Ignore:
Timestamp:
Nov 27, 2009, 4:54:48 PM (15 years ago)
Author:
roby
Message:

prova di modifica iniziale

Location:
trunk/client/modules/Elezioni
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • trunk/client/modules/Elezioni/confronti.php

    r2 r10  
    2828if (isset($param['pags'])) $pags=intval($param['pags']); else $pags=0;
    2929if (isset($param['listecol'])) $listecol=intval($param['listecol']); else $listecol=0;
     30
     31$grp1= htmlentities($grp1);
     32$grp2= htmlentities($grp3);
     33$grp3= htmlentities($grp3);
    3034
    3135echo "<table><tr><td align=\"center\">"._CNFR_CONS."</td></tr></table>";
  • trunk/client/modules/Elezioni/index.php

    r2 r10  
    4141if (isset($param['tipo_cons'])) $tipo_cons=intval($param['tipo_cons']); else $tipo_cons='';
    4242if (isset($param['descr_circ'])) $descr_circ=intval($param['descr_circ']); else $descr_circ='';
     43
     44
     45# anti-xss nov. 2009
     46$id_comune=htmlentities($id_comune);
     47$id_comune=intval($id_comune);
     48$perc=floatval($perc);
     49$perc_lista=floatval($perc_lista);
     50$datipdf= htmlentities($datipdf);
     51$op= htmlentities($op);
     52$info= htmlentities($info);
     53$files=htmlentities($files);
     54$lettera=htmlentities($lettera);
     55$ordine=htmlentities($ordine);
    4356
    4457$res = mysql_query("SELECT id_conf FROM ".$prefix."_ele_cons_comune where id_cons_gen='$id_cons_gen' and id_comune='$id_comune'" , $dbi);
  • trunk/client/modules/Elezioni/votanti.php

    r2 r10  
    3535if (isset($param['tipo_cons'])) $tipo_cons=intval($param['tipo_cons']); else $tipo_cons='';
    3636
     37$id_comune=intval($id_comune);
    3738
    3839
Note: See TracChangeset for help on using the changeset viewer.