Commit Graph

9 Commits

Author SHA1 Message Date
David Anderson d6315c7112 - fix various XSS vulnerabilities reported by the
Acunetix Web Vulnerability Scanner (free edition)


svn path=/trunk/boinc/; revision=22315
2010-09-04 22:13:27 +00:00
David Anderson 9baf78fe5f - web: added copyright and license info to PHP files
svn path=/trunk/boinc/; revision=15758
2008-08-05 22:43:14 +00:00
David Anderson d403a14e42 - web: cleaned up logic of string processing.
There are two aspects:
    1) undoing magic quotes (if it's being used).
        This must be done for all GET and POST string inputs.
        It is now done automatically by get_str() and post_str().
        The places that refer to $_GET and $_POST directly
        must do it themselves using undo_magic_quotes().
    2) Escaping user-supplied strings before using them in DB queries.
        This is done by process_user_text()
        (which should be renamed db_escape_string()).
        The new principle:
        call process_user_text() in the function that does the DB query
        (not at any higher level).


svn path=/trunk/boinc/; revision=15389
2008-06-11 19:36:10 +00:00
David Anderson e1ca1c5aee - User web: more DB framework changes;
extended DB framework to allow use of a read-only replica

svn path=/trunk/boinc/; revision=13985
2007-10-29 16:38:25 +00:00
Rytis Slatkevičius f5ac3f8631 Do not allow blank or NULL countries
svn path=/trunk/boinc/; revision=13462
2007-08-26 10:29:08 +00:00
David Anderson 2af893b0f2 - user web: code cleanup related to team creation.
Make a single function that creates teams
    and cleanses arguments.
- API: don't include config.h in parse.h.
    This file is included from apps
    (indirectly, via graphics_api.h)
    so it shouldn't assume that config.h exists

svn path=/trunk/boinc/; revision=13212
2007-07-25 03:17:31 +00:00
David Anderson 7fa8c7c8dd *** empty log message ***
svn path=/trunk/boinc/; revision=11125
2006-09-08 19:51:33 +00:00
David Anderson 02bb061b6d *** empty log message ***
svn path=/trunk/boinc/; revision=11117
2006-09-06 20:56:55 +00:00
David Anderson 5f8f7f6acd create team RPC
svn path=/trunk/boinc/; revision=9380
2006-02-01 20:19:51 +00:00