Skip to content
Permalink
Browse files Browse the repository at this point in the history
fix possible sql injections.
  • Loading branch information
slaver7 committed Jan 18, 2013
1 parent 2127878 commit 1b09cf7
Show file tree
Hide file tree
Showing 4 changed files with 13 additions and 13 deletions.
8 changes: 4 additions & 4 deletions includes/pages/game/class.ShowFleetStep1Page.php
Expand Up @@ -41,10 +41,10 @@ public function show()
{
global $USER, $PLANET, $resource, $pricelist, $reslist, $LNG;

$targetGalaxy = HTTP::_GP('galaxy', $PLANET['galaxy']);
$targetSystem = HTTP::_GP('system', $PLANET['system']);
$targetPlanet = HTTP::_GP('planet', $PLANET['planet']);
$targetType = HTTP::_GP('type', $PLANET['planet_type']);
$targetGalaxy = HTTP::_GP('galaxy', (int) $PLANET['galaxy']);
$targetSystem = HTTP::_GP('system', (int) $PLANET['system']);
$targetPlanet = HTTP::_GP('planet', (int) $PLANET['planet']);
$targetType = HTTP::_GP('type', (int) $PLANET['planet_type']);

$mission = HTTP::_GP('target_mission', 0);

Expand Down
8 changes: 4 additions & 4 deletions includes/pages/game/class.ShowFleetTablePage.php
Expand Up @@ -192,10 +192,10 @@ public function show()

$maxFleetSlots = FleetFunctions::GetMaxFleetSlots($USER);

$targetGalaxy = HTTP::_GP('galaxy', $PLANET['galaxy']);
$targetSystem = HTTP::_GP('system', $PLANET['system']);
$targetPlanet = HTTP::_GP('planet', $PLANET['planet']);
$targetType = HTTP::_GP('planettype', $PLANET['planet_type']);
$targetGalaxy = HTTP::_GP('galaxy', (int) $PLANET['galaxy']);
$targetSystem = HTTP::_GP('system', (int) $PLANET['system']);
$targetPlanet = HTTP::_GP('planet', (int) $PLANET['planet']);
$targetType = HTTP::_GP('planettype', (int) $PLANET['planet_type']);
$targetMission = HTTP::_GP('target_mission', 0);

$fleetResult = $GLOBALS['DATABASE']->query("SELECT * FROM ".FLEETS." WHERE fleet_owner = ".$USER['id']." AND fleet_mission <> 10 ORDER BY fleet_end_time ASC;");
Expand Down
8 changes: 4 additions & 4 deletions includes/pages/game/class.ShowGalaxyPage.php
Expand Up @@ -47,12 +47,12 @@ public function show()
$galaxyRight = HTTP::_GP('galaxyRight', '');
$systemLeft = HTTP::_GP('systemLeft', '');
$systemRight = HTTP::_GP('systemRight', '');
$galaxy = min(max(HTTP::_GP('galaxy', $PLANET['galaxy']), 1), Config::get('max_galaxy'));
$system = min(max(HTTP::_GP('system', $PLANET['system']), 1), Config::get('max_system'));
$planet = min(max(HTTP::_GP('planet', $PLANET['planet']), 1), Config::get('max_planets'));
$galaxy = min(max(HTTP::_GP('galaxy', (int) $PLANET['galaxy']), 1), Config::get('max_galaxy'));
$system = min(max(HTTP::_GP('system', (int) $PLANET['system']), 1), Config::get('max_system'));
$planet = min(max(HTTP::_GP('planet', (int) $PLANET['planet']), 1), Config::get('max_planets'));
$type = HTTP::_GP('type', 1);
$current = HTTP::_GP('current', 0);

if (!empty($galaxyLeft))
$galaxy = max($galaxy - 1, 1);
elseif (!empty($galaxyRight))
Expand Down
2 changes: 1 addition & 1 deletion includes/pages/game/class.ShowInformationPage.php
Expand Up @@ -55,7 +55,7 @@ public function sendFleet()
$this->sendJSON(array('message' => $LNG['in_jump_gate_already_used'].' '.pretty_time($NextJumpTime - TIMESTAMP), 'error' => true));
}

$TargetPlanet = HTTP::_GP('jmpto', $PLANET['id']);
$TargetPlanet = HTTP::_GP('jmpto', (int) $PLANET['id']);
$TargetGate = $GLOBALS['DATABASE']->getFirstRow("SELECT id, last_jump_time FROM ".PLANETS." WHERE id = ".$TargetPlanet." AND id_owner = ".$USER['id']." AND sprungtor > 0;");

if (!isset($TargetGate) || $TargetPlanet == $PLANET['id']) {
Expand Down

0 comments on commit 1b09cf7

Please sign in to comment.