web: remove vulnerabilities in tree_threader and in unused badge function

html/inc/util_ops.inc

@@ -331,6 +331,9 @@ function app_version_desc($avid) {
 ////// badge-related stuff
 
 function get_badge($name, $title, $image_url) {
+    $name = BoincDb::escape_string($name);
+    $title = BoincDb::escape_string($title);
+    $image_url = BoincDb::escape_string($image_url);
     $b = BoincBadge::lookup("name='$name'");
     if ($b) return $b;
     $now = time();

html/user/tree_threader.php

@@ -1,5 +1,7 @@
 <?php
 
+DEPRECATED
+
 // Handler for TreeThreader remote job submission.
 //
 // Assumptions:
@@ -155,7 +157,7 @@ if (!$r) {
 
 // authenticate the user
 //
-$auth = (string)$r->auth;
+$auth = BoincDb::escape_string((string)$r->auth);
 $user = BoincUser::lookup("authenticator='$auth'");
 if (!$user) error("invalid authenticator");
 $user_submit = BoincUserSubmit::lookup_userid($user->id);