Changeset 10


Ignore:
Timestamp:
Nov 27, 2009, 4:54:48 PM (15 years ago)
Author:
roby
Message:

prova di modifica iniziale

Location:
trunk/client
Files:
4 edited

Legend:

Unmodified
Added
Removed
  • trunk/client/modules.php

    r2 r10  
    151151{
    152152$id_cons_bak=intval($param['id_cons_gen']);
    153 if (isset($param['id_comune'])) $id_combak=$param['id_comune']; else $id_combak=$_SESSION['id_comune'];
     153if (isset($param['id_comune'])) $id_combak=intval($param['id_comune']); else $id_combak=$_SESSION['id_comune'];
    154154$res = mysql_query("SELECT id_cons,id_conf FROM ".$prefix."_ele_cons_comune where id_cons_gen='$id_cons_bak' and id_comune='$id_combak'" , $dbi);
    155155list($id_cons,$hondt) = mysql_fetch_row($res);
     
    221221$name=(isset($_GET['name'])) ? $_GET['name']:"Elezioni";
    222222//$op= (isset($_GET['op'])) ? $_GET['op']:"gruppo";
     223$name=htmlentities($name);
     224$file=htmlentities($file);
     225$id_comune=intval($id_comune);
     226
    223227$modpath = "modules/$name/$file.php";
    224228//if (!$op) $op="gruppo";
  • trunk/client/modules/Elezioni/confronti.php

    r2 r10  
    2828if (isset($param['pags'])) $pags=intval($param['pags']); else $pags=0;
    2929if (isset($param['listecol'])) $listecol=intval($param['listecol']); else $listecol=0;
     30
     31$grp1= htmlentities($grp1);
     32$grp2= htmlentities($grp3);
     33$grp3= htmlentities($grp3);
    3034
    3135echo "<table><tr><td align=\"center\">"._CNFR_CONS."</td></tr></table>";
  • trunk/client/modules/Elezioni/index.php

    r2 r10  
    4141if (isset($param['tipo_cons'])) $tipo_cons=intval($param['tipo_cons']); else $tipo_cons='';
    4242if (isset($param['descr_circ'])) $descr_circ=intval($param['descr_circ']); else $descr_circ='';
     43
     44
     45# anti-xss nov. 2009
     46$id_comune=htmlentities($id_comune);
     47$id_comune=intval($id_comune);
     48$perc=floatval($perc);
     49$perc_lista=floatval($perc_lista);
     50$datipdf= htmlentities($datipdf);
     51$op= htmlentities($op);
     52$info= htmlentities($info);
     53$files=htmlentities($files);
     54$lettera=htmlentities($lettera);
     55$ordine=htmlentities($ordine);
    4356
    4457$res = mysql_query("SELECT id_conf FROM ".$prefix."_ele_cons_comune where id_cons_gen='$id_cons_gen' and id_comune='$id_comune'" , $dbi);
  • trunk/client/modules/Elezioni/votanti.php

    r2 r10  
    3535if (isset($param['tipo_cons'])) $tipo_cons=intval($param['tipo_cons']); else $tipo_cons='';
    3636
     37$id_comune=intval($id_comune);
    3738
    3839
Note: See TracChangeset for help on using the changeset viewer.