Wrap some more variables in htmlspecialchars()
This commit is contained in:
parent
6f88f09165
commit
a530140220
|
@ -16,8 +16,8 @@ $Redirect = "account";
|
|||
|
||||
// make sure a username and password is specified for authentication
|
||||
if (isset($_SESSION['username']) && isset($_SESSION['password'])) {
|
||||
$Username = $_SESSION['username'];
|
||||
$Password = $_SESSION['password'];
|
||||
$Username = htmlspecialchars($_SESSION['username']);
|
||||
$Password = htmlspecialchars($_SESSION['password']);
|
||||
} else {
|
||||
print "Username and password must be specified.";
|
||||
die();
|
||||
|
|
|
@ -11,7 +11,7 @@ $Error = "";
|
|||
if (!isset($_SESSION['username']) || !isset($_SESSION['password']) || !isset($_SESSION['type'])) {
|
||||
header('Location: login.php?redir=admin');
|
||||
die();
|
||||
} else if ($_SESSION['type'] != 2) { // not allowed
|
||||
} else if (htmlspecialchars($_SESSION['type']) != 2) { // not allowed
|
||||
header('Location: /');
|
||||
die();
|
||||
}
|
||||
|
@ -38,7 +38,7 @@ $Database = createTables($sqlDB);
|
|||
$DatabaseQuery = $Database->query('SELECT * FROM users');
|
||||
|
||||
while ($line = $DatabaseQuery->fetchArray()) {
|
||||
if ($line['username'] == $_SESSION['username'] && $_SESSION['username'] != "" && $line['password'] == $_SESSION['password'] && $_SESSION['password'] != "" && $line['usertype'] == 2) {
|
||||
if ($line['username'] == htmlspecialchars($_SESSION['username']) && htmlspecialchars($_SESSION['username']) != "" && $line['password'] == htmlspecialchars($_SESSION['password']) && htmlspecialchars($_SESSION['password']) != "" && $line['usertype'] == 2) {
|
||||
$Authorized = 1;
|
||||
$Primary = $line['primaryadmin'];
|
||||
break;
|
||||
|
|
|
@ -21,8 +21,8 @@ if (isset($_REQUEST['redir'])) {
|
|||
|
||||
// make sure a username and password is specified for authentication
|
||||
if (isset($_SESSION['username']) && isset($_SESSION['password'])) {
|
||||
$Username = $_SESSION['username'];
|
||||
$Password = $_SESSION['password'];
|
||||
$Username = htmlspecialchars($_SESSION['username']);
|
||||
$Password = htmlspecialchars($_SESSION['password']);
|
||||
} else {
|
||||
if ($Redirect == "account") {
|
||||
header("Location: account.php?id=$ID&e=auth");
|
||||
|
|
|
@ -26,14 +26,14 @@ if (!isset($_SESSION['username']) || !isset($_SESSION['password']) || !isset($_S
|
|||
|
||||
$DatabaseQuery = $Database->query('SELECT * FROM users');
|
||||
while ($line = $DatabaseQuery->fetchArray()) {
|
||||
if ($line['username'] == $_SESSION['username'] && $_SESSION['username'] != "" && $line['password'] == $_SESSION['password'] && $line['usertype'] == $_SESSION['type']) {
|
||||
if ($line['username'] == htmlspecialchars($_SESSION['username']) && htmlspecialchars($_SESSION['username']) != "" && $line['password'] == htmlspecialchars($_SESSION['password']) && $line['usertype'] == htmlspecialchars($_SESSION['type'])) {
|
||||
$AuthorizedCreation = 1;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
$Username = $_SESSION['username'];
|
||||
$userType = $_SESSION['type'];
|
||||
$Username = htmlspecialchars($_SESSION['username']);
|
||||
$userType = htmlspecialchars($_SESSION['type']);
|
||||
|
||||
// not authorized
|
||||
if ($AuthorizedCreation != 1) {
|
||||
|
|
10
core.php
10
core.php
|
@ -116,7 +116,7 @@ function printCommentField($html, $id, $pageID) {
|
|||
if ($line['usertype'] == 2) {
|
||||
$html .= "\t\t\t\t\t\t<p style=\"text-align: left;\"><span class=\"commentAuthorMod\">$username</span> on <span class=\"commentDate\">$date:</span>\n";
|
||||
|
||||
if ($line['username'] == $_SESSION['username'] || $_SESSION['type'] == 2) {
|
||||
if ($line['username'] == htmlspecialchars($_SESSION['username']) || htmlspecialchars($_SESSION['type']) == 2) {
|
||||
$html .= "<a id=\"commentRemove\" href=\"/remove-comment.php?id=$cid&retid=$pageID\">Remove</a></p>\n";
|
||||
}
|
||||
|
||||
|
@ -124,7 +124,7 @@ function printCommentField($html, $id, $pageID) {
|
|||
} else {
|
||||
$html .= "\t\t\t\t\t\t<p style=\"text-align: left;\"><span class=\"commentAuthor\">$username</span> on <span class=\"commentDate\">$date:</span>\n";
|
||||
|
||||
if ($line['username'] == $_SESSION['username'] || $_SESSION['type'] == 2) {
|
||||
if ($line['username'] == htmlspecialchars($_SESSION['username']) || htmlspecialchars($_SESSION['type']) == 2) {
|
||||
$html .= "<a id=\"commentRemove\" href=\"/remove-comment.php?id=$cid&retid=$pageID\">Remove</a></p>\n";
|
||||
}
|
||||
|
||||
|
@ -294,7 +294,7 @@ function printHeader($html, $printpage) {
|
|||
$id = -1;
|
||||
|
||||
if (isset($_REQUEST['id'])) {
|
||||
$id = $_REQUEST['id'];
|
||||
$id = htmlspecialchars($_REQUEST['id']);
|
||||
}
|
||||
|
||||
$Database = createTables($sqlDB);
|
||||
|
@ -407,7 +407,7 @@ function printHeader($html, $printpage) {
|
|||
|
||||
$html .= "\t\t\t\t<a id='login' href=\"/login.php\">Log in</a>\n";
|
||||
} else {
|
||||
$Username = $_SESSION['username'];
|
||||
$Username = htmlspecialchars($_SESSION['username']);
|
||||
$html .= "\t\t\t\t<a id='username' href=\"/account.php\">$Username</a>\n";
|
||||
$html .= "\t\t\t\t<a id='logout' href=\"/login.php?logout=true\">Log out</a>\n";
|
||||
}
|
||||
|
@ -541,7 +541,7 @@ function printHeader($html, $printpage) {
|
|||
|
||||
$html .= "\t\t\t\t<a id='login' href=\"/login.php\">Log in</a>\n";
|
||||
} else {
|
||||
$Username = $_SESSION['username'];
|
||||
$Username = htmlspecialchars($_SESSION['username']);
|
||||
$html .= "\t\t\t\t<a id='username' href=\"/account.php\">$Username</a>\n";
|
||||
$html .= "\t\t\t\t<a id='logout' href=\"/login.php?logout=true\">Log out</a>\n";
|
||||
}
|
||||
|
|
|
@ -30,7 +30,7 @@ if (!checkIfAdminExists()) {
|
|||
if (!isset($_SESSION['username']) || !isset($_SESSION['password']) || !isset($_SESSION['type'])) {
|
||||
header('Location: login.php?redir=admin');
|
||||
die();
|
||||
} else if ($_SESSION['type'] != 2) { // not allowed
|
||||
} else if (htmlspecialchars($_SESSION['type']) != 2) { // not allowed
|
||||
header('Location: /');
|
||||
die();
|
||||
}
|
||||
|
@ -40,7 +40,7 @@ if (!checkIfAdminExists()) {
|
|||
|
||||
$DatabaseQuery = $Database->query('SELECT * FROM users');
|
||||
while ($line = $DatabaseQuery->fetchArray()) {
|
||||
if ($line['username'] == $_SESSION['username'] && $_SESSION['username'] != "" && $line['password'] == $_SESSION['password'] && $line['usertype'] == $_SESSION['type']) {
|
||||
if ($line['username'] == htmlspecialchars($_SESSION['username']) && htmlspecialchars($_SESSION['username']) != "" && $line['password'] == htmlspecialchars($_SESSION['password']) && $line['usertype'] == htmlspecialchars($_SESSION['type'])) {
|
||||
$AuthorizedCreation = 1;
|
||||
$AdminIsPrimary = $line['primaryadmin'];
|
||||
break;
|
||||
|
|
|
@ -21,20 +21,20 @@ $DatabaseQuery = $Database->query('SELECT * FROM users');
|
|||
if (!isset($_SESSION['username']) || !isset($_SESSION['password']) || !isset($_SESSION['type'])) {
|
||||
header('Location: login.php?redir=admin');
|
||||
die();
|
||||
} else if ($_SESSION['type'] != 2) { // not allowed
|
||||
} else if (htmlspecialchars($_SESSION['type']) != 2) { // not allowed
|
||||
header('Location: /');
|
||||
die();
|
||||
}
|
||||
|
||||
$DatabaseQuery = $Database->query('SELECT * FROM users');
|
||||
while ($line = $DatabaseQuery->fetchArray()) {
|
||||
if ($line['username'] == $_SESSION['username'] && $_SESSION['username'] != "" && $line['password'] == $_SESSION['password'] && $line['usertype'] == 2) {
|
||||
if ($line['username'] == htmlspecialchars($_SESSION['username']) && htmlspecialchars($_SESSION['username']) != "" && $line['password'] == htmlspecialchars($_SESSION['password']) && $line['usertype'] == 2) {
|
||||
$AuthorizedCreation = 1;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
$Username = $_SESSION['username'];
|
||||
$Username = htmlspecialchars($_SESSION['username']);
|
||||
|
||||
// not authorized
|
||||
if ($AuthorizedCreation != 1) {
|
||||
|
|
|
@ -10,7 +10,7 @@ $postID = -1;
|
|||
if (!isset($_SESSION['username']) || !isset($_SESSION['password']) || !isset($_SESSION['type'])) {
|
||||
header('Location: login.php?redir=edit-page');
|
||||
die();
|
||||
} else if ($_SESSION['type'] != 2) { // not allowed
|
||||
} else if (htmlspecialchars($_SESSION['type']) != 2) { // not allowed
|
||||
header('Location: /');
|
||||
die();
|
||||
}
|
||||
|
@ -26,7 +26,7 @@ $Database = createTables($sqlDB);
|
|||
$DatabaseQuery = $Database->query('SELECT * FROM users');
|
||||
|
||||
while ($line = $DatabaseQuery->fetchArray()) {
|
||||
if ($line['username'] == $_SESSION['username'] && $_SESSION['username'] != "" && $line['password'] == $_SESSION['password'] && $_SESSION['password'] != "") {
|
||||
if ($line['username'] == htmlspecialchars($_SESSION['username']) && $_SESSION['username'] != "" && $line['password'] == htmlspecialchars($_SESSION['password']) && htmlspecialchars($_SESSION['password']) != "") {
|
||||
$Authorized = true;
|
||||
break;
|
||||
}
|
||||
|
|
4
edit.php
4
edit.php
|
@ -14,7 +14,7 @@ $Request = "false";
|
|||
if (!isset($_SESSION['username']) || !isset($_SESSION['password']) || !isset($_SESSION['type'])) {
|
||||
header('Location: login.php?redir=edit');
|
||||
die();
|
||||
} else if ($_SESSION['type'] != 2) { // not allowed
|
||||
} else if (htmlspecialchars($_SESSION['type']) != 2) { // not allowed
|
||||
header('Location: /');
|
||||
die();
|
||||
}
|
||||
|
@ -53,7 +53,7 @@ $Database = createTables($sqlDB);
|
|||
$DatabaseQuery = $Database->query('SELECT * FROM users');
|
||||
|
||||
while ($line = $DatabaseQuery->fetchArray()) {
|
||||
if ($line['username'] == $_SESSION['username'] && $_SESSION['username'] != "" && $line['password'] == $_SESSION['password'] && $_SESSION['password'] != "" && $line['usertype'] == 2) {
|
||||
if ($line['username'] == htmlspecialchars($_SESSION['username']) && htmlspecialchars($_SESSION['username']) != "" && $line['password'] == htmlspecialchars($_SESSION['password']) && htmlspecialchars($_SESSION['password']) != "" && $line['usertype'] == 2) {
|
||||
$Authorized = 1;
|
||||
$Primary = $line['primaryadmin'];
|
||||
break;
|
||||
|
|
|
@ -20,7 +20,7 @@ if (isset($_REQUEST['logout']) && htmlspecialchars($_REQUEST['logout']) == "true
|
|||
|
||||
// if a session exists, redirect the user there instead
|
||||
if (isset($_SESSION['username']) && isset($_SESSION['password'])) {
|
||||
if ($Redirect == "index" || ($Redirect == "admin" && $_SESSION['type'] != 2) || $Redirect == "") {
|
||||
if ($Redirect == "index" || ($Redirect == "admin" && htmlspecialchars($_SESSION['type']) != 2) || $Redirect == "") {
|
||||
header('Location: /');
|
||||
die();
|
||||
} else if ($Redirect == "admin") {
|
||||
|
|
|
@ -16,7 +16,7 @@ if (isset($_REQUEST['redir'])) {
|
|||
}
|
||||
|
||||
if (isset($_REQUEST['id'])) {
|
||||
$id = $_REQUEST['id'];
|
||||
$id = htmlspecialchars($_REQUEST['id']);
|
||||
} else {
|
||||
header("Location: /");
|
||||
die();
|
||||
|
@ -32,20 +32,20 @@ $DatabaseQuery = $Database->query('SELECT * FROM users');
|
|||
if (!isset($_SESSION['username']) || !isset($_SESSION['password']) || !isset($_SESSION['type'])) {
|
||||
header('Location: login.php?redir=admin');
|
||||
die();
|
||||
} else if ($_SESSION['type'] != 2) { // not allowed
|
||||
} else if (htmlspecialchars($_SESSION['type']) != 2) { // not allowed
|
||||
header('Location: /');
|
||||
die();
|
||||
}
|
||||
|
||||
$DatabaseQuery = $Database->query('SELECT * FROM users');
|
||||
while ($line = $DatabaseQuery->fetchArray()) {
|
||||
if ($line['username'] == $_SESSION['username'] && $_SESSION['username'] != "" && $line['password'] == $_SESSION['password']) {
|
||||
if ($line['username'] == htmlspecialchars($_SESSION['username']) && htmlspecialchars($_SESSION['username']) != "" && $line['password'] == htmlspecialchars($_SESSION['password'])) {
|
||||
$Authorized = 1;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
$Username = $_SESSION['username'];
|
||||
$Username = htmlspecialchars($_SESSION['username']);
|
||||
|
||||
// not authorized
|
||||
if ($Authorized != 1) {
|
||||
|
|
|
@ -43,14 +43,14 @@ if (!isset($_SESSION['username']) || !isset($_SESSION['password']) || !isset($_S
|
|||
|
||||
$DatabaseQuery = $Database->query('SELECT * FROM users');
|
||||
while ($line = $DatabaseQuery->fetchArray()) {
|
||||
if ($line['username'] == $_SESSION['username'] && $_SESSION['username'] != "" && $line['password'] == $_SESSION['password']) {
|
||||
if ($line['username'] == htmlspecialchars($_SESSION['username']) && htmlspecialchars($_SESSION['username']) != "" && $line['password'] == htmlspecialchars($_SESSION['password'])) {
|
||||
if ($line['usertype'] == 2) {
|
||||
$Authorized = 1;
|
||||
} else {
|
||||
$CommentDatabaseQuery = $Database->query('SELECT * FROM comments');
|
||||
|
||||
while ($cline = $CommentDatabaseQuery->fetchArray()) {
|
||||
if ($cline['id'] == $id && $cline['username'] == $_SESSION['username']) {
|
||||
if ($cline['id'] == $id && $cline['username'] == htmlspecialchars($_SESSION['username'])) {
|
||||
$Authorized = 1;
|
||||
}
|
||||
}
|
||||
|
@ -60,7 +60,7 @@ while ($line = $DatabaseQuery->fetchArray()) {
|
|||
}
|
||||
}
|
||||
|
||||
$Username = $_SESSION['username'];
|
||||
$Username = htmlspecialchars($_SESSION['username']);
|
||||
|
||||
// not authorized
|
||||
if ($Authorized != 1) {
|
||||
|
|
|
@ -11,7 +11,7 @@ if (isset($_REQUEST['redir'])) {
|
|||
}
|
||||
|
||||
if (isset($_REQUEST['file'])) {
|
||||
$id = $_REQUEST['file'];
|
||||
$id = htmlspecialchars($_REQUEST['file']);
|
||||
} else {
|
||||
if ($Redirect == "admin") {
|
||||
header("Location: admin.php?e=file");
|
||||
|
@ -30,20 +30,20 @@ $DatabaseQuery = $Database->query('SELECT * FROM users');
|
|||
if (!isset($_SESSION['username']) || !isset($_SESSION['password']) || !isset($_SESSION['type'])) {
|
||||
header('Location: login.php?redir=admin');
|
||||
die();
|
||||
} else if ($_SESSION['type'] != 2) { // not allowed
|
||||
} else if (htmlspecialchars($_SESSION['type']) != 2) { // not allowed
|
||||
header('Location: /');
|
||||
die();
|
||||
}
|
||||
|
||||
$DatabaseQuery = $Database->query('SELECT * FROM users');
|
||||
while ($line = $DatabaseQuery->fetchArray()) {
|
||||
if ($line['username'] == $_SESSION['username'] && $_SESSION['username'] != "" && $line['password'] == $_SESSION['password'] && $line['usertype'] == 2) {
|
||||
if ($line['username'] == htmlspecialchars($_SESSION['username']) && htmlspecialchars($_SESSION['username']) != "" && $line['password'] == htmlspecialchars($_SESSION['password']) && $line['usertype'] == 2) {
|
||||
$AuthorizedCreation = 1;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
$Username = $_SESSION['username'];
|
||||
$Username = htmlspecialchars($_SESSION['username']);
|
||||
|
||||
// not authorized
|
||||
if ($AuthorizedCreation != 1) {
|
||||
|
|
|
@ -6,7 +6,7 @@ include "core.php";
|
|||
if (!isset($_SESSION['username']) || !isset($_SESSION['password']) || !isset($_SESSION['type'])) {
|
||||
header('Location: login.php?redir=admin');
|
||||
die();
|
||||
} else if ($_SESSION['type'] != 2) { // not allowed
|
||||
} else if (htmlspecialchars($_SESSION['type']) != 2) { // not allowed
|
||||
header('Location: /');
|
||||
die();
|
||||
}
|
||||
|
@ -41,7 +41,7 @@ $Database = createTables($sqlDB);
|
|||
$DatabaseQuery = $Database->query('SELECT * FROM users');
|
||||
|
||||
while ($line = $DatabaseQuery->fetchArray()) {
|
||||
if ($line['usertype'] == 2 && $line['username'] == $_SESSION['username'] && $_SESSION['username'] != "" && $line['password'] == $_SESSION['password'] && $_SESSION['password'] != "") {
|
||||
if ($line['usertype'] == 2 && $line['username'] == htmlspecialchars($_SESSION['username']) && htmlspecialchars($_SESSION['username']) != "" && $line['password'] == htmlspecialchars($_SESSION['password']) && htmlspecialchars($_SESSION['password']) != "") {
|
||||
$AuthorizedRemoval = 1;
|
||||
$AdminIsPrimary = $line['primaryadmin'];
|
||||
break;
|
||||
|
|
|
@ -40,20 +40,20 @@ $DatabaseQuery = $Database->query('SELECT * FROM users');
|
|||
if (!isset($_SESSION['username']) || !isset($_SESSION['password']) || !isset($_SESSION['type'])) {
|
||||
header('Location: login.php?redir=admin');
|
||||
die();
|
||||
} else if ($_SESSION['type'] != 2) { // not allowed
|
||||
} else if (htmlspecialchars($_SESSION['type']) != 2) { // not allowed
|
||||
header('Location: /');
|
||||
die();
|
||||
}
|
||||
|
||||
$DatabaseQuery = $Database->query('SELECT * FROM users');
|
||||
while ($line = $DatabaseQuery->fetchArray()) {
|
||||
if ($line['username'] == $_SESSION['username'] && $_SESSION['username'] != "" && $line['password'] == $_SESSION['password'] && $line['usertype'] == 2) {
|
||||
if ($line['username'] == htmlspecialchars($_SESSION['username']) && htmlspecialchars($_SESSION['username']) != "" && $line['password'] == htmlspecialchars($_SESSION['password']) && $line['usertype'] == 2) {
|
||||
$AuthorizedCreation = 1;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
$Username = $_SESSION['username'];
|
||||
$Username = htmlspecialchars($_SESSION['username']);
|
||||
|
||||
// not authorized
|
||||
if ($AuthorizedCreation != 1) {
|
||||
|
|
|
@ -22,7 +22,7 @@ if (isset($_REQUEST['request'])) {
|
|||
}
|
||||
|
||||
if (isset($_REQUEST['id'])) {
|
||||
$id = $_REQUEST['id'];
|
||||
$id = htmlspecialchars($_REQUEST['id']);
|
||||
} else {
|
||||
if ($Redirect == "admin") {
|
||||
header("Location: admin.php?e=endpoint");
|
||||
|
@ -41,20 +41,20 @@ $DatabaseQuery = $Database->query('SELECT * FROM users');
|
|||
if (!isset($_SESSION['username']) || !isset($_SESSION['password']) || !isset($_SESSION['type'])) {
|
||||
header('Location: login.php?redir=admin');
|
||||
die();
|
||||
} else if ($_SESSION['type'] != 2) { // not allowed
|
||||
} else if (htmlspecialchars($_SESSION['type']) != 2) { // not allowed
|
||||
header('Location: /');
|
||||
die();
|
||||
}
|
||||
|
||||
$DatabaseQuery = $Database->query('SELECT * FROM users');
|
||||
while ($line = $DatabaseQuery->fetchArray()) {
|
||||
if ($line['username'] == $_SESSION['username'] && $_SESSION['username'] != "" && $line['password'] == $_SESSION['password'] && $line['usertype'] == 2) {
|
||||
if ($line['username'] == htmlspecialchars($_SESSION['username']) && htmlspecialchars($_SESSION['username']) != "" && $line['password'] == htmlspecialchars($_SESSION['password']) && $line['usertype'] == 2) {
|
||||
$AuthorizedCreation = 1;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
$Username = $_SESSION['username'];
|
||||
$Username = htmlspecialchars($_SESSION['username']);
|
||||
|
||||
// not authorized
|
||||
if ($AuthorizedCreation != 1) {
|
||||
|
|
|
@ -16,14 +16,14 @@ $DatabaseQuery = $Database->query('SELECT * FROM users');
|
|||
if (!isset($_SESSION['username']) || !isset($_SESSION['password']) || !isset($_SESSION['type'])) {
|
||||
header('Location: login.php?redir=admin');
|
||||
die();
|
||||
} else if ($_SESSION['type'] != 2) { // not allowed
|
||||
} else if (htmlspecialchars($_SESSION['type']) != 2) { // not allowed
|
||||
header('Location: /');
|
||||
die();
|
||||
}
|
||||
|
||||
$DatabaseQuery = $Database->query('SELECT * FROM users');
|
||||
while ($line = $DatabaseQuery->fetchArray()) {
|
||||
if ($line['username'] == $_SESSION['username'] && $_SESSION['username'] != "" && $line['password'] == $_SESSION['password'] && $line['usertype'] == 2) {
|
||||
if ($line['username'] == htmlspecialchars($_SESSION['username']) && htmlspecialchars($_SESSION['username']) != "" && $line['password'] == htmlspecialchars($_SESSION['password']) && htmlspecialchars($line['usertype']) == 2) {
|
||||
$AuthorizedCreation = 1;
|
||||
break;
|
||||
}
|
||||
|
@ -45,7 +45,7 @@ if (isset($_FILES['file']['tmp_name'])) {
|
|||
|
||||
$File = "$attachmentLocation/$Filename";
|
||||
|
||||
if (!move_uploaded_file($_FILES['file']['tmp_name'], $File)) {
|
||||
if (!move_uploaded_file(htmlspecialchars($_FILES['file']['tmp_name']), $File)) {
|
||||
if ($Redirect == "admin") {
|
||||
header("Location: admin.php?e=fail");
|
||||
} else if ($Redirect == "edit") {
|
||||
|
|
Loading…
Reference in a new issue