#!/usr/bin/perl use Socket; use Net::SSLeay qw(die_now die_if_ssl_error) ; use DBI; @@ -8,7 +8,7 @@ my $KeyFile = "key_200808.pem"; my $CAfile = "CAcert_roots.pem"; my $TargetHost="secure.cacert.org"; my $TargetScript="cats/cats_import.php"; -my $ConnectInc="/home/cats/public_html/includes/db_connect.inc"; +my $ConnectInc="/var/www/cats1.it-sls.de/training/public/includes/db_connect.inc"; sub url_encode($) { diff --git a/topic.php b/topic.php index a7e9416..b4839ab 100755 --- a/topic.php +++ b/topic.php @@ -33,7 +33,13 @@ if(($_SESSION['profile']['loggedin']==1) &&($_SESSION['profile']['admin']==1)){ } else { $site="site=topic&action=getQuestions&t_id=$t_id"; } - + + // Fetch encoding from session, simplifies future switch to utf-8 encoding. + $encoding = $_SESSION['_config']['encoding']; + if (!$encoding) { + $encoding = "iso-8859-1"; // Backwards compatibility + } + // Löschen der Session Variable if (isset($_SESSION['values']['question']['new'])) unset($_SESSION['values']['question']['new']); @@ -45,7 +51,7 @@ if(($_SESSION['profile']['loggedin']==1) &&($_SESSION['profile']['admin']==1)){ // Wertzuweisung $questPerQuiz=0; if(isset($_REQUEST["questPerQuiz"]))$questPerQuiz =abs(intval($_REQUEST["questPerQuiz"])); $rawToPass=0; if(isset($_REQUEST["rawToPass"]))$rawToPass =abs(intval($_REQUEST["rawToPass"])); - $name=""; if(isset($_REQUEST["new_topic"]))$name= htmlspecialchars($_REQUEST["new_topic"]); // Umwandlung von Sonderzeichen in HTML-Code + $name=""; if(isset($_REQUEST["new_topic"]))$name= htmlspecialchars($_REQUEST["new_topic"], ENT_COMPAT | ENT_HTML401, $encoding); // Umwandlung von Sonderzeichen in HTML-Code $topics->setTopicName($name); $checkNum=$topics->setNumOfQu($questPerQuiz); @@ -157,8 +163,8 @@ if(($_SESSION['profile']['loggedin']==1) &&($_SESSION['profile']['admin']==1)){ case 'updateQuestion': { // Question updaten // Wertzuweisung - $questionText=""; if(isset($_REQUEST["question"]))$questionText= htmlspecialchars($_REQUEST["question"]); - $descriptionText=""; if(isset($_REQUEST["descriptionText"]))$descriptionText= htmlspecialchars($_REQUEST["descriptionText"]); + $questionText=""; if(isset($_REQUEST["question"]))$questionText= htmlspecialchars($_REQUEST["question"], ENT_COMPAT | ENT_HTML401, $encoding); + $descriptionText=""; if(isset($_REQUEST["descriptionText"]))$descriptionText= htmlspecialchars($_REQUEST["descriptionText"], ENT_COMPAT | ENT_HTML401, $encoding); $description=0; if(isset($_REQUEST["description"]))$description=$_REQUEST["description"]; $question->setID($q_id); @@ -234,7 +240,7 @@ if(($_SESSION['profile']['loggedin']==1) &&($_SESSION['profile']['admin']==1)){ case 'updateTopic':{ // Topic updaten //Wertzuweisung - $name=""; if(isset($_REQUEST["new_topic"]))$name= htmlspecialchars($_REQUEST["new_topic"]); + $name=""; if(isset($_REQUEST["new_topic"]))$name= htmlspecialchars($_REQUEST["new_topic"], ENT_COMPAT | ENT_HTML401, $encoding); $numofQuiz=0; if(isset($_REQUEST["questPerQuiz"]))$numOfQuiz =abs(intval($_REQUEST["questPerQuiz"])); $rawToPass=0; if(isset($_REQUEST["rawToPass"])) $rawToPass =abs(intval($_REQUEST["rawToPass"]));