Browse code

Diverse shell-kritische zeichen raus

git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@505 87cf0b9e-d624-0410-a070-f6ee81989793

bernd authored on16/06/2007 14:33:33
Showing2 changed files
... ...
@@ -17,6 +17,10 @@ function filter_quotes( $input )
17 17
         return ereg_replace('["\'`]', '', $input );
18 18
 }
19 19
 
20
+function filter_shell( $input )
21
+{
22
+        return ereg_replace('["\'` \t\r\n]', '', $input );
23
+}
20 24
 
21 25
 
22 26
 ?>
... ...
@@ -46,7 +46,7 @@ function create_jabber_account($local, $domain, $password)
46 46
 
47 47
   $local = mysql_real_escape_string( filter_input_username($local) );
48 48
   $domain = (int) $domain;
49
-  $password = mysql_real_escape_string( filter_quotes( $password ) );
49
+  $password = mysql_real_escape_string( filter_shell( $password ) );
50 50
   
51 51
   if ($domain > 0)
52 52
   {
... ...
@@ -85,7 +85,7 @@ function change_jabber_password($id, $newpass)
85 85
   require_role(ROLE_CUSTOMER);
86 86
   $customerno = (int) $_SESSION['customerinfo']['customerno'];
87 87
   $id = (int) $id;
88
-  $newpass = mysql_real_escape_string( filter_quotes( $newpass ) );
88
+  $newpass = mysql_real_escape_string( filter_shell( $newpass ) );
89 89
   
90 90
   $query = "UPDATE jabber.accounts SET password='{$newpass}' WHERE customerno={$customerno} AND id={$id} LIMIT 1";
91 91
   DEBUG($query);