[Secureideas-cvs] base-php4 base_maintenance.php,1.16,1.17 base_user.php,1.9,1.10 index.php,1.17,1.1

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Update of /cvsroot/secureideas/base-php4
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv21503

Modified Files:
	base_maintenance.php base_user.php index.php 
Log Message:
Filtered $_POST and $_GET variablesusing filterSql()

Index: base_user.php
===================================================================
RCS file: /cvsroot/secureideas/base-php4/base_user.php,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -d -r1.9 -r1.10

--- base_user.php	4 Jan 2006 04:15:23 -0000	1.9
+++ base_user.php	5 Apr 2006 14:11:37 -0000	1.10
@@ -53,7 +53,7 @@
         //call auth.inc
         if (($_POST['newpasswd1'] == $_POST['newpasswd2']) && ($_POST['newpasswd1'] != ""))
         {
-          $pwdresponse = $userobj->changePassword($username, $_POST['oldpasswd'], $_POST['newpasswd1']);
+          $pwdresponse = $userobj->changePassword($username, filterSql($_POST['oldpasswd']), filterSql($_POST['newpasswd1']));
           $page_body = $pwdresponse;
           break;
         } else

Index: base_maintenance.php
===================================================================
RCS file: /cvsroot/secureideas/base-php4/base_maintenance.php,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -d -r1.16 -r1.17
--- base_maintenance.php	26 Feb 2006 16:26:36 -0000	1.16
+++ base_maintenance.php	5 Apr 2006 14:11:37 -0000	1.17
@@ -36,7 +36,7 @@
    {
       if ($_POST['standalone'] == "yes")
       {
-         $usrrole = $BUser->AuthenticateNoCookie($_POST['user'],$_POST['pwd']);
+         $usrrole = $BUser->AuthenticateNoCookie(filterSql($_POST['user']), filterSql($_POST['pwd']));
          if ($usrrole == "Failed")
          {
             header('HTTP/1.0 401');

Index: index.php
===================================================================
RCS file: /cvsroot/secureideas/base-php4/index.php,v
retrieving revision 1.17
retrieving revision 1.18
diff -u -d -r1.17 -r1.18
--- index.php	10 Mar 2006 14:07:27 -0000	1.17
+++ index.php	5 Apr 2006 14:11:37 -0000	1.18
@@ -44,9 +44,9 @@
 {
     $debug_mode = 0; // wont login with debug_mode
     $BASEUSER = new BaseUser();
-    $user = $_POST['login'];
-    $pwd = $_POST['password'];
-    
+    $user = filterSql($_POST['login']);
+    $pwd = filterSql($_POST['password']);
+
     if (($BASEUSER->Authenticate($user, $pwd)) == 0)
     {
         header("Location: base_main.php");





[Secureideas-cvs] base-php4 base_maintenance.php,1.16,1.17 base_user.php,1.9,1.10 index.php,1.17,1.1

[Secureideas-cvs] base-php4 base_maintenance.php,1.16,1.17 base_user.php,1.9,1.10 index.php,1.17,1.18