source: trunk/client/modules.php@ 153

Last change on this file since 153 was 153, checked in by luciano, 12 years ago

Protezione cfrs.
Per aggiungere un input token ai form
Aggiunge il campo secret alla tabella _config per la creazione del token
File size: 8.9 KB
Line 
1<?php
2
3/************************************************************************/
4/* Eleonline - Raccolta e diffusione dei dati elettorali */
5/* by Luciano Apolito & Roberto Gigli */
6/* http://www.eleonline.it */
7/* info@eleonline.it luciano@aniene.net rgigli@libero.it */
8/************************************************************************/
9
10define('MODULE_FILE', true);
11
12// Additional security (Union, CLike, XSS)
13// We want to use the function stripos,
14// but thats only available since PHP5.
15// So we cloned the function...
16if(!function_exists('stripos')) {
17 function stripos_clone($haystack, $needle, $offset=0) {
18 return strpos(strtoupper($haystack), strtoupper($needle), $offset);
19 }
20} else {
21// But when this is PHP5, we use the original function
22 function stripos_clone($haystack, $needle, $offset=0) {
23 return stripos($haystack, $needle, $offset=0);
24 }
25}
26
27 if(isset($_SERVER['QUERY_STRING']) && (!stripos_clone($_SERVER['QUERY_STRING'], "ad_click") || !stripos_clone($_SERVER['QUERY_STRING'], "url"))) {
28 $queryString = $_SERVER['QUERY_STRING'];
29 if (stripos_clone($queryString,'%20union%20') OR stripos_clone($queryString,'..') OR stripos_clone($queryString,'+') OR stripos_clone($queryString,'/*') OR stripos_clone($queryString,'*/union/*') OR stripos_clone($queryString,'c2nyaxb0') OR stripos_clone($queryString,'+union+') OR stripos_clone($queryString,'http://') OR (stripos_clone($queryString,'cmd=') AND !stripos_clone($queryString,'&cmd')) OR (stripos_clone($queryString,'exec') AND !stripos_clone($queryString,'execu')) OR stripos_clone($queryString,'concat')) {
30 die('Operazione non consentita');
31 }
32 }
33
34foreach ($_GET as $sec_key => $secvalue) {
35 if ((preg_match("/<[^>]*script*\"?[^>]*>/i",$secvalue)) ||
36 (preg_match("/<[^>]*object*\"?[^>]*>/i", $secvalue)) ||
37 (preg_match("/<[^>]*iframe*\"?[^>]*>/i", $secvalue)) ||
38 (preg_match("/<[^>]*applet*\"?[^>]*>/i", $secvalue)) ||
39 (preg_match("/<[^>]*meta*\"?[^>]*>/i", $secvalue)) ||
40 (preg_match("/<[^>]*style*\"?[^>]*>/i", $secvalue)) ||
41 (preg_match("/<[^>]*form*\"?[^>]*>/i", $secvalue)) ||
42 (preg_match("/<[^>]*img*\"?[^>]*>/i", $secvalue)) ||
43 (preg_match("/<[^>]*onmouseover*\"?[^>]*>/i", $secvalue)) ||
44 (preg_match("/<[^>]*body*\"?[^>]*>/i", $secvalue)) ||
45 (preg_match("/\([^>]*\"?[^)]*\)/", $secvalue)) ||
46 (preg_match("/\"/", $secvalue)) ||
47 (preg_match("/inside_mod/i", $sec_key))) {
48 die ("Operazione non consentita");
49 }
50 }
51
52 foreach ($_POST as $secvalue) {
53 if ((preg_match("/<[^>]*onmouseover*\"?[^>]*>/i", $secvalue)) || (preg_match("/<[^>]script*\"?[^>]*>/i", $secvalue)) || (preg_match("/<[^>]*body*\"?[^>]*>/i", $secvalue)) || (preg_match("/<[^>]style*\"?[^>]*>/i", $secvalue))) {
54 die ($htmltags);
55 }
56 }
57
58// Posting from other servers in not allowed
59// Fix by Quake
60// Bug found by PeNdEjO
61if ($_SERVER['REQUEST_METHOD'] == "POST") {
62 if (isset($_SERVER['HTTP_REFERER'])) {
63 if (!stripos_clone($_SERVER['HTTP_REFERER'], $_SERVER['HTTP_HOST'])) {
64 die('Posting da un altro server non consentito!');
65 } else {
66# die('<b>Attenzione:</b> il tuo browser non puo inviare gli header HTTP_REFERER al website.<br/>');
67 }
68 }
69}
70
71function jsexist(){ // controlla javascript by l.apolito 2008
72global $op,$name;
73if(!isset($_GET['js'])){
74$querystring= @preg_replace('/'.$_SERVER['DOCUMENT_ROOT'].'/i','http://'.$_SERVER['HTTP_HOST'].'/',$_SERVER['SCRIPT_FILENAME']);
75if (preg_match("/modules.php/i",$_SERVER['SCRIPT_NAME'])) $pagina="name=$name"; // reindirizza
76if (preg_match("/admin.php/i",$_SERVER['SCRIPT_NAME'])) $pagina="op=$op"; // reindirizza
77 echo "<noscript><meta http-equiv=\"refresh\" content=\"0; url=".$querystring."?js=b&amp;$pagina\"/></noscript>";
78 }
79$js=$_GET['js'];
80return $js;
81}
82
83
84
85
86
87
88session_start();//MODIFICHE PER GESTIONE SESSIONI
89// apre database
90////////////////////////
91
92include("config.php");
93
94
95
96
97if(!$dbi = mysql_connect($dbhost, $dbuname, $dbpass)){
98die("<center><img src=\"images/logo.gif\" target=\"Logo Avviso Errore\"><br/><br/><b>Ci sono dei problemi di connessione al Server $dbtype, chiediamo scusa per l'inconveniente.<br/><br/>Provate piu' tardi, Grazie.</b><br/><font color=\"#ff0000\">". mysql_error()."</font></center>");
99}
100
101if(!mysql_select_db($dbname)){
102die("<center><img src=src=\"images/logo.gif\" target=\"Logo Avviso Errore\"><br/><br/><b>Ci sono dei problemi di connessione al DataBase $dbtype, chiediamo scusa per l'inconveniente.<br/><br/>Provate piu' tardi, Grazie.</b><br/><font color=\"#ff0000\">". mysql_error()."</font></center>");
103}
104mysql_query("SET NAMES 'utf8'", $dbi);
105
106# protezione csrf ottobre 2012 - by l.apolito
107if (file_exists("inc/csrf-magic/csrf-magic.php")) {
108 include_once 'inc/csrf-magic/csrf-magic.php';
109}
110
111
112
113
114
115
116# carica i parametri di default sulla tabella
117$res = mysql_query("SELECT * FROM ".$prefix."_config" , $dbi);
118$row = mysql_fetch_array($res);
119$sitename = stripslashes($row['sitename']);
120$siteurl = $row['siteurl'];
121$site_logo = $row['site_logo'];
122$startdate = $row['startdate'];
123$adminmail = $row['adminmail'];
124$tema = $row['tema'];
125$language = $row['language'];
126$blocco = intval($row['blocco']);
127$fileout = intval($row['fileout']);
128$copyright = $row['copyright'];
129$Versione = $row['Versione'];
130$patch = $row['patch'];
131$siteistat = intval($row['siteistat']);
132$multicomune = intval($row['multicomune']);
133$flash = intval($row['flash']);
134$displayerrors = $row['displayerrors'];
135$gkey = $row['gkey'];
136$googlemaps = intval($row['googlemaps']);
137$editor = intval($row['editor']);
138$tema_on = intval($row['tema_on']);
139$ed_user = $row['ed_user'];
140# altre config
141$res = mysql_query("SELECT * FROM ".$prefix."_ele_comuni where id_comune='$siteistat' ", $dbi);
142$row = mysql_fetch_array($res);
143$id_cons_pred = intval($row['id_cons']);
144if($id_cons_pred=='0')$id_cons_pred='';
145if(!isset($id_cons_gen)) $id_cons_gen=$id_cons_pred;
146# carica il metodo d'hontd
147$res = mysql_query("SELECT * FROM ".$prefix."_ele_cons_comune where id_cons_gen='$id_cons_gen' ", $dbi);
148$row = mysql_fetch_array($res);
149
150
151
152
153$param=strip_tags(strtolower($_SERVER['REQUEST_METHOD'])) == 'get' ? $_GET : $_POST;
154////////////////////
155#funzione di backup
156if (isset($param['op']) and $param['op']=='backup')
157{
158$id_cons_bak=intval($param['id_cons_gen']);
159if (isset($param['id_comune'])) $id_combak=intval($param['id_comune']); else $id_combak=$_SESSION['id_comune'];
160$res = mysql_query("SELECT id_cons,id_conf FROM ".$prefix."_ele_cons_comune where id_cons_gen='$id_cons_bak' and id_comune='$id_combak'" , $dbi);
161list($id_cons,$hondt) = mysql_fetch_row($res);
162
163// incluso in consiglieri.php, ma io carico le vecchie variabili per compatibilit'a all'indietro
164if($hondt>=1){
165# proiezione consiglio
166 $res = mysql_query("SELECT * FROM ".$prefix."_ele_conf where id_conf='$hondt'", $dbi);
167 $row = mysql_fetch_array($res);
168 $descrizione_consiglio = $row['descrizione'];
169 $LIMITE = intval($row['limite']);
170 $CONSIN = intval($row['consin']);
171 $INFPREMIO=intval($row['infpremio']);
172 $SUPSBARRAMENTO=intval($row['supsbarramento']);
173 $SUPMINPREMIO=intval($row['supminpremio']);
174 $SUPPREMIO=intval($row['suppremio']);
175 $LISTINFSBAR=intval($row['listinfsbar']);
176 $LISTINFCONTA=intval($row['listinfconta']);
177 $LISTSUPCONTA=intval($row['listsupconta']);
178 $SUPMINPREMIO=intval($row['supminpremio']);
179 $INFMINPREMIO=intval($row['infminpremio']);
180}
181
182
183include("modules/Elezioni/backup.php");
184die();
185}
186///////////////////
187// lingua x demo
188if (isset($param['newl'])){
189 $newl=$param['newl'];
190 if (file_exists("modules/Elezioni/language/lang-$newl.php")){ $lang=$newl;$_SESSION['newl']="$lang";
191 }
192}
193
194// seesioni per flash, blocco e linguaggio, tour
195
196if (isset($param['block'])){
197 $blocco=$param['block'];
198 $_SESSION['newblock']="$blocco";
199 }
200if (isset($_SESSION['newblock'])) $blocco=$_SESSION['newblock'];
201
202
203
204// linguaggio
205if (isset($_SESSION['newl'])) $lang=$_SESSION['newl'];
206//else $lang=$lang;
207if (! isset($lang)) $lang=$language;
208if (strlen($lang)!=2) $lang=$language;
209
210// flash x demo
211if (isset($param['flash'])){
212 $flash=$param['flash'];
213 $_SESSION['newflash']="$flash";
214 }
215if (isset($_SESSION['newflash'])) $flash=$_SESSION['newflash'];
216
217if (isset($param['tema'])){
218 $tema=$param['tema'];
219 $tema=htmlentities($tema); // evita xss
220 if(preg_match("/%/i", $tema)) $tema="default";// evita xss
221 $_SESSION['newtema']="$tema";
222 }
223if (isset($_SESSION['newtema'])) {
224 $tema=$_SESSION['newtema'];
225 if (preg_match("/%/i",$_SESSION['newtema'])) $_SESSION['newtema']="default"; // xss
226}
227$PHP_SELF=$_SERVER['PHP_SELF'];
228$file=(isset($_GET['file'])) ? htmlentities($_GET['file']):"index";
229$name=(isset($_GET['name'])) ? htmlentities($_GET['name']):"Elezioni";
230$op=(isset($_GET['op'])) ? htmlentities($_GET['op']):"gruppo";
231if (!isset($_GET['op'])) $_GET['op']="gruppo";
232
233$modpath = "modules/$name/$file.php";
234if (file_exists($modpath)) {
235 include($modpath);
236} else {
237 die ("Sorry, such file doesn't exist...:$modpath");
238}
239
240
241
242
243
244
245
246?>
Note: See TracBrowser for help on using the repository browser.