#137 fixed xss on login

This commit is contained in:
Philip Häusler 2013-12-27 19:45:50 +01:00
parent 9d709b2a73
commit 9da2ff6f9f
2 changed files with 12 additions and 4 deletions

View File

@ -1,5 +1,13 @@
<?php <?php
/**
* Strip unwanted characters from a users nick.
* @param string $nick
*/
function User_validate_Nick($nick) {
return preg_replace("/([^a-z0-9üöäß. _+*-]{1,})/ui", '', $nick);
}
/** /**
* Returns user by id. * Returns user by id.
* *

View File

@ -40,8 +40,8 @@ function guest_register() {
if (isset($_REQUEST['submit'])) { if (isset($_REQUEST['submit'])) {
$ok = true; $ok = true;
if (isset($_REQUEST['nick']) && strlen(strip_request_item('nick')) > 1) { if (isset($_REQUEST['nick']) && strlen(User_validate_Nick($_REQUEST['nick'])) > 1) {
$nick = strip_request_item('nick'); $nick = User_validate_Nick($_REQUEST['nick']);
if (sql_num_query("SELECT * FROM `User` WHERE `Nick`='" . sql_escape($nick) . "' LIMIT 1") > 0) { if (sql_num_query("SELECT * FROM `User` WHERE `Nick`='" . sql_escape($nick) . "' LIMIT 1") > 0) {
$ok = false; $ok = false;
$msg .= error(sprintf(_("Your nick &quot;%s&quot; already exists."), $nick), true); $msg .= error(sprintf(_("Your nick &quot;%s&quot; already exists."), $nick), true);
@ -178,8 +178,8 @@ function guest_login() {
if (isset($_REQUEST['submit'])) { if (isset($_REQUEST['submit'])) {
$ok = true; $ok = true;
if (isset($_REQUEST['nick']) && strlen(strip_request_item('nick')) > 0) { if (isset($_REQUEST['nick']) && strlen(User_validate_Nick($_REQUEST['nick'])) > 0) {
$nick = strip_request_item('nick'); $nick = User_validate_Nick($_REQUEST['nick']);
$login_user = sql_select("SELECT * FROM `User` WHERE `Nick`='" . sql_escape($nick) . "'"); $login_user = sql_select("SELECT * FROM `User` WHERE `Nick`='" . sql_escape($nick) . "'");
if (count($login_user) > 0) { if (count($login_user) > 0) {
$login_user = $login_user[0]; $login_user = $login_user[0];