Fixed some XSS issues

main
hecht 10 years ago
parent 15cc255583
commit 8f7c4cd152

@ -260,7 +260,7 @@ function debbcode($messagetext){
return $messagetext;
}
function validateInteger($value, $default){
function validateInteger($value, $default=null){
return is_numeric($value)?$value:$default;
}
@ -274,7 +274,7 @@ function validateIntegerArray($value, $default){
return $value;
}
function validateUnsignedInteger($value, $default){
function validateUnsignedInteger($value, $default=null){
return !is_numeric($value)||$value<0?$default:$value;
}

@ -9,6 +9,8 @@ include_once (ROOT_PATH . '//include/config.inc.php');
include_once (ROOT_PATH . '//include/sqlwrapper.inc.php');
include_once (ROOT_PATH . '//include/rassen.inc.php');
include_once (ROOT_PATH . '//include/designfunctions.inc.php');
include_once(ROOT_PATH.'/include/parse.inc.php');
// TODO: Muss noch angepasst werden!
@ -388,18 +390,18 @@ function getFruchtCondition($fruchttyp) {
}
}
$type= $_GET['type'];
$fruchttyp= $_GET['fruchttyp'];
$rassen = $_GET['rassen'];
$tf = $_GET['tf'];
$search = $_GET['search'];
$order = $_GET['order'];
$order_art = $_GET['order_art'];
$pagenum = $_GET['pagenum'];
$seiten = $_GET['seiten'];
$last_klick1 = $_GET['last_klick1'];
$p = $_GET['p'];
$at_id = $_GET['at_id'];
$type= validateInteger($_GET['type']);
$fruchttyp= validateString($_GET['fruchttyp']);
$rassen = validateUnsignedInteger($_GET['rassen']);
$tf = validateUnsignedInteger($_GET['tf']);
$search = validateString($_GET['search']);
$order = validateString($_GET['order']);
$order_art = validateString($_GET['order_art']);
$pagenum = validateUnsignedInteger($_GET['pagenum']);
$seiten = validateUnsignedInteger($_GET['seiten']);
$last_klick1 = validateString($_GET['last_klick1']);
$p = validateUnsignedInteger($_GET['p']);
$at_id = validateUnsignedInteger($_GET['at_id']);
if (!isset($pagenum)) {
$pagenum= 0;

Loading…
Cancel
Save