Fixed some XSS and SQL injection issues

18 years ago · 89406f36c2
parent 3287e84c90
commit 89406f36c2
3 changed files with 4 additions and 5 deletions
--- a/program/steps/error.inc
+++ b/program/steps/error.inc
@ -53,7 +53,7 @@ else if ($ERROR_CODE==401)
 else if ($ERROR_CODE==404)
  {
  $__error_title = "REQUEST FAILED/FILE NOT FOUND";
-  $request_url = $_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
+  $request_url = htmlentities($_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']);
  $__error_text  = <<<EOF
 The requested page was not found!<br />
 Please contact your server-administrator.
--- a/program/steps/settings/edit_identity.inc
+++ b/program/steps/settings/edit_identity.inc
@ -21,12 +21,11 @@

 if (($_GET['_iid'] || $_POST['_iid']) && $_action=='edit-identity')
  {
-  $id = $_POST['_iid'] ? $_POST['_iid'] : $_GET['_iid'];
  $DB->query("SELECT * FROM ".get_table_name('identities')."
              WHERE  identity_id=?
              AND    user_id=?
              AND    del<>1",
-              $id,
+              get_input_value('_iid', RCUBE_INPUT_GPC),
              $_SESSION['user_id']);
  
  $IDENTITY_RECORD = $DB->fetch_assoc();
--- a/program/steps/settings/save_identity.inc
+++ b/program/steps/settings/save_identity.inc
@ -55,7 +55,7 @@ if ($_POST['_iid'])
                WHERE  identity_id=?
                AND    user_id=?
                AND    del<>1",
-                $_POST['_iid'],
+                get_input_value('_iid', RCUBE_INPUT_POST),
                $_SESSION['user_id']);
                       
    $updated = $DB->affected_rows();
@ -72,7 +72,7 @@ if ($_POST['_iid'])
                AND    identity_id<>?
                AND    del<>1",
                $_SESSION['user_id'],
-                $_POST['_iid']);
+                get_input_value('_iid', RCUBE_INPUT_POST));
    
    if ($_POST['_framed'])
      {