fix several XSS injection problems with page variable

author cweiske <cweiske@b3834d28-1941-0410-a4f8-b48e95affb8f>

Thu, 29 Oct 2009 09:05:37 +0000 (09:05 +0000)

committer cweiske <cweiske@b3834d28-1941-0410-a4f8-b48e95affb8f>

Thu, 29 Oct 2009 09:05:37 +0000 (09:05 +0000)
author cweiske <cweiske@b3834d28-1941-0410-a4f8-b48e95affb8f>
Thu, 29 Oct 2009 09:05:37 +0000 (09:05 +0000)
committer cweiske <cweiske@b3834d28-1941-0410-a4f8-b48e95affb8f>
Thu, 29 Oct 2009 09:05:37 +0000 (09:05 +0000)
diff --git a/www/ajax/getadminlinkedtags.php b/www/ajax/getadminlinkedtags.php

index 0a5d813769281dc3c3345620f589155130601059..2b1c3ac04fecf59b0de2576c4f9ecb0f0c0f2886 100644 (file)
--- a/www/ajax/getadminlinkedtags.php
+++ b/www/ajax/getadminlinkedtags.php
@@ -57,7 +57,7 @@ function displayTag($tag, $uId) {
  
  { label: 'name', identifier: 'id', items: [
  <?php
-$json = displayTag(GET_TAG, GET_UID);
+$json = displayTag(GET_TAG, intval(GET_UID));
  $json = substr($json, 0, -1); // remove final comma avoiding IE6 Dojo bug
  echo $json;
  ?>
diff --git a/www/ajax/getlinkedtags.php b/www/ajax/getlinkedtags.php

index 9415f87c8c6002c2f2cd0e6a2f2fb415fd906792..621d1c469848a7812e70ac0365c9dde2a2055686 100644 (file)
--- a/www/ajax/getlinkedtags.php
+++ b/www/ajax/getlinkedtags.php
@@ -57,7 +57,7 @@ function displayTag($tag, $uId) {
  
  { label: 'name', identifier: 'id', items: [
  <?php
-$json = displayTag(GET_TAG, GET_UID);
+$json = displayTag(GET_TAG, intval(GET_UID));
  $json = substr($json, 0, -1); // remove final comma avoiding IE6 Dojo bug
  echo $json;
  ?>
diff --git a/www/bookmarks.php b/www/bookmarks.php

index 4a36a3961dd3faaf2795bfd8a13aa9b1d8dd2388..8424edbc6a8031cdde923d873c39a204f093c449 100644 (file)
--- a/www/bookmarks.php
+++ b/www/bookmarks.php
@@ -190,7 +190,7 @@ if ($templatename == 'editbookmark.tpl') {
                         $tplVars['tags'] = POST_TAGS;
                 } else {
                         if(GET_COPYOF != '') {  //copy from bookmarks page
-                               $tplVars['row'] = $bookmarkservice->getBookmark(GET_COPYOF, true);
+                               $tplVars['row'] = $bookmarkservice->getBookmark(intval(GET_COPYOF), true);
                                 if(!$currentUser->isAdmin()) {
                                         $tplVars['row']['bPrivateNote'] = ''; //only admin can copy private note
                                 }
@@ -249,7 +249,7 @@ if ($templatename == 'editbookmark.tpl') {
         // Pagination
         $perpage = getPerPageCount($currentUser);
         if (intval(GET_PAGE) > 1) {
-               $page = GET_PAGE;
+               $page = intval(GET_PAGE);
                 $start = ($page - 1) * $perpage;
         } else {
                 $page = 0;
diff --git a/www/history.php b/www/history.php

index fa1c535df6de1c6f543722922b95aa2aa43478d7..42688a01a8cc4bffe67b9179b50ff9b14c8a3675 100644 (file)
--- a/www/history.php
+++ b/www/history.php
@@ -48,7 +48,7 @@ if ($usecache) {
  // Pagination
  $perpage = getPerPageCount($currentUser);
  if (intval(GET_PAGE) > 1) {
-    $page = GET_PAGE;
+    $page = intval(GET_PAGE);
      $start = ($page - 1) * $perpage;
  } else {
      $page = 0;
diff --git a/www/index.php b/www/index.php

index bc1b354f592f0703a9ee587fe32a51a7c16de67f..6d6f5cbeebd7cbb50236feef8c94f7fe774aad05 100644 (file)
--- a/www/index.php
+++ b/www/index.php
@@ -60,7 +60,7 @@ if ($usecache) {
  // Pagination
  $perpage = getPerPageCount($currentUser);
  if (intval(GET_PAGE) > 1) {
-       $page = GET_PAGE;
+       $page = intval(GET_PAGE);
         $start = ($page - 1) * $perpage;
  } else {
         $page = 0;
diff --git a/www/search.php b/www/search.php

index 2b65b2fec4e23d9d6eb96fa8924e26aba6dbee8b..9a19883519a22f76176371da407c897296548c0b 100644 (file)
--- a/www/search.php
+++ b/www/search.php
@@ -60,7 +60,7 @@ if (POST_TERMS != '') {
         // Pagination
         $perpage = getPerPageCount($currentUser);
         if (intval(GET_PAGE) > 1) {
-               $page = GET_PAGE;
+               $page = intval(GET_PAGE);
                 $start = ($page - 1) * $perpage;
         } else {
                 $page = 0;
diff --git a/www/tags.php b/www/tags.php

index e3fd6d22ef03ea7f59445a4428dc8a04fd7320fb..fed45105198e6a18cc98508a7c0a2c4a77ce221b 100644 (file)
--- a/www/tags.php
+++ b/www/tags.php
@@ -73,7 +73,7 @@ array(filter($sitename .': '. $pagetitle), createURL('rss', 'all/'. filter($cat,
  // Pagination
  $perpage = getPerPageCount($currentUser);
  if (intval(GET_PAGE) > 1) {
-       $page = GET_PAGE;
+       $page = intval(GET_PAGE);
         $start = ($page - 1) * $perpage;
  } else {
         $page = 0;
diff --git a/www/watchlist.php b/www/watchlist.php

index 61987813ac864f828a3798aeea2a4cb7dd85e14a..b92fb9c5fd6818f77b91fc2984e210b260433f03 100644 (file)
--- a/www/watchlist.php
+++ b/www/watchlist.php
@@ -78,7 +78,7 @@ if ($user) {
      // Pagination
      $perpage = getPerPageCount($currentUser);
      if (intval(GET_PAGE) > 1) {
-        $page = GET_PAGE;
+        $page = intval(GET_PAGE);
          $start = ($page - 1) * $perpage;
      } else {
          $page = 0;
author	cweiske <cweiske@b3834d28-1941-0410-a4f8-b48e95affb8f>
	Thu, 29 Oct 2009 09:05:37 +0000 (09:05 +0000)
committer	cweiske <cweiske@b3834d28-1941-0410-a4f8-b48e95affb8f>
	Thu, 29 Oct 2009 09:05:37 +0000 (09:05 +0000)
www/ajax/getadminlinkedtags.php		patch \| blob \| history
www/ajax/getlinkedtags.php		patch \| blob \| history
www/bookmarks.php		patch \| blob \| history
www/history.php		patch \| blob \| history
www/index.php		patch \| blob \| history
www/search.php		patch \| blob \| history
www/tags.php		patch \| blob \| history
www/watchlist.php		patch \| blob \| history