Skip to content

Commit

Permalink
Sanitise all user inputs (#20).
Browse files Browse the repository at this point in the history
  • Loading branch information
Rob Myers committed Dec 4, 2015
1 parent 5569c3d commit b6a12a7
Showing 1 changed file with 16 additions and 12 deletions.
28 changes: 16 additions & 12 deletions index.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -185,7 +185,7 @@ function thumbnail ($work) {

session_start();

$action = $_GET["action"];
$action = strip_tags($_GET["action"]);

if (($action == '') && isset($_SESSION['user_id'])) {
header('Location:?action=browse');
Expand All @@ -211,7 +211,7 @@ function thumbnail ($work) {
$login_status = 'err';
// Make sure we've been passed a non-empty username
if ((isset($_POST['username'])) && trim($_POST['username']) != ''){
$username = trim($_POST['username']);
$username = strip_tags(trim($_POST['username']));
$usernameq = $dbh->quote($username);
// Try to insert the user. We don't care if this fails when they exist.
$insert_user = "INSERT INTO users (username) VALUES("
Expand Down Expand Up @@ -254,7 +254,7 @@ function thumbnail ($work) {
&& isset($_POST['title'])
&& isset($_POST['license'])) {
$filename = "uploads/" . $_FILES["file"]["name"];
$title = trim($_POST['title']);
$title = strip_tags(trim($_POST['title']));
$license = intval($_POST['license']);
//FIXME: Validate things
if (move_uploaded_file($_FILES["file"]["tmp_name"], $filename)) {
Expand Down Expand Up @@ -283,7 +283,9 @@ function thumbnail ($work) {
$browse_status = 'get';
if (isset($_POST['keywords']) && isset($_POST['keywords'])) {
$browse_status = 'err';
$keywords_query = browse_sql($_POST['keywords'], $_POST['license']);
$keywords = strip_tags($_POST['keywords']);
$license = intval($_POST['license']);
$keywords_query = browse_sql($keywords, $license);
$keywords_matches_statement = $dbh->prepare($keywords_query);
if ($keywords_matches_statement) {
$ok = $keywords_matches_statement->execute();
Expand Down Expand Up @@ -314,7 +316,7 @@ function thumbnail ($work) {
case "license":
//$license_state = 'err';
if (isset($_SESSION['user_id']) && isset($_REQUEST['work_id'])) {
$user_id = $_SESSION['user_id'];
$user_id = intval($_SESSION['user_id']);
$work_id = intval($_REQUEST['work_id']);
$license_work = work_for_id($dbh, $work_id);
if ($license_work && $license_work['user_id'] == $user_id) {
Expand All @@ -335,14 +337,16 @@ function thumbnail ($work) {

case "batch":
$batch_state = 'err';
if (isset($_SESSION['user_id'])) {
if (isset($_SESSION['user_id'])) {
if (isset($_POST['license']) && isset($_POST['apply'])
&& is_array($_POST['apply'])) {
$license = intval($_POST['license']);
foreach($_POST['apply'] as $apply) {
$work = work_for_id($dbh, intval($apply));
$work_id = intval($apply);
$work = work_for_id($dbh, $work_id);
// We can only update our own images
if ($work && $work['user_id'] == $_SESSION['user_id']) {
update_work_license($dbh, $work, intval($_POST['license']));
update_work_license($dbh, $work, $license);
}
}
}
Expand All @@ -355,9 +359,9 @@ function thumbnail ($work) {
$who_state = 'err';
// The user is requesting to look at someone's profile
if (isset($_REQUEST['user_id'])) {
$who_id = $_REQUEST['user_id'];
$who_id = intval($_REQUEST['user_id']);
$select_user = $dbh->prepare("SELECT * FROM users where user_id = "
. $dbh->quote($who_id));
. $who_id);
$ok = $select_user->execute();
if ($ok) {
$user_row = $select_user->fetch();
Expand Down Expand Up @@ -527,7 +531,7 @@ function thumbnail ($work) {
break;

case "browse":
$cl = isset($_POST['license']) ? $_POST['license'] : '*';
$cl = isset($_POST['license']) ? $_POST['license'] : '*';
?>
<form action="?action=browse" method="post">
<div class="form-group">
Expand All @@ -536,7 +540,7 @@ function thumbnail ($work) {
maxlength="200" size="32"
<?php
if (isset($_POST['keywords'])) {
echo 'value="' . $_POST['keywords'] . '"';
echo 'value="' . strip_tags($_POST['keywords']) . '"';
}
?>>
</div>
Expand Down

0 comments on commit b6a12a7

Please sign in to comment.