From e6532439d68234d86176e4d967609d68dd564c1d Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Sun, 3 Dec 2017 23:35:38 +0300 Subject: force strip_tags() on all user input unless explicitly allowed --- classes/pref/feeds.php | 88 ++++++++++++++++++++++++------------------------ classes/pref/filters.php | 62 +++++++++++++++++----------------- classes/pref/labels.php | 26 +++++++------- classes/pref/prefs.php | 24 ++++++------- classes/pref/users.php | 24 ++++++------- 5 files changed, 112 insertions(+), 112 deletions(-) (limited to 'classes/pref') diff --git a/classes/pref/feeds.php b/classes/pref/feeds.php index 05f6b8c8f..0b5a445f3 100755 --- a/classes/pref/feeds.php +++ b/classes/pref/feeds.php @@ -17,8 +17,8 @@ class Pref_Feeds extends Handler_Protected { } function renamecat() { - $title = $_REQUEST['title']; - $id = $_REQUEST['id']; + $title = clean($_REQUEST['title']); + $id = clean($_REQUEST['id']); if ($title) { $sth = $this->pdo->prepare("UPDATE ttrss_feed_categories SET @@ -29,14 +29,14 @@ class Pref_Feeds extends Handler_Protected { private function get_category_items($cat_id) { - if ($_REQUEST['mode'] != 2) + if (clean($_REQUEST['mode']) != 2) $search = $_SESSION["prefs_feed_search"]; else $search = ""; // first one is set by API - $show_empty_cats = $_REQUEST['force_show_empty'] || - ($_REQUEST['mode'] != 2 && !$search); + $show_empty_cats = clean($_REQUEST['force_show_empty']) || + (clean($_REQUEST['mode']) != 2 && !$search); $items = array(); @@ -103,7 +103,7 @@ class Pref_Feeds extends Handler_Protected { function makefeedtree() { - if ($_REQUEST['mode'] != 2) + if (clean($_REQUEST['mode']) != 2) $search = $_SESSION["prefs_feed_search"]; else $search = ""; @@ -116,7 +116,7 @@ class Pref_Feeds extends Handler_Protected { $enable_cats = get_pref('ENABLE_FEED_CATS'); - if ($_REQUEST['mode'] == 2) { + if (clean($_REQUEST['mode']) == 2) { if ($enable_cats) { $cat = $this->feedlist_init_cat(-1); @@ -193,8 +193,8 @@ class Pref_Feeds extends Handler_Protected { } if ($enable_cats) { - $show_empty_cats = $_REQUEST['force_show_empty'] || - ($_REQUEST['mode'] != 2 && !$search); + $show_empty_cats = clean($_REQUEST['force_show_empty']) || + (clean($_REQUEST['mode']) != 2 && !$search); $sth = $this->pdo->prepare("SELECT id, title FROM ttrss_feed_categories WHERE owner_uid = ? AND parent_cat IS NULL ORDER BY order_id, title"); @@ -303,7 +303,7 @@ class Pref_Feeds extends Handler_Protected { $fl['identifier'] = 'id'; $fl['label'] = 'name'; - if ($_REQUEST['mode'] != 2) { + if (clean($_REQUEST['mode']) != 2) { $fl['items'] = array($root); } else { $fl['items'] = $root['items']; @@ -389,9 +389,9 @@ class Pref_Feeds extends Handler_Protected { } function savefeedorder() { - $data = json_decode($_POST['payload'], true); + $data = json_decode(clean($_POST['payload']), true); - #file_put_contents("/tmp/saveorder.json", $_POST['payload']); + #file_put_contents("/tmp/saveorder.json", clean($_POST['payload'])); #$data = json_decode(file_get_contents("/tmp/saveorder.json"), true); if (!is_array($data['items'])) @@ -425,7 +425,7 @@ class Pref_Feeds extends Handler_Protected { } function removeicon() { - $feed_id = $_REQUEST["feed_id"]; + $feed_id = clean($_REQUEST["feed_id"]); $sth = $this->pdo->prepare("SELECT id FROM ttrss_feeds WHERE id = ? AND owner_uid = ?"); @@ -457,7 +457,7 @@ class Pref_Feeds extends Handler_Protected { } $icon_file = $tmp_file; - $feed_id = $_REQUEST["feed_id"]; + $feed_id = clean($_REQUEST["feed_id"]); if (is_file($icon_file) && $feed_id) { if (filesize($icon_file) < 65535) { @@ -500,7 +500,7 @@ class Pref_Feeds extends Handler_Protected { global $update_intervals; - $feed_id = $_REQUEST["id"]; + $feed_id = clean($_REQUEST["id"]); $sth = $this->pdo->prepare("SELECT * FROM ttrss_feeds WHERE id = ? AND owner_uid = ?"); @@ -775,7 +775,7 @@ class Pref_Feeds extends Handler_Protected { global $purge_intervals; global $update_intervals; - $feed_ids = $_REQUEST["ids"]; + $feed_ids = clean($_REQUEST["ids"]); print_notice("Enable the options you wish to apply using checkboxes on the right:"); @@ -924,32 +924,32 @@ class Pref_Feeds extends Handler_Protected { function editsaveops($batch) { - $feed_title = trim($_POST["title"]); - $feed_url = trim($_POST["feed_url"]); - $upd_intl = (int) $_POST["update_interval"]; - $purge_intl = (int) $_POST["purge_interval"]; - $feed_id = (int) $_POST["id"]; /* editSave */ - $feed_ids = explode(",", $_POST["ids"]); /* batchEditSave */ - $cat_id = (int) $_POST["cat_id"]; - $auth_login = trim($_POST["auth_login"]); - $auth_pass = trim($_POST["auth_pass"]); - $private = checkbox_to_sql_bool($_POST["private"]); + $feed_title = trim(clean($_POST["title"])); + $feed_url = trim(clean($_POST["feed_url"])); + $upd_intl = (int) clean($_POST["update_interval"]); + $purge_intl = (int) clean($_POST["purge_interval"]); + $feed_id = (int) clean($_POST["id"]); /* editSave */ + $feed_ids = explode(",", clean($_POST["ids"])); /* batchEditSave */ + $cat_id = (int) clean($_POST["cat_id"]); + $auth_login = trim(clean($_POST["auth_login"])); + $auth_pass = trim(clean($_POST["auth_pass"])); + $private = checkbox_to_sql_bool(clean($_POST["private"])); $include_in_digest = checkbox_to_sql_bool( - $_POST["include_in_digest"]); + clean($_POST["include_in_digest"])); $cache_images = checkbox_to_sql_bool( - $_POST["cache_images"]); + clean($_POST["cache_images"])); $hide_images = checkbox_to_sql_bool( - $_POST["hide_images"]); + clean($_POST["hide_images"])); $always_display_enclosures = checkbox_to_sql_bool( - $_POST["always_display_enclosures"]); + clean($_POST["always_display_enclosures"])); $mark_unread_on_update = checkbox_to_sql_bool( - $_POST["mark_unread_on_update"]); + clean($_POST["mark_unread_on_update"])); - $feed_language = trim($_POST["feed_language"]); + $feed_language = trim(clean($_POST["feed_language"])); if (!$batch) { - if ($_POST["need_auth"] !== 'on') { + if (clean($_POST["need_auth"]) !== 'on') { $auth_login = ''; $auth_pass = ''; } @@ -1008,7 +1008,7 @@ class Pref_Feeds extends Handler_Protected { foreach (array_keys($_POST) as $k) { if ($k != "op" && $k != "method" && $k != "ids") { - $feed_data[$k] = $_POST[$k]; + $feed_data[$k] = clean($_POST[$k]); } } @@ -1102,7 +1102,7 @@ class Pref_Feeds extends Handler_Protected { function remove() { - $ids = explode(",", $_REQUEST["ids"]); + $ids = explode(",", clean($_REQUEST["ids"])); foreach ($ids as $id) { Pref_Feeds::remove_feed($id, $_SESSION["uid"]); @@ -1112,14 +1112,14 @@ class Pref_Feeds extends Handler_Protected { } function removeCat() { - $ids = explode(",", $_REQUEST["ids"]); + $ids = explode(",", clean($_REQUEST["ids"])); foreach ($ids as $id) { $this->remove_feed_category($id, $_SESSION["uid"]); } } function addCat() { - $feed_cat = trim($_REQUEST["cat"]); + $feed_cat = trim(clean($_REQUEST["cat"])); add_feed_category($feed_cat); } @@ -1152,7 +1152,7 @@ class Pref_Feeds extends Handler_Protected { onclick=\"showInactiveFeeds()\">" . __("Inactive feeds") . ""; - $feed_search = $_REQUEST["search"]; + $feed_search = clean($_REQUEST["search"]); if (array_key_exists("search", $_REQUEST)) { $_SESSION["prefs_feed_search"] = $feed_search; @@ -1675,10 +1675,10 @@ class Pref_Feeds extends Handler_Protected { } function batchAddFeeds() { - $cat_id = $_REQUEST['cat']; - $feeds = explode("\n", $_REQUEST['feeds']); - $login = $_REQUEST['login']; - $pass = trim($_REQUEST['pass']); + $cat_id = clean($_REQUEST['cat']); + $feeds = explode("\n", clean($_REQUEST['feeds'])); + $login = clean($_REQUEST['login']); + $pass = trim(clean($_REQUEST['pass'])); foreach ($feeds as $feed) { $feed = trim($feed); @@ -1714,8 +1714,8 @@ class Pref_Feeds extends Handler_Protected { } function regenFeedKey() { - $feed_id = $_REQUEST['id']; - $is_cat = $_REQUEST['is_cat'] == "true"; + $feed_id = clean($_REQUEST['id']); + $is_cat = clean($_REQUEST['is_cat']) == "true"; $new_key = $this->update_feed_access_key($feed_id, $is_cat); diff --git a/classes/pref/filters.php b/classes/pref/filters.php index 1ff9a3723..74aecd309 100755 --- a/classes/pref/filters.php +++ b/classes/pref/filters.php @@ -16,9 +16,9 @@ class Pref_Filters extends Handler_Protected { } function savefilterorder() { - $data = json_decode($_POST['payload'], true); + $data = json_decode(clean($_POST['payload']), true); - #file_put_contents("/tmp/saveorder.json", $_POST['payload']); + #file_put_contents("/tmp/saveorder.json", clean($_POST['payload'])); #$data = json_decode(file_get_contents("/tmp/saveorder.json"), true); if (!is_array($data['items'])) @@ -46,14 +46,14 @@ class Pref_Filters extends Handler_Protected { } function testFilterDo() { - $offset = (int) $_REQUEST["offset"]; - $limit = (int) $_REQUEST["limit"]; + $offset = (int) clean($_REQUEST["offset"]); + $limit = (int) clean($_REQUEST["limit"]); $filter = array(); $filter["enabled"] = true; - $filter["match_any_rule"] = checkbox_to_sql_bool($_REQUEST["match_any_rule"]); - $filter["inverse"] = checkbox_to_sql_bool($_REQUEST["inverse"]); + $filter["match_any_rule"] = checkbox_to_sql_bool(clean($_REQUEST["match_any_rule"])); + $filter["inverse"] = checkbox_to_sql_bool(clean($_REQUEST["inverse"])); $filter["rules"] = array(); $filter["actions"] = array("dummy-action"); @@ -68,7 +68,7 @@ class Pref_Filters extends Handler_Protected { $scope_qparts = array(); $rctr = 0; - foreach ($_REQUEST["rule"] AS $r) { + foreach (clean($_REQUEST["rule"]) AS $r) { $rule = json_decode($r, true); if ($rule && $rctr < 5) { @@ -354,7 +354,7 @@ class Pref_Filters extends Handler_Protected { function edit() { - $filter_id = $_REQUEST["id"]; + $filter_id = clean($_REQUEST["id"]); $sth = $this->pdo->prepare("SELECT * FROM ttrss_filters2 WHERE id = ? AND owner_uid = ?"); @@ -533,7 +533,7 @@ class Pref_Filters extends Handler_Protected { } private function getRuleName($rule) { - if (!$rule) $rule = json_decode($_REQUEST["rule"], true); + if (!$rule) $rule = json_decode(clean($_REQUEST["rule"]), true); $feeds = $rule["feed_id"]; $feeds_fmt = []; @@ -573,7 +573,7 @@ class Pref_Filters extends Handler_Protected { } function printRuleName() { - print $this->getRuleName(json_decode($_REQUEST["rule"], true)); + print $this->getRuleName(json_decode(clean($_REQUEST["rule"]), true)); } private function getActionName($action) { @@ -611,19 +611,19 @@ class Pref_Filters extends Handler_Protected { } function printActionName() { - print $this->getActionName(json_decode($_REQUEST["action"], true)); + print $this->getActionName(json_decode(clean($_REQUEST["action"]), true)); } function editSave() { - if ($_REQUEST["savemode"] && $_REQUEST["savemode"] == "test") { + if (clean($_REQUEST["savemode"] && $_REQUEST["savemode"]) == "test") { return $this->testFilter(); } - $filter_id = $_REQUEST["id"]; - $enabled = checkbox_to_sql_bool($_REQUEST["enabled"]); - $match_any_rule = checkbox_to_sql_bool($_REQUEST["match_any_rule"]); - $inverse = checkbox_to_sql_bool($_REQUEST["inverse"]); - $title = $_REQUEST["title"]; + $filter_id = clean($_REQUEST["id"]); + $enabled = checkbox_to_sql_bool(clean($_REQUEST["enabled"])); + $match_any_rule = checkbox_to_sql_bool(clean($_REQUEST["match_any_rule"])); + $inverse = checkbox_to_sql_bool(clean($_REQUEST["inverse"])); + $title = clean($_REQUEST["title"]); $this->pdo->beginTransaction(); @@ -642,7 +642,7 @@ class Pref_Filters extends Handler_Protected { function remove() { - $ids = explode(",", $_REQUEST["ids"]); + $ids = explode(",", clean($_REQUEST["ids"])); $ids_qmarks = arr_qmarks($ids); $sth = $this->pdo->prepare("DELETE FROM ttrss_filters2 WHERE id IN ($ids_qmarks) @@ -659,8 +659,8 @@ class Pref_Filters extends Handler_Protected { $sth = $this->pdo->prepare("DELETE FROM ttrss_filters2_actions WHERE filter_id = ?"); $sth->execute([$filter_id]); - if (!is_array($_REQUEST["rule"])) $_REQUEST["rule"] = []; - if (!is_array($_REQUEST["action"])) $_REQUEST["action"] = []; + if (!is_array(clean($_REQUEST["rule"]))) $_REQUEST["rule"] = []; + if (!is_array(clean($_REQUEST["action"]))) $_REQUEST["action"] = []; if ($filter_id) { /* create rules */ @@ -668,7 +668,7 @@ class Pref_Filters extends Handler_Protected { $rules = array(); $actions = array(); - foreach ($_REQUEST["rule"] as $rule) { + foreach (clean($_REQUEST["rule"]) as $rule) { $rule = json_decode($rule, true); unset($rule["id"]); @@ -677,7 +677,7 @@ class Pref_Filters extends Handler_Protected { } } - foreach ($_REQUEST["action"] as $action) { + foreach (clean($_REQUEST["action"]) as $action) { $action = json_decode($action, true); unset($action["id"]); @@ -729,14 +729,14 @@ class Pref_Filters extends Handler_Protected { } function add() { - if ($_REQUEST["savemode"] && $_REQUEST["savemode"] == "test") { + if (clean($_REQUEST["savemode"] && $_REQUEST["savemode"]) == "test") { return $this->testFilter(); } - $enabled = checkbox_to_sql_bool($_REQUEST["enabled"]); - $match_any_rule = checkbox_to_sql_bool($_REQUEST["match_any_rule"]); - $title = $_REQUEST["title"]; - $inverse = checkbox_to_sql_bool($_REQUEST["inverse"]); + $enabled = checkbox_to_sql_bool(clean($_REQUEST["enabled"])); + $match_any_rule = checkbox_to_sql_bool(clean($_REQUEST["match_any_rule"])); + $title = clean($_REQUEST["title"]); + $inverse = checkbox_to_sql_bool(clean($_REQUEST["inverse"])); $this->pdo->beginTransaction(); @@ -762,7 +762,7 @@ class Pref_Filters extends Handler_Protected { function index() { - $filter_search = $_REQUEST["search"]; + $filter_search = clean($_REQUEST["search"]); if (array_key_exists("search", $_REQUEST)) { $_SESSION["prefs_filter_search"] = $filter_search; @@ -948,7 +948,7 @@ class Pref_Filters extends Handler_Protected { } function newrule() { - $rule = json_decode($_REQUEST["rule"], true); + $rule = json_decode(clean($_REQUEST["rule"]), true); if ($rule) { $reg_exp = htmlspecialchars($rule["reg_exp"]); @@ -1022,7 +1022,7 @@ class Pref_Filters extends Handler_Protected { } function newaction() { - $action = json_decode($_REQUEST["action"], true); + $action = json_decode(clean($_REQUEST["action"]), true); if ($action) { $action_param = $action["action_param"]; @@ -1159,7 +1159,7 @@ class Pref_Filters extends Handler_Protected { } function join() { - $ids = explode(",", $_REQUEST["ids"]); + $ids = explode(",", clean($_REQUEST["ids"])); if (count($ids) > 1) { $base_id = array_shift($ids); diff --git a/classes/pref/labels.php b/classes/pref/labels.php index 8f1f70be9..38ec850a6 100644 --- a/classes/pref/labels.php +++ b/classes/pref/labels.php @@ -8,7 +8,7 @@ class Pref_Labels extends Handler_Protected { } function edit() { - $label_id = $_REQUEST['id']; + $label_id = clean($_REQUEST['id']); $sth = $this->pdo->prepare("SELECT * FROM ttrss_labels2 WHERE id = ? AND owner_uid = ?"); @@ -119,11 +119,11 @@ class Pref_Labels extends Handler_Protected { } function colorset() { - $kind = $_REQUEST["kind"]; - $ids = explode(',', $_REQUEST["ids"]); - $color = $_REQUEST["color"]; - $fg = $_REQUEST["fg"]; - $bg = $_REQUEST["bg"]; + $kind = clean($_REQUEST["kind"]); + $ids = explode(',', clean($_REQUEST["ids"])); + $color = clean($_REQUEST["color"]); + $fg = clean($_REQUEST["fg"]); + $bg = clean($_REQUEST["bg"]); foreach ($ids as $id) { @@ -154,7 +154,7 @@ class Pref_Labels extends Handler_Protected { } function colorreset() { - $ids = explode(',', $_REQUEST["ids"]); + $ids = explode(',', clean($_REQUEST["ids"])); foreach ($ids as $id) { $sth = $this->pdo->prepare("UPDATE ttrss_labels2 SET @@ -174,8 +174,8 @@ class Pref_Labels extends Handler_Protected { function save() { - $id = $_REQUEST["id"]; - $caption = trim($_REQUEST["caption"]); + $id = clean($_REQUEST["id"]); + $caption = trim(clean($_REQUEST["caption"])); $this->pdo->beginTransaction(); @@ -206,7 +206,7 @@ class Pref_Labels extends Handler_Protected { $sth->execute([$caption, $old_caption, $_SESSION['uid']]); - print $_REQUEST["value"]; + print clean($_REQUEST["value"]); } else { print $old_caption; } @@ -221,7 +221,7 @@ class Pref_Labels extends Handler_Protected { function remove() { - $ids = explode(",", $_REQUEST["ids"]); + $ids = explode(",", clean($_REQUEST["ids"])); foreach ($ids as $id) { Labels::remove($id, $_SESSION["uid"]); @@ -230,8 +230,8 @@ class Pref_Labels extends Handler_Protected { } function add() { - $caption = $_REQUEST["caption"]; - $output = $_REQUEST["output"]; + $caption = clean($_REQUEST["caption"]); + $output = clean($_REQUEST["output"]); if ($caption) { diff --git a/classes/pref/prefs.php b/classes/pref/prefs.php index 5d999bf3d..5fc76b32c 100644 --- a/classes/pref/prefs.php +++ b/classes/pref/prefs.php @@ -60,9 +60,9 @@ class Pref_Prefs extends Handler_Protected { function changepassword() { - $old_pw = $_POST["old_password"]; - $new_pw = $_POST["new_password"]; - $con_pw = $_POST["confirm_password"]; + $old_pw = clean($_POST["old_password"]); + $new_pw = clean($_POST["new_password"]); + $con_pw = clean($_POST["confirm_password"]); if ($old_pw == "") { print "ERROR: ".format_error("Old password cannot be blank."); @@ -89,7 +89,7 @@ class Pref_Prefs extends Handler_Protected { } function saveconfig() { - $boolean_prefs = explode(",", $_POST["boolean_prefs"]); + $boolean_prefs = explode(",", clean($_POST["boolean_prefs"])); foreach ($boolean_prefs as $pref) { if (!isset($_POST[$pref])) $_POST[$pref] = 'false'; @@ -129,8 +129,8 @@ class Pref_Prefs extends Handler_Protected { function changeemail() { - $email = $_POST["email"]; - $full_name = $_POST["full_name"]; + $email = clean($_POST["email"]); + $full_name = clean($_POST["full_name"]); $active_uid = $_SESSION["uid"]; $sth = $this->pdo->prepare("UPDATE ttrss_users SET email = ?, @@ -880,8 +880,8 @@ class Pref_Prefs extends Handler_Protected { require_once "lib/otphp/lib/otp.php"; require_once "lib/otphp/lib/totp.php"; - $password = $_REQUEST["password"]; - $otp = $_REQUEST["otp"]; + $password = clean($_REQUEST["password"]); + $otp = clean($_REQUEST["otp"]); $authenticator = PluginHost::getInstance()->get_plugin($_SESSION["auth_module"]); @@ -930,7 +930,7 @@ class Pref_Prefs extends Handler_Protected { } function otpdisable() { - $password = $_REQUEST["password"]; + $password = clean($_REQUEST["password"]); $authenticator = PluginHost::getInstance()->get_plugin($_SESSION["auth_module"]); @@ -948,8 +948,8 @@ class Pref_Prefs extends Handler_Protected { } function setplugins() { - if (is_array($_REQUEST["plugins"])) - $plugins = join(",", $_REQUEST["plugins"]); + if (is_array(clean($_REQUEST["plugins"]))) + $plugins = join(",", clean($_REQUEST["plugins"])); else $plugins = ""; @@ -957,7 +957,7 @@ class Pref_Prefs extends Handler_Protected { } function clearplugindata() { - $name = $_REQUEST["name"]; + $name = clean($_REQUEST["name"]); PluginHost::getInstance()->clear_data(PluginHost::getInstance()->get_plugin($name)); } diff --git a/classes/pref/users.php b/classes/pref/users.php index b23950bd3..d65af1680 100644 --- a/classes/pref/users.php +++ b/classes/pref/users.php @@ -25,7 +25,7 @@ class Pref_Users extends Handler_Protected { print "
"; - $id = (int) $_REQUEST["id"]; + $id = (int) clean($_REQUEST["id"]); print_hidden("id", "$id"); print_hidden("op", "pref-users"); @@ -108,7 +108,7 @@ class Pref_Users extends Handler_Protected { } function userdetails() { - $id = (int) $_REQUEST["id"]; + $id = (int) clean($_REQUEST["id"]); $sth = $this->pdo->prepare("SELECT login, ".SUBSTRING_FOR_DATE."(last_login,1,16) AS last_login, @@ -177,11 +177,11 @@ class Pref_Users extends Handler_Protected { } function editSave() { - $login = trim($_REQUEST["login"]); - $uid = $_REQUEST["id"]; - $access_level = (int) $_REQUEST["access_level"]; - $email = trim($_REQUEST["email"]); - $password = $_REQUEST["password"]; + $login = trim(clean($_REQUEST["login"])); + $uid = clean($_REQUEST["id"]); + $access_level = (int) clean($_REQUEST["access_level"]); + $email = trim(clean($_REQUEST["email"])); + $password = clean($_REQUEST["password"]); if ($password) { $salt = substr(bin2hex(get_random_bytes(125)), 0, 250); @@ -199,7 +199,7 @@ class Pref_Users extends Handler_Protected { } function remove() { - $ids = explode(",", $_REQUEST["ids"]); + $ids = explode(",", clean($_REQUEST["ids"])); foreach ($ids as $id) { if ($id != $_SESSION["uid"] && $id != 1) { @@ -217,7 +217,7 @@ class Pref_Users extends Handler_Protected { function add() { - $login = trim($_REQUEST["login"]); + $login = trim(clean($_REQUEST["login"])); $tmp_user_pwd = make_password(8); $salt = substr(bin2hex(get_random_bytes(125)), 0, 250); $pwd_hash = encrypt_password($tmp_user_pwd, $salt, true); @@ -316,7 +316,7 @@ class Pref_Users extends Handler_Protected { } function resetPass() { - $uid = $_REQUEST["id"]; + $uid = clean($_REQUEST["id"]); Pref_Users::resetUserPassword($uid, true); } @@ -329,7 +329,7 @@ class Pref_Users extends Handler_Protected { print "
"; - $user_search = trim($_REQUEST["search"]); + $user_search = trim(clean($_REQUEST["search"])); if (array_key_exists("search", $_REQUEST)) { $_SESSION["prefs_user_search"] = $user_search; @@ -344,7 +344,7 @@ class Pref_Users extends Handler_Protected { __('Search')."
"; - $sort = $_REQUEST["sort"]; + $sort = clean($_REQUEST["sort"]); if (!$sort || $sort == "undefined") { $sort = "login"; -- cgit v1.2.3