tyler.durden/loganalyzer
1
0
Fork 0
mirror of https://github.com/rsyslog/loganalyzer.git synced 2025-09-26 03:09:21 +02:00
Code Issues Packages Projects Releases Wiki Activity

fixed security bug in user validation

Browse Source
This commit is contained in:
Michael Meckelein 2005-12-12 11:17:54 +00:00
parent cec1cb4019
commit a2693a0374
2 changed files with 19 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
doc/history.htm
View File

@ -16,6 +16,10 @@
<p><small><a href="index.htm">[Doc Home]</a></small></p>
<h2><a name="top">7. Release History</a></h2>
<p>2005-12-12
<li>Fixed a security bug in user login validation.
</li>
</p>
<p>2005-12-05
<li>"Message must contain" filter enhanced. Filtering for multiple words (seperated by spaces) is supported now.
</li>

18
submit.php
View File

@ -27,7 +27,20 @@ See AUTHORS to learn who helped make it become a reality.
*/#### #### #### #### #### #### #### #### #### ####
// Check for speical ysql characters
function invalid_chars( $string )
{
$bad_list = array("'",'"',"%");
foreach( $bad_list as $needle )
{
if( strpos( $string, $needle ) !== FALSE )
{
return TRUE;
}
}
return FALSE;
}
// global _DBNAME, _DBUSERID, _DBPWD, _DBSERVER, $session_time;
include 'include.php';
@ -35,8 +48,7 @@ See AUTHORS to learn who helped make it become a reality.
if( !isset($_POST['save_cookies']))
$_POST['save_cookies'] = 0;
if( stristr($_POST['pass'], "'") || stristr($_POST['pass'], '"') || stristr($_POST['usr'], "'") || stristr($_POST['usr'], '"'))
if( invalid_chars( $_POST['usr'] ) || invalid_chars( $_POST['pass'] ) )
{
WriteHead('phpLogCon :: ' , _MSGAccDen, '', '', _MSGAccDen, 0);
print '<br><b>..:: ' . _MSGNamInvChr . ' ::..</b><br>';
@ -96,4 +108,4 @@ See AUTHORS to learn who helped make it become a reality.
}
}
?>
?>