Changeset 12

Timestamp:

Dec 2, 2009, 6:20:50 PM (14 years ago)

Author:

roby

Message:

sicurezza anti xss

Location:

trunk/client

Files:

• modules.php (modified) (2 diffs)
• modules/Elezioni/gruppo.php (modified) (1 diff)
• modules/Elezioni/index.php (modified) (1 diff)

trunk/client/modules.php

@@ -27 +27 @@
 }
 
-
   if(isset($_SERVER['QUERY_STRING']) && (!stripos_clone($_SERVER['QUERY_STRING'], "ad_click") || !stripos_clone($_SERVER['QUERY_STRING'], "url"))) {
     $queryString = $_SERVER['QUERY_STRING'];
-    if (stripos_clone($queryString,'%20union%20') OR stripos_clone($queryString,'/*') OR stripos_clone($queryString,'*/union/*') OR stripos_clone($queryString,'c2nyaxb0') OR stripos_clone($queryString,'+union+') OR stripos_clone($queryString,'http://') OR (stripos_clone($queryString,'cmd=') AND !stripos_clone($queryString,'&cmd')) OR (stripos_clone($queryString,'exec') AND !stripos_clone($queryString,'execu')) OR stripos_clone($queryString,'concat')) {
+    if (stripos_clone($queryString,'%20union%20') OR stripos_clone($queryString,'..') OR stripos_clone($queryString,'+') OR  stripos_clone($queryString,'/*') OR stripos_clone($queryString,'*/union/*') OR stripos_clone($queryString,'c2nyaxb0') OR stripos_clone($queryString,'+union+') OR stripos_clone($queryString,'http://') OR (stripos_clone($queryString,'cmd=') AND !stripos_clone($queryString,'&cmd')) OR (stripos_clone($queryString,'exec') AND !stripos_clone($queryString,'execu')) OR stripos_clone($queryString,'concat')) {
       die('Operazione non consentita');
     }
   }
-
 
 foreach ($_GET as $sec_key => $secvalue) {
@@ -211 +209 @@
 if (isset($param['tema'])){
         $tema=$param['tema'];
+        $tema=htmlentities($tema); // evita xss
+        if(eregi("%", $tema)) $tema="default";// evita xss
         $_SESSION['newtema']="$tema";
         }
+
+if (eregi("%",$_SESSION['newtema'])) $_SESSION['newtema']="default"; // xss
 if (isset($_SESSION['newtema'])) $tema=$_SESSION['newtema']; 
-
-
 
 $PHP_SELF=$_SERVER['PHP_SELF'];

trunk/client/modules/Elezioni/gruppo.php

@@ -34 +34 @@
 if (isset($param['id_gruppo'])) $id_gruppo=intval($param['id_gruppo']); else $id_gruppo='';
 #if (isset($param['tipo_cons'])) $tipo_cons=intval($param['tipo_cons']); else $tipo_cons='';
+
+# anti-xss nov. 2009 
+$id_comune=htmlentities($id_comune);
+$id_comune=intval($id_comune);
+$perc=floatval($perc);
+$perc_lista=floatval($perc_lista);
+$datipdf= htmlentities($datipdf);
+$op= htmlentities($op);
+$info= htmlentities($info);
+$files=htmlentities($files);
+$lettera=htmlentities($lettera);
 
 

trunk/client/modules/Elezioni/index.php

@@ -145 +145 @@
 function menu() {
         global $hondt,$lang,$multicomune, $tema, $op, $prefix, $dbi, $offset, $min,$descr_cons,$info,$dati, $votog,$votol,$votoc,$circo, $id_cons,$tipo_cons,$genere,$descr_cons,$id_cons_gen,$id_comune,$id_circ,$minsez,$offsetsez, $limite,$hondt,$tema_on,$js;
-        
+
+$tema=htmlentities($tema); //xss        
 # include menu da tema
 if (file_exists("temi/$tema/menu.php")) {