Permalink
Browse files

Sanitize $_GET inputs for XSS attacks. Thanks to Bob van Dam for repo…

…rting.
  • Loading branch information...
rosslagerwall committed Jan 3, 2012
1 parent 07326f1 commit bd400724efc3abb36102bb5fedbddc7428cd3592
Showing with 26 additions and 26 deletions.
  1. +1 −1 editPost.php
  2. +1 −1 editTopic.php
  3. +1 −1 pmView.php
  4. +7 −7 viewPosts.php
  5. +13 −13 viewTopics.php
  6. +3 −3 viewUser.php
View
@@ -22,7 +22,7 @@
outHtml2("Edit Post:","viewPosts.php?topicId=".$actual->getTopicId());
?>
- <form action="editPostExecute.php?topicId=<?php echo $_GET['topicId'] ?>&postId=<?php echo $_GET['postId'] ?>" method="post">
+ <form action="editPostExecute.php?topicId=<?php echo htmlentities($_GET['topicId']) ?>&postId=<?php echo htmlentities($_GET['postId']) ?>" method="post">
<div id="messageDiv">
Post Message:<br />
<textarea name="message"><?php echo trim($actual->getMessage()); ?></textarea><br />
View
@@ -10,7 +10,7 @@
outHtml2("Edit Topic:","viewTopics.php?forumId=".$topic->getForumId());
?>
- <form action="editTopicExecute.php?topicId=<?php echo $_GET['topicId']."&forumId=".$topic->getForumId(); ?>" method="post">
+ <form action="editTopicExecute.php?topicId=<?php echo htmlentities($_GET['topicId'])."&forumId=".$topic->getForumId(); ?>" method="post">
<div id="topicDiv">
Topic Name:<br />
<input type="text" name="name" id="name" value="<?php echo $topic->getTopicName() ?>" /><br />
View
@@ -53,7 +53,7 @@
</tr>
</table>
<div id="controlDiv">
- <a href="pmDelete.php?&messageId=<?php echo $_GET['messageId'] ?>">Delete</a>
+ <a href="pmDelete.php?&messageId=<?php echo htmlentities($_GET['messageId']) ?>">Delete</a>
</div>
<?php
outHtml3();
View
@@ -36,19 +36,19 @@ function addQuote(row)
echo "<div id='adminControls'>Moderator Controls: ";
if ($topic->isLocked() == "false")
{
- echo "<a href='lockExecute.php?mode=lock&topicId=".$_GET["topicId"]."'>Lock</a>&nbsp";
+ echo "<a href='lockExecute.php?mode=lock&topicId=".htmlentities($_GET["topicId"])."'>Lock</a>&nbsp";
}
else
{
- echo "<a href='lockExecute.php?mode=unlock&topicId=".$_GET["topicId"]."'>Unlock</a>&nbsp";
+ echo "<a href='lockExecute.php?mode=unlock&topicId=".htmlentities($_GET["topicId"])."'>Unlock</a>&nbsp";
}
if ($topic->isSticky() == "false")
{
- echo "<a href='stickyExecute.php?mode=sticky&forumId=".$_SESSION['forum']->getForumId()."&topicId=".$_GET["topicId"]."'>Sticky</a>&nbsp";
+ echo "<a href='stickyExecute.php?mode=sticky&forumId=".$_SESSION['forum']->getForumId()."&topicId=".htmlentities($_GET["topicId"])."'>Sticky</a>&nbsp";
}
else
{
- echo "<a href='stickyExecute.php?mode=unsticky&forumId=".$_SESSION['forum']->getForumId()."&topicId=".$_GET["topicId"]."'>Unsticky</a>&nbsp";
+ echo "<a href='stickyExecute.php?mode=unsticky&forumId=".$_SESSION['forum']->getForumId()."&topicId=".htmlentities($_GET["topicId"])."'>Unsticky</a>&nbsp";
}
echo "</div>";
}
@@ -149,12 +149,12 @@ function addQuote(row)
$deleteStr = "";
if ($_SESSION['loggedIn'] == true && $_SESSION['user']->getLevel() > 1 && sizeOf($postArr) > 1)
{
- $deleteStr = "<a class='delete' href='moderate.php?flag=post&postId=".$item->getPostId()."&topicId=".$_GET['topicId']."'>delete</a><br />";
+ $deleteStr = "<a class='delete' href='moderate.php?flag=post&postId=".$item->getPostId()."&topicId=".htmlentities($_GET['topicId'])."'>delete</a><br />";
}
if ($_SESSION['loggedIn'] == true && $_SESSION['user']->getLevel() > 1)
{
- $deleteStr .= "<a class='delete' href='editPost.php?postId=".$key."&topicId=".$_GET['topicId']."'>edit</a><br />";
+ $deleteStr .= "<a class='delete' href='editPost.php?postId=".$key."&topicId=".htmlentities($_GET['topicId'])."'>edit</a><br />";
}
if ($_SESSION['loggedIn'] == true)
{
@@ -172,7 +172,7 @@ function addQuote(row)
if ($_SESSION['loggedIn'] == true && $topic->isLocked() == "false")
{
?>
- <form action="postExecute.php?topicId=<?php echo $_GET['topicId']."&postId=".$count; ?>" method="post" onsubmit="return verify(this);">
+ <form action="postExecute.php?topicId=<?php echo htmlentities($_GET['topicId'])."&postId=".$count; ?>" method="post" onsubmit="return verify(this);">
<div id='replyId'>
Post Reply:<br />
<div id="imageInfo">Images may be no bigger than 600 x 600 and 200kB.</div>
View
@@ -90,7 +90,7 @@
$deleteStr = "";
if ($_SESSION['loggedIn'] == true && $_SESSION['user']->getLevel() > 1)
{
- $deleteStr = "<a class='deleteTopic' href='moderate.php?flag=topic&forumId=".$_GET['forumId']."&topicId=".$item->getTopicId()."'>delete</a><a class='deleteTopic' href='moveTopic.php?topicId=".$item->getTopicId()."&forumId=".$_GET['forumId']."'>move</a><a class='deleteTopic' href='editTopic.php?topicId=".$item->getTopicId()."'>edit</a>";
+ $deleteStr = "<a class='deleteTopic' href='moderate.php?flag=topic&forumId=".htmlentities($_GET['forumId'])."&topicId=".$item->getTopicId()."'>delete</a><a class='deleteTopic' href='moveTopic.php?topicId=".$item->getTopicId()."&forumId=".htmlentities($_GET['forumId'])."'>move</a><a class='deleteTopic' href='editTopic.php?topicId=".$item->getTopicId()."'>edit</a>";
}
echo "<tr><td class='listtopicname'><a href='viewPosts.php?topicId=".$item->getTopicId()."'>".$item->getTopicName()."</a>".$deleteStr."</td>
<td class='listtopiccreator'><a href='viewUser.php?userId=".$item->getUser()->getUserId()."'>".$item->getUser()->getUserId()."</a>
@@ -115,13 +115,13 @@
{
if ($pageNo == 0)
{
- echo "1&nbsp;<a href='viewTopics.php?forumId=".$_GET['forumId']."&page=1'>2</a>";
- $controlsStr = "<a href='viewTopics.php?forumId=".$_GET['forumId']."&page=1'>Next</a>";
+ echo "1&nbsp;<a href='viewTopics.php?forumId=".htmlentities($_GET['forumId'])."&page=1'>2</a>";
+ $controlsStr = "<a href='viewTopics.php?forumId=".htmlentities($_GET['forumId'])."&page=1'>Next</a>";
}
else
{
- echo "<a href='viewTopics.php?forumId=".$_GET['forumId']."&page=0'>1</a>&nbsp;2";
- $controlsStr = "<a href='viewTopics.php?forumId=".$_GET['forumId']."&page=0'>Prev</a>";
+ echo "<a href='viewTopics.php?forumId=".htmlentities($_GET['forumId'])."&page=0'>1</a>&nbsp;2";
+ $controlsStr = "<a href='viewTopics.php?forumId=".htmlentities($_GET['forumId'])."&page=0'>Prev</a>";
}
@@ -131,18 +131,18 @@
$maxPage = ceil($forum->getTotalTopics()/$topicsperpage)-1;
if ($pageNo == 0)
{
- echo "1&nbsp;...&nbsp;<a href='viewTopics.php?forumId=".$_GET['forumId']."&page=".$maxPage."'>".($maxPage+1)."</a>";
- $controlsStr = "<a href='viewTopics.php?forumId=".$_GET['forumId']."&page=".($pageNo+1)."'>Next</a>";
+ echo "1&nbsp;...&nbsp;<a href='viewTopics.php?forumId=".htmlentities($_GET['forumId'])."&page=".$maxPage."'>".($maxPage+1)."</a>";
+ $controlsStr = "<a href='viewTopics.php?forumId=".htmlentities($_GET['forumId'])."&page=".($pageNo+1)."'>Next</a>";
}
else if ($pageNo == $maxPage)
{
- echo "<a href='viewTopics.php?forumId=".$_GET['forumId']."&page=0'>1</a>&nbsp;...&nbsp;".($maxPage+1);
- $controlsStr = "<a href='viewTopics.php?forumId=".$_GET['forumId']."&page=".($pageNo-1)."'>Prev</a>";
+ echo "<a href='viewTopics.php?forumId=".htmlentities($_GET['forumId'])."&page=0'>1</a>&nbsp;...&nbsp;".($maxPage+1);
+ $controlsStr = "<a href='viewTopics.php?forumId=".htmlentities($_GET['forumId'])."&page=".($pageNo-1)."'>Prev</a>";
}
else
{
- echo "<a href='viewTopics.php?forumId=".$_GET['forumId']."&page=0'>1</a>&nbsp;...&nbsp;".($pageNo+1)."&nbsp;...&nbsp;<a href='viewTopics.php?forumId=".$_GET['forumId']."&page=".$maxPage."'>".($maxPage+1)."</a>";
- $controlsStr = "<a href='viewTopics.php?forumId=".$_GET['forumId']."&page=".($pageNo-1)."'>Prev</a>&nbsp;<a href='viewTopics.php?forumId=".$_GET['forumId']."&page=".($pageNo+1)."'>Next</a>";
+ echo "<a href='viewTopics.php?forumId=".htmlentities($_GET['forumId'])."&page=0'>1</a>&nbsp;...&nbsp;".($pageNo+1)."&nbsp;...&nbsp;<a href='viewTopics.php?forumId=".htmlentities($_GET['forumId'])."&page=".$maxPage."'>".($maxPage+1)."</a>";
+ $controlsStr = "<a href='viewTopics.php?forumId=".htmlentities($_GET['forumId'])."&page=".($pageNo-1)."'>Prev</a>&nbsp;<a href='viewTopics.php?forumId=".htmlentities($_GET['forumId'])."&page=".($pageNo+1)."'>Next</a>";
}
}
@@ -153,8 +153,8 @@
<?php
if ($_SESSION['loggedIn'] == true)
{
- ?><a href="addTopic.php?forumId=<?php echo $_GET['forumId']?>">Add Topic</a><br />
- <a href="addPoll.php?forumId=<?php echo $_GET['forumId']?>">Add Poll</a><?php
+ ?><a href="addTopic.php?forumId=<?php echo htmlentities($_GET['forumId']) ?>">Add Topic</a><br />
+ <a href="addPoll.php?forumId=<?php echo htmlentities($_GET['forumId']) ?>">Add Poll</a><?php
}
?>
</div>
View
@@ -1,7 +1,7 @@
<?php
include("common.php");
- outHtml1("View User - ".$_GET['userId']);
+ outHtml1("View User - ".htmlentities($_GET['userId']));
?>
<style>
.list {
@@ -35,7 +35,7 @@
}
</style>
<?php
- outHtml2("View User: ".$_GET['userId'],$_SERVER['HTTP_REFERER']);
+ outHtml2("View User: ".htmlentities($_GET['userId']),$_SERVER['HTTP_REFERER']);
?>
<table class='list'>
@@ -73,7 +73,7 @@
<?php
if ($_SESSION['loggedIn'] == true)
{
- echo "<div align='center' style='margin-top: 5px;'><a href='pmCompose.php?userId=".$_GET['userId']."'>PM User</a></div>";
+ echo "<div align='center' style='margin-top: 5px;'><a href='pmCompose.php?userId=".htmlentities($_GET['userId'])."'>PM User</a></div>";
}
outHtml3();

0 comments on commit bd40072

Please sign in to comment.