Corrected Escaping

2026-06-01 12:19:28 +00:00 · 2018-12-19 19:36:49 +01:00
parent 0b0355fba0
commit 2f30c59da2
4 changed files with 82 additions and 68 deletions
@@ -46,55 +46,55 @@ $gruppe_kurzbz = $_GET['grp'];

 $gruppe = new gruppe($gruppe_kurzbz);

-echo '
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+echo '<!DOCTYPE HTML>
 <html>
 <head>
-	<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+	<meta charset="UTF-8">
 	<link href="../../skin/style.css.php" rel="stylesheet" type="text/css">
 	<link rel="stylesheet" href="../../skin/tablesort.css" type="text/css"/>
 	<link rel="stylesheet" type="text/css" href="../../skin/jquery-ui-1.9.2.custom.min.css">
-<script type="text/javascript" src="../../vendor/jquery/jqueryV1/jquery-1.12.4.min.js"></script>
-<script type="text/javascript" src="../../vendor/christianbach/tablesorter/jquery.tablesorter.min.js"></script>
-<script type="text/javascript" src="../../vendor/components/jqueryui/jquery-ui.min.js"></script>
-<script type="text/javascript" src="../../include/js/jquery.ui.datepicker.translation.js"></script>
-<script type="text/javascript" src="../../vendor/jquery/sizzle/sizzle.js"></script>
-	<script type="text/javascript">	
-	$(document).ready(function() 
-		{ 
-		    $("#table").tablesorter(
+	<script type="text/javascript" src="../../vendor/jquery/jqueryV1/jquery-1.12.4.min.js"></script>
+	<script type="text/javascript" src="../../vendor/christianbach/tablesorter/jquery.tablesorter.min.js"></script>
+	<script type="text/javascript" src="../../vendor/components/jqueryui/jquery-ui.min.js"></script>
+	<script type="text/javascript" src="../../include/js/jquery.ui.datepicker.translation.js"></script>
+	<script type="text/javascript" src="../../vendor/jquery/sizzle/sizzle.js"></script>
+	<script type="text/javascript">
+	$(document).ready(function()
+		{
+			$("#table").tablesorter(
 			{
 				sortList: [[0,0]],
 				widgets: [\'zebra\'],
-			}); 
-		} 
+			});
+		}
 	);
 	</script>
 	<title>' . $p->t('mailverteiler/personenImVerteiler') . '</title>
 </head>
 <body id="inhalt">';

-$qry = "SELECT 
-				uid, vorname, nachname 
-			FROM 
-				campus.vw_benutzer 
-			JOIN 
-				tbl_benutzergruppe USING (uid) 
-			WHERE 
-				gruppe_kurzbz='" . addslashes($gruppe_kurzbz) . "'";
+$qry = "SELECT
+				uid, vorname, nachname
+			FROM
+				campus.vw_benutzer
+			JOIN
+				tbl_benutzergruppe USING (uid)
+			WHERE
+				gruppe_kurzbz=".$db->db_add_param($gruppe_kurzbz);
+
 			// Fuer den Studiengang EWU wird zusaetzlich das aktuelle Studiensemester ermittelt
 			if ($gruppe->studiengang_kz == 10005 && mb_stripos($gruppe_kurzbz,'EWU') === 0)
 			{
 				$qry .= "	AND (studiensemester_kurzbz IS NULL
-				OR studiensemester_kurzbz IN ('" . addslashes($stsem) . "','" . addslashes($ss_nearest_to_akt) . "'))";
+				OR studiensemester_kurzbz IN (".$db->db_add_param($stsem).",".$db->db_add_param($ss_nearest_to_akt)."))";
 			}
 			else
 			{
 				$qry .= "	AND (studiensemester_kurzbz IS NULL
-				OR studiensemester_kurzbz='" . addslashes($stsem) . "')";
+				OR studiensemester_kurzbz=".$db->db_add_param($stsem).")";
 			}

-			$qry .= " ORDER BY 
+			$qry .= " ORDER BY
 				nachname, vorname";
 if ($result = $db->db_query($qry))
 {
@@ -109,7 +109,6 @@ echo '<table class="tablesorter" id="table">
 			<th>' . $p->t('global/mail') . '</th>
 		</tr></thead><tbody>';

-// $sql_query = "SELECT vornamen AS vn,nachname AS nn,a.uid as uid FROM public.tbl_personmailgrp AS a, public.tbl_person AS b WHERE a.uid=b.uid AND a.mailgrp_kurzbz='$grp' ORDER BY nachname";
 if ($result = $db->db_query($qry))
 {
 	while ($row = $db->db_fetch_object($result))
@@ -125,4 +124,4 @@ echo '
 		</tbody></table>
 	</body>
 </html>';
-?>
+?>
@@ -17,7 +17,6 @@
 *
 * Authors: Andreas Oesterreicher 	<andreas.oesterreicher@technikum-wien.at>
 */
-
 require_once('../../config/cis.config.inc.php');
 require_once('../../include/basis_db.class.php');
 require_once('../../include/phrasen.class.php');
@@ -26,27 +25,30 @@ require_once('../../include/functions.inc.php');
 $sprache = getSprache();
 $p = new phrasen($sprache);

-echo '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+if(!$uid = get_uid())
+	die($p->t('global/fehlerBeimErmittelnDerUID'));
+
+echo '<!DOCTYPE HTML>
 <html>
 	<head>
-		<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+		<meta charset="UTF-8">
 		<link href="../../skin/style.css.php" rel="stylesheet" type="text/css">
 		<link rel="stylesheet" href="../../skin/tablesort.css" type="text/css"/>
 		<link rel="stylesheet" type="text/css" href="../../skin/jquery-ui-1.9.2.custom.min.css">
-<script type="text/javascript" src="../../vendor/jquery/jqueryV1/jquery-1.12.4.min.js"></script>
-<script type="text/javascript" src="../../vendor/christianbach/tablesorter/jquery.tablesorter.min.js"></script>
-<script type="text/javascript" src="../../vendor/components/jqueryui/jquery-ui.min.js"></script>
-<script type="text/javascript" src="../../include/js/jquery.ui.datepicker.translation.js"></script>
-<script type="text/javascript" src="../../vendor/jquery/sizzle/sizzle.js"></script>
-		<script type="text/javascript">	
-		$(document).ready(function() 
-			{ 
-			    $("#table").tablesorter(
+		<script type="text/javascript" src="../../vendor/jquery/jqueryV1/jquery-1.12.4.min.js"></script>
+		<script type="text/javascript" src="../../vendor/christianbach/tablesorter/jquery.tablesorter.min.js"></script>
+		<script type="text/javascript" src="../../vendor/components/jqueryui/jquery-ui.min.js"></script>
+		<script type="text/javascript" src="../../include/js/jquery.ui.datepicker.translation.js"></script>
+		<script type="text/javascript" src="../../vendor/jquery/sizzle/sizzle.js"></script>
+		<script type="text/javascript">
+		$(document).ready(function()
+			{
+				$("#table").tablesorter(
 				{
 					sortList: [[0,0]],
 					widgets: [\'zebra\'],
-				}); 
-			} 
+				});
+			}
 		);
 		</script>
 	</head>
@@ -56,45 +58,60 @@ echo '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www
 if (!$db = new basis_db())
 	die($p->t('global/fehlerBeimOeffnenDerDatenbankverbindung'));

-if(!isset($_GET['kz']))
-    die($p->t('global/fehlerBeiDerParameteruebergabe'));
+if (!isset($_GET['kz']))
+	die($p->t('global/fehlerBeiDerParameteruebergabe'));

-    if(isset($_GET['all']))
+if (isset($_GET['all']))
 {
-	$qry = "SELECT vorname, nachname, uid FROM campus.vw_student WHERE aktiv=true AND studiengang_kz='".addslashes($_GET['kz'])."' AND semester<10 AND semester>0 ORDER BY nachname, vorname";
+	$qry = "SELECT
+				vorname, nachname, uid
+			FROM
+				campus.vw_student
+			WHERE
+				aktiv=true
+				AND studiengang_kz=".$db->db_add_param($_GET['kz'])."
+				AND semester<10
+				AND semester>0
+			ORDER BY nachname, vorname";
 }
 else
 {
-	$qry = "SELECT vorname, nachname, uid FROM campus.vw_student WHERE aktiv=true AND studiengang_kz='".addslashes($_GET['kz'])."'";
+	$qry = "SELECT
+				vorname, nachname, uid
+			FROM
+				campus.vw_student
+			WHERE
+				aktiv=true
+				AND studiengang_kz=".$db->db_add_param($_GET['kz']);

-	if(isset($_GET['sem']))
-		$qry.=" AND semester='".addslashes($_GET['sem'])."'";
+	if (isset($_GET['sem']))
+		$qry.=" AND semester=".$db->db_add_param($_GET['sem']);

-	if(isset($_GET['verband']))
-		$qry.=" AND verband='".addslashes($_GET['verband'])."'";
+	if (isset($_GET['verband']))
+		$qry.=" AND verband=".$db->db_add_param($_GET['verband']);

-	if(isset($_GET['grp']))
-		$qry.=" AND gruppe='".addslashes($_GET['grp'])."'";
+	if (isset($_GET['grp']))
+		$qry.=" AND gruppe=".$db->db_add_param($_GET['grp']);

 	$qry.= ' ORDER BY nachname, vorname';
 }
-if($result=$db->db_query($qry))
+if ($result = $db->db_query($qry))
 {
 	echo '<p>'.$row=$db->db_num_rows($result).' '.$p->t('mailverteiler/personen');
 }
 echo '
 		<table class="tablesorter" id="table">
 		<thead>
-	      <tr>
-	        <th>'.$p->t('global/nachname').'</th>
-	        <th>'.$p->t('global/vorname').'</th>
-	        <th>'.$p->t('global/mail').'</th>
-	      </tr>
-	     </thead><tbody>';
+		<tr>
+			<th>'.$p->t('global/nachname').'</th>
+			<th>'.$p->t('global/vorname').'</th>
+			<th>'.$p->t('global/mail').'</th>
+		</tr>
+		</thead><tbody>';

-if($result=$db->db_query($qry))
+if ($result = $db->db_query($qry))
 {
-	while($row=$db->db_fetch_object($result))
+	while ($row = $db->db_fetch_object($result))
 	{
 		echo "<tr>";
 		echo "  <td>$row->nachname</td>";
@@ -109,4 +126,4 @@ else
 echo '	</tbody></table>
 	</body>
 </html>';
-?>
+?>
@@ -26,9 +26,9 @@ if (!$db = new basis_db())

 if(isset($_GET['src']) && $_GET['src']=='flag' && isset($_GET['sprache']))
 {
-	$qry = "SELECT flagge as bild FROM public.tbl_sprache WHERE sprache='".addslashes($_GET['sprache'])."'";
+	$qry = "SELECT flagge as bild FROM public.tbl_sprache WHERE sprache=".$db->db_add_param($_GET['sprache']);
 }
-else 
+else
 	die('Unkown type');

 //Header fuer Bild schicken
@@ -38,5 +38,3 @@ $row = $db->db_fetch_object($result);
 //base64 zurueckwandeln und ausgeben
 echo base64_decode($row->bild);
 ?>
-	
-
@@ -49,7 +49,7 @@ class menu_addon_urlaub extends menu_addon
 			if($untergebene!='')
 				$untergebene.=',';

-			$untergebene.="'".addslashes($u_uid)."'";
+			$untergebene.="'".$this->db_escape($u_uid)."'";
 		}

 		$rechte = new benutzerberechtigung();
@@ -62,7 +62,7 @@ class menu_addon_urlaub extends menu_addon
 			{
 				if($untergebene!='')
 					$untergebene.=',';
-				$untergebene.="'".addslashes($row->uid)."'";
+				$untergebene.="'".$this->db_escape($row->uid)."'";
 			}
 		}