mirror of https://github.com/BOINC/boinc.git
User web: fix XSS vulnerability in team join/quit/lookup code.
svn path=/trunk/boinc/; revision=13450
This commit is contained in:
Rytis Slatkevičius
parent
c2257ad3ae
commit
2678dcc331
|
|
@ -8073,3 +8073,14 @@ Rom 23 Aug 2007
|
|||
win_build/installerv2/redist/Windows/x64/
|
||||
boinccas.dll
|
||||
boinccas95.dll
|
||||
|
||||
Rytis 24 Aug 2007
|
||||
- User web: fix XSS vulnerability in team join/quit/lookup code.
|
||||
|
||||
html/user/
|
||||
team_join_action.php
|
||||
team_join_form.php
|
||||
team_lookup.php
|
||||
team_quit_action.php
|
||||
team_quit_form.php
|
||||
|
||||
|
|
|
|||
|
|
@ -1,13 +1,15 @@
|
|||
<?php
|
||||
$cvs_version_tracker[]="\$Id$"; //Generated automatically - do not edit
|
||||
|
||||
require_once("../inc/db.inc");
|
||||
require_once("../inc/util.inc");
|
||||
require_once("../inc/team.inc");
|
||||
|
||||
db_init();
|
||||
$user = get_logged_in_user();
|
||||
$user = get_logged_in_user(true);
|
||||
check_tokens($user->authenticator);
|
||||
|
||||
$teamid = $_POST["teamid"];
|
||||
$teamid = post_int("teamid");
|
||||
$team = lookup_team($teamid);
|
||||
require_team($team);
|
||||
if ($user->teamid == $team->id) {
|
||||
|
|
|
|||
|
|
@ -1,4 +1,5 @@
|
|||
<?php
|
||||
$cvs_version_tracker[]="\$Id$"; //Generated automatically - do not edit
|
||||
|
||||
require_once("../inc/db.inc");
|
||||
require_once("../inc/util.inc");
|
||||
|
|
@ -17,9 +18,11 @@ echo " <p><b>Please note:</b>
|
|||
<li> Joining a team does not affect your account's credit.
|
||||
</ul>
|
||||
<hr>
|
||||
<form method=post action=team_join_action.php>
|
||||
<input type=hidden name=teamid value=$teamid>
|
||||
<input type=submit value='Join team'>
|
||||
<form method=\"post\" action=\"team_join_action.php\">";
|
||||
echo form_tokens($user->authenticator);
|
||||
echo "
|
||||
<input type=\"hidden\" name=\"teamid\" value=\"$teamid\">
|
||||
<input type=\"submit\" value=\"Join team\">
|
||||
</form>
|
||||
";
|
||||
page_tail();
|
||||
|
|
|
|||
|
|
@ -27,11 +27,11 @@ if ($team_id) {
|
|||
exit();
|
||||
}
|
||||
|
||||
$team_name = $_GET["team_name"];
|
||||
$team_name = get_str("team_name");
|
||||
$name_lc = strtolower($team_name);
|
||||
$name_lc = escape_pattern($name_lc);
|
||||
|
||||
$query = "select * from team where name like '%$name_lc%' order by expavg_credit desc";
|
||||
$query = "select * from team where name like '%".mysql_real_escape_string($name_lc)."%' order by expavg_credit desc";
|
||||
$result_list = mysql_query($query);
|
||||
|
||||
if ($format == 'xml') {
|
||||
|
|
@ -49,7 +49,7 @@ if ($format == 'xml') {
|
|||
page_head("Search Results");
|
||||
if ($result_list) {
|
||||
$total = 0;
|
||||
echo "<h2>Search results for '$team_name'</h2>";
|
||||
echo "<h2>Search results for '".strip_tags($team_name)."'</h2>";
|
||||
echo "<p>";
|
||||
echo "You may view these teams' members, statistics, and information.";
|
||||
echo "<ul>";
|
||||
|
|
|
|||
|
|
@ -1,20 +1,23 @@
|
|||
<?php
|
||||
require_once("../inc/db.inc");
|
||||
require_once("../inc/util.inc");
|
||||
require_once("../inc/team.inc");
|
||||
$cvs_version_tracker[]="\$Id$"; //Generated automatically - do not edit
|
||||
|
||||
db_init();
|
||||
$user = get_logged_in_user();
|
||||
$teamid = $_POST["id"];
|
||||
$team = lookup_team($teamid);
|
||||
if ($user->teamid == $team->id) {
|
||||
user_quit_team($user);
|
||||
page_head("Quit $team->name");
|
||||
echo "You have been removed from <a href=team_display.php?teamid=$team->id>$team->name</a>";
|
||||
} else {
|
||||
page_head("Unable to quit team");
|
||||
echo "Team doesn't exist, or you don't belong to it.\n";
|
||||
}
|
||||
require_once("../inc/db.inc");
|
||||
require_once("../inc/util.inc");
|
||||
require_once("../inc/team.inc");
|
||||
|
||||
db_init();
|
||||
$user = get_logged_in_user(true);
|
||||
check_tokens($user->authenticator);
|
||||
$teamid = post_int("id");
|
||||
$team = lookup_team($teamid);
|
||||
if ($user->teamid == $team->id) {
|
||||
user_quit_team($user);
|
||||
page_head("Quit $team->name");
|
||||
echo "You have been removed from <a href=\"team_display.php?teamid=$team->id\">$team->name</a>";
|
||||
} else {
|
||||
page_head("Unable to quit team");
|
||||
echo "Team doesn't exist, or you don't belong to it.\n";
|
||||
}
|
||||
|
||||
page_tail();
|
||||
|
||||
|
|
|
|||
|
|
@ -1,4 +1,5 @@
|
|||
<?php
|
||||
$cvs_version_tracker[]="\$Id$"; //Generated automatically - do not edit
|
||||
|
||||
require_once("../inc/db.inc");
|
||||
require_once("../inc/util.inc");
|
||||
|
|
@ -22,9 +23,10 @@ echo "
|
|||
statistics in any way.
|
||||
</ul>
|
||||
</p>
|
||||
<form method=post action=team_quit_action.php>
|
||||
<input type=hidden name=id value=$team->id>
|
||||
<input type=submit value=\"Quit Team\">
|
||||
<form method=\"post\" action=\"team_quit_action.php\">";
|
||||
echo form_tokens($user->authenticator);
|
||||
echo "<input type=\"hidden\" name=\"id\" value=\"$team->id\">
|
||||
<input type=\"submit\" value=\"Quit Team\">
|
||||
</form>
|
||||
";
|
||||
page_tail();
|
||||
|
|
|
|||
Loading…
Reference in New Issue