Rooba
/
boinc
mirror of https://github.com/BOINC/boinc.git
1
0
Fork 0
Code Issues 1 Packages Projects Releases Wiki Activity

- web: fix for cross-site scripting vulnerability 

(from Nicolas Alvarez)

svn path=/trunk/boinc/; revision=15261
This commit is contained in:
David Anderson 2008-05-20 16:42:01 +00:00
parent d9c427bb1e
commit 9963f0958b
3 changed files with 30 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
checkin_notes
View File

@ -4154,3 +4154,13 @@ David May 19 2008
scheduler_op.C scheduler_op.C
languages/translations/ languages/translations/
en.po en.po
David May 20 2008
- web: fix for cross-site scripting vulnerability
(from Nicolas Alvarez)
html/
inc/
team.inc
user/
team_search.php

29
html/inc/team.inc
View File

@ -16,9 +16,10 @@ function team_search_form($params) {
"; ";
start_table(); start_table();
row2("<b>Search criteria (use one or more)</b>", ""); row2("<b>Search criteria (use one or more)</b>", "");
row2("Key words<br><span class=note>Find teams with these words in their names or descriptions</span>", "<input name=keywords value=\"$params->keywords\">"); row2('Key words<br><span class="note">Find teams with these words in their names or descriptions</span>',
'<input name="keywords" value="' . htmlspecialchars($params->keywords) . '">');
row2_init("Country", ""); row2_init("Country", "");
echo "<select name=country><option value=\"\" selected>---</option>"; echo '<select name="country"><option value="" selected>---</option>';
$country = $params->country; $country = $params->country;
if (!$country || $country == 'None') $country = "XXX"; if (!$country || $country == 'None') $country = "XXX";
print_country_select($country); print_country_select($country);
@ -26,7 +27,7 @@ function team_search_form($params) {
row2("Type of team", team_type_select($params->type, true)); row2("Type of team", team_type_select($params->type, true));
$checked = $params->active?"checked":""; $checked = $params->active?"checked":"";
row2("Show only active teams", "<input type=checkbox name=active $checked>"); row2("Show only active teams", "<input type=checkbox name=active $checked>");
row2("", "<input type=submit name=submit value=Search>"); row2("", '<input type="submit" name="submit" value="Search">');
end_table(); end_table();
echo " echo "
</form> </form>
@ -39,15 +40,15 @@ function foundership_transfer_link($user, $team) {
if ($team->userid == $user->id) { if ($team->userid == $user->id) {
return "None"; return "None";
} else { } else {
return "<a href=\"team_founder_transfer_form.php\">Initiate request</a>"; return '<a href="team_founder_transfer_form.php">Initiate request</a>';
} }
} }
if ($team->ping_user == $user->id) { if ($team->ping_user == $user->id) {
if (transfer_ok($team, now)) { if (transfer_ok($team, now)) {
return "Requested by you, and founder response deadline has passed. <a href=\"team_founder_transfer_form.php\">Complete foundership transfer</a>."; return 'Requested by you, and founder response deadline has passed. <a href="team_founder_transfer_form.php">Complete foundership transfer</a>.';
} else { } else {
$deadline = date_str(transfer_ok_time($team)); $deadline = date_str(transfer_ok_time($team));
return "<a href=\"team_founder_transfer_form.php\">Requested by you</a>; founder response deadline is $deadline"; return '<a href="team_founder_transfer_form.php">Requested by you</a>; founder response deadline is '.$deadline;
} }
} }
return "<a href=\"team_founder_transfer_form.php\">Deferred</a>"; return "<a href=\"team_founder_transfer_form.php\">Deferred</a>";
@ -89,7 +90,7 @@ function display_team_page($team, $user) {
if ($user->teamid != $team->id) { if ($user->teamid != $team->id) {
$tokens = url_tokens($user->authenticator); $tokens = url_tokens($user->authenticator);
row2("", row2("",
"<a href='team_join.php?$tokens&teamid=$team->id'>Join this team</a> "<a href='team_join.php?$tokens&amp;teamid=$team->id'>Join this team</a>
<br><span class=note>Note: if 'OK to email' is set in your project preferences, joining a team gives its founder access to your email address.</span>" <br><span class=note>Note: if 'OK to email' is set in your project preferences, joining a team gives its founder access to your email address.</span>"
); );
} }
@ -135,9 +136,9 @@ function display_team_page($team, $user) {
} }
} }
row2("New members in last day", $x); row2("New members in last day", $x);
row2("Total members", "$team->nusers (<a href=team_members.php?teamid=$team->id&offset=0&sort_by=expavg_credit>view</a>)"); row2("Total members", "$team->nusers (<a href=team_members.php?teamid=$team->id&amp;offset=0&amp;sort_by=expavg_credit>view</a>)");
row2("Active members", "$team->nusers_active (<a href=team_members.php?teamid=$team->id&offset=0&sort_by=expavg_credit>view</a>)"); row2("Active members", "$team->nusers_active (<a href=team_members.php?teamid=$team->id&amp;offset=0&amp;sort_by=expavg_credit>view</a>)");
row2("Members with credit", "$team->nusers_worked (<a href=team_members.php?teamid=$team->id&offset=0&sort_by=total_credit>view</a>)"); row2("Members with credit", "$team->nusers_worked (<a href=team_members.php?teamid=$team->id&amp;offset=0&amp;sort_by=total_credit>view</a>)");
end_table(); end_table();
} }
@ -172,12 +173,12 @@ function display_team_members($team, $offset, $sort_by) {
if ($sort_by == "total_credit") { if ($sort_by == "total_credit") {
echo "<th>Total credit</th>"; echo "<th>Total credit</th>";
} else { } else {
echo "<th><a href=team_members.php?teamid=$team->id&sort_by=total_credit&offset=$offset>Total credit</a></th>"; echo "<th><a href=team_members.php?teamid=$team->id&amp;sort_by=total_credit&amp;offset=$offset>Total credit</a></th>";
} }
if ($sort_by == "expavg_credit") { if ($sort_by == "expavg_credit") {
echo "<th>Recent average credit</th>"; echo "<th>Recent average credit</th>";
} else { } else {
echo "<th><a href=team_members.php?teamid=$team->id&sort_by=expavg_credit&offset=$offset>Recent average credit</a></th>"; echo "<th><a href=team_members.php?teamid=$team->id&amp;sort_by=expavg_credit&amp;offset=$offset>Recent average credit</a></th>";
} }
} }
} }
@ -222,11 +223,11 @@ function display_team_members($team, $offset, $sort_by) {
if ($offset > 0) { if ($offset > 0) {
$new_offset = $offset - $n; $new_offset = $offset - $n;
echo "<a href=team_members.php?teamid=$team->id&sort_by=$sort_by&offset=$new_offset>Last $n</a> | "; echo "<a href=team_members.php?teamid=$team->id&amp;sort_by=$sort_by&amp;offset=$new_offset>Last $n</a> | ";
} }
if ($j == $offset + $n + 1) { if ($j == $offset + $n + 1) {
$new_offset = $offset + $n; $new_offset = $offset + $n;
echo "<a href=team_members.php?teamid=$team->id&sort_by=$sort_by&offset=$new_offset>Next $n</a>"; echo "<a href=team_members.php?teamid=$team->id&amp;sort_by=$sort_by&amp;offset=$new_offset>Next $n</a>";
} }
} }

4
html/user/team_search.php
View File

@ -130,7 +130,11 @@ function search($params) {
$user = get_logged_in_user(false); $user = get_logged_in_user(false);
if (isset($_GET['submit'])) { if (isset($_GET['submit'])) {
$params = null; $params = null;
if(get_magic_quotes_gpc()) {
$params->keywords = stripslashes($_GET['keywords']);
} else {
$params->keywords = $_GET['keywords']; $params->keywords = $_GET['keywords'];
}
$params->country = $_GET['country']; $params->country = $_GET['country'];
$params->type = $_GET['type']; $params->type = $_GET['type'];
$params->active = get_str('active', true); $params->active = get_str('active', true);