From eaea9a4d11c1cd2740079864d28d9a10329fe849 Mon Sep 17 00:00:00 2001 From: Viktor Leonhardt Date: Sat, 2 Oct 2010 16:47:52 +0000 Subject: [PATCH] Fixing XSS vulnerability --- web/lib/acctfuncs.inc | 30 +++++++++++++++--------------- 1 files changed, 15 insertions(+), 15 deletions(-) diff --git a/web/lib/acctfuncs.inc b/web/lib/acctfuncs.inc index 9c172bb..9729c8f 100644 --- a/web/lib/acctfuncs.inc +++ b/web/lib/acctfuncs.inc @@ -32,7 +32,7 @@ function display_account_form($UTYPE,$A,$U="",$T="",$S="", print ""; print "".__("Username").":"; print " (".__("required").")"; + print " name='U' value='".htmlspecialchars($U,ENT_QUOTES)."'> (".__("required").")"; print "\n"; # Only TUs or Devs can promote/demote/suspend a user @@ -70,7 +70,7 @@ function display_account_form($UTYPE,$A,$U="",$T="",$S="", print ""; print "".__("Email Address").":"; print " (".__("required").")"; + print " name='E' value='".htmlspecialchars($E,ENT_QUOTES)."'> (".__("required").")"; print "\n"; print ""; @@ -94,13 +94,13 @@ function display_account_form($UTYPE,$A,$U="",$T="",$S="", print ""; print "".__("Real Name").":"; print ""; + print " name='R' value='".htmlspecialchars($R,ENT_QUOTES)."'>"; print "\n"; print ""; print "".__("IRC Nick").":"; print ""; + print " name='I' value='".htmlspecialchars($I,ENT_QUOTES)."'>"; print "\n"; print ""; @@ -236,7 +236,7 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="", $row = mysql_fetch_array($result); if ($row[0]) { $error = __("The username, %h%s%h, is already in use.", - "", $U, ""); + "", htmlspecialchars($U,ENT_QUOTES), ""); } } } @@ -254,7 +254,7 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="", $row = mysql_fetch_array($result); if ($row[0]) { $error = __("The address, %h%s%h, is already in use.", - "", $E, ""); + "", htmlspecialchars($E,ENT_QUOTES), ""); } } } @@ -281,12 +281,12 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="", $result = db_query($q, $dbh); if (!$result) { print __("Error trying to create account, %h%s%h: %s.", - "", $U, "", mysql_error($dbh)); + "", htmlspecialchars($U,ENT_QUOTES), "", mysql_error($dbh)); } else { # account created/modified, tell them so. # print __("The account, %h%s%h, has been successfully created.", - "", $U, ""); + "", htmlspecialchars($U,ENT_QUOTES), ""); print "

\n"; print __("Click on the Home link above to login."); print "

\n"; @@ -324,10 +324,10 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="", $result = db_query($q, $dbh); if (!$result) { print __("Error trying to modify account, %h%s%h: %s.", - "", $U, "", mysql_error($dbh)); + "", htmlspecialchars($U,ENT_QUOTES), "", mysql_error($dbh)); } else { print __("The account, %h%s%h, has been successfully modified.", - "", $U, ""); + "", htmlspecialchars($U,ENT_QUOTES), ""); } } } @@ -471,10 +471,10 @@ function search_results_page($UTYPE,$O=0,$SB="",$U="",$T="", } print ""; print ""; - $row["RealName"] ? print $row["RealName"] : print " "; + $row["RealName"] ? print htmlspecialchars($row["RealName"],ENT_QUOTES) : print " "; print ""; print ""; - $row["IRCNick"] ? print $row["IRCNick"] : print " "; + $row["IRCNick"] ? print htmlspecialchars($row["IRCNick"],ENT_QUOTES) : print " "; print ""; print ""; $row["LastVoted"] @@ -574,17 +574,17 @@ function display_account_info($U="", $T="", $E="", $R="", $I="") { print " \n"; print " ".__("Email Address").":\n"; - print " ".$E."\n"; + print " ".htmlspecialchars($E,ENT_QUOTES)."\n"; print " \n"; print " \n"; print " ".__("Real Name").":\n"; - print " ".$R."\n"; + print " ".htmlspecialchars($R,ENT_QUOTES)."\n"; print " \n"; print " \n"; print " ".__("IRC Nick").":\n"; - print " ".$I."\n"; + print " ".htmlspecialchars($I,ENT_QUOTES)."\n"; print " \n"; print " \n"; -- 1.7.3.1