diff options
author | thomascube <thomas@roundcube.net> | 2006-08-16 08:06:31 +0000 |
---|---|---|
committer | thomascube <thomas@roundcube.net> | 2006-08-16 08:06:31 +0000 |
commit | 89406f36c20e4d785bfb35c68e87475329cfbaf5 (patch) | |
tree | ae3f118ad16a87f112c3c8ef6df721d557fb8764 | |
parent | 3287e84c90d53f88a009beaed2836f337f0751f2 (diff) |
Fixed some XSS and SQL injection issues
-rw-r--r-- | program/steps/error.inc | 2 | ||||
-rw-r--r-- | program/steps/settings/edit_identity.inc | 3 | ||||
-rw-r--r-- | program/steps/settings/save_identity.inc | 4 |
3 files changed, 4 insertions, 5 deletions
diff --git a/program/steps/error.inc b/program/steps/error.inc index aa8036afe..2d87a9da4 100644 --- a/program/steps/error.inc +++ b/program/steps/error.inc @@ -53,7 +53,7 @@ else if ($ERROR_CODE==401) else if ($ERROR_CODE==404) { $__error_title = "REQUEST FAILED/FILE NOT FOUND"; - $request_url = $_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']; + $request_url = htmlentities($_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']); $__error_text = <<<EOF The requested page was not found!<br /> Please contact your server-administrator. diff --git a/program/steps/settings/edit_identity.inc b/program/steps/settings/edit_identity.inc index 07cd8fa02..316eec785 100644 --- a/program/steps/settings/edit_identity.inc +++ b/program/steps/settings/edit_identity.inc @@ -21,12 +21,11 @@ if (($_GET['_iid'] || $_POST['_iid']) && $_action=='edit-identity') { - $id = $_POST['_iid'] ? $_POST['_iid'] : $_GET['_iid']; $DB->query("SELECT * FROM ".get_table_name('identities')." WHERE identity_id=? AND user_id=? AND del<>1", - $id, + get_input_value('_iid', RCUBE_INPUT_GPC), $_SESSION['user_id']); $IDENTITY_RECORD = $DB->fetch_assoc(); diff --git a/program/steps/settings/save_identity.inc b/program/steps/settings/save_identity.inc index 9df6c61cb..2d64dc7b3 100644 --- a/program/steps/settings/save_identity.inc +++ b/program/steps/settings/save_identity.inc @@ -55,7 +55,7 @@ if ($_POST['_iid']) WHERE identity_id=? AND user_id=? AND del<>1", - $_POST['_iid'], + get_input_value('_iid', RCUBE_INPUT_POST), $_SESSION['user_id']); $updated = $DB->affected_rows(); @@ -72,7 +72,7 @@ if ($_POST['_iid']) AND identity_id<>? AND del<>1", $_SESSION['user_id'], - $_POST['_iid']); + get_input_value('_iid', RCUBE_INPUT_POST)); if ($_POST['_framed']) { |