summaryrefslogtreecommitdiff
path: root/web/html
diff options
context:
space:
mode:
authorpjmattal <pjmattal>2007-09-17 13:35:54 +0000
committerpjmattal <pjmattal>2007-09-17 13:35:54 +0000
commit208cd74bf667740126fc5881935e2d0d57e939c1 (patch)
tree565bef0ec5cefa0a7f8aae02d35b4f6d57ab201b /web/html
parent93204fab27db5f40c5484cfbcee8630371c2fdbb (diff)
Added XSS patches from Joerie de Gram.
Diffstat (limited to 'web/html')
-rw-r--r--web/html/index.php18
1 files changed, 9 insertions, 9 deletions
diff --git a/web/html/index.php b/web/html/index.php
index 2e697df..eddf3ed 100644
--- a/web/html/index.php
+++ b/web/html/index.php
@@ -14,10 +14,10 @@ $login_error = "";
if (isset($_REQUEST["user"]) || isset($_REQUEST["pass"])) {
# Attempting to log in
#
- if (!isset($_REQUEST['user'])) {
+ if (!isset($_REQUEST["user"])) {
$login_error = __("You must supply a username.");
}
- if (!isset($_REQUEST['pass'])) {
+ if (!isset($_REQUEST["pass"])) {
$login_error = __("You must supply a password.");
}
if (!$login_error) {
@@ -33,12 +33,12 @@ if (isset($_REQUEST["user"]) || isset($_REQUEST["pass"])) {
$result = db_query($q, $dbh);
if (!$result) {
$login_error = __("Error looking up username, %s.",
- array($_REQUEST["user"]));
+ array(htmlspecialchars($_REQUEST["user"])));
} else {
$row = mysql_fetch_row($result);
if (empty($row)) {
$login_error = __("Incorrect password for username, %s.",
- array($_REQUEST["user"]));
+ array(htmlspecialchars($_REQUEST["user"])));
} elseif ($row[1]) {
$login_error = __("Your account has been suspended.");
}
@@ -223,12 +223,12 @@ $safe_count = $row[0];
$user = username_from_sid($_COOKIE["AURSID"]);
if (!empty($user)) {
- $q = "SELECT count(*) FROM Packages,PackageLocations,Users WHERE Packages.MaintainerUID = Users.ID AND Packages.LocationID = PackageLocations.ID AND PackageLocations.Location = 'unsupported' AND Users.Username='$user'";
+ $q = "SELECT count(*) FROM Packages,PackageLocations,Users WHERE Packages.MaintainerUID = Users.ID AND Packages.LocationID = PackageLocations.ID AND PackageLocations.Location = 'unsupported' AND Users.Username='".mysql_real_escape_string($user)."'";
$result = db_query($q, $dbh);
$row = mysql_fetch_row($result);
$maintainer_unsupported_count = $row[0];
- $q = "SELECT count(*) FROM Packages,Users WHERE Packages.OutOfDate = 1 AND Packages.MaintainerUID = Users.ID AND Users.Username='$user'";
+ $q = "SELECT count(*) FROM Packages,Users WHERE Packages.OutOfDate = 1 AND Packages.MaintainerUID = Users.ID AND Users.Username='".mysql_real_escape_string($user)."'";
$result = db_query($q, $dbh);
$row = mysql_fetch_row($result);
$flagged_outdated = $row[0];
@@ -253,7 +253,7 @@ if (!empty($user)) {
$atype = account_from_sid($_COOKIE["AURSID"]);
if ($atype == 'Trusted User') {
- $q = "SELECT count(*) FROM Packages,PackageLocations,Users WHERE Packages.MaintainerUID = Users.ID AND Packages.LocationID = PackageLocations.ID AND PackageLocations.Location = 'community' AND Users.Username='$user'";
+ $q = "SELECT count(*) FROM Packages,PackageLocations,Users WHERE Packages.MaintainerUID = Users.ID AND Packages.LocationID = PackageLocations.ID AND PackageLocations.Location = 'community' AND Users.Username='".mysql_real_escape_string($user)."'";
$result = db_query($q, $dbh);
$row = mysql_fetch_row($result);
$maintainer_community_count = $row[0];
@@ -278,7 +278,7 @@ if (!empty($user)) {
print "<tr>";
print "<td class='boxSoft'>";
if ($atype == 'Trusted User') {
- $q = "SELECT count(*) FROM Packages,Users WHERE Packages.Safe = 1 AND Packages.VerifiedBy = Users.ID AND Users.Username='$user'";
+ $q = "SELECT count(*) FROM Packages,Users WHERE Packages.Safe = 1 AND Packages.VerifiedBy = Users.ID AND Users.Username='".mysql_real_escape_string($user)."'";
$result = db_query($q, $dbh);
$row = mysql_fetch_row($result);
$flagged_safe = $row[0];
@@ -287,7 +287,7 @@ if (!empty($user)) {
}
else
{
- $q = "SELECT count(*) FROM Packages,Users WHERE Packages.Safe = 1 AND Packages.MaintainerUID = Users.ID AND Users.Username='$user'";
+ $q = "SELECT count(*) FROM Packages,Users WHERE Packages.Safe = 1 AND Packages.MaintainerUID = Users.ID AND Users.Username='".mysql_real_escape_string($user)."'";
$result = db_query($q, $dbh);
$row = mysql_fetch_row($result);
$flagged_safe = $row[0];