Menu
▾
▴
[Helpmeict-cvs] Helpdesk find.php,1.13,1.14
|
From: Scott P. <wht...@us...> - 2007-09-08 05:27:12
|
Update of /cvsroot/helpmeict/Helpdesk
In directory sc8-pr-cvs17:/tmp/cvs-serv13656
Modified Files:
find.php
Log Message:
Added magic_quotes detection and added input sanitizing.
Fixed all Undefined Constants
Index: find.php
===================================================================
RCS file: /cvsroot/helpmeict/Helpdesk/find.php,v
retrieving revision 1.13
retrieving revision 1.14
diff -C2 -d -r1.13 -r1.14
*** find.php 7 Feb 2007 01:20:03 -0000 1.13
--- find.php 8 Sep 2007 05:27:03 -0000 1.14
***************
*** 9,12 ****
--- 9,13 ----
Changelog:
+ 2007-09-08 whtghst1: Added magic_quotes detection, sanitize all inputs, and fixed all Undefiend Constants
2006-01-14 dave: Cleaned up code for v1.0 release
2005-07-03 arne_sf: Replaced all instances of column name 'user' for table tbl_UserSites with 'userid'
***************
*** 58,84 ****
set_text_domain("find");
// Retrieve Get/Post variables
- ## There are a lot of variables here to protect!
- $act = $_REQUEST['act'];
- $id = $_REQUEST['id'];
- $orderby = $_GET['orderby'];
- $orderdir = $_GET['orderdir'];
- $page = $_GET['page'];
- $freetextscope = $_REQUEST['freetextscope'];
- $freetext = $_REQUEST['freetext'];
- $site = $_REQUEST['site'];
- $reportedby = $_REQUEST['reportedby'];
- $priority = $_REQUEST['priority'];
- $level = $_REQUEST['level'];
- $status = $_REQUEST['status'];
- $category = $_REQUEST['category'];
- $detail = $_REQUEST['detail'];
- $datefrom = $_REQUEST['datefrom'];
- $dateto = $_REQUEST['dateto'];
- $assignedto = $_REQUEST['assignedto'];
- $createdby = $_REQUEST['createdby'];
! $reset = $_REQUEST['reset'];
if ($reset == 'yes') {
// Reset remembered sql restrictions
--- 59,121 ----
set_text_domain("find");
+ foreach($_POST as $key => $val) {
+ // scrubbing the field NAME...
+ if (preg_match('/%/', urlencode($key))) die('FATAL::XSS hack attempt detected. Your IP has been logged.');
+ $_POST[$key] = htmlentities(strip_tags($val), ENT_QUOTES);
+ }
+ foreach($_GET as $key => $val) {
+ // scrubbing the field NAME...
+ if (preg_match('/%/', urlencode($key))) die('FATAL::XSS hack attempt detected. Your IP has been logged.');
+ }
+
// Retrieve Get/Post variables
! ## There are a lot of variables here to protect!
! if (!get_magic_quotes_gpc()) {
!
! ## Need to do it this way because some the $_REQUEST arrays are an array of arrays do to the building of the
! ## of the multiple box's
+ $act = addslashes(htmlentities(strip_tags($_REQUEST['act']), ENT_QUOTES));
+ $id = addslashes(htmlentities(strip_tags($_REQUEST['id']), ENT_QUOTES));
+ $orderby = addslashes(htmlentities(strip_tags($_GET['orderby']), ENT_QUOTES));
+ $orderdir = addslashes(htmlentities(strip_tags($_GET['orderdir']), ENT_QUOTES));
+ $page = addslashes(htmlentities(strip_tags($_GET['page']), ENT_QUOTES));
+ $freetextscope = addslashes(htmlentities(strip_tags($_REQUEST['freetextscope']), ENT_QUOTES));
+ $freetext = addslashes(htmlentities(strip_tags($_REQUEST['freetext']), ENT_QUOTES));
+ $site = $_REQUEST['site'];
+ $reportedby = $_REQUEST['reportedby'];
+ $priority = $_REQUEST['priority'];
+ $level = $_REQUEST['level'];
+ $status = $_REQUEST['status'];
+ $category = $_REQUEST['category'];
+ $detail = $_REQUEST['detail'];
+ $datefrom = addslashes(htmlentities(strip_tags($_REQUEST['datefrom']), ENT_QUOTES));
+ $dateto = addslashes(htmlentities(strip_tags($_REQUEST['dateto']), ENT_QUOTES));
+ $assignedto = $_REQUEST['assignedto'];
+ $createdby = $_REQUEST['createdby'];
+ $reset = addslashes(htmlentities(strip_tags($_REQUEST['reset']), ENT_QUOTES));
+ }
+ else {
+ $act = htmlentities(strip_tags($_REQUEST['act']), ENT_QUOTES);
+ $id = htmlentities(strip_tags($_REQUEST['id']), ENT_QUOTES);
+ $orderby = htmlentities(strip_tags($_GET['orderby']), ENT_QUOTES);
+ $orderdir = htmlentities(strip_tags($_GET['orderdir']), ENT_QUOTES);
+ $page = htmlentities(strip_tags($_GET['page']), ENT_QUOTES);
+ $freetextscope = htmlentities(strip_tags($_REQUEST['freetextscope']), ENT_QUOTES);
+ $freetext = htmlentities(strip_tags($_REQUEST['freetext']), ENT_QUOTES);
+ $site = $_REQUEST['site'];
+ $reportedby = $_REQUEST['reportedby'];
+ $priority = $_REQUEST['priority'];
+ $level = $_REQUEST['level'];
+ $status = $_REQUEST['status'];
+ $category = $_REQUEST['category'];
+ $detail = $_REQUEST['detail'];
+ $datefrom = htmlentities(strip_tags($_REQUEST['datefrom']), ENT_QUOTES);
+ $dateto = htmlentities(strip_tags($_REQUEST['dateto']), ENT_QUOTES);
+ $assignedto = $_REQUEST['assignedto'];
+ $createdby = $_REQUEST['createdby'];
+ $reset = $_REQUEST['reset'];
+ }
if ($reset == 'yes') {
// Reset remembered sql restrictions
***************
*** 228,232 ****
foreach ($site as $record) {
if ($flag == 0) { $flag = 1; } else { $sql .= ','; }
! $sql .= $record;
}
$sql .= ') AND ';
--- 265,274 ----
foreach ($site as $record) {
if ($flag == 0) { $flag = 1; } else { $sql .= ','; }
! if (!get_magic_quotes_gpc()) {
! $sql .= addslashes(htmlentities(strip_tags($record), ENT_QUOTES));
! }
! else {
! $sql .= $record;
! }
}
$sql .= ') AND ';
***************
*** 241,245 ****
foreach ($reportedby as $record) {
if ($flag == 0) { $flag = 1; } else { $sql .= ','; }
! $sql .= $record;
}
$sql .= ') AND ';
--- 283,292 ----
foreach ($reportedby as $record) {
if ($flag == 0) { $flag = 1; } else { $sql .= ','; }
! if (!get_magic_quotes_gpc()) {
! $sql .= addslashes(htmlentities(strip_tags($record), ENT_QUOTES));
! }
! else {
! $sql .= $record;
! }
}
$sql .= ') AND ';
***************
*** 254,258 ****
foreach ($createdby as $record) {
if ($flag == 0) { $flag = 1; } else { $sql .= ','; }
! $sql .= $record;
}
$sql .= ') AND ';
--- 301,310 ----
foreach ($createdby as $record) {
if ($flag == 0) { $flag = 1; } else { $sql .= ','; }
! if (!get_magic_quotes_gpc()) {
! $sql .= addslashes(htmlentities(strip_tags($record), ENT_QUOTES));
! }
! else {
! $sql .= $record;
! }
}
$sql .= ') AND ';
***************
*** 276,280 ****
foreach ($assignedto as $record) {
if ($flag == 0) { $flag = 1; } else { $sql .= ','; }
! $sql .= $record;
}
$sql .= ') AND ';
--- 328,337 ----
foreach ($assignedto as $record) {
if ($flag == 0) { $flag = 1; } else { $sql .= ','; }
! if (!get_magic_quotes_gpc()) {
! $sql .= addslashes(htmlentities(strip_tags($record), ENT_QUOTES));
! }
! else {
! $sql .= $record;
! }
}
$sql .= ') AND ';
***************
*** 289,293 ****
foreach ($level as $record) {
if ($flag == 0) { $flag = 1; } else { $sql .= ','; }
! $sql .= $record;
}
$sql .= ') AND ';
--- 346,355 ----
foreach ($level as $record) {
if ($flag == 0) { $flag = 1; } else { $sql .= ','; }
! if (!get_magic_quotes_gpc()) {
! $sql .= addslashes(htmlentities(strip_tags($record), ENT_QUOTES));
! }
! else {
! $sql .= $record;
! }
}
$sql .= ') AND ';
***************
*** 302,306 ****
foreach ($priority as $record) {
if ($flag == 0) { $flag = 1; } else { $sql .= ','; }
! $sql .= $record;
}
$sql .= ') AND ';
--- 364,373 ----
foreach ($priority as $record) {
if ($flag == 0) { $flag = 1; } else { $sql .= ','; }
! if (!get_magic_quotes_gpc()) {
! $sql .= addslashes(htmlentities(strip_tags($record), ENT_QUOTES));
! }
! else {
! $sql .= $record;
! }
}
$sql .= ') AND ';
***************
*** 315,319 ****
foreach ($status as $record) {
if ($flag == 0) { $flag = 1; } else { $sql .= ','; }
! $sql .= $record;
}
$sql .= ') AND ';
--- 382,391 ----
foreach ($status as $record) {
if ($flag == 0) { $flag = 1; } else { $sql .= ','; }
! if (!get_magic_quotes_gpc()) {
! $sql .= addslashes(htmlentities(strip_tags($record), ENT_QUOTES));
! }
! else {
! $sql .= $record;
! }
}
$sql .= ') AND ';
***************
*** 330,334 ****
foreach ($category as $record) {
if ($flag == 0) { $flag = 1; } else { $sql .= ','; }
! $sql .= $record;
}
$sql .= ') AND ';
--- 402,411 ----
foreach ($category as $record) {
if ($flag == 0) { $flag = 1; } else { $sql .= ','; }
! if (!get_magic_quotes_gpc()) {
! $sql .= addslashes(htmlentities(strip_tags($record), ENT_QUOTES));
! }
! else {
! $sql .= $record;
! }
}
$sql .= ') AND ';
***************
*** 343,347 ****
foreach ($detail as $record) {
if ($flag == 0) { $flag = 1; } else { $sql .= ','; }
! $sql .= $record;
}
$sql .= ') AND ';
--- 420,429 ----
foreach ($detail as $record) {
if ($flag == 0) { $flag = 1; } else { $sql .= ','; }
! if (!get_magic_quotes_gpc()) {
! $sql .= addslashes(htmlentities(strip_tags($record), ENT_QUOTES));
! }
! else {
! $sql .= $record;
! }
}
$sql .= ') AND ';
***************
*** 384,388 ****
if ($freetextscope != '') $field = $freetextscope;
foreach ($searchstrings as $searchstring) {
! $sql .= " AND $field ILIKE '%".addslashes($searchstring)."%'";
}
} else {
--- 466,470 ----
if ($freetextscope != '') $field = $freetextscope;
foreach ($searchstrings as $searchstring) {
! $sql .= " AND $field ILIKE '%".$searchstring."%'";
}
} else {
***************
*** 392,396 ****
$operator = 'AND';
foreach ($field as $sfield) {
! $sql .= " $operator $sfield LIKE '%".addslashes($searchstring)."%'";
$operator = 'OR';
}
--- 474,478 ----
$operator = 'AND';
foreach ($field as $sfield) {
! $sql .= " $operator $sfield LIKE '%".$searchstring."%'";
$operator = 'OR';
}
***************
*** 412,421 ****
// How many issues would be in this category
if ($is_pgsql) {
! $num_issues = $issuesRS[0][num];
} else {
$num_issues = count($issuesRS);
}
// Set page size and limit issues to that number
! $pagesize = $global_prefs[pagesize];
$num_pages = ceil($num_issues/$pagesize);
if ($is_pgsql) {
--- 494,503 ----
// How many issues would be in this category
if ($is_pgsql) {
! $num_issues = $issuesRS[0]['num'];
} else {
$num_issues = count($issuesRS);
}
// Set page size and limit issues to that number
! $pagesize = $global_prefs['pagesize'];
$num_pages = ceil($num_issues/$pagesize);
if ($is_pgsql) {
***************
*** 565,587 ****
// Show attributes
print " <tr valign=\"top\">\n";
! print " <td class=\"$class\"><a href=\"issue.php?id=${record[id]}\">${record[id]}</a></td>\n";
print " <td class=\"$class\">";
! if (strftime('%d/%m/%y',$record[createdon]) == strftime('%d/%m/%y')) {
! print strftime('%H:%M',$record[createdon]);
} else {
! print strftime('%d/%m/%y',$record[createdon]);
}
print "</td>\n";
! print " <td class=\"$class\">${record[reportedbyname]}</td>\n";
print " <td class=\"$class\">";
! print $record[assignedtoname];
print "</td>\n";
! print " <td class=\"$class\">${record[sitename]}</td>\n";
! print " <td class=\"$class\"><a href=\"issue.php?id=${record[id]}\">${record[summary]}</a></td>\n";
print " <td align=\"center\" class=\"$priority\">";
if ($record['recalled'] == 1) {
print 'Recalled';
} else {
! print $record[priorityname];
}
print "</td>\n";
--- 647,669 ----
// Show attributes
print " <tr valign=\"top\">\n";
! print " <td class=\"$class\"><a href=\"issue.php?id=${record['id']}\">${record['id']}</a></td>\n";
print " <td class=\"$class\">";
! if (strftime('%d/%m/%y',$record['createdon']) == strftime('%d/%m/%y')) {
! print strftime('%H:%M',$record['createdon']);
} else {
! print strftime('%d/%m/%y',$record['createdon']);
}
print "</td>\n";
! print " <td class=\"$class\">${record['reportedbyname']}</td>\n";
print " <td class=\"$class\">";
! print $record['assignedtoname'];
print "</td>\n";
! print " <td class=\"$class\">${record['sitename']}</td>\n";
! print " <td class=\"$class\"><a href=\"issue.php?id=${record['id']}\">${record['summary']}</a></td>\n";
print " <td align=\"center\" class=\"$priority\">";
if ($record['recalled'] == 1) {
print 'Recalled';
} else {
! print $record['priorityname'];
}
print "</td>\n";
***************
*** 692,696 ****
<?php
foreach ($sitesRS as $record) {
! print (" <option value=\"${record[id]}\">${record[site]}</option>\n");
}
?>
--- 774,778 ----
<?php
foreach ($sitesRS as $record) {
! print (" <option value=\"${record['id']}\">${record['site']}</option>\n");
}
?>
***************
*** 745,749 ****
<?php
foreach ($prioritiesRS as $record) {
! print (" <option value=\"${record[id]}\">${record[priority]}</option>\n");
}
?>
--- 827,831 ----
<?php
foreach ($prioritiesRS as $record) {
! print (" <option value=\"${record['id']}\">${record['priority']}</option>\n");
}
?>
***************
*** 757,761 ****
<?php
foreach ($levelsRS as $record) {
! print (" <option value=\"${record[id]}\">${record[level]}</option>\n");
}
?>
--- 839,843 ----
<?php
foreach ($levelsRS as $record) {
! print (" <option value=\"${record['id']}\">${record['level']}</option>\n");
}
?>
***************
*** 769,773 ****
<?php
foreach ($statusesRS as $record) {
! print (" <option value=\"${record[id]}\">${record[status]}</option>\n");
}
?>
--- 851,855 ----
<?php
foreach ($statusesRS as $record) {
! print (" <option value=\"${record['id']}\">${record['status']}</option>\n");
}
?>
***************
*** 784,788 ****
<?php
foreach ($categoriesRS as $record) {
! print (" <option value=\"${record[id]}\">${record[description]}</option>\n");
}
?>
--- 866,870 ----
<?php
foreach ($categoriesRS as $record) {
! print (" <option value=\"${record['id']}\">${record['description']}</option>\n");
}
?>
***************
*** 798,805 ****
// Create a grouped <select> list, grouping details on categories
foreach ($categoriesRS as $record) {
! print " <optgroup label=\"${record[description]}\">\n";
! $current = filter_records($detailsRS,'category',$record[id]);
foreach ($current as $recorddetail) {
! print " <option value=\"${recorddetail[id]}\">${recorddetail[description]}</option>\n";
}
print " </optgroup>\n";
--- 880,887 ----
// Create a grouped <select> list, grouping details on categories
foreach ($categoriesRS as $record) {
! print " <optgroup label=\"${record['description']}\">\n";
! $current = filter_records($detailsRS,'category',$record['id']);
foreach ($current as $recorddetail) {
! print " <option value=\"${recorddetail['id']}\">${recorddetail['description']}</option>\n";
}
print " </optgroup>\n";
|
