[geeklog-cvs] geeklog-1.3/public_html/admin poll.php,1.38,1.39 story.php,1.133,1.134 topic.php,1.44,1.45

dhaun at iowaoutdoors.org dhaun at iowaoutdoors.org
Sat Sep 25 14:38:19 EDT 2004 

Update of /var/cvs/geeklog-1.3/public_html/admin
In directory www:/tmp/cvs-serv13402

Modified Files:
	poll.php story.php topic.php 
Log Message:
Use new function COM_sanitizeID() to filter out unwanted characters from editable IDs.


Index: story.php
===================================================================
RCS file: /var/cvs/geeklog-1.3/public_html/admin/story.php,v
retrieving revision 1.133
retrieving revision 1.134
diff -C2 -d -r1.133 -r1.134
*** story.php	17 Sep 2004 10:52:37 -0000	1.133
--- story.php	25 Sep 2004 18:38:17 -0000	1.134
***************
*** 872,882 ****
      list($perm_owner,$perm_group,$perm_members,$perm_anon) = SEC_getPermissionValues($perm_owner,$perm_group,$perm_members,$perm_anon);
  
!     // some minimal sanitizing on the story id ...
!     $sid = str_replace (' ', '', $sid);
!     $sid = str_replace (array ('_', '/', '\\', ':', '+'), '-', $sid);
!     $sid = preg_replace('/[^a-zA-Z0-9\-]/', '', $sid);
!     if (empty ($sid)) {
!         $sid = COM_makesid ();
!     }
  
      $duplicate_sid = false;
--- 872,876 ----
      list($perm_owner,$perm_group,$perm_members,$perm_anon) = SEC_getPermissionValues($perm_owner,$perm_group,$perm_members,$perm_anon);
  
!     $sid = COM_sanitizeID ($sid);
  
      $duplicate_sid = false;

Index: poll.php
===================================================================
RCS file: /var/cvs/geeklog-1.3/public_html/admin/poll.php,v
retrieving revision 1.38
retrieving revision 1.39
diff -C2 -d -r1.38 -r1.39
*** poll.php	17 Jul 2004 18:03:25 -0000	1.38
--- poll.php	25 Sep 2004 18:38:17 -0000	1.39
***************
*** 92,95 ****
--- 92,97 ----
      list($perm_owner,$perm_group,$perm_members,$perm_anon) = SEC_getPermissionValues($perm_owner,$perm_group,$perm_members,$perm_anon);
  
+     $qid = COM_sanitizeID ($qid);
+ 
      $question = COM_stripslashes ($question);
      for ($i = 0; $i < sizeof ($A); $i++) {

Index: topic.php
===================================================================
RCS file: /var/cvs/geeklog-1.3/public_html/admin/topic.php,v
retrieving revision 1.44
retrieving revision 1.45
diff -C2 -d -r1.44 -r1.45
*** topic.php	1 Aug 2004 21:37:50 -0000	1.44
--- topic.php	25 Sep 2004 18:38:17 -0000	1.45
***************
*** 215,220 ****
      list($perm_owner,$perm_group,$perm_members,$perm_anon) = SEC_getPermissionValues($perm_owner,$perm_group,$perm_members,$perm_anon);
  
!     $tid = str_replace (' ', '', $tid); // silently remove spaces from topic id
!     $tid = str_replace ("'", "", $tid); // silently remove single quotes from topic id
  
      $access = 0;
--- 215,219 ----
      list($perm_owner,$perm_group,$perm_members,$perm_anon) = SEC_getPermissionValues($perm_owner,$perm_group,$perm_members,$perm_anon);
  
!     $tid = COM_sanitizeID ($tid);
  
      $access = 0;

More information about the geeklog-cvs mailing list