[svn r10859] Fixing some XSS problems

http://projects.dokeos.com/?do=details&id=1175 http://projects.dokeos.com/?do=details&id=1169
18 years ago · 80657ed0b9
parent 3631d621e7
commit 80657ed0b9
2 changed files with 20 additions and 16 deletions
--- a/main/inc/lib/main_api.lib.php
+++ b/main/inc/lib/main_api.lib.php
@ -386,21 +386,25 @@ function api_get_user_info($user_id = '')
 	}
 	else
 	{
-		$sql = "SELECT * FROM ".Database :: get_main_table(TABLE_MAIN_USER)." WHERE user_id=$user_id";
+		$sql = "SELECT * FROM ".Database :: get_main_table(TABLE_MAIN_USER)." WHERE user_id='".mysql_real_escape_string($user_id)."'";
 		$result = api_sql_query($sql, __FILE__, __LINE__);
-		$result_array = mysql_fetch_array($result);
-		// this is done so that it returns the same array-index-names
-		// ideally the names of the fields of the user table are renamed so that they match $_user (or vice versa)
-		// $_user should also contain every field of the user table (except password maybe). This would make the
-		// following lines obsolete (and the code cleaner and slimmer !!!
-		$user_info['firstName'] = $result_array['firstname'];
-		$user_info['lastName'] = $result_array['lastname'];
-		$user_info['mail'] = $result_array['email'];
-		$user_info['picture_uri'] = $result_array['picture_uri'];
-		$user_info['user_id'] = $result_array['user_id'];
-		$user_info['official_code'] = $result_array['official_code'];
-		$user_info['status'] = $result_array['status'];
-		return $user_info;
+		if(mysql_num_rows($result) > 0)
+		{
+			$result_array = mysql_fetch_array($result);
+			// this is done so that it returns the same array-index-names
+			// ideally the names of the fields of the user table are renamed so that they match $_user (or vice versa)
+			// $_user should also contain every field of the user table (except password maybe). This would make the
+			// following lines obsolete (and the code cleaner and slimmer !!!
+			$user_info['firstName'] = $result_array['firstname'];
+			$user_info['lastName'] = $result_array['lastname'];
+			$user_info['mail'] = $result_array['email'];
+			$user_info['picture_uri'] = $result_array['picture_uri'];
+			$user_info['user_id'] = $result_array['user_id'];
+			$user_info['official_code'] = $result_array['official_code'];
+			$user_info['status'] = $result_array['status'];
+			return $user_info;
+		}
+		return false;
 	}
 }
 /**
--- a/whoisonline.php
+++ b/whoisonline.php
@ -1,4 +1,4 @@
-<?php // $Id: whoisonline.php 10625 2007-01-09 13:39:43Z bmol $
+<?php // $Id: whoisonline.php 10859 2007-01-24 08:36:15Z bmol $
 /*
 ==============================================================================
 	Dokeos - elearning and course management software
@ -268,7 +268,7 @@ else
 {
 	Display::display_error_message(get_lang('AccessNotAllowed'));
 }
-$referer = empty($_GET['referer'])?'index.php':$_GET['referer'];
+$referer = empty($_GET['referer'])?'index.php':urlencode($_GET['referer']);
 echo '<a href="'.($_GET['id']?'javascript:window.history.back();':$referer).'">&lt; '.get_lang('Back').'</a>';

 /*