Skip to content

Commit 077b14d

Browse files
mmmalymmmaly
authored
Merge pull request #151 from sveneld/sql_injection_fix
sql injection fix
2 parents 72c66c2 + df51386 commit 077b14d

4 files changed

Lines changed: 41 additions & 11 deletions

File tree

admin.php

Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,14 @@
77
$db->connect();
88

99
checksession();
10-
if (getprivileges($_COOKIE["loguserid"])<=0) exit(_('You need admin privileges to access this page.'));
10+
11+
if (isset($_COOKIE["loguserid"])) {
12+
$userid = $db->conn->real_escape_string(trim($_COOKIE["loguserid"]));
13+
} else {
14+
$userid = 0;
15+
}
16+
17+
if (getprivileges($userid)<=0) exit(_('You need admin privileges to access this page.'));
1118
?>
1219
<!DOCTYPE html>
1320
<html lang="en">

command.php

Lines changed: 12 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -6,9 +6,18 @@
66
$db=new Database($dbserver,$dbuser,$dbpassword,$dbname);
77
$db->connect();
88

9-
if (isset($_COOKIE["loguserid"])) $userid=$_COOKIE["loguserid"];
10-
else $userid=0;
11-
if (isset($_COOKIE["logsession"])) $session=$_COOKIE["logsession"];
9+
if (isset($_COOKIE["loguserid"])) {
10+
$userid = $db->conn->real_escape_string(trim($_COOKIE["loguserid"]));
11+
} else {
12+
$userid = 0;
13+
}
14+
15+
if (isset($_COOKIE["logsession"])) {
16+
$session = $db->conn->real_escape_string(trim($_COOKIE["logsession"]));
17+
} else {
18+
$session = '';
19+
}
20+
1221
$action="";
1322
if (isset($_GET["action"])) $action=trim($_GET["action"]);
1423

index.php

Lines changed: 10 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -43,10 +43,16 @@
4343
var mapzoom=<?php echo $systemzoom; ?>;
4444
var standselected=0;
4545
<?php
46+
if (isset($_COOKIE["loguserid"])) {
47+
$userid = $db->conn->real_escape_string(trim($_COOKIE["loguserid"]));
48+
} else {
49+
$userid = 0;
50+
}
51+
4652
if (isloggedin())
4753
{
4854
echo 'var loggedin=1;',"\n";
49-
echo 'var priv=',getprivileges($_COOKIE["loguserid"]),";\n";
55+
echo 'var priv=',getprivileges($userid),";\n";
5056
}
5157
else
5258
{
@@ -81,11 +87,11 @@
8187
<ul class="list-inline">
8288
<li><a href="<?php echo $systemrules; ?>"><span class="glyphicon glyphicon-question-sign"></span> <?php echo _('Help'); ?></a></li>
8389
<?php
84-
if (isloggedin() AND getprivileges($_COOKIE["loguserid"])>0) echo '<li><a href="admin.php"><span class="glyphicon glyphicon-cog"></span> ',_('Admin'),'</a></li>';
90+
if (isloggedin() AND getprivileges($userid)>0) echo '<li><a href="admin.php"><span class="glyphicon glyphicon-cog"></span> ',_('Admin'),'</a></li>';
8591
if (isloggedin())
8692
{
87-
echo '<li><span class="glyphicon glyphicon-user"></span> <small>',getusername($_COOKIE["loguserid"]),'</small>';
88-
if (iscreditenabled()) echo ' (<span id="usercredit" title="',_('Remaining credit'),'">',getusercredit($_COOKIE["loguserid"]),'</span> ',getcreditcurrency(),' <button type="button" class="btn btn-success btn-xs" id="opencredit" title="',_('Add credit'),'"><span class="glyphicon glyphicon-plus"></span></button>)<span id="couponblock"><br /><span class="form-inline"><input type="text" class="form-control input-sm" id="coupon" placeholder="XXXXXX" /><button type="button" class="btn btn-primary btn-sm" id="validatecoupon" title="',_('Confirm coupon'),'"><span class="glyphicon glyphicon-plus"></span></button></span></span></li>';
93+
echo '<li><span class="glyphicon glyphicon-user"></span> <small>',getusername($userid),'</small>';
94+
if (iscreditenabled()) echo ' (<span id="usercredit" title="',_('Remaining credit'),'">',getusercredit($userid),'</span> ',getcreditcurrency(),' <button type="button" class="btn btn-success btn-xs" id="opencredit" title="',_('Add credit'),'"><span class="glyphicon glyphicon-plus"></span></button>)<span id="couponblock"><br /><span class="form-inline"><input type="text" class="form-control input-sm" id="coupon" placeholder="XXXXXX" /><button type="button" class="btn btn-primary btn-sm" id="validatecoupon" title="',_('Confirm coupon'),'"><span class="glyphicon glyphicon-plus"></span></button></span></span></li>';
8995
echo '<li><a href="command.php?action=logout" id="logout"><span class="glyphicon glyphicon-log-out"></span> ',_('Log out'),'</a></li>';
9096
}
9197
?>

scan.php

Lines changed: 11 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -6,9 +6,17 @@
66
$db=new Database($dbserver,$dbuser,$dbpassword,$dbname);
77
$db->connect();
88

9-
if (isset($_COOKIE["loguserid"])) $userid=$_COOKIE["loguserid"];
10-
else $userid=0;
11-
if (isset($_COOKIE["logsession"])) $session=$_COOKIE["logsession"];
9+
if (isset($_COOKIE["loguserid"])) {
10+
$userid = $db->conn->real_escape_string(trim($_COOKIE["loguserid"]));
11+
} else {
12+
$userid = 0;
13+
}
14+
15+
if (isset($_COOKIE["logsession"])) {
16+
$session = $db->conn->real_escape_string(trim($_COOKIE["logsession"]));
17+
} else {
18+
$session = '';
19+
}
1220
$request=substr($_SERVER["REQUEST_URI"],strpos($_SERVER["REQUEST_URI"],".php")+5);
1321
$request=explode("/",$request);
1422
$action=$request[0];

0 commit comments

Comments
 (0)