input-filtering
bernd commited on 2007-06-16 14:10:56
Zeige 2 geänderte Dateien mit 19 Einfügungen und 2 Löschungen.
git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@500 87cf0b9e-d624-0410-a070-f6ee81989793
- inc/security.php 0000000..6d69a65
- modules/jabber/include/jabberaccounts.php 2fff0c4..ae1a648
| ... | ... |
@@ -0,0 +1,17 @@ |
| 1 |
+<?php |
|
| 2 |
+ |
|
| 3 |
+ |
|
| 4 |
+function filter_input_general( $input ) |
|
| 5 |
+{
|
|
| 6 |
+ return htmlspecialchars(iconv('UTF-8', 'UTF-8', $input), ENT_QUOTES, 'UTF-8');
|
|
| 7 |
+} |
|
| 8 |
+ |
|
| 9 |
+ |
|
| 10 |
+function filter_input_username( $input ) |
|
| 11 |
+{
|
|
| 12 |
+ return ereg_replace("[^[:alnum:]\_\.\+\-]", "", $input );
|
|
| 13 |
+} |
|
| 14 |
+ |
|
| 15 |
+ |
|
| 16 |
+ |
|
| 17 |
+?> |
| ... | ... |
@@ -2,7 +2,7 @@ |
| 2 | 2 |
|
| 3 | 3 |
require_once("inc/debug.php");
|
| 4 | 4 |
require_once("inc/db_connect.php");
|
| 5 |
- |
|
| 5 |
+require_once("inc/security.php");
|
|
| 6 | 6 |
|
| 7 | 7 |
|
| 8 | 8 |
function get_jabber_accounts() {
|
| ... | ... |
@@ -44,7 +44,7 @@ function create_jabber_account($local, $domain, $password) |
| 44 | 44 |
require_role(ROLE_CUSTOMER); |
| 45 | 45 |
$customerno = (int) $_SESSION['customerinfo']['customerno']; |
| 46 | 46 |
|
| 47 |
- $local = mysql_real_escape_string($local); |
|
| 47 |
+ $local = mysql_real_escape_string( filter_input_username($local) ); |
|
| 48 | 48 |
$domain = (int) $domain; |
| 49 | 49 |
$password = mysql_real_escape_string($password); |
| 50 | 50 |
|
| 51 | 51 |