[Secureideas-cvs] base-php4 base_maintenance.php,1.16,1.17 base_user.php,1.9,1.10 index.php,1.17,1.1
Brought to you by:
secureideas,
sinukas
From: Nikns S. <ne...@us...> - 2006-04-05 14:11:51
|
Update of /cvsroot/secureideas/base-php4 In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv21503 Modified Files: base_maintenance.php base_user.php index.php Log Message: Filtered $_POST and $_GET variablesusing filterSql() Index: base_user.php =================================================================== RCS file: /cvsroot/secureideas/base-php4/base_user.php,v retrieving revision 1.9 retrieving revision 1.10 diff -u -d -r1.9 -r1.10 --- base_user.php 4 Jan 2006 04:15:23 -0000 1.9 +++ base_user.php 5 Apr 2006 14:11:37 -0000 1.10 @@ -53,7 +53,7 @@ //call auth.inc if (($_POST['newpasswd1'] == $_POST['newpasswd2']) && ($_POST['newpasswd1'] != "")) { - $pwdresponse = $userobj->changePassword($username, $_POST['oldpasswd'], $_POST['newpasswd1']); + $pwdresponse = $userobj->changePassword($username, filterSql($_POST['oldpasswd']), filterSql($_POST['newpasswd1'])); $page_body = $pwdresponse; break; } else Index: base_maintenance.php =================================================================== RCS file: /cvsroot/secureideas/base-php4/base_maintenance.php,v retrieving revision 1.16 retrieving revision 1.17 diff -u -d -r1.16 -r1.17 --- base_maintenance.php 26 Feb 2006 16:26:36 -0000 1.16 +++ base_maintenance.php 5 Apr 2006 14:11:37 -0000 1.17 @@ -36,7 +36,7 @@ { if ($_POST['standalone'] == "yes") { - $usrrole = $BUser->AuthenticateNoCookie($_POST['user'],$_POST['pwd']); + $usrrole = $BUser->AuthenticateNoCookie(filterSql($_POST['user']), filterSql($_POST['pwd'])); if ($usrrole == "Failed") { header('HTTP/1.0 401'); Index: index.php =================================================================== RCS file: /cvsroot/secureideas/base-php4/index.php,v retrieving revision 1.17 retrieving revision 1.18 diff -u -d -r1.17 -r1.18 --- index.php 10 Mar 2006 14:07:27 -0000 1.17 +++ index.php 5 Apr 2006 14:11:37 -0000 1.18 @@ -44,9 +44,9 @@ { $debug_mode = 0; // wont login with debug_mode $BASEUSER = new BaseUser(); - $user = $_POST['login']; - $pwd = $_POST['password']; - + $user = filterSql($_POST['login']); + $pwd = filterSql($_POST['password']); + if (($BASEUSER->Authenticate($user, $pwd)) == 0) { header("Location: base_main.php"); |