XSS Lücke geschlossen

This commit is contained in:
oesi
2015-04-27 18:17:44 +02:00
parent 00b2902265
commit 3ec4fab663
+54 -96
View File
@@ -20,39 +20,29 @@
* Rudolf Hangl < rudolf.hangl@technikum-wien.at >
* Gerald Simane-Sequens < gerald.simane-sequens@technikum-wien.at >
*/
/* @date 27.10.2005
@brief Zeigt die Daten aus der tbl_lvinfo an
@edit 08-11-2006 Versionierung wurde entfernt. Alle eintraege werden jetzt im WS2007
abgespeichert
03-02-2006 Anpassung an die neue Datenbank
/*
* Lehrveranstaltungsfeedback
*/
require_once('../../../config/cis.config.inc.php');
require_once('../../../include/basis_db.class.php');
require_once('../../../include/functions.inc.php');
require_once('../../../include/studiensemester.class.php');
require_once('../../../include/lehrveranstaltung.class.php');
require_once('../../../include/feedback.class.php');
require_once('../../../include/phrasen.class.php');
require_once('../../../config/cis.config.inc.php');
// ------------------------------------------------------------------------------------------
// Datenbankanbindung
// ------------------------------------------------------------------------------------------
require_once('../../../include/basis_db.class.php');
if (!$db = new basis_db())
die('Fehler beim Herstellen der Datenbankverbindung');
require_once('../../../include/functions.inc.php');
require_once('../../../include/studiensemester.class.php');
require_once('../../../include/lehrveranstaltung.class.php');
require_once('../../../include/feedback.class.php');
require_once('../../../include/phrasen.class.php');
if (!$db = new basis_db())
die('Fehler beim Herstellen der Datenbankverbindung');
$sprache = getSprache();
$p = new phrasen($sprache);
$user = get_uid();
if(check_lektor($user))
$is_lector=true;
if(!isset($_GET['lvid']) || !is_numeric($_GET['lvid']))
die($p->t('global/fehlerBeiDerParameteruebergabe'));
$sprache = getSprache();
$p = new phrasen($sprache);
$user = get_uid();
if(!isset($_GET['lvid']) || !is_numeric($_GET['lvid']))
die($p->t('global/fehlerBeiDerParameteruebergabe'));
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<!DOCTYPE HTML>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
@@ -68,14 +58,13 @@
$feedback_message=$_POST['feedback_message'];
if(isset($_POST['feedback_subject']))
$feedback_subject=$_POST['feedback_subject'];
echo '<form accept-charset="UTF-8" method="POST" action="feedback.php?lvid='.$db->convert_html_chars($lvid).'" enctype="multipart/form-data">';
?>
<table class="tabcontent">
<tr>
<td width="3%">&nbsp;</td>
<?php
echo '<form accept-charset="UTF-8" method="POST" action="feedback.php?lvid='.$lvid.'" enctype="multipart/form-data">';
?>
<td width="97%">
<table class="tabcontent">
<tr>
@@ -86,13 +75,23 @@
else
die($lv_obj->errormsg);
?>
<td class='ContentHeader'><font class='ContentHeader'>&nbsp;<?php echo $short_name; ?> - Feedback
<td class='ContentHeader'><font class='ContentHeader'>&nbsp;<?php echo $db->convert_html_chars($short_name); ?> - Feedback
an:
<?php
$qry = "SELECT studiensemester_kurzbz FROM lehre.tbl_lehreinheit JOIN public.tbl_studiensemester USING(studiensemester_kurzbz) WHERE lehrveranstaltung_id='$lvid' ORDER BY ende DESC LIMIT 1";
$qry = "SELECT
studiensemester_kurzbz
FROM lehre.tbl_lehreinheit
JOIN public.tbl_studiensemester USING(studiensemester_kurzbz)
WHERE lehrveranstaltung_id=".$db->db_add_param($lvid, FHC_INTEGER)." ORDER BY ende DESC LIMIT 1";
$result = $db->db_query($qry);
$row = $db->db_fetch_object($result);
$qry = "SELECT distinct vorname, nachname, uid FROM campus.vw_mitarbeiter, lehre.tbl_lehreinheit, lehre.tbl_lehreinheitmitarbeiter WHERE uid=mitarbeiter_uid AND tbl_lehreinheit.lehreinheit_id=tbl_lehreinheitmitarbeiter.lehreinheit_id AND lehrveranstaltung_id='$lvid' AND studiensemester_kurzbz='$row->studiensemester_kurzbz'";
$qry = "SELECT distinct vorname, nachname, uid
FROM campus.vw_mitarbeiter, lehre.tbl_lehreinheit, lehre.tbl_lehreinheitmitarbeiter
WHERE uid=mitarbeiter_uid AND tbl_lehreinheit.lehreinheit_id=tbl_lehreinheitmitarbeiter.lehreinheit_id
AND lehrveranstaltung_id=".$db->db_add_param($lvid)."
AND studiensemester_kurzbz=".$db->db_add_param($row->studiensemester_kurzbz);
if(!$result=$db->db_query($qry))
die('Fehler beim Auslesen der Lektoren');
$rows = $db->db_num_rows($result);
@@ -113,25 +112,9 @@
<br>
<p><b><?php echo $p->t('global/betreff');?>:&nbsp;</b>
<?php
if(isset($edit_id) && $edit_id != "" && !isset($edit_break))
{
$fb_obj = new feedback();
if($fb_obj->load($edit_id))
{
echo '<input type="text" name="feedback_subject" value="'.$fb_obj->betreff.'" size="54"><br>';
echo '<textarea rows="7" name="feedback_message" cols="47">'.$fb_obj->text.'</textarea><br>';
echo '<input type="submit" value="'.$p->t('global/aendern').'" name="edit_feedback">&nbsp;';
echo '<input type="submit" value="'.$p->t('global/abbrechen').'" name="edit_break">';
}
else
echo $fb_obj->errormsg.'<br>';
}
else
{
echo '<input type="text" name="feedback_subject" size="54"><br>';
echo '<textarea rows="7" name="feedback_message" cols="47"></textarea><br>';
echo '<input type="submit" value="'.$p->t('global/abschicken').'" name="send_feedback">';
}
echo '<input type="text" name="feedback_subject" size="54"><br>';
echo '<textarea rows="7" name="feedback_message" cols="47"></textarea><br>';
echo '<input type="submit" value="'.$p->t('global/abschicken').'" name="send_feedback">';
?>
&nbsp;
<input type="reset" value="<?php echo $p->t('global/zuruecksetzen');?>" name="reset_message">
@@ -139,38 +122,18 @@
<?php
if(isset($feedback_message) && $feedback_message != "")
{
if(isset($edit_feedback))
{
$fb_obj = new feedback();
$fb_obj->betreff = $feedback_subject;
$fb_obj->text = $feedback_message;
$fb_obj->feedback_id = $edit_id;
$fb_obj->datum = date('Y-m-d');
$fb_obj->uid = $user;
$fb_obj->lehrveranstaltung_id = $lvid;
$fb_obj->new = false;
$fb_obj = new feedback();
$fb_obj->betreff = $feedback_subject;
$fb_obj->text = $feedback_message;
$fb_obj->datum = date('Y-m-d');
$fb_obj->uid = $user;
$fb_obj->lehrveranstaltung_id = $lvid;
$fb_obj->new = true;
if($fb_obj->save())
echo "<script language=\"JavaScript\">document.location = document.location + \"&message_sent=true\"</script>";
else
echo $fb_obj->errormsg."<br>";
}
if(!isset($edit_id) && !isset($edit_break) && !isset($edit_feedback))
{
$fb_obj = new feedback();
$fb_obj->betreff = $feedback_subject;
$fb_obj->text = $feedback_message;
$fb_obj->datum = date('Y-m-d');
$fb_obj->uid = $user;
$fb_obj->lehrveranstaltung_id = $lvid;
$fb_obj->new = true;
if($fb_obj->save())
echo "<script language=\"JavaScript\">document.location = document.location + \"&message_sent=true\"</script>";
else
echo $fb_obj->errormsg." save<br>";
}
if($fb_obj->save())
echo "<script language=\"JavaScript\">document.location = document.location + \"&message_sent=true\"</script>";
else
echo $fb_obj->errormsg." save<br>";
}
if(isset($message_sent) && $message_sent == true)
@@ -185,7 +148,7 @@
foreach($fb_obj->result as $row)
{
$sql_query = "SELECT vorname, nachname FROM campus.vw_benutzer WHERE uid='$row->uid'";
$sql_query = "SELECT vorname, nachname FROM campus.vw_benutzer WHERE uid=".$db->db_add_param($row->uid);
if($result_person = $db->db_query($sql_query))
{
@@ -193,16 +156,12 @@
{
echo '<tr>';
echo ' <td class="ContentHeader" width="90%"><font class="ContentHeader"><strong>&nbsp;'.$row->betreff.'</font></td>';
//echo ' <td class="ContentHeader" width="30%"><font class="ContentHeader">&nbsp;</font></td>'; //'.$row_pers->vorname.' '.$row_pers->nachname.'
echo ' <td class="ContentHeader" align="right"><font class="ContentHeader">'.$row->datum.'</font></td>';
echo ' <td class="ContentHeader" width="90%"><font class="ContentHeader"><strong>&nbsp;'.$db->convert_html_chars($row->betreff).'</strong></font></td>';
echo ' <td class="ContentHeader" align="right"><font class="ContentHeader">'.$db->convert_html_chars($row->datum).'</font></td>';
echo '</tr>';
echo '<tr>';
echo ' <td class="MarkLine" colspan=2>'.nl2br($row->text).'</td>';
//echo ' <td class="MarkLine">&nbsp;</td>';
//echo ' <td class="MarkLine" colspan=2>&nbsp;</td>';
//echo ' <td class="MarkLine">&nbsp;</td>';
echo ' <td class="MarkLine" colspan=2>'.nl2br($db->convert_html_chars($row->text)).'</td>';
echo '</tr>';
echo '<tr>';
echo ' <td>&nbsp;</td>';
@@ -216,9 +175,8 @@
echo $p->t('global/fehleraufgetreten').' '.$fb_obj->errormsg;
?>
</td>
</form>
</tr>
</table>
</form>
</body>
</html>
</html>