Ignore:
Timestamp:
Dec 2, 2009, 6:20:50 PM (15 years ago)
Author:
roby
Message:

sicurezza anti xss

Location:
trunk/client/modules/Elezioni
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/client/modules/Elezioni/gruppo.php

    r2 r12  
    3434if (isset($param['id_gruppo'])) $id_gruppo=intval($param['id_gruppo']); else $id_gruppo='';
    3535#if (isset($param['tipo_cons'])) $tipo_cons=intval($param['tipo_cons']); else $tipo_cons='';
     36
     37# anti-xss nov. 2009
     38$id_comune=htmlentities($id_comune);
     39$id_comune=intval($id_comune);
     40$perc=floatval($perc);
     41$perc_lista=floatval($perc_lista);
     42$datipdf= htmlentities($datipdf);
     43$op= htmlentities($op);
     44$info= htmlentities($info);
     45$files=htmlentities($files);
     46$lettera=htmlentities($lettera);
    3647
    3748
  • trunk/client/modules/Elezioni/index.php

    r10 r12  
    145145function menu() {
    146146        global $hondt,$lang,$multicomune, $tema, $op, $prefix, $dbi, $offset, $min,$descr_cons,$info,$dati, $votog,$votol,$votoc,$circo, $id_cons,$tipo_cons,$genere,$descr_cons,$id_cons_gen,$id_comune,$id_circ,$minsez,$offsetsez, $limite,$hondt,$tema_on,$js;
    147        
     147
     148$tema=htmlentities($tema); //xss       
    148149# include menu da tema
    149150if (file_exists("temi/$tema/menu.php")) {
Note: See TracChangeset for help on using the changeset viewer.