Menu
▾
▴
[Helpmeict-cvs] Helpdesk problemcategories.php,1.4,1.5
|
From: Scott P. <wht...@us...> - 2007-09-08 16:12:19
|
Update of /cvsroot/helpmeict/Helpdesk
In directory sc8-pr-cvs17:/tmp/cvs-serv16197
Modified Files:
problemcategories.php
Log Message:
Added magic_quotes detection
Santized all $_POST, $_GET, $_REQUEST variables.
Fixed all Undefined Constants
Index: problemcategories.php
===================================================================
RCS file: /cvsroot/helpmeict/Helpdesk/problemcategories.php,v
retrieving revision 1.4
retrieving revision 1.5
diff -C2 -d -r1.4 -r1.5
*** problemcategories.php 7 Feb 2007 01:20:04 -0000 1.4
--- problemcategories.php 8 Sep 2007 16:12:15 -0000 1.5
***************
*** 8,11 ****
--- 8,12 ----
Changelog:
+ 2007-09-08 whtghst1: Added magic_quotes detection and santized all inputs.
2006-01-14 dave: Cleaned up code for v1.0 release
***************
*** 56,65 ****
set_text_domain("problemcategories");
! // Retrieve Get/Post variables
! $act = $_REQUEST['act'];
! $description = $_POST['description'];
! $details = $_REQUEST['details'];
! $categories = $_REQUEST['categories'];
// Action: Add a category to the system
if ($act == 'addcategoryaction') {
--- 57,89 ----
set_text_domain("problemcategories");
! foreach($_POST as $key => $val) {
! // scrubbing the field NAME...
! if (preg_match('/%/', urlencode($key))) die('FATAL::XSS hack attempt detected. Your IP has been logged.');
! $_POST[$key] = strip_tags($val);
! }
! foreach($_GET as $key => $val) {
! // scrubbing the field NAME...
! if (preg_match('/%/', urlencode($key))) die('FATAL::XSS hack attempt detected. Your IP has been logged.');
! $_GET[$key] = htmlentities(strip_tags($val), ENT_QUOTES);
! }
! foreach($_REQUEST as $key => $val) {
! // scrubbing the field NAME...
! if (preg_match('/%/', urlencode($key))) die('FATAL::XSS hack attempt detected. Your IP has been logged.');
! $_GET[$key] = htmlentities(strip_tags($val), ENT_QUOTES);
! }
+ // Retrieve Get/Post variables
+ if (!get_magic_quotes_gpc()) {
+ $act = addslashes($_REQUEST['act']);
+ $description = addslashes($_POST['description']);
+ $details = addslashes($_REQUEST['details']);
+ $categories = addslashes($_REQUEST['categories']);
+ }
+ else {
+ $act = $_REQUEST['act'];
+ $description = $_POST['description'];
+ $details = $_REQUEST['details'];
+ $categories = $_REQUEST['categories'];
+ }
// Action: Add a category to the system
if ($act == 'addcategoryaction') {
***************
*** 144,148 ****
<div class="labelfieldpair">
<div class="name"><label for="description"><?php echo gettext('Category Name')?></label></div>
! <div class="field"><input type="text" name="description" id="description" size="35" maxlength="50" value="<?php echo $categoriesRS[0][description]?>"></div>
</div>
<div class="buttonpanel">
--- 168,172 ----
<div class="labelfieldpair">
<div class="name"><label for="description"><?php echo gettext('Category Name')?></label></div>
! <div class="field"><input type="text" name="description" id="description" size="35" maxlength="50" value="<?php echo $categoriesRS[0]['description']?>"></div>
</div>
<div class="buttonpanel">
***************
*** 239,243 ****
<div class="labelfieldpair">
<div class="name"><label for="description"><?php echo gettext('Description')?></label></div>
! <div class="field"><input type="text" name="description" id="description" size="35" maxlength="50" value="<?php echo $detailsRS[0][description]?>" /></div>
</div>
<div class="buttonpanel">
--- 263,267 ----
<div class="labelfieldpair">
<div class="name"><label for="description"><?php echo gettext('Description')?></label></div>
! <div class="field"><input type="text" name="description" id="description" size="35" maxlength="50" value="<?php echo $detailsRS[0]['description']?>" /></div>
</div>
<div class="buttonpanel">
***************
*** 261,265 ****
if ($num_categories > 0)
$details = db_recordset("SELECT * FROM tbl_ProblemDetails WHERE domain=$_SESSION[_domain] AND active=1 ORDER BY description");
! if (!$categories) $categories=$categoriesRS[0][id];
if ($message) { display($message); }
--- 285,289 ----
if ($num_categories > 0)
$details = db_recordset("SELECT * FROM tbl_ProblemDetails WHERE domain=$_SESSION[_domain] AND active=1 ORDER BY description");
! if (!$categories) $categories=$categoriesRS[0]['id'];
if ($message) { display($message); }
***************
*** 287,291 ****
$index = 0;
foreach ($categoriesRS as $record) {
! $current = filter_records($details,"category",$record[id]);
$flag = TRUE;
print (" var problems_$index = new Array('");
--- 311,315 ----
$index = 0;
foreach ($categoriesRS as $record) {
! $current = filter_records($details,"category",$record['id']);
$flag = TRUE;
print (" var problems_$index = new Array('");
***************
*** 299,303 ****
print ("','");
}
! print ($res_record[id] . "','" . addslashes($res_record[description]));
}
}
--- 323,327 ----
print ("','");
}
! print ($res_record['id'] . "','" . addslashes($res_record['description']));
}
}
***************
*** 367,372 ****
foreach ($categoriesRS as $record) {
// Set as default if this was previously chosen
! if ($record[id] == $categories) {$checked = " selected=\"selected\"";} else {$checked = "";};
! print (" <option value=\"${record[id]}\"${checked}>${record[description]}</option>\n");
}
?>
--- 391,396 ----
foreach ($categoriesRS as $record) {
// Set as default if this was previously chosen
! if ($record['id'] == $categories) {$checked = " selected=\"selected\"";} else {$checked = "";};
! print (" <option value=\"${record['id']}\"${checked}>${record['description']}</option>\n");
}
?>
|
