Fixed some XSS issues

ag/include/parse.inc.php

@@ -260,7 +260,7 @@ function debbcode($messagetext){
     return $messagetext;
 }
 
-function validateInteger($value, $default){
+function validateInteger($value, $default=null){
 	return is_numeric($value)?$value:$default;
 }
 
@@ -274,7 +274,7 @@ function validateIntegerArray($value, $default){
 	return $value;
 }
 
-function validateUnsignedInteger($value, $default){
+function validateUnsignedInteger($value, $default=null){
 	return !is_numeric($value)||$value<0?$default:$value;
 }
 

ag/info/attacken.php

@@ -9,6 +9,8 @@ include_once (ROOT_PATH . '//include/config.inc.php');
 include_once (ROOT_PATH . '//include/sqlwrapper.inc.php');
 include_once (ROOT_PATH . '//include/rassen.inc.php');
 include_once (ROOT_PATH . '//include/designfunctions.inc.php');
+include_once(ROOT_PATH.'/include/parse.inc.php');
+
 
 // TODO: Muss noch angepasst werden!
 
@@ -388,18 +390,18 @@ function getFruchtCondition($fruchttyp) {
 	}
 }
 
-$type= $_GET['type'];
+$type= validateInteger($_GET['type']);
-$fruchttyp= $_GET['fruchttyp'];
+$fruchttyp= validateString($_GET['fruchttyp']);
-$rassen = $_GET['rassen'];
+$rassen = validateUnsignedInteger($_GET['rassen']);
-$tf = $_GET['tf'];
+$tf = validateUnsignedInteger($_GET['tf']);
-$search = $_GET['search'];
+$search = validateString($_GET['search']);
-$order = $_GET['order'];
+$order = validateString($_GET['order']);
-$order_art = $_GET['order_art'];
+$order_art = validateString($_GET['order_art']);
-$pagenum = $_GET['pagenum'];
+$pagenum = validateUnsignedInteger($_GET['pagenum']);
-$seiten = $_GET['seiten'];
+$seiten = validateUnsignedInteger($_GET['seiten']);
-$last_klick1 = $_GET['last_klick1'];
+$last_klick1 = validateString($_GET['last_klick1']);
-$p = $_GET['p'];
+$p = validateUnsignedInteger($_GET['p']);
-$at_id = $_GET['at_id'];
+$at_id = validateUnsignedInteger($_GET['at_id']);
 
 if  (!isset($pagenum)) {
 	$pagenum= 0;