Changeset 2809 in /cluster/svnroot


Ignore:
Timestamp:
Nov 10, 2010 9:13:53 PM (10 years ago)
Author:
fitz
Message:

Update to usage to protect against injection

File:
1 edited

Legend:

Unmodified
Added
Removed
  • bccd-ng/bccd.net/ver3/usage.php

    r2767 r2809  
    1212$conn = $page->dbConnect();
    1313
     14function sanitize($conn, $text) {
     15        $text = strip_tags($text);
     16        $text = pg_escape_string($conn, $text);
     17
     18        return $text;
     19}
     20
    1421if (isset($_POST['cpu'])) {
    15         $date  = $_POST['date'];
    16         $cpu   = $_POST['cpu'];
    17         $cores = $_POST['cores'];
    18         $arch  = $_POST['arch'];
    19         $nics  = $_POST['nics'];
    20         $ram   = preg_replace('/ kB/', '', $_POST['ram']);
    21         $rev   = $_POST['rev'];
    22         $build = $_POST['build'];
     22        $date  = sanitize($_POST['date']);
     23        $cpu   = sanitize($_POST['cpu']);
     24        $cores = sanitize($_POST['cores']);
     25        $arch  = sanitize($_POST['arch']);
     26        $nics  = sanitize($_POST['nics']);
     27        $ram   = sanitize(preg_replace('/ kB/', '', $_POST['ram']));
     28        $rev   = sanitize($_POST['rev']);
     29        $build = sanitize($_POST['build']);
    2330
    2431        $query = "insert into usageStats (date,cpu,cores,arch,nics,ram,rev,build)
Note: See TracChangeset for help on using the changeset viewer.