[AppDB] ID checks
Paul van Schayck
info at wwwdesign.tmfweb.nl
Mon Mar 15 14:14:44 CST 2004
Hey,
A start to the AppDB. The whole system is using the strongly depreceated auto
registered globals. (The DB was made before this rule was made/enforced)
This patch will just fix that problem for the browsing trough the DB.
It will also check if we really have a numeric ID and not someone entering
evil SQL.
Regards,
Paul van Schayck
Changelog:
Get the IDs from $_GET and check if they are numeric.
Index: appdb/appbrowse.php
===================================================================
RCS file: /home/wine/appdb/appbrowse.php,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 appbrowse.php
--- appdb/appbrowse.php 15 Mar 2004 16:22:00 -0000 1.1.1.1
+++ appdb/appbrowse.php 15 Mar 2004 20:13:07 -0000
@@ -22,8 +22,16 @@
$m->done();
}
+$catId = $_GET['catId'];
+
if(!$catId)
$catId = 0; // ROOT
+
+if( !is_numeric($catId) )
+{
+ errorpage("Something went wrong with the category ID");
+ exit;
+}
// list sub categories
$cat = new Category($catId);
Index: appdb/appview.php
===================================================================
RCS file: /home/wine/appdb/appview.php,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 appview.php
--- appdb/appview.php 15 Mar 2004 16:22:00 -0000 1.1.1.1
+++ appdb/appview.php 15 Mar 2004 20:13:08 -0000
@@ -231,6 +231,15 @@
/* code to VIEW an application & versions */
+$appId = $_GET['appId'];
+$versionId = $_GET['versionId'];
+
+if( !is_numeric($appId) || !is_numeric($versionId) )
+{
+ errorpage("Something went wrong with the IDs");
+ exit;
+}
+
if($appId && !$versionId)
{
$app = new Application($appId);
More information about the wine-patches
mailing list