mirror of
https://github.com/FH-Complete/FHC-Core.git
synced 2026-06-01 12:19:28 +00:00
Fixed XSS Vulnerability in CIS Schedule
This commit is contained in:
Andreas Oesterreicher
@@ -497,19 +497,19 @@ $stdplan->user_uid=$uid;
|
||||
// Zusaetzliche Daten laden
|
||||
if (! $stdplan->load_data($type,$pers_uid,$ort_kurzbz,$stg_kz,$sem,$ver,$grp,$gruppe_kurzbz,null,$lva) )
|
||||
{
|
||||
die($stdplan->errormsg);
|
||||
die(htmlentities($stdplan->errormsg));
|
||||
}
|
||||
|
||||
// Stundenplan einer Woche laden
|
||||
if (! $stdplan->load_week($datum))
|
||||
{
|
||||
die($stdplan->errormsg);
|
||||
die(htmlentities($stdplan->errormsg));
|
||||
}
|
||||
|
||||
// Kopfbereich drucken
|
||||
if (! $stdplan->draw_header())
|
||||
{
|
||||
die($stdplan->errormsg);
|
||||
die(htmlentities($stdplan->errormsg));
|
||||
}
|
||||
|
||||
// Stundenplan der Woche drucken
|
||||
|
||||
@@ -291,6 +291,11 @@ class lehrstunde extends basis_db
|
||||
$this->errormsg='Fehler: LVA-ID ist nicht gesetzt';
|
||||
return -1;
|
||||
}
|
||||
if ($type=='lva' && !is_numeric($lva))
|
||||
{
|
||||
$this->errormsg='Fehler: LVA-ID ist ungueltig';
|
||||
return -1;
|
||||
}
|
||||
// Type
|
||||
if ($type==null)
|
||||
{
|
||||
@@ -362,7 +367,7 @@ class lehrstunde extends basis_db
|
||||
}
|
||||
else
|
||||
{
|
||||
$this->errormsg=$this->db_last_error();
|
||||
$this->errormsg = 'Fehler beim Laden der Verbaende';
|
||||
return -2;
|
||||
}
|
||||
// Spezialgruppen ermitteln zu denen die Person zugeteilt ist
|
||||
@@ -394,7 +399,7 @@ class lehrstunde extends basis_db
|
||||
|
||||
if (!$result_einheit=$this->db_query($sql_query))
|
||||
{
|
||||
$this->errormsg=$this->db_last_error($this->conn);
|
||||
$this->errormsg= 'Fehler beim Laden der Gruppen';
|
||||
return false;
|
||||
}
|
||||
else
|
||||
@@ -424,7 +429,7 @@ class lehrstunde extends basis_db
|
||||
|
||||
if (!$result_einheit=$this->db_query($sql_query))
|
||||
{
|
||||
$this->errormsg=$this->db_last_error($this->conn);
|
||||
$this->errormsg='Fehler beim Laden der Gruppen';
|
||||
return false;
|
||||
}
|
||||
else
|
||||
@@ -565,7 +570,7 @@ class lehrstunde extends basis_db
|
||||
//Datenbankabfrage
|
||||
if (!$this->db_query($sql_query_stdplan))
|
||||
{
|
||||
$this->errormsg = $this->db_last_error();
|
||||
$this->errormsg = 'Fehler beim Laden der Stundenplandaten';
|
||||
return -2;
|
||||
}
|
||||
$stpl_tbl = $this->db_result;
|
||||
@@ -619,7 +624,7 @@ class lehrstunde extends basis_db
|
||||
//Datenbankabfrage
|
||||
if (!$this->db_query($sql_query_reservierung))
|
||||
{
|
||||
$this->errormsg = $this->db_last_error();
|
||||
$this->errormsg = 'Fehler beim Laden der Reservierungen';
|
||||
return -2;
|
||||
}
|
||||
$stpl_tbl = $this->db_result;
|
||||
|
||||
@@ -240,7 +240,7 @@ class wochenplan extends basis_db
|
||||
|
||||
if (!$this->db_query($sql_query))
|
||||
{
|
||||
$this->errormsg=$this->db_last_error();
|
||||
$this->errormsg = 'Failed to load Personal Information';
|
||||
return false;
|
||||
}
|
||||
if ($row = $this->db_fetch_object())
|
||||
@@ -262,7 +262,7 @@ class wochenplan extends basis_db
|
||||
}
|
||||
else
|
||||
{
|
||||
$this->errormsg='User nicht gefunden';
|
||||
$this->errormsg = 'User nicht gefunden';
|
||||
return false;
|
||||
}
|
||||
}
|
||||
@@ -275,7 +275,7 @@ class wochenplan extends basis_db
|
||||
|
||||
if (!$this->db_query($sql_query))
|
||||
{
|
||||
$this->errormsg=$this->db_last_error();
|
||||
$this->errormsg = 'Failed to load Location Information';
|
||||
return false;
|
||||
}
|
||||
|
||||
@@ -303,7 +303,7 @@ class wochenplan extends basis_db
|
||||
|
||||
if (!$this->db_query($sql_query))
|
||||
{
|
||||
$this->errormsg=$this->db_last_error();
|
||||
$this->errormsg = 'Failed to load Location Information';
|
||||
return false;
|
||||
}
|
||||
|
||||
@@ -328,7 +328,10 @@ class wochenplan extends basis_db
|
||||
FROM public.tbl_studiengang WHERE studiengang_kz=".$this->db_add_param($this->stg_kz);
|
||||
|
||||
if (!($this->db_query($sql_query)))
|
||||
die($this->db_last_error());
|
||||
{
|
||||
$this->errormsg = 'Failed to load Degree Program';
|
||||
return false;
|
||||
}
|
||||
if ($row = $this->db_fetch_object())
|
||||
{
|
||||
$this->stg_bez = $row->bezeichnung;
|
||||
@@ -342,13 +345,13 @@ class wochenplan extends basis_db
|
||||
// Stundentafel abfragen
|
||||
$sql_query="SELECT stunde, beginn, ende FROM lehre.tbl_stunde ORDER BY stunde";
|
||||
if (!$this->db_query($sql_query))
|
||||
die($this->db_last_error());
|
||||
die('Failed to load Timetable');
|
||||
$this->stunde = $this->db_result;
|
||||
|
||||
// Studiensemesterdaten ermitteln
|
||||
$sql_query="SELECT * FROM public.tbl_studiensemester WHERE now()<ende ORDER BY start LIMIT 2";
|
||||
if (!$this->db_query($sql_query))
|
||||
die($this->db_last_error());
|
||||
die('Failed to load Studiensemester');
|
||||
else
|
||||
{
|
||||
if ($row = $this->db_fetch_object())
|
||||
|
||||
Reference in New Issue
Block a user