From ac0f6b855e271c7a676cde008f172e26c68c630d Mon Sep 17 00:00:00 2001 From: pjmattal Date: Thu, 16 Aug 2007 00:24:35 +0000 Subject: Added XSS patches from Joerie de Gram. --- web/html/index.php | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) (limited to 'web/html/index.php') diff --git a/web/html/index.php b/web/html/index.php index 2e697df..eddf3ed 100644 --- a/web/html/index.php +++ b/web/html/index.php @@ -14,10 +14,10 @@ $login_error = ""; if (isset($_REQUEST["user"]) || isset($_REQUEST["pass"])) { # Attempting to log in # - if (!isset($_REQUEST['user'])) { + if (!isset($_REQUEST["user"])) { $login_error = __("You must supply a username."); } - if (!isset($_REQUEST['pass'])) { + if (!isset($_REQUEST["pass"])) { $login_error = __("You must supply a password."); } if (!$login_error) { @@ -33,12 +33,12 @@ if (isset($_REQUEST["user"]) || isset($_REQUEST["pass"])) { $result = db_query($q, $dbh); if (!$result) { $login_error = __("Error looking up username, %s.", - array($_REQUEST["user"])); + array(htmlspecialchars($_REQUEST["user"]))); } else { $row = mysql_fetch_row($result); if (empty($row)) { $login_error = __("Incorrect password for username, %s.", - array($_REQUEST["user"])); + array(htmlspecialchars($_REQUEST["user"]))); } elseif ($row[1]) { $login_error = __("Your account has been suspended."); } @@ -223,12 +223,12 @@ $safe_count = $row[0]; $user = username_from_sid($_COOKIE["AURSID"]); if (!empty($user)) { - $q = "SELECT count(*) FROM Packages,PackageLocations,Users WHERE Packages.MaintainerUID = Users.ID AND Packages.LocationID = PackageLocations.ID AND PackageLocations.Location = 'unsupported' AND Users.Username='$user'"; + $q = "SELECT count(*) FROM Packages,PackageLocations,Users WHERE Packages.MaintainerUID = Users.ID AND Packages.LocationID = PackageLocations.ID AND PackageLocations.Location = 'unsupported' AND Users.Username='".mysql_real_escape_string($user)."'"; $result = db_query($q, $dbh); $row = mysql_fetch_row($result); $maintainer_unsupported_count = $row[0]; - $q = "SELECT count(*) FROM Packages,Users WHERE Packages.OutOfDate = 1 AND Packages.MaintainerUID = Users.ID AND Users.Username='$user'"; + $q = "SELECT count(*) FROM Packages,Users WHERE Packages.OutOfDate = 1 AND Packages.MaintainerUID = Users.ID AND Users.Username='".mysql_real_escape_string($user)."'"; $result = db_query($q, $dbh); $row = mysql_fetch_row($result); $flagged_outdated = $row[0]; @@ -253,7 +253,7 @@ if (!empty($user)) { $atype = account_from_sid($_COOKIE["AURSID"]); if ($atype == 'Trusted User') { - $q = "SELECT count(*) FROM Packages,PackageLocations,Users WHERE Packages.MaintainerUID = Users.ID AND Packages.LocationID = PackageLocations.ID AND PackageLocations.Location = 'community' AND Users.Username='$user'"; + $q = "SELECT count(*) FROM Packages,PackageLocations,Users WHERE Packages.MaintainerUID = Users.ID AND Packages.LocationID = PackageLocations.ID AND PackageLocations.Location = 'community' AND Users.Username='".mysql_real_escape_string($user)."'"; $result = db_query($q, $dbh); $row = mysql_fetch_row($result); $maintainer_community_count = $row[0]; @@ -278,7 +278,7 @@ if (!empty($user)) { print ""; print ""; if ($atype == 'Trusted User') { - $q = "SELECT count(*) FROM Packages,Users WHERE Packages.Safe = 1 AND Packages.VerifiedBy = Users.ID AND Users.Username='$user'"; + $q = "SELECT count(*) FROM Packages,Users WHERE Packages.Safe = 1 AND Packages.VerifiedBy = Users.ID AND Users.Username='".mysql_real_escape_string($user)."'"; $result = db_query($q, $dbh); $row = mysql_fetch_row($result); $flagged_safe = $row[0]; @@ -287,7 +287,7 @@ if (!empty($user)) { } else { - $q = "SELECT count(*) FROM Packages,Users WHERE Packages.Safe = 1 AND Packages.MaintainerUID = Users.ID AND Users.Username='$user'"; + $q = "SELECT count(*) FROM Packages,Users WHERE Packages.Safe = 1 AND Packages.MaintainerUID = Users.ID AND Users.Username='".mysql_real_escape_string($user)."'"; $result = db_query($q, $dbh); $row = mysql_fetch_row($result); $flagged_safe = $row[0]; -- cgit v1.2.3-70-g09d2