Hotfix for sql injection vulnerability.

main
hecht 10 years ago
parent 4d4d055fac
commit 7cd3b35caf

@ -14,8 +14,8 @@ include_once (ROOT_PATH . '/include/clan.inc.php');
// GET-Section
// Kritisch (SQL-Injections)
$clanid = validateUnsignedInteger($_GET['clanid'], null);
$poll1 = validateString($_GET['poll1']);
$poll2 = validateString('ASC');
$poll1 = validateStringCritical($_GET['poll1']);
$poll2 = validateStringCritical($_GET['poll2']);
$pagenum = validateUnsignedInteger($_GET['pagenum'], null);
// Unkritisch

@ -302,6 +302,11 @@ function validateStringArray($value){
return $value;
}
function validateStringCritical($value) {
$value = validateString($value);
return preg_replace('#[()\]\[\s]#', '', $value);
}
function validateEmailAddress($mail){
return validateString($mail);
}

@ -395,8 +395,8 @@ $fruchttyp= validateString($_GET['fruchttyp']);
$rassen = validateUnsignedInteger($_GET['rassen']);
$tf = validateUnsignedInteger($_GET['tf']);
$search = validateString($_GET['search']);
$order = validateString($_GET['order']);
$order_art = validateString($_GET['order_art']);
$order = validateStringCritical($_GET['order']);
$order_art = validateStringCritical($_GET['order_art']);
$pagenum = validateUnsignedInteger($_GET['pagenum']);
$seiten = validateUnsignedInteger($_GET['seiten']);
$last_klick1 = validateString($_GET['last_klick1']);

@ -40,7 +40,7 @@ $item_9 = validateUnsignedInteger($_GET['item_9'], null);
$item_10 = validateUnsignedInteger($_GET['item_10'], null);
$pagenum = validateUnsignedInteger($_GET['pagenum'], null);
$oder = validateString($_GET['oder']);
$ords = validateString($_GET['ords']);
$ords = validateStringCritical($_GET['ords']);
$charm = validateString($_GET['charm']);
// Unkritisch

@ -15,7 +15,7 @@ include_once(ROOT_PATH.'/include/char.inc.php');
// GET-Section
// Kritisch (SQL-Injections)
$wahl = validateString($_GET['wahl']);
$wahl = validateStringCritical($_GET['wahl']);
$char_name = validateName($_GET['char_name']);
$char_vorhanden = mysql_num_rows(mysql_query('SELECT id FROM chars WHERE name like \''.$char_name.'%\' LIMIT 1'));

Loading…
Cancel
Save