adding xss mitigations to server
This commit is contained in:
jakani24
@@ -80,29 +80,29 @@ function safe_settings(){
|
||||
}
|
||||
if($_GET["update"]=="rtp_included"){
|
||||
$id=htmlspecialchars($_GET["id"]);
|
||||
$stmt = $conn->prepare("UPDATE rtp_included set path= ? WHERE id=$id");
|
||||
$stmt->bind_param("s",$value);
|
||||
$stmt = $conn->prepare("UPDATE rtp_included set path= ? WHERE id=?");
|
||||
$stmt->bind_param("si",$value,$id);
|
||||
$stmt->execute();
|
||||
$stmt->close();
|
||||
}
|
||||
if($_GET["update"]=="rtp_excluded"){
|
||||
$id=htmlspecialchars($_GET["id"]);
|
||||
$stmt = $conn->prepare("UPDATE rtp_excluded set path= ? WHERE id=$id");
|
||||
$stmt->bind_param("s",$value);
|
||||
$stmt = $conn->prepare("UPDATE rtp_excluded set path= ? WHERE id=?");
|
||||
$stmt->bind_param("si",$value,$id);
|
||||
$stmt->execute();
|
||||
$stmt->close();
|
||||
}
|
||||
if($_GET["update"]=="user_tasks"){
|
||||
$id=htmlspecialchars($_GET["id"]);
|
||||
$stmt = $conn->prepare("UPDATE user_tasks set task = ? WHERE id=$id");
|
||||
$stmt->bind_param("s",$value);
|
||||
$stmt = $conn->prepare("UPDATE user_tasks set task = ? WHERE id=?");
|
||||
$stmt->bind_param("si",$value,$id);
|
||||
$stmt->execute();
|
||||
$stmt->close();
|
||||
}
|
||||
if($_GET["update"]=="system_tasks"){
|
||||
$id=htmlspecialchars($_GET["id"]);
|
||||
$stmt = $conn->prepare("UPDATE system_tasks set task = ? WHERE id=$id");
|
||||
$stmt->bind_param("s",$value);
|
||||
$stmt = $conn->prepare("UPDATE system_tasks set task = ? WHERE id=?");
|
||||
$stmt->bind_param("si",$value,$id);
|
||||
$stmt->execute();
|
||||
$stmt->close();
|
||||
}
|
||||
|
||||
@@ -98,15 +98,15 @@ function safe_settings(){
|
||||
}
|
||||
if($_GET["update"]=="rtp_included"){
|
||||
$id=htmlspecialchars($_GET["id"]);
|
||||
$stmt = $conn->prepare("UPDATE rtp_included set path= ? WHERE id=$id");
|
||||
$stmt->bind_param("s",$value);
|
||||
$stmt = $conn->prepare("UPDATE rtp_included set path= ? WHERE id=?");
|
||||
$stmt->bind_param("si",$value,$id);
|
||||
$stmt->execute();
|
||||
$stmt->close();
|
||||
}
|
||||
if($_GET["update"]=="rtp_excluded"){
|
||||
$id=htmlspecialchars($_GET["id"]);
|
||||
$stmt = $conn->prepare("UPDATE rtp_excluded set path= ? WHERE id=$id");
|
||||
$stmt->bind_param("s",$value);
|
||||
$stmt = $conn->prepare("UPDATE rtp_excluded set path= ? WHERE id=?");
|
||||
$stmt->bind_param("si",$value,$id);
|
||||
$stmt->execute();
|
||||
$stmt->close();
|
||||
}
|
||||
|
||||
@@ -20,10 +20,10 @@ if ($perms[2] !== "1") {
|
||||
}
|
||||
|
||||
// Handle filter submission
|
||||
$loglevel = isset($_GET["loglevel"]) ? $_GET["loglevel"] : "";
|
||||
$logtext = isset($_GET["logtext"]) ? $_GET["logtext"] : "";
|
||||
$machine_id = isset($_GET["machine_id"]) ? $_GET["machine_id"] : "";
|
||||
$time = isset($_GET["time"]) ? $_GET["time"] : "";
|
||||
$loglevel = htmlspecialchars(isset($_GET["loglevel"]) ? $_GET["loglevel"] : "");
|
||||
$logtext = htmlspecialchars(isset($_GET["logtext"]) ? $_GET["logtext"] : "");
|
||||
$machine_id = htmlspecialchars(isset($_GET["machine_id"]) ? $_GET["machine_id"] : "");
|
||||
$time = htmlspecialchars(isset($_GET["time"]) ? $_GET["time"] : "");
|
||||
$filter_query = "&loglevel=$loglevel&logtext=$logtext&machine_id=$machine_id&time=$time";
|
||||
|
||||
?>
|
||||
@@ -97,7 +97,7 @@ $filter_query = "&loglevel=$loglevel&logtext=$logtext&machine_id=$machine_id&tim
|
||||
//now display the normal page
|
||||
// Define page size and current page
|
||||
$page_size = 50;
|
||||
$current_page = isset($_GET['page']) ? intval($_GET['page']) : 1;
|
||||
$current_page = htmlspecialchars(isset($_GET['page']) ? intval($_GET['page']) : 1;
|
||||
$offset = ($current_page - 1) * $page_size;
|
||||
|
||||
// Get total number of log entries based on filters
|
||||
|
||||
@@ -11,7 +11,7 @@ if (!isset($_SESSION['username']) or !isset($_SESSION["login"])) {
|
||||
$username = $_SESSION['username'];
|
||||
$perms = $_SESSION["perms"];
|
||||
if(isset($_GET["page"])){
|
||||
$page=$_GET["page"];
|
||||
$page=htmlspecialchars($_GET["page"]);
|
||||
}else{
|
||||
$page="welcome.php"; //this is actually the Dashboard
|
||||
}
|
||||
|
||||
@@ -21,10 +21,10 @@ if($perms[2]!=="1"){
|
||||
|
||||
// Handle filter submission
|
||||
|
||||
$loglevel = isset($_GET["loglevel"]) ? $_GET["loglevel"] : "";
|
||||
$logtext = isset($_GET["logtext"]) ? $_GET["logtext"] : "";
|
||||
$machine_id = isset($_GET["machine_id"]) ? $_GET["machine_id"] : "";
|
||||
$time = isset($_GET["time"]) ? $_GET["time"] : "";
|
||||
$loglevel = htmlspecialchars(isset($_GET["loglevel"]) ? $_GET["loglevel"] : "");
|
||||
$logtext = htmlspecialchars(isset($_GET["logtext"]) ? $_GET["logtext"] : "");
|
||||
$machine_id = htmlspecialchars(isset($_GET["machine_id"]) ? $_GET["machine_id"] : "");
|
||||
$time = htmlspecialchars(isset($_GET["time"]) ? $_GET["time"] : "");
|
||||
$filter_query = "&loglevel=$loglevel&logtext=$logtext&machine_id=$machine_id&time=$time";
|
||||
|
||||
|
||||
@@ -99,7 +99,7 @@ $filter_query = "&loglevel=$loglevel&logtext=$logtext&machine_id=$machine_id&tim
|
||||
|
||||
// Define page size and current page
|
||||
$page_size = 50;
|
||||
$current_page = isset($_GET['page']) ? intval($_GET['page']) : 1;
|
||||
$current_page = htmlspecialchars(isset($_GET['page']) ? intval($_GET['page']) : 1);
|
||||
$offset = ($current_page - 1) * $page_size;
|
||||
|
||||
// Get total number of log entries based on filters
|
||||
|
||||
@@ -13,10 +13,10 @@ $perms = $_SESSION["perms"];
|
||||
$email = $_SESSION["email"];
|
||||
|
||||
|
||||
$machine_id = isset($_GET["machine_id"]) ? $_GET["machine_id"] : "";
|
||||
$path = isset($_GET["path"]) ? $_GET["path"] : "";
|
||||
$hash = isset($_GET["hash"]) ? $_GET["hash"] : "";
|
||||
$action = isset($_GET["action"]) ? $_GET["action"] : "";
|
||||
$machine_id = htmlspecialchars(isset($_GET["machine_id"]) ? $_GET["machine_id"] : "");
|
||||
$path = htmlspecialchars(isset($_GET["path"]) ? $_GET["path"] : "");
|
||||
$hash = htmlspecialchars(isset($_GET["hash"]) ? $_GET["hash"] : "");
|
||||
$action = htmlspecialchars(isset($_GET["action"]) ? $_GET["action"] : "");
|
||||
$filter_query = "&hash=$hash&path=$path&machine_id=$machine_id&action=$action";
|
||||
|
||||
?>
|
||||
@@ -91,7 +91,7 @@ $filter_query = "&hash=$hash&path=$path&machine_id=$machine_id&action=$action";
|
||||
|
||||
// Define page size and current page
|
||||
$page_size = 50;
|
||||
$current_page = isset($_GET['page']) ? intval($_GET['page']) : 1;
|
||||
$current_page = htmlspecialchars(isset($_GET['page']) ? intval($_GET['page']) : 1);
|
||||
$offset = ($current_page - 1) * $page_size;
|
||||
|
||||
// Get total number of log entries based on filters
|
||||
|
||||
Reference in New Issue
Block a user