aboutsummaryrefslogtreecommitdiff
path: root/www/functions
diff options
context:
space:
mode:
authorroot2014-04-20 18:55:24 +0200
committerroot2014-04-20 18:55:24 +0200
commit3c94eb3f608f9bf0dc8d19583abe273b3a67e5ff (patch)
tree9f589754331dbbab8f90f467f36a10f9a5ed99a7 /www/functions
parent2441480079f68bd4bc15a12d7b9b47c18ce0bd52 (diff)
downloadjungegemeinde-3c94eb3f608f9bf0dc8d19583abe273b3a67e5ff.tar.gz
Fixed XSS vulnerability.
Diffstat (limited to 'www/functions')
-rwxr-xr-xwww/functions/func_login.php2
-rw-r--r--www/functions/func_password.php6
-rwxr-xr-xwww/functions/func_register.php6
-rwxr-xr-xwww/functions/func_user.php8
4 files changed, 11 insertions, 11 deletions
diff --git a/www/functions/func_login.php b/www/functions/func_login.php
index d909180..7944c3e 100755
--- a/www/functions/func_login.php
+++ b/www/functions/func_login.php
@@ -4,7 +4,7 @@ function login($db){
/*___Database Query: Login___*/
$username = $_POST["username"];
$password = $_POST["password"];
- $safe_username = SQLite3::escapeString("$username");
+ $safe_username = SQLite3::escapeString(htmlentities($username));
$log_in = false;
$real_password = "";
diff --git a/www/functions/func_password.php b/www/functions/func_password.php
index 3ee496b..e515111 100644
--- a/www/functions/func_password.php
+++ b/www/functions/func_password.php
@@ -4,7 +4,7 @@ function change_password($db, $first_password, $second_password){
if($_SESSION["login"]){
$username = user_id($db, $_SESSION["username"]);
} else {
- $username_db = $db->query("SELECT id FROM user WHERE email='" . SQLite3::escapeString($_POST['email']) . "';");
+ $username_db = $db->query("SELECT id FROM user WHERE email='" . SQLite3::escapeString(htmlentities($_POST['email'])) . "';");
$username_ar = $username_db->fetchArray(SQLITE3_NUM);
$username = $username_ar[0];
}
@@ -30,7 +30,7 @@ function change_password($db, $first_password, $second_password){
}
function recover_password($db){
- $test_email_db = $db->query("SELECT 1 FROM user WHERE email='" . SQLite3::escapeString($_POST['email']) . "';");
+ $test_email_db = $db->query("SELECT 1 FROM user WHERE email='" . SQLite3::escapeString(htmlentities($_POST['email'])) . "';");
$test_email_ar = $test_email_db->fetchArray(SQLITE3_NUM);
if($test_email_ar[0] == 1){
@@ -63,7 +63,7 @@ function recover_password($db){
}
function validate_password($db, $username, $password){
- $res_db = $db->query("SELECT password FROM user WHERE name='".$db->escapeString($username)."'");
+ $res_db = $db->query("SELECT password FROM user WHERE name='".$db->escapeString(htmlentities($username))."'");
$res_ar = $res_db->fetchArray(SQLITE3_NUM);
$pepper = file_get_contents("../database/pepper.txt");
diff --git a/www/functions/func_register.php b/www/functions/func_register.php
index 3cb79ad..da804d4 100755
--- a/www/functions/func_register.php
+++ b/www/functions/func_register.php
@@ -20,8 +20,8 @@ function register($db){
$email = "";
}
- $safe_name = SQLite3::escapeString("$name");
- $safe_email = SQLite3::escapeString("$email");
+ $safe_name = SQLite3::escapeString(htmlentities($name));
+ $safe_email = SQLite3::escapeString(htmlentities($email));
/*Checks the validation of the registration attempt*/
@@ -49,7 +49,7 @@ function register($db){
$userid = user_id($db, $safe_name);
$_SESSION["login"] = true;
- $_SESSION["username"] = $name;
+ $_SESSION["username"] = $safe_name;
$_SESSION["userid"] = $userid;
return REGISTER_SUCCESSFULL;
diff --git a/www/functions/func_user.php b/www/functions/func_user.php
index f044334..394a8f7 100755
--- a/www/functions/func_user.php
+++ b/www/functions/func_user.php
@@ -298,8 +298,8 @@ function user_id($db, $user){
}
function change_username($db, $oldname, $newname){
- $oldname = $db->escapeString($oldname);
- $newname = $db->escapeString($newname);
+ $oldname = $db->escapeString(htmlentities($oldname));
+ $newname = $db->escapeString(htmlentities($newname));
$check_db = $db->query("SELECT 1 FROM user WHERE name='".$newname."'");
$check_ar = $check_db->fetchArray(SQLITE3_NUM);
@@ -320,7 +320,7 @@ function change_username($db, $oldname, $newname){
}
function change_email($db, $name, $email){
- $res_db = $db->query("SELECT 1, name FROM user WHERE email='".$db->escapeString($email)."'");
+ $res_db = $db->query("SELECT 1, name FROM user WHERE email='".$db->escapeString(htmlentities($email))."'");
$res_ar = $res_db->fetchArray(SQLITE3_NUM);
if($res_ar[0] == 1){
@@ -331,7 +331,7 @@ function change_email($db, $name, $email){
if($db->exec("
BEGIN TRANSACTION;
- UPDATE user SET email='".$db->escapeString($email)."' WHERE name='".$db->escapeString($name)."';
+ UPDATE user SET email='".$db->escapeString(htmlentities($email))."' WHERE name='".$db->escapeString(htmlentities($name))."';
COMMIT;
")){
return CH_EMAIL_SUCCESS;