Wrap all $_REQUEST variables in htmlspecialchars()
This commit is contained in:
parent
0e2c4caac0
commit
cb4c26fa7f
|
@ -28,7 +28,7 @@ if (isset($_SESSION['username']) && isset($_SESSION['password'])) {
|
|||
}
|
||||
|
||||
if (isset($_REQUEST['id'])) {
|
||||
$ID = $_REQUEST['id'];
|
||||
$ID = htmlspecialchars($_REQUEST['id']);
|
||||
} else {
|
||||
$ID = -1; // use the username and password to determine
|
||||
}
|
||||
|
@ -76,7 +76,7 @@ if ($Authorized == 0) {
|
|||
}
|
||||
|
||||
if (isset($_REQUEST['e'])) {
|
||||
$Error = $_REQUEST['e'];
|
||||
$Error = htmlspecialchars($_REQUEST['e']);
|
||||
}
|
||||
|
||||
$html .= "\t\t\t<h1>Account options</h1>\n";
|
||||
|
|
|
@ -24,19 +24,19 @@ if (!isset($_SESSION['username']) || !isset($_SESSION['password']) || !isset($_S
|
|||
if (!isset($_REQUEST['action'])) {
|
||||
$Action = "files";
|
||||
} else {
|
||||
$Action = $_REQUEST['action'];
|
||||
$Action = htmlspecialchars($_REQUEST['action']);
|
||||
}
|
||||
|
||||
if (!isset($_REQUEST['id'])) {
|
||||
$filterID = -1;
|
||||
} else {
|
||||
$filterID = $_REQUEST['id'];
|
||||
$filterID = htmlspecialchars($_REQUEST['id']);
|
||||
}
|
||||
|
||||
if (!isset($_REQUEST['e'])) {
|
||||
$Error = "";
|
||||
} else {
|
||||
$Error = $_REQUEST['e'];
|
||||
$Error = htmlspecialchars($_REQUEST['e']);
|
||||
}
|
||||
|
||||
$Database = createTables($sqlDB);
|
||||
|
|
2
all.php
2
all.php
|
@ -12,7 +12,7 @@ $Action = "";
|
|||
if (!isset($_REQUEST['action'])) {
|
||||
$Action = "files";
|
||||
} else {
|
||||
$Action = $_REQUEST['action'];
|
||||
$Action = htmlspecialchars($_REQUEST['action']);
|
||||
}
|
||||
|
||||
$html = "";
|
||||
|
|
14
change.php
14
change.php
|
@ -21,7 +21,7 @@ $IsCurrentUser = false;
|
|||
$Redirect = "";
|
||||
|
||||
if (isset($_REQUEST['redir'])) {
|
||||
$Redirect = $_REQUEST['redir'];
|
||||
$Redirect = htmlspecialchars($_REQUEST['redir']);
|
||||
}
|
||||
|
||||
// make sure a username and password is specified for authentication
|
||||
|
@ -42,14 +42,14 @@ if (isset($_SESSION['username']) && isset($_SESSION['password'])) {
|
|||
}
|
||||
|
||||
if (isset($_REQUEST['id'])) {
|
||||
$ID = $_REQUEST['id'];
|
||||
$ID = htmlspecialchars($_REQUEST['id']);
|
||||
} else {
|
||||
$ID = -1; // use the username and password to determine
|
||||
}
|
||||
|
||||
// action
|
||||
if (isset($_REQUEST['action'])) {
|
||||
$Action = $_REQUEST['action'];
|
||||
$Action = htmlspecialchars($_REQUEST['action']);
|
||||
} else {
|
||||
if ($Redirect == "account") {
|
||||
header("Location: account.php?id=$ID&e=action");
|
||||
|
@ -129,7 +129,7 @@ if ($Action == "pass" && ($allowPasswordChange || !$IsCurrentUser)) {
|
|||
}
|
||||
}
|
||||
|
||||
if ($_REQUEST['newpass'] != $_REQUEST['newpassc']) {
|
||||
if (htmlspecialchars($_REQUEST['newpass']) != htmlspecialchars($_REQUEST['newpassc'])) {
|
||||
if ($Redirect == "account") {
|
||||
header("Location: account.php?id=$ID&e=pmismatch");
|
||||
die();
|
||||
|
@ -142,9 +142,9 @@ if ($Action == "pass" && ($allowPasswordChange || !$IsCurrentUser)) {
|
|||
}
|
||||
}
|
||||
|
||||
$NewPassword = htmlspecialchars(generatePassword($_REQUEST['newpass']));
|
||||
$NewPassword = generatePassword(htmlspecialchars($_REQUEST['newpass']));
|
||||
|
||||
if (!password_verify($_REQUEST['curpass'], $CurPassword) && $IsCurrentUser) {
|
||||
if (!password_verify(htmlspecialchars($_REQUEST['curpass']), $CurPassword) && $IsCurrentUser) {
|
||||
if ($Redirect == "account") {
|
||||
header("Location: account.php?id=$ID&e=pauth");
|
||||
die();
|
||||
|
@ -187,7 +187,7 @@ if ($Action == "pass" && ($allowPasswordChange || !$IsCurrentUser)) {
|
|||
|
||||
$NewUsername = htmlspecialchars($_REQUEST['newusername']);
|
||||
|
||||
if ($CurUsername != $_REQUEST['curusername'] && $IsCurrentUser) {
|
||||
if ($CurUsername != htmlspecialchars($_REQUEST['curusername']) && $IsCurrentUser) {
|
||||
if ($Redirect == "account") {
|
||||
header("Location: account.php?id=$ID&e=umismatch");
|
||||
die();
|
||||
|
|
16
create.php
16
create.php
|
@ -24,7 +24,7 @@ $typeNum = 1;
|
|||
$numberOfUploads = 0;
|
||||
|
||||
if (isset($_REQUEST['redir'])) {
|
||||
$Redirect = $_REQUEST['redir'];
|
||||
$Redirect = htmlspecialchars($_REQUEST['redir']);
|
||||
}
|
||||
|
||||
$Database = createTables($sqlDB);
|
||||
|
@ -60,8 +60,8 @@ if ($AuthorizedCreation != 1 && $firstUser != 1) {
|
|||
}
|
||||
|
||||
// username must be specified
|
||||
if (isset($_REQUEST['username']) && $_REQUEST['username'] != "") {
|
||||
$Username = $_REQUEST['username'];
|
||||
if (isset($_REQUEST['username']) && htmlspecialchars($_REQUEST['username']) != "") {
|
||||
$Username = htmlspecialchars($_REQUEST['username']);
|
||||
} else {
|
||||
if ($Redirect == "admin") {
|
||||
header("Location: admin.php?action=create&e=username");
|
||||
|
@ -75,8 +75,8 @@ if (isset($_REQUEST['username']) && $_REQUEST['username'] != "") {
|
|||
}
|
||||
|
||||
// password must be specified
|
||||
if (isset($_REQUEST['password']) && ($_REQUEST['password'] != "" && $firstUser == 1 || $firstUser != 1)) {
|
||||
$Password = generatePassword($_REQUEST['password']);
|
||||
if (isset($_REQUEST['password']) && (htmlspecialchars($_REQUEST['password']) != "" && $firstUser == 1 || $firstUser != 1)) {
|
||||
$Password = generatePassword(htmlspecialchars($_REQUEST['password']));
|
||||
} else {
|
||||
if ($Redirect == "admin") {
|
||||
header("Location: admin.php?action=create&e=password");
|
||||
|
@ -90,8 +90,8 @@ if (isset($_REQUEST['password']) && ($_REQUEST['password'] != "" && $firstUser =
|
|||
}
|
||||
|
||||
// type must be specified
|
||||
if (isset($_REQUEST['type']) && $_REQUEST['type'] != "") {
|
||||
$Type = $_REQUEST['type'];
|
||||
if (isset($_REQUEST['type']) && htmlspecialchars($_REQUEST['type']) != "") {
|
||||
$Type = htmlspecialchars($_REQUEST['type']);
|
||||
} else {
|
||||
if ($Redirect == "admin") {
|
||||
header("Location: admin.php?action=create&e=type");
|
||||
|
@ -106,7 +106,7 @@ if (isset($_REQUEST['type']) && $_REQUEST['type'] != "") {
|
|||
|
||||
// uploads left must be specified for temp users
|
||||
if (isset($_REQUEST['uploadsleft']) && $Type == "Temporary") {
|
||||
$uploadsLeft = $_REQUEST['uploadsleft'];
|
||||
$uploadsLeft = htmlspecialchars($_REQUEST['uploadsleft']);
|
||||
|
||||
if ($uploadsLeft == 0 || !isset($_REQUEST['uploadsleft'])) {
|
||||
if ($Redirect == "admin") {
|
||||
|
|
8
file.php
8
file.php
|
@ -14,14 +14,14 @@ $Exists = 0;
|
|||
if (!isset($_REQUEST['a'])) {
|
||||
$Action = "view";
|
||||
} else {
|
||||
$Action = $_REQUEST['a'];
|
||||
$Action = htmlspecialchars($_REQUEST['a']);
|
||||
}
|
||||
|
||||
if (!isset($_REQUEST['f'])) {
|
||||
header("Location: /");
|
||||
die();
|
||||
} else {
|
||||
$id = $_REQUEST['f'];
|
||||
$id = htmlspecialchars($_REQUEST['f']);
|
||||
}
|
||||
|
||||
$html = "";
|
||||
|
@ -44,11 +44,11 @@ while ($line = $DatabaseQuery->fetchArray()) {
|
|||
$Exists = 1;
|
||||
|
||||
$html .= "\t\t\t\t<h2 class=\"fileName\">$BaseFilename</h2>\n";
|
||||
$html .= "\t\t\t\t\t<p>This file was uploaded by $Uploader on $UploadDate</p><br><br>\n";
|
||||
$html .= "\t\t\t\t\t<p>This file was uploaded by $Uploader on $UploadDate</p><br>\n";
|
||||
$html .= "\t\t\t\t<form class=\"fileForm\" action=\"file.php\">\n";
|
||||
$html .= "\t\t\t\t\t<input type=\"hidden\" name=\"a\" value=\"dl\">\n";
|
||||
$html .= "\t\t\t\t\t<input type=\"hidden\" name=\"f\" value=\"$ID\">\n";
|
||||
$html .= "\t\t\t\t\t<input type=\"submit\" value=\"Download $BaseFilename\">\n";
|
||||
$html .= "\t\t\t\t\t<input type=\"submit\" value=\"Download '$BaseFilename'\">\n";
|
||||
$html .= "\t\t\t\t</form>\n";
|
||||
$html .= "\t\t\t\t\t<br><p><strong>Tip: You can append '&a=true' to get a direct link.</strong></p><br><br><small>You are authorized to download this file. The authors of this site take no responsibility for the uploaded file. By downloading this file, you obtain a copy of the uploaded file. Unless otherwise specified in the file or law, the uploader reserves all rights to the file, including copyright.<br><br><strong>For legal issues, contact the uploader of this file.</strong></small>\n";
|
||||
}
|
||||
|
|
|
@ -10,7 +10,7 @@ include "core.php";
|
|||
$Error = "";
|
||||
$html = "";
|
||||
|
||||
if (isset($_REQUEST['e'])) $Error = $_REQUEST['e'];
|
||||
if (isset($_REQUEST['e'])) $Error = htmlspecialchars($_REQUEST['e']);
|
||||
|
||||
$html = printHeader($html);
|
||||
$html .= "\t\t\t<h1>Your files</h1>\n";
|
||||
|
|
|
@ -12,7 +12,7 @@ $Error = "";
|
|||
$html = "";
|
||||
|
||||
// If an error was reported, assign it to variable $Error
|
||||
if (isset($_REQUEST['e'])) $Error = $_REQUEST['e'];
|
||||
if (isset($_REQUEST['e'])) $Error = htmlspecialchars($_REQUEST['e']);
|
||||
|
||||
// Check if we have an admin
|
||||
if (!checkIfAdminExists()) {
|
||||
|
|
|
@ -12,10 +12,10 @@ $userType = 0;
|
|||
$Redirect = "";
|
||||
|
||||
if (isset($_REQUEST['redir'])) {
|
||||
$Redirect = $_REQUEST['redir'];
|
||||
$Redirect = htmlspecialchars($_REQUEST['redir']);
|
||||
}
|
||||
|
||||
if (isset($_REQUEST['logout']) && $_REQUEST['logout'] == "true") {
|
||||
if (isset($_REQUEST['logout']) && htmlspecialchars($_REQUEST['logout']) == "true") {
|
||||
session_unset();
|
||||
session_destroy();
|
||||
|
||||
|
@ -41,7 +41,7 @@ if (isset($_REQUEST['username']) && isset($_REQUEST['password'])) {
|
|||
$Password = "";
|
||||
|
||||
while ($line = $DatabaseQuery->fetchArray()) {
|
||||
if ($line['username'] == $_REQUEST['username'] && $_REQUEST['username'] != "" && password_verify($_REQUEST['password'], $line['password'])) {
|
||||
if ($line['username'] == htmlspecialchars($_REQUEST['username']) && htmlspecialchars($_REQUEST['username']) != "" && password_verify(htmlspecialchars($_REQUEST['password']), $line['password'])) {
|
||||
$Username = $line['username'];
|
||||
$Password = $line['password'];
|
||||
$id = $line['id'];
|
||||
|
|
10
register.php
10
register.php
|
@ -13,10 +13,10 @@ if (!$publicAccountCreation) {
|
|||
}
|
||||
|
||||
if (isset($_REQUEST['username']) && isset($_REQUEST['password'])) {
|
||||
$Username = $_REQUEST['username'];
|
||||
$Password = generatePassword($_REQUEST['password']);
|
||||
$Username = htmlspecialchars($_REQUEST['username']);
|
||||
$Password = generatePassword(htmlspecialchars($_REQUEST['password']));
|
||||
|
||||
if ($_REQUEST['password'] != $_REQUEST['cpassword']) {
|
||||
if (htmlspecialchars($_REQUEST['password']) != htmlspecialchars($_REQUEST['cpassword'])) {
|
||||
header("Location: register.php?e=mismatch");
|
||||
die();
|
||||
}
|
||||
|
@ -55,12 +55,12 @@ if (isset($_REQUEST['username']) && isset($_REQUEST['password'])) {
|
|||
$html .= "\t\t\t\t\t<input type=\"submit\" value=\"Create account\">\n";
|
||||
$html .= "\t\t\t\t</form>\n";
|
||||
|
||||
if (isset($_REQUEST['e']) && $_REQUEST['e'] == "exists") {
|
||||
if (isset($_REQUEST['e']) && htmlspecialchars($_REQUEST['e']) == "exists") {
|
||||
session_unset();
|
||||
session_destroy();
|
||||
|
||||
$html .= "\t\t\t\t<p class=\"error\">An account by this name already exists.</p>\n";
|
||||
} else if (isset($_REQUEST['e']) && $_REQUEST['e'] == "mismatch") {
|
||||
} else if (isset($_REQUEST['e']) && htmlspecialchars($_REQUEST['e']) == "mismatch") {
|
||||
session_unset();
|
||||
session_destroy();
|
||||
|
||||
|
|
|
@ -24,21 +24,21 @@ $id = 0;
|
|||
$type = 0;
|
||||
|
||||
if (isset($_REQUEST['id'])) {
|
||||
$id = $_REQUEST['id'];
|
||||
$id = htmlspecialchars($_REQUEST['id']);
|
||||
} else {
|
||||
print "No ID specified.";
|
||||
die();
|
||||
}
|
||||
|
||||
if (isset($_REQUEST['type'])) {
|
||||
$type = $_REQUEST['type'];
|
||||
$type = htmlspecialchars($_REQUEST['type']);
|
||||
} else {
|
||||
print "No type specified, is not safe to delete.";
|
||||
die();
|
||||
}
|
||||
|
||||
if (isset($_REQUEST['redir'])) {
|
||||
$Redirect = $_REQUEST['redir'];
|
||||
$Redirect = htmlspecialchars($_REQUEST['redir']);
|
||||
}
|
||||
|
||||
$Database = createTables($sqlDB);
|
||||
|
|
|
@ -16,7 +16,7 @@ if (!isset($_SESSION['username']) || !isset($_SESSION['password']) || !isset($_S
|
|||
}
|
||||
|
||||
if (isset($_REQUEST['id'])) {
|
||||
$fileID = $_REQUEST['id'];
|
||||
$fileID = htmlspecialchars($_REQUEST['id']);
|
||||
} else {
|
||||
print "No ID specified.";
|
||||
die();
|
||||
|
@ -33,7 +33,7 @@ $AuthorizedRemoval = 0;
|
|||
$fileUploadedByPrimary = 0;
|
||||
|
||||
if (isset($_REQUEST['redir'])) {
|
||||
$Redirect = $_REQUEST['redir'];
|
||||
$Redirect = htmlspecialchars($_REQUEST['redir']);
|
||||
}
|
||||
|
||||
$Database = createTables($sqlDB);
|
||||
|
|
|
@ -10,7 +10,7 @@ include "core.php";
|
|||
$Error = "";
|
||||
$html = "";
|
||||
|
||||
if (isset($_REQUEST['e'])) $Error = $_REQUEST['e'];
|
||||
if (isset($_REQUEST['e'])) $Error = htmlspecialchars($_REQUEST['e']);
|
||||
|
||||
if (checkIfAdminExists()) {
|
||||
header("Location: /");
|
||||
|
|
|
@ -13,8 +13,8 @@ $Username = "";
|
|||
$Password = "";
|
||||
|
||||
if (isset($_REQUEST['username']) && isset($_REQUEST['password'])) {
|
||||
$Username = $_REQUEST['username'];
|
||||
$Password = $_REQUEST['password'];
|
||||
$Username = htmlspecialchars($_REQUEST['username']);
|
||||
$Password = htmlspecialchars($_REQUEST['password']);
|
||||
$WebInterface = 0;
|
||||
} else if (isset($_SESSION['username']) && isset($_SESSION['password'])) {
|
||||
$Username = $_SESSION['username'];
|
||||
|
|
Loading…
Reference in a new issue