diff options
author | pjmattal <pjmattal> | 2007-09-17 13:35:54 +0000 |
---|---|---|
committer | pjmattal <pjmattal> | 2007-09-17 13:35:54 +0000 |
commit | 208cd74bf667740126fc5881935e2d0d57e939c1 (patch) | |
tree | 565bef0ec5cefa0a7f8aae02d35b4f6d57ab201b /web/html | |
parent | 93204fab27db5f40c5484cfbcee8630371c2fdbb (diff) |
Added XSS patches from Joerie de Gram.
Diffstat (limited to 'web/html')
-rw-r--r-- | web/html/index.php | 18 |
1 files changed, 9 insertions, 9 deletions
diff --git a/web/html/index.php b/web/html/index.php index 2e697df..eddf3ed 100644 --- a/web/html/index.php +++ b/web/html/index.php @@ -14,10 +14,10 @@ $login_error = ""; if (isset($_REQUEST["user"]) || isset($_REQUEST["pass"])) { # Attempting to log in # - if (!isset($_REQUEST['user'])) { + if (!isset($_REQUEST["user"])) { $login_error = __("You must supply a username."); } - if (!isset($_REQUEST['pass'])) { + if (!isset($_REQUEST["pass"])) { $login_error = __("You must supply a password."); } if (!$login_error) { @@ -33,12 +33,12 @@ if (isset($_REQUEST["user"]) || isset($_REQUEST["pass"])) { $result = db_query($q, $dbh); if (!$result) { $login_error = __("Error looking up username, %s.", - array($_REQUEST["user"])); + array(htmlspecialchars($_REQUEST["user"]))); } else { $row = mysql_fetch_row($result); if (empty($row)) { $login_error = __("Incorrect password for username, %s.", - array($_REQUEST["user"])); + array(htmlspecialchars($_REQUEST["user"]))); } elseif ($row[1]) { $login_error = __("Your account has been suspended."); } @@ -223,12 +223,12 @@ $safe_count = $row[0]; $user = username_from_sid($_COOKIE["AURSID"]); if (!empty($user)) { - $q = "SELECT count(*) FROM Packages,PackageLocations,Users WHERE Packages.MaintainerUID = Users.ID AND Packages.LocationID = PackageLocations.ID AND PackageLocations.Location = 'unsupported' AND Users.Username='$user'"; + $q = "SELECT count(*) FROM Packages,PackageLocations,Users WHERE Packages.MaintainerUID = Users.ID AND Packages.LocationID = PackageLocations.ID AND PackageLocations.Location = 'unsupported' AND Users.Username='".mysql_real_escape_string($user)."'"; $result = db_query($q, $dbh); $row = mysql_fetch_row($result); $maintainer_unsupported_count = $row[0]; - $q = "SELECT count(*) FROM Packages,Users WHERE Packages.OutOfDate = 1 AND Packages.MaintainerUID = Users.ID AND Users.Username='$user'"; + $q = "SELECT count(*) FROM Packages,Users WHERE Packages.OutOfDate = 1 AND Packages.MaintainerUID = Users.ID AND Users.Username='".mysql_real_escape_string($user)."'"; $result = db_query($q, $dbh); $row = mysql_fetch_row($result); $flagged_outdated = $row[0]; @@ -253,7 +253,7 @@ if (!empty($user)) { $atype = account_from_sid($_COOKIE["AURSID"]); if ($atype == 'Trusted User') { - $q = "SELECT count(*) FROM Packages,PackageLocations,Users WHERE Packages.MaintainerUID = Users.ID AND Packages.LocationID = PackageLocations.ID AND PackageLocations.Location = 'community' AND Users.Username='$user'"; + $q = "SELECT count(*) FROM Packages,PackageLocations,Users WHERE Packages.MaintainerUID = Users.ID AND Packages.LocationID = PackageLocations.ID AND PackageLocations.Location = 'community' AND Users.Username='".mysql_real_escape_string($user)."'"; $result = db_query($q, $dbh); $row = mysql_fetch_row($result); $maintainer_community_count = $row[0]; @@ -278,7 +278,7 @@ if (!empty($user)) { print "<tr>"; print "<td class='boxSoft'>"; if ($atype == 'Trusted User') { - $q = "SELECT count(*) FROM Packages,Users WHERE Packages.Safe = 1 AND Packages.VerifiedBy = Users.ID AND Users.Username='$user'"; + $q = "SELECT count(*) FROM Packages,Users WHERE Packages.Safe = 1 AND Packages.VerifiedBy = Users.ID AND Users.Username='".mysql_real_escape_string($user)."'"; $result = db_query($q, $dbh); $row = mysql_fetch_row($result); $flagged_safe = $row[0]; @@ -287,7 +287,7 @@ if (!empty($user)) { } else { - $q = "SELECT count(*) FROM Packages,Users WHERE Packages.Safe = 1 AND Packages.MaintainerUID = Users.ID AND Users.Username='$user'"; + $q = "SELECT count(*) FROM Packages,Users WHERE Packages.Safe = 1 AND Packages.MaintainerUID = Users.ID AND Users.Username='".mysql_real_escape_string($user)."'"; $result = db_query($q, $dbh); $row = mysql_fetch_row($result); $flagged_safe = $row[0]; |