Home Explore Help
Sign In
Paenibacillus
/
sorbetcms
forked from richard/sorbetcms
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Commits 290 Releases 0 Wiki
Browse Source

* Sanitize data entries for install gelato

Victor De la Rocha 16 years ago
parent
071d50e367
commit
25f1c98695
2 changed files with 9 additions and 10 deletions
Unified View Show Diff Stats
  1. 4 5
      classes/install.class.php
  2. 5 5
      install.php

+ 4 - 5
classes/install.class.php View File

120 
 			PRIMARY KEY  (`id_feed`)
120 
 			PRIMARY KEY  (`id_feed`)
121 
 			) ENGINE=MyISAM ;";
121 
 			) ENGINE=MyISAM ;";
122
122
123 
-
124 
-		$sqlStr[] = "INSERT INTO `".Table_prefix."config` VALUES (". $this->data['posts_limit'] .", '".$this->data['title']."', '".$this->data['description']."', '".$this->data['lang']."', '".$this->data['template']."', '".$this->data['url_installation']."');";
125 
-		$sqlStr[] = "INSERT INTO `".Table_prefix."users` VALUES ('', '', '".$this->data['login']."', '".md5($this->data['password'])."', '".$this->data['email']."', '".$this->data['website']."', '".$this->data['about']."');";
123 
+		$sqlStr[] = "INSERT INTO `".Table_prefix."config` VALUES (". $db->sql_escape($this->data['posts_limit']).", '".$db->sql_escape($this->data['title'])."', '".$db->sql_escape($this->data['description'])."', '".$db->sql_escape($this->data['lang'])."', '".$db->sql_escape($this->data['template'])."', '".$db->sql_escape($this->data['url_installation'])."');";
124 
+		$sqlStr[] = "INSERT INTO `".Table_prefix."users` VALUES ('', '', '".$db->sql_escape($this->data['login'])."', '".md5($this->data['password'])."', '".$db->sql_escape($this->data['email'])."', '".$db->sql_escape($this->data['website'])."', '".$db->sql_escape($this->data['about'])."');";
126 
 		$sqlStr[] = "INSERT INTO `".Table_prefix."options` VALUES ('url_friendly', '0');";
125 
 		$sqlStr[] = "INSERT INTO `".Table_prefix."options` VALUES ('url_friendly', '0');";
127 
 		$sqlStr[] = "INSERT INTO `".Table_prefix."options` VALUES ('rich_text', '0');";
126 
 		$sqlStr[] = "INSERT INTO `".Table_prefix."options` VALUES ('rich_text', '0');";
128 
 		$sqlStr[] = "INSERT INTO `".Table_prefix."options` VALUES ('allow_comments', '0');";
127 
 		$sqlStr[] = "INSERT INTO `".Table_prefix."options` VALUES ('allow_comments', '0');";
129 
-		$sqlStr[] = "INSERT INTO `".Table_prefix."options` VALUES ('offset_city', '".$this->data['offset_city']."');";
130 
-		$sqlStr[] = "INSERT INTO `".Table_prefix."options` VALUES ('offset_time', '".$this->data['offset_time']."');";
128 
+		$sqlStr[] = "INSERT INTO `".Table_prefix."options` VALUES ('offset_city', '".$db->sql_escape($this->data['offset_city'])."');";
129 
+		$sqlStr[] = "INSERT INTO `".Table_prefix."options` VALUES ('offset_time', '".$db->sql_escape($this->data['offset_time'])."');";
131 
 		$sqlStr[] = "INSERT INTO `".Table_prefix."options` VALUES ('shorten_links', '0');";
130 
 		$sqlStr[] = "INSERT INTO `".Table_prefix."options` VALUES ('shorten_links', '0');";
132 
 		$sqlStr[] = "INSERT INTO `".Table_prefix."options` VALUES ('rss_import_frec', '5 minutes');";
131 
 		$sqlStr[] = "INSERT INTO `".Table_prefix."options` VALUES ('rss_import_frec', '5 minutes');";
133 
 		$sqlStr[] = "INSERT INTO `".Table_prefix."options` VALUES ('check_version', '1');";
132 
 		$sqlStr[] = "INSERT INTO `".Table_prefix."options` VALUES ('check_version', '1');";

+ 5 - 5
install.php View File

63 
 					<legend class="install">Database Settings</legend>
63 
 					<legend class="install">Database Settings</legend>
64 
 					<ul>
64 
 					<ul>
65 
 						<li><label for="login">User:</label>
65 
 						<li><label for="login">User:</label>
66 
-							<input type="text" name="db_login" id="db_login" value="<?php echo $install->data['db_login']?>" class="txt"/><?php echo $install->mostrarerror("10")?></li>
66 
+							<input type="text" name="db_login" id="db_login" value="<?php echo isset($install->data['db_login'])?$install->data['db_login']:''?>" class="txt"/><?php echo $install->mostrarerror("10")?></li>
67 
 						<li><label for="password">Password:</label>
67 
 						<li><label for="password">Password:</label>
68 
 							<input type="password" name="db_password" id="db_password" value="" class="txt"/></li>
68 
 							<input type="password" name="db_password" id="db_password" value="" class="txt"/></li>
69 
 						<li><label for="password2">Re-type password:</label>
69 
 						<li><label for="password2">Re-type password:</label>
78 
 					<legend class="install">Admin user</legend>
78 
 					<legend class="install">Admin user</legend>
79 
 					<ul>
79 
 					<ul>
80 
 						<li><label for="login">User:</label>
80 
 						<li><label for="login">User:</label>
81 
-							<input type="text" name="login" id="login" value="<?php echo $install->data['login']?>" class="txt"/><?php echo $install->mostrarerror("1")?></li>
81 
+							<input type="text" name="login" id="login" value="<?php echo isset($install->data['login'])?$install->data['login']:''?>" class="txt"/><?php echo $install->mostrarerror("1")?></li>
82 
 						<li><label for="password">Password:</label>
82 
 						<li><label for="password">Password:</label>
83 
 							<input type="password" name="password" id="password" value="" class="txt"/><?php echo $install->mostrarerror("2")?></li>
83 
 							<input type="password" name="password" id="password" value="" class="txt"/><?php echo $install->mostrarerror("2")?></li>
84 
 						<li><label for="password2">Re-type password:</label>
84 
 						<li><label for="password2">Re-type password:</label>
85 
 							<input type="password" name="password2" id="password2" value="" class="txt"/><?php echo $install->mostrarerror("3")?></li>
85 
 							<input type="password" name="password2" id="password2" value="" class="txt"/><?php echo $install->mostrarerror("3")?></li>
86 
 						<li><label for="email">E-mail:</label>
86 
 						<li><label for="email">E-mail:</label>
87 
-							<input type="text" name="email" id="email" value="<?php echo $install->data['email']?>" class="txt"/><?php echo $install->mostrarerror("4")?></li>
87 
+							<input type="text" name="email" id="email" value="<?php echo isset($install->data['email'])?$install->data['email']:''?>" class="txt"/><?php echo $install->mostrarerror("4")?></li>
88 
 					</ul>
88 
 					</ul>
89 
 				</fieldset><br  />
89 
 				</fieldset><br  />
90 
 				<fieldset class="install">
90 
 				<fieldset class="install">
91 
 					<legend class="install">Tumblelog configuration</legend>
91 
 					<legend class="install">Tumblelog configuration</legend>
92 
 					<ul>
92 
 					<ul>
93 
 						<li><label for="title">Title:</label>
93 
 						<li><label for="title">Title:</label>
94 
-							<input type="text" name="title" id="title" value="<?php echo $install->data['title']?>" class="txt"/></li>
94 
+							<input type="text" name="title" id="title" value="<?php echo isset($install->data['title'])?$install->data['title']:''?>" class="txt"/></li>
95 
 						<li><label for="description">Description:</label>
95 
 						<li><label for="description">Description:</label>
96 
-							<input type="text" name="description" id="description" value="<?php echo $install->data['description']?>" class="txt"/></li>
96 
+							<input type="text" name="description" id="description" value="<?php echo isset($install->data['description'])?$install->data['description']:''?>" class="txt"/></li>
97 
 						<li><label for="url_installation">Installation URL</label>
97 
 						<li><label for="url_installation">Installation URL</label>
98 
 							<input type="text" name="url_installation" id="url_installation" value="<?php if(isset($_SERVER['SCRIPT_URI']))echo substr($_SERVER["SCRIPT_URI"], '0', '-12'); ?>" class="txt"/><?php echo $install->mostrarerror("5")?></li>
98 
 							<input type="text" name="url_installation" id="url_installation" value="<?php if(isset($_SERVER['SCRIPT_URI']))echo substr($_SERVER["SCRIPT_URI"], '0', '-12'); ?>" class="txt"/><?php echo $install->mostrarerror("5")?></li>
99 
 						<li><label for="posts_limit">Post limit:</label>
99 
 						<li><label for="posts_limit">Post limit:</label>