Request data is now generally secured

author Roland Häder <roland@mxchange.org>

Fri, 20 Jun 2008 12:03:39 +0000 (12:03 +0000)

committer Roland Häder <roland@mxchange.org>

Fri, 20 Jun 2008 12:03:39 +0000 (12:03 +0000)
author Roland Häder <roland@mxchange.org>
Fri, 20 Jun 2008 12:03:39 +0000 (12:03 +0000)
committer Roland Häder <roland@mxchange.org>
Fri, 20 Jun 2008 12:03:39 +0000 (12:03 +0000)
diff --git a/application/ship-simu/templates/de/code/login_failed.ctp b/application/ship-simu/templates/de/code/login_failed.ctp

index 4d9d42e26a32ab9f76b55207f01c132f506a0f84..81af6a17348872ba389f3f85a50a0f6d03e8b279 100644 (file)
--- a/application/ship-simu/templates/de/code/login_failed.ctp
+++ b/application/ship-simu/templates/de/code/login_failed.ctp
@@ -4,6 +4,7 @@
  
  <div id="content_body">
         Du bist nicht mehr in Ship-Simu eingeloggt. Dies kann verschiedene Gr&uuml;nde haben:
+
         <ol id="login_failed_list">
                 <li>Dein Browser nimmt keine Cookies an.</li>
                 <li>Du hast den Loginbereich aus deinen Bookmarks/Favoriten aufgerufen
@@ -12,6 +13,7 @@
                         kannst. Bitte kontaktiere den Support, falls dieses Problem
                         weiterhin besteht.</li>
         </ol>
+
         Wenn du den Support kontaktierst, halte bitte s&auml;mtliche relevante
         Informationen - <span class="important_note">nicht aber dein Passwort</span>
         - bereit. Du kannst auch einen Screenshot dieser Seite anfertigen und dem
diff --git a/application/ship-simu/templates/de/code/login_logout.ctp b/application/ship-simu/templates/de/code/login_logout.ctp

index e0eb6d6884bfb6ec24106857f2894e7bd9a8fcff..aa4ca1168d84368d286b951861eeff0932973887 100644 (file)
--- a/application/ship-simu/templates/de/code/login_logout.ctp
+++ b/application/ship-simu/templates/de/code/login_logout.ctp
@@ -2,6 +2,7 @@
         <div id="logout_header">
                 Willst du dich wirklich aus dem Spiel aussloggen?
         </div>
+
         <div id="logout_links">
                 [<a href="$config[base_url]/index.php?app=ship-simu&amp;page=login_area&amp;action=logout&amp;logout=1">Ja</a>] | [<a href="$config[base_url]/index.php?app=ship-simu&amp;page=login_area">Nein</a>]
         </div>
diff --git a/application/ship-simu/templates/de/code/login_main.ctp b/application/ship-simu/templates/de/code/login_main.ctp

index 3f7cf5f5d7e3c16628fb9182dd64b92a291c6b4e..b1116014818ba4d8b96ae6f49a0f6adba49c4fd2 100644 (file)
--- a/application/ship-simu/templates/de/code/login_main.ctp
+++ b/application/ship-simu/templates/de/code/login_main.ctp
@@ -10,7 +10,11 @@
         <div id="persona_header">
                 Account-Infos:
         </div>
-       {?persona_data?}
+
+       <div id="persona_body">
+               {?persona_data?}
+       </div>
+
         <div id="logout_link">
                 [<a href="$config[base_url]/index.php?app=ship-simu&amp;page=login_area&amp;action=logout"
                  title="Aus dem Spiel ausloggen">Ausloggen</a>]
@@ -21,5 +25,8 @@
         <div id="company_header">
                 Reederei-Infos:
         </div>
-       {?company_data?}
+
+       <div id="company_body">
+               {?company_data?}
+       </div>
  </div>
diff --git a/application/ship-simu/templates/de/code/shipsimu_main.ctp b/application/ship-simu/templates/de/code/shipsimu_main.ctp

index ff1ab2c6339b9145b4ef3242bd1b8cf6e4f1dc43..e15d8d97108d8cdbbae517a5a40f5cbcff4e3c74 100644 (file)
--- a/application/ship-simu/templates/de/code/shipsimu_main.ctp
+++ b/application/ship-simu/templates/de/code/shipsimu_main.ctp
@@ -1,23 +1,23 @@
  {?header?}
  
  <div id="main_header">
-{?ship_simu_header?}
+       {?ship_simu_header?}
  </div>
  
  <div id="navigation">
-{?navigation?}
+       {?navigation?}
  </div>
  
  <div id="advert">
-{?nav_advert?}
+       {?nav_advert?}
  </div>
  
  <div id="main_content">
-{?content?}
+       {?content?}
  </div>
  
  <div id="main_footer">
-{?ship_simu_footer?}
+       {?ship_simu_footer?}
  </div>
  
  {?footer?}
diff --git a/inc/classes/exceptions/main/class_InvalidCommandException.php b/inc/classes/exceptions/main/class_InvalidCommandException.php

index add16453d11816c75a134ccac0521e8cfe423ba6..d8ec33da0c5b19a09e9c2cc63a6e7f855d512eef 100644 (file)
--- a/inc/classes/exceptions/main/class_InvalidCommandException.php
+++ b/inc/classes/exceptions/main/class_InvalidCommandException.php
@@ -34,7 +34,7 @@ class InvalidCommandException extends FrameworkException {
                 $message = sprintf("[%s:%d] Invalid command <u>%s</u> detected.",
                         $msgArray[0]->__toString(),
                         $this->getLine(),
-                       htmlentities(strip_tags($msgArray[1]), ENT_QUOTES)
+                       $msgArray[1]
                 );
  
                 // Call parent constructor
diff --git a/inc/classes/main/request/class_HttpRequest.php b/inc/classes/main/request/class_HttpRequest.php

index 1a64747971beeebee8b4b22806c6031023b7fd82..b12855ff3161f99fae477feab33a723eac6bc89a 100644 (file)
--- a/inc/classes/main/request/class_HttpRequest.php
+++ b/inc/classes/main/request/class_HttpRequest.php
@@ -1,6 +1,6 @@
  <?php
  /**
- * A concrete HTTP request class to make HTTP requests more abstract
+ * A concrete and secured HTTP request class to make HTTP requests more abstract
   *
   * @author             Roland Haeder <webmaster@ship-simu.org>
   * @version            0.0.0
@@ -109,8 +109,13 @@ class HttpRequest extends BaseFrameworkSystem implements Requestable {
                 // Initialize value
                 $value = null;
  
+               // Is the element set?
                 if ($this->isRequestElementSet($element)) {
-                               $value = $this->requestData[$element];
+                       // Get the bare value
+                       $value = $this->requestData[$element];
+
+                       // Secure it against attacks
+                       $value = htmlentities(strip_tags($value), ENT_QUOTES);
                 } // END - if
  
                 // Return the element's value
diff --git a/inc/includes.php b/inc/includes.php

index a9af02b50245144ec9ed515900e5e26c51395b59..709fb2aaf38989976ce77bd50aeda88ebbeff5d1 100644 (file)
--- a/inc/includes.php
+++ b/inc/includes.php
@@ -52,7 +52,7 @@ if (!empty($_GET['app'])) {
  $application = htmlentities(strip_tags($application), ENT_QUOTES);
  
  // Secure it a little more with a reg.exp.
-$application = preg_replace('/([^a-z_-])+/i', "", $application);
+$application = preg_replace('/([^a-z0-9_-])+/i', "", $application);
  
  // Set the application name for later usage
  $cfg->setConfigEntry('app_name', $application);
author	Roland Häder <roland@mxchange.org>
	Fri, 20 Jun 2008 12:03:39 +0000 (12:03 +0000)
committer	Roland Häder <roland@mxchange.org>
	Fri, 20 Jun 2008 12:03:39 +0000 (12:03 +0000)
application/ship-simu/templates/de/code/login_failed.ctp		patch \| blob \| history
application/ship-simu/templates/de/code/login_logout.ctp		patch \| blob \| history
application/ship-simu/templates/de/code/login_main.ctp		patch \| blob \| history
application/ship-simu/templates/de/code/shipsimu_main.ctp		patch \| blob \| history
inc/classes/exceptions/main/class_InvalidCommandException.php		patch \| blob \| history
inc/classes/main/request/class_HttpRequest.php		patch \| blob \| history
inc/includes.php		patch \| blob \| history