[Helpmeict-cvs] Helpdesk domains.php,1.6,1.7

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Update of /cvsroot/helpmeict/Helpdesk
In directory sc8-pr-cvs17:/tmp/cvs-serv3700

Modified Files:
	domains.php 
Log Message:

Sanitzed all $_POST, $_GET, $_REQUEST inputs.
Added magic_gpc detection and handling.
Fixed all undefined contstants.

Index: domains.php
===================================================================
RCS file: /cvsroot/helpmeict/Helpdesk/domains.php,v
retrieving revision 1.6
retrieving revision 1.7
diff -C2 -d -r1.6 -r1.7
*** domains.php	7 Feb 2007 01:20:03 -0000	1.6
--- domains.php	7 Sep 2007 22:04:21 -0000	1.7
***************
*** 9,12 ****
--- 9,13 ----

        Changelog:
+         2007-09-07 whtghst: Added gpc_magic detection, sanitized all inputs, and fixed all undefined constants.
          2006-01-14 dave: Cleaned up code for v1.0 release
          2005-04-27 arne_sf: Replaced MySQL- and PostgreSQL-specific sequence
***************
*** 47,59 ****
    require_once 'system/message.php';

    // Set Language
    set_text_domain("domains");

    // Retrieve Get/Post variables
-   $act = $_REQUEST['act'];
-   $domain = $_POST['domain'];
-   $domains = $_REQUEST['domains'];
-   $defaultpriority = $_POST['defaultpriority'];

    // Action: Add a domain to the system
    if ($act == 'adddomainaction') {
--- 48,79 ----
    require_once 'system/message.php';

+   global $act, $domain, $message;
    // Set Language
    set_text_domain("domains");

+   foreach($_POST as $key => $val) {
+     // scrubbing the field NAME...
+     if (preg_match('/%/', urlencode($key))) die('FATAL::XSS hack attempt detected. Your IP has been logged.');
+     $_POST[$key] = htmlentities(strip_tags($val), ENT_QUOTES);
+   }
+   foreach($_REQUEST as $key => $val) {
+     if (preg_match('/%/', urlencode($key))) die('FATAL::XSS hack attempt detected. Your IP has been logged.');
+     $_REQUEST[$key] = htmlentities(strip_tags($val), ENT_QUOTES); 
+   }
+ 
    // Retrieve Get/Post variables

+   if (!get_magic_quotes_gpc()) {
+     $act = addslashes($_REQUEST['act']);
+     $domain = addslashes($_POST['domain']);
+     $domains = addslashes($_REQUEST['domains']);
+     $defaultpriority = addslashes($_POST['defaultpriority']);
+   }
+   else {
+     $act = $_REQUEST['act'];
+     $domain = $_POST['domain'];
+     $domains = $_REQUEST['domains'];
+     $defaultpriority = $_POST['defaultpriority'];
+   }
    // Action: Add a domain to the system
    if ($act == 'adddomainaction') {
***************
*** 67,74 ****

        $domains = '';
!       if ($_SESSION[_domain] == '') {
!         $_SESSION[_domain] = $domain_id;
!         $_SESSION[_domainname] = $domain;
!         $_SESSION[_domaincss] = '';
        }
        $message = 'NOTE: Domain successfully added to system.';
--- 87,94 ----

        $domains = '';
!       if ($_SESSION['_domain'] == '') {
!         $_SESSION['_domain'] = $domain_id;
!         $_SESSION['_domainname'] = $domain;
!         $_SESSION['_domaincss'] = '';
        }
        $message = 'NOTE: Domain successfully added to system.';
***************
*** 76,80 ****
        $dirname = dirname($_SERVER['PHP_SELF']);
        $https = 'http'.($_SERVER['HTTPS'] ? 's' : '');
!       $headertext = "Location: $https://".$_SERVER['HTTP_HOST'].$dirname.(strrpos($dirname,'/') == (strlen($dirname)-1)?'':'/').'domains.php?domains='.$_SESSION[_domain];

        header($headertext);
--- 96,100 ----
        $dirname = dirname($_SERVER['PHP_SELF']);
        $https = 'http'.($_SERVER['HTTPS'] ? 's' : '');
!       $headertext = "Location: $https://".$_SERVER['HTTP_HOST'].$dirname.(strrpos($dirname,'/') == (strlen($dirname)-1)?'':'/').'domains.php?domains='.$_SESSION['_domain'];

        header($headertext);
***************
*** 112,120 ****
      // If it is this domain that has been deleted, find another to set as current
      if ($domains == $_SESSION['_domain']) {
!       $_SESSION['_domain'] = $domainsRS[0][id];
!       $_SESSION['_domainname'] = $domainsRS[0][domain];
!       $_SESSION['_domaincss'] = $domainsRS[0][css];
      }
!     $domains = $domainsRS[0][id];

      $dirname = dirname($_SERVER['PHP_SELF']);
--- 132,140 ----
      // If it is this domain that has been deleted, find another to set as current
      if ($domains == $_SESSION['_domain']) {
!       $_SESSION['_domain'] = $domainsRS[0]['id'];
!       $_SESSION['_domainname'] = $domainsRS[0]['domain'];
!       $_SESSION['_domaincss'] = $domainsRS[0]['css'];
      }
!     $domains = $domainsRS[0]['id'];

      $dirname = dirname($_SERVER['PHP_SELF']);
***************
*** 215,219 ****
        <div class="labelfieldpair">
          <div class="name"><label for="domain"><?php echo gettext('Domain Name')?></label></div>
!         <div class="field"><input type="text" name="domain" id="domain" size="35" maxlength="50" value="<?php echo $domainsRS[0][domain]?>"></div>
        </div>
  <?php
--- 235,239 ----
        <div class="labelfieldpair">
          <div class="name"><label for="domain"><?php echo gettext('Domain Name')?></label></div>
!         <div class="field"><input type="text" name="domain" id="domain" size="35" maxlength="50" value="<?php echo $domainsRS[0]['domain']?>"></div>
        </div>
  <?php
***************
*** 226,232 ****
  <?php
      foreach ($prioritiesRS as $record) {
!       if ($record[id] == $domainsRS[0]['defaultpriority']) {$checked = " selected=\"selected\"";} else {$checked = "";};
!       print "          <option value=\"${record[id]}\"$checked>".
!     preg_replace('/Ungraded/',gettext('Ungraded'),$record[priority])."</option>\n";
      }
  ?>
--- 246,252 ----
  <?php
      foreach ($prioritiesRS as $record) {
!       if ($record['id'] == $domainsRS[0]['defaultpriority']) {$checked = " selected=\"selected\"";} else {$checked = "";};
!       print "          <option value=\"${record['id']}\"$checked>".
!     preg_replace('/Ungraded/',gettext('Ungraded'),$record['priority'])."</option>\n";
      }
  ?>
***************
*** 250,254 ****
      $num_domains = count($domainsRS);

!     if (!$domains) $domains=$domainsRS[0][id];
      if ($message) { display(gettext($message));}
  ?>
--- 270,274 ----
      $num_domains = count($domainsRS);

!     if (!$domains) $domains=$domainsRS[0]['id'];
      if ($message) { display(gettext($message));}
  ?>
***************
*** 296,301 ****
      foreach ($domainsRS as $record) {
        // Set as default if it was the last to be visited.
!       if ($record[id] == $domains) {$checked = " selected=\"selected\"";} else {$checked = "";};
!       print ("            <option value=\"${record[id]}\"${checked}>${record[domain]}</option>\n");
      }
  ?>
--- 316,321 ----
      foreach ($domainsRS as $record) {
        // Set as default if it was the last to be visited.
!       if ($record['id'] == $domains) {$checked = " selected=\"selected\"";} else {$checked = "";};
!       print ("            <option value=\"${record['id']}\"${checked}>${record['domain']}</option>\n");
      }
  ?>