From 3c94eb3f608f9bf0dc8d19583abe273b3a67e5ff Mon Sep 17 00:00:00 2001
From: root
Date: Sun, 20 Apr 2014 18:55:24 +0200
Subject: Fixed XSS vulnerability.

---
 www/functions/func_user.php | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'www/functions/func_user.php')

diff --git a/www/functions/func_user.php b/www/functions/func_user.php
index f044334..394a8f7 100755
--- a/www/functions/func_user.php
+++ b/www/functions/func_user.php
@@ -298,8 +298,8 @@ function user_id($db, $user){
 }
 
 function change_username($db, $oldname, $newname){
-	$oldname = $db->escapeString($oldname);
-	$newname = $db->escapeString($newname);
+	$oldname = $db->escapeString(htmlentities($oldname));
+	$newname = $db->escapeString(htmlentities($newname));
 	$check_db = $db->query("SELECT 1 FROM user WHERE name='".$newname."'");
 	$check_ar = $check_db->fetchArray(SQLITE3_NUM);
 
@@ -320,7 +320,7 @@ function change_username($db, $oldname, $newname){
 }
 
 function change_email($db, $name, $email){
-	$res_db = $db->query("SELECT 1, name FROM user WHERE email='".$db->escapeString($email)."'");
+	$res_db = $db->query("SELECT 1, name FROM user WHERE email='".$db->escapeString(htmlentities($email))."'");
 	$res_ar = $res_db->fetchArray(SQLITE3_NUM);
 
 	if($res_ar[0] == 1){
@@ -331,7 +331,7 @@ function change_email($db, $name, $email){
 
 	if($db->exec("
 		BEGIN TRANSACTION;
-		UPDATE user SET email='".$db->escapeString($email)."' WHERE name='".$db->escapeString($name)."';
+		UPDATE user SET email='".$db->escapeString(htmlentities($email))."' WHERE name='".$db->escapeString(htmlentities($name))."';
 		COMMIT;
 	")){
 		return CH_EMAIL_SUCCESS;
-- 
cgit v1.2.3