Update of /cvsroot/openfirst/guestbook
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv17756
Modified Files:
signthanks.php
Log Message:
Prevent DoS on guestbook by requiring fields to be filled in. This is in direct response to the attacks on portperryrobotics.ca using a Java-based program running on a remote server to post blank data directly to signthanks.php
Index: signthanks.php
===================================================================
RCS file: /cvsroot/openfirst/guestbook/signthanks.php,v
retrieving revision 1.12
retrieving revision 1.13
diff -C2 -d -r1.12 -r1.13
*** signthanks.php 24 Dec 2003 19:05:54 -0000 1.12
--- signthanks.php 9 Apr 2004 18:31:29 -0000 1.13
***************
*** 29,32 ****
--- 29,40 ----
include_once("../config/globals.php");
include_once("$header");
+
+ if(! isset($_POST["guest"]) && ! isset($_POST["email"]) && !isset($_POST["icq"]) && ! isset($_POST["aim"]) && ! isset($_POST["msn"])
+ && ! isset($_POST["yim"]) && ! isset($_POST["irc"]) && !
+ isset($_POST["webpage"]) && ! isset($_POST["location"]) && !
+ isset($_POST["comment"])) {
+ echo("You must fill in at least some fields to sign the guest book");
+ die(include_once($footer));
+ }
?>
<h1>Sign Guest Book - Complete</h1>
|
