speedie/curload
1
0
Fork 0
Code Issues 4 Pull requests Packages Projects Releases Wiki Activity

Wrap all $_REQUEST variables in htmlspecialchars()

Browse source
This commit is contained in:
Jacob 2023-10-09 16:35:51 +02:00
parent 0e2c4caac0
commit cb4c26fa7f
14 changed files with 43 additions and 43 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
account.php
View file

@ -28,7 +28,7 @@ if (isset($_SESSION['username']) && isset($_SESSION['password'])) {
}
if (isset($_REQUEST['id'])) {
$ID = $_REQUEST['id'];
$ID = htmlspecialchars($_REQUEST['id']);
} else {
$ID = -1; // use the username and password to determine
}
@ -76,7 +76,7 @@ if ($Authorized == 0) {
}
if (isset($_REQUEST['e'])) {
$Error = $_REQUEST['e'];
$Error = htmlspecialchars($_REQUEST['e']);
}
$html .= "\t\t\t<h1>Account options</h1>\n";

6
admin.php
View file

@ -24,19 +24,19 @@ if (!isset($_SESSION['username']) || !isset($_SESSION['password']) || !isset($_S
if (!isset($_REQUEST['action'])) {
$Action = "files";
} else {
$Action = $_REQUEST['action'];
$Action = htmlspecialchars($_REQUEST['action']);
}
if (!isset($_REQUEST['id'])) {
$filterID = -1;
} else {
$filterID = $_REQUEST['id'];
$filterID = htmlspecialchars($_REQUEST['id']);
}
if (!isset($_REQUEST['e'])) {
$Error = "";
} else {
$Error = $_REQUEST['e'];
$Error = htmlspecialchars($_REQUEST['e']);
}
$Database = createTables($sqlDB);

2
all.php
View file

@ -12,7 +12,7 @@ $Action = "";
if (!isset($_REQUEST['action'])) {
$Action = "files";
} else {
$Action = $_REQUEST['action'];
$Action = htmlspecialchars($_REQUEST['action']);
}
$html = "";

14
change.php
View file

@ -21,7 +21,7 @@ $IsCurrentUser = false;
$Redirect = "";
if (isset($_REQUEST['redir'])) {
$Redirect = $_REQUEST['redir'];
$Redirect = htmlspecialchars($_REQUEST['redir']);
}
// make sure a username and password is specified for authentication
@ -42,14 +42,14 @@ if (isset($_SESSION['username']) && isset($_SESSION['password'])) {
}
if (isset($_REQUEST['id'])) {
$ID = $_REQUEST['id'];
$ID = htmlspecialchars($_REQUEST['id']);
} else {
$ID = -1; // use the username and password to determine
}
// action
if (isset($_REQUEST['action'])) {
$Action = $_REQUEST['action'];
$Action = htmlspecialchars($_REQUEST['action']);
} else {
if ($Redirect == "account") {
header("Location: account.php?id=$ID&e=action");
@ -129,7 +129,7 @@ if ($Action == "pass" && ($allowPasswordChange || !$IsCurrentUser)) {
}
}
if ($_REQUEST['newpass'] != $_REQUEST['newpassc']) {
if (htmlspecialchars($_REQUEST['newpass']) != htmlspecialchars($_REQUEST['newpassc'])) {
if ($Redirect == "account") {
header("Location: account.php?id=$ID&e=pmismatch");
die();
@ -142,9 +142,9 @@ if ($Action == "pass" && ($allowPasswordChange || !$IsCurrentUser)) {
}
}
$NewPassword = htmlspecialchars(generatePassword($_REQUEST['newpass']));
$NewPassword = generatePassword(htmlspecialchars($_REQUEST['newpass']));
if (!password_verify($_REQUEST['curpass'], $CurPassword) && $IsCurrentUser) {
if (!password_verify(htmlspecialchars($_REQUEST['curpass']), $CurPassword) && $IsCurrentUser) {
if ($Redirect == "account") {
header("Location: account.php?id=$ID&e=pauth");
die();
@ -187,7 +187,7 @@ if ($Action == "pass" && ($allowPasswordChange || !$IsCurrentUser)) {
$NewUsername = htmlspecialchars($_REQUEST['newusername']);
if ($CurUsername != $_REQUEST['curusername'] && $IsCurrentUser) {
if ($CurUsername != htmlspecialchars($_REQUEST['curusername']) && $IsCurrentUser) {
if ($Redirect == "account") {
header("Location: account.php?id=$ID&e=umismatch");
die();

16
create.php
View file

@ -24,7 +24,7 @@ $typeNum = 1;
$numberOfUploads = 0;
if (isset($_REQUEST['redir'])) {
$Redirect = $_REQUEST['redir'];
$Redirect = htmlspecialchars($_REQUEST['redir']);
}
$Database = createTables($sqlDB);
@ -60,8 +60,8 @@ if ($AuthorizedCreation != 1 && $firstUser != 1) {
}
// username must be specified
if (isset($_REQUEST['username']) && $_REQUEST['username'] != "") {
$Username = $_REQUEST['username'];
if (isset($_REQUEST['username']) && htmlspecialchars($_REQUEST['username']) != "") {
$Username = htmlspecialchars($_REQUEST['username']);
} else {
if ($Redirect == "admin") {
header("Location: admin.php?action=create&e=username");
@ -75,8 +75,8 @@ if (isset($_REQUEST['username']) && $_REQUEST['username'] != "") {
}
// password must be specified
if (isset($_REQUEST['password']) && ($_REQUEST['password'] != "" && $firstUser == 1 || $firstUser != 1)) {
$Password = generatePassword($_REQUEST['password']);
if (isset($_REQUEST['password']) && (htmlspecialchars($_REQUEST['password']) != "" && $firstUser == 1 || $firstUser != 1)) {
$Password = generatePassword(htmlspecialchars($_REQUEST['password']));
} else {
if ($Redirect == "admin") {
header("Location: admin.php?action=create&e=password");
@ -90,8 +90,8 @@ if (isset($_REQUEST['password']) && ($_REQUEST['password'] != "" && $firstUser =
}
// type must be specified
if (isset($_REQUEST['type']) && $_REQUEST['type'] != "") {
$Type = $_REQUEST['type'];
if (isset($_REQUEST['type']) && htmlspecialchars($_REQUEST['type']) != "") {
$Type = htmlspecialchars($_REQUEST['type']);
} else {
if ($Redirect == "admin") {
header("Location: admin.php?action=create&e=type");
@ -106,7 +106,7 @@ if (isset($_REQUEST['type']) && $_REQUEST['type'] != "") {
// uploads left must be specified for temp users
if (isset($_REQUEST['uploadsleft']) && $Type == "Temporary") {
$uploadsLeft = $_REQUEST['uploadsleft'];
$uploadsLeft = htmlspecialchars($_REQUEST['uploadsleft']);
if ($uploadsLeft == 0 || !isset($_REQUEST['uploadsleft'])) {
if ($Redirect == "admin") {

8
file.php
View file

@ -14,14 +14,14 @@ $Exists = 0;
if (!isset($_REQUEST['a'])) {
$Action = "view";
} else {
$Action = $_REQUEST['a'];
$Action = htmlspecialchars($_REQUEST['a']);
}
if (!isset($_REQUEST['f'])) {
header("Location: /");
die();
} else {
$id = $_REQUEST['f'];
$id = htmlspecialchars($_REQUEST['f']);
}
$html = "";
@ -44,11 +44,11 @@ while ($line = $DatabaseQuery->fetchArray()) {
$Exists = 1;
$html .= "\t\t\t\t<h2 class=\"fileName\">$BaseFilename</h2>\n";
$html .= "\t\t\t\t\t<p>This file was uploaded by $Uploader on $UploadDate</p><br><br>\n";
$html .= "\t\t\t\t\t<p>This file was uploaded by $Uploader on $UploadDate</p><br>\n";
$html .= "\t\t\t\t<form class=\"fileForm\" action=\"file.php\">\n";
$html .= "\t\t\t\t\t<input type=\"hidden\" name=\"a\" value=\"dl\">\n";
$html .= "\t\t\t\t\t<input type=\"hidden\" name=\"f\" value=\"$ID\">\n";
$html .= "\t\t\t\t\t<input type=\"submit\" value=\"Download $BaseFilename\">\n";
$html .= "\t\t\t\t\t<input type=\"submit\" value=\"Download '$BaseFilename'\">\n";
$html .= "\t\t\t\t</form>\n";
$html .= "\t\t\t\t\t<br><p><strong>Tip: You can append '&a=true' to get a direct link.</strong></p><br><br><small>You are authorized to download this file. The authors of this site take no responsibility for the uploaded file. By downloading this file, you obtain a copy of the uploaded file. Unless otherwise specified in the file or law, the uploader reserves all rights to the file, including copyright.<br><br><strong>For legal issues, contact the uploader of this file.</strong></small>\n";
}

2
files.php
View file

@ -10,7 +10,7 @@ include "core.php";
$Error = "";
$html = "";
if (isset($_REQUEST['e'])) $Error = $_REQUEST['e'];
if (isset($_REQUEST['e'])) $Error = htmlspecialchars($_REQUEST['e']);
$html = printHeader($html);
$html .= "\t\t\t<h1>Your files</h1>\n";

2
index.php
View file

@ -12,7 +12,7 @@ $Error = "";
$html = "";
// If an error was reported, assign it to variable $Error
if (isset($_REQUEST['e'])) $Error = $_REQUEST['e'];
if (isset($_REQUEST['e'])) $Error = htmlspecialchars($_REQUEST['e']);
// Check if we have an admin
if (!checkIfAdminExists()) {

6
login.php
View file

@ -12,10 +12,10 @@ $userType = 0;
$Redirect = "";
if (isset($_REQUEST['redir'])) {
$Redirect = $_REQUEST['redir'];
$Redirect = htmlspecialchars($_REQUEST['redir']);
}
if (isset($_REQUEST['logout']) && $_REQUEST['logout'] == "true") {
if (isset($_REQUEST['logout']) && htmlspecialchars($_REQUEST['logout']) == "true") {
session_unset();
session_destroy();
@ -41,7 +41,7 @@ if (isset($_REQUEST['username']) && isset($_REQUEST['password'])) {
$Password = "";
while ($line = $DatabaseQuery->fetchArray()) {
if ($line['username'] == $_REQUEST['username'] && $_REQUEST['username'] != "" && password_verify($_REQUEST['password'], $line['password'])) {
if ($line['username'] == htmlspecialchars($_REQUEST['username']) && htmlspecialchars($_REQUEST['username']) != "" && password_verify(htmlspecialchars($_REQUEST['password']), $line['password'])) {
$Username = $line['username'];
$Password = $line['password'];
$id = $line['id'];

10
register.php
View file

@ -13,10 +13,10 @@ if (!$publicAccountCreation) {
}
if (isset($_REQUEST['username']) && isset($_REQUEST['password'])) {
$Username = $_REQUEST['username'];
$Password = generatePassword($_REQUEST['password']);
$Username = htmlspecialchars($_REQUEST['username']);
$Password = generatePassword(htmlspecialchars($_REQUEST['password']));
if ($_REQUEST['password'] != $_REQUEST['cpassword']) {
if (htmlspecialchars($_REQUEST['password']) != htmlspecialchars($_REQUEST['cpassword'])) {
header("Location: register.php?e=mismatch");
die();
}
@ -55,12 +55,12 @@ if (isset($_REQUEST['username']) && isset($_REQUEST['password'])) {
$html .= "\t\t\t\t\t<input type=\"submit\" value=\"Create account\">\n";
$html .= "\t\t\t\t</form>\n";
if (isset($_REQUEST['e']) && $_REQUEST['e'] == "exists") {
if (isset($_REQUEST['e']) && htmlspecialchars($_REQUEST['e']) == "exists") {
session_unset();
session_destroy();
$html .= "\t\t\t\t<p class=\"error\">An account by this name already exists.</p>\n";
} else if (isset($_REQUEST['e']) && $_REQUEST['e'] == "mismatch") {
} else if (isset($_REQUEST['e']) && htmlspecialchars($_REQUEST['e']) == "mismatch") {
session_unset();
session_destroy();

6
remove-user.php
View file

@ -24,21 +24,21 @@ $id = 0;
$type = 0;
if (isset($_REQUEST['id'])) {
$id = $_REQUEST['id'];
$id = htmlspecialchars($_REQUEST['id']);
} else {
print "No ID specified.";
die();
}
if (isset($_REQUEST['type'])) {
$type = $_REQUEST['type'];
$type = htmlspecialchars($_REQUEST['type']);
} else {
print "No type specified, is not safe to delete.";
die();
}
if (isset($_REQUEST['redir'])) {
$Redirect = $_REQUEST['redir'];
$Redirect = htmlspecialchars($_REQUEST['redir']);
}
$Database = createTables($sqlDB);

4
remove.php
View file

@ -16,7 +16,7 @@ if (!isset($_SESSION['username']) || !isset($_SESSION['password']) || !isset($_S
}
if (isset($_REQUEST['id'])) {
$fileID = $_REQUEST['id'];
$fileID = htmlspecialchars($_REQUEST['id']);
} else {
print "No ID specified.";
die();
@ -33,7 +33,7 @@ $AuthorizedRemoval = 0;
$fileUploadedByPrimary = 0;
if (isset($_REQUEST['redir'])) {
$Redirect = $_REQUEST['redir'];
$Redirect = htmlspecialchars($_REQUEST['redir']);
}
$Database = createTables($sqlDB);

2
setup.php
View file

@ -10,7 +10,7 @@ include "core.php";
$Error = "";
$html = "";
if (isset($_REQUEST['e'])) $Error = $_REQUEST['e'];
if (isset($_REQUEST['e'])) $Error = htmlspecialchars($_REQUEST['e']);
if (checkIfAdminExists()) {
header("Location: /");

4
upload.php
View file

@ -13,8 +13,8 @@ $Username = "";
$Password = "";
if (isset($_REQUEST['username']) && isset($_REQUEST['password'])) {
$Username = $_REQUEST['username'];
$Password = $_REQUEST['password'];
$Username = htmlspecialchars($_REQUEST['username']);
$Password = htmlspecialchars($_REQUEST['password']);
$WebInterface = 0;
} else if (isset($_SESSION['username']) && isset($_SESSION['password'])) {
$Username = $_SESSION['username'];