Changeset 10
- Timestamp:
- Nov 27, 2009, 4:54:48 PM (14 years ago)
- Location:
- trunk/client
- Files:
-
- 4 edited
-
modules.php (modified) (2 diffs)
-
modules/Elezioni/confronti.php (modified) (1 diff)
-
modules/Elezioni/index.php (modified) (1 diff)
-
modules/Elezioni/votanti.php (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
trunk/client/modules.php
r2 r10 151 151 { 152 152 $id_cons_bak=intval($param['id_cons_gen']); 153 if (isset($param['id_comune'])) $id_combak= $param['id_comune']; else $id_combak=$_SESSION['id_comune'];153 if (isset($param['id_comune'])) $id_combak=intval($param['id_comune']); else $id_combak=$_SESSION['id_comune']; 154 154 $res = mysql_query("SELECT id_cons,id_conf FROM ".$prefix."_ele_cons_comune where id_cons_gen='$id_cons_bak' and id_comune='$id_combak'" , $dbi); 155 155 list($id_cons,$hondt) = mysql_fetch_row($res); … … 221 221 $name=(isset($_GET['name'])) ? $_GET['name']:"Elezioni"; 222 222 //$op= (isset($_GET['op'])) ? $_GET['op']:"gruppo"; 223 $name=htmlentities($name); 224 $file=htmlentities($file); 225 $id_comune=intval($id_comune); 226 223 227 $modpath = "modules/$name/$file.php"; 224 228 //if (!$op) $op="gruppo"; -
trunk/client/modules/Elezioni/confronti.php
r2 r10 28 28 if (isset($param['pags'])) $pags=intval($param['pags']); else $pags=0; 29 29 if (isset($param['listecol'])) $listecol=intval($param['listecol']); else $listecol=0; 30 31 $grp1= htmlentities($grp1); 32 $grp2= htmlentities($grp3); 33 $grp3= htmlentities($grp3); 30 34 31 35 echo "<table><tr><td align=\"center\">"._CNFR_CONS."</td></tr></table>"; -
trunk/client/modules/Elezioni/index.php
r2 r10 41 41 if (isset($param['tipo_cons'])) $tipo_cons=intval($param['tipo_cons']); else $tipo_cons=''; 42 42 if (isset($param['descr_circ'])) $descr_circ=intval($param['descr_circ']); else $descr_circ=''; 43 44 45 # anti-xss nov. 2009 46 $id_comune=htmlentities($id_comune); 47 $id_comune=intval($id_comune); 48 $perc=floatval($perc); 49 $perc_lista=floatval($perc_lista); 50 $datipdf= htmlentities($datipdf); 51 $op= htmlentities($op); 52 $info= htmlentities($info); 53 $files=htmlentities($files); 54 $lettera=htmlentities($lettera); 55 $ordine=htmlentities($ordine); 43 56 44 57 $res = mysql_query("SELECT id_conf FROM ".$prefix."_ele_cons_comune where id_cons_gen='$id_cons_gen' and id_comune='$id_comune'" , $dbi); -
trunk/client/modules/Elezioni/votanti.php
r2 r10 35 35 if (isset($param['tipo_cons'])) $tipo_cons=intval($param['tipo_cons']); else $tipo_cons=''; 36 36 37 $id_comune=intval($id_comune); 37 38 38 39
Note:
See TracChangeset
for help on using the changeset viewer.
