From e78ec6458b81a3c665b08f862b8bc16c7a80a41f Mon Sep 17 00:00:00 2001
From: =?utf8?q?Roland=20H=C3=A4der?= <roland@mxchange.org>
Date: Fri, 20 Jun 2008 12:03:39 +0000
Subject: [PATCH] Request data is now generally secured

---
 .../ship-simu/templates/de/code/login_failed.ctp      |  2 ++
 .../ship-simu/templates/de/code/login_logout.ctp      |  1 +
 .../ship-simu/templates/de/code/login_main.ctp        | 11 +++++++++--
 .../ship-simu/templates/de/code/shipsimu_main.ctp     | 10 +++++-----
 .../exceptions/main/class_InvalidCommandException.php |  2 +-
 inc/classes/main/request/class_HttpRequest.php        |  9 +++++++--
 inc/includes.php                                      |  2 +-
 7 files changed, 26 insertions(+), 11 deletions(-)

diff --git a/application/ship-simu/templates/de/code/login_failed.ctp b/application/ship-simu/templates/de/code/login_failed.ctp
index 4d9d42e..81af6a1 100644
--- a/application/ship-simu/templates/de/code/login_failed.ctp
+++ b/application/ship-simu/templates/de/code/login_failed.ctp
@@ -4,6 +4,7 @@
 
 <div id="content_body">
 	Du bist nicht mehr in Ship-Simu eingeloggt. Dies kann verschiedene Gr&uuml;nde haben:
+
 	<ol id="login_failed_list">
 		<li>Dein Browser nimmt keine Cookies an.</li>
 		<li>Du hast den Loginbereich aus deinen Bookmarks/Favoriten aufgerufen
@@ -12,6 +13,7 @@
 			kannst. Bitte kontaktiere den Support, falls dieses Problem
 			weiterhin besteht.</li>
 	</ol>
+
 	Wenn du den Support kontaktierst, halte bitte s&auml;mtliche relevante
 	Informationen - <span class="important_note">nicht aber dein Passwort</span>
 	- bereit. Du kannst auch einen Screenshot dieser Seite anfertigen und dem
diff --git a/application/ship-simu/templates/de/code/login_logout.ctp b/application/ship-simu/templates/de/code/login_logout.ctp
index e0eb6d6..aa4ca11 100644
--- a/application/ship-simu/templates/de/code/login_logout.ctp
+++ b/application/ship-simu/templates/de/code/login_logout.ctp
@@ -2,6 +2,7 @@
 	<div id="logout_header">
 		Willst du dich wirklich aus dem Spiel aussloggen?
 	</div>
+
 	<div id="logout_links">
 		[<a href="$config[base_url]/index.php?app=ship-simu&amp;page=login_area&amp;action=logout&amp;logout=1">Ja</a>] | [<a href="$config[base_url]/index.php?app=ship-simu&amp;page=login_area">Nein</a>]
 	</div>
diff --git a/application/ship-simu/templates/de/code/login_main.ctp b/application/ship-simu/templates/de/code/login_main.ctp
index 3f7cf5f..b111601 100644
--- a/application/ship-simu/templates/de/code/login_main.ctp
+++ b/application/ship-simu/templates/de/code/login_main.ctp
@@ -10,7 +10,11 @@
 	<div id="persona_header">
 		Account-Infos:
 	</div>
-	{?persona_data?}
+
+	<div id="persona_body">
+		{?persona_data?}
+	</div>
+
 	<div id="logout_link">
 		[<a href="$config[base_url]/index.php?app=ship-simu&amp;page=login_area&amp;action=logout"
 		 title="Aus dem Spiel ausloggen">Ausloggen</a>]
@@ -21,5 +25,8 @@
 	<div id="company_header">
 		Reederei-Infos:
 	</div>
-	{?company_data?}
+
+	<div id="company_body">
+		{?company_data?}
+	</div>
 </div>
diff --git a/application/ship-simu/templates/de/code/shipsimu_main.ctp b/application/ship-simu/templates/de/code/shipsimu_main.ctp
index ff1ab2c..e15d8d9 100644
--- a/application/ship-simu/templates/de/code/shipsimu_main.ctp
+++ b/application/ship-simu/templates/de/code/shipsimu_main.ctp
@@ -1,23 +1,23 @@
 {?header?}
 
 <div id="main_header">
-{?ship_simu_header?}
+	{?ship_simu_header?}
 </div>
 
 <div id="navigation">
-{?navigation?}
+	{?navigation?}
 </div>
 
 <div id="advert">
-{?nav_advert?}
+	{?nav_advert?}
 </div>
 
 <div id="main_content">
-{?content?}
+	{?content?}
 </div>
 
 <div id="main_footer">
-{?ship_simu_footer?}
+	{?ship_simu_footer?}
 </div>
 
 {?footer?}
diff --git a/inc/classes/exceptions/main/class_InvalidCommandException.php b/inc/classes/exceptions/main/class_InvalidCommandException.php
index add1645..d8ec33d 100644
--- a/inc/classes/exceptions/main/class_InvalidCommandException.php
+++ b/inc/classes/exceptions/main/class_InvalidCommandException.php
@@ -34,7 +34,7 @@ class InvalidCommandException extends FrameworkException {
 		$message = sprintf("[%s:%d] Invalid command <u>%s</u> detected.",
 			$msgArray[0]->__toString(),
 			$this->getLine(),
-			htmlentities(strip_tags($msgArray[1]), ENT_QUOTES)
+			$msgArray[1]
 		);
 
 		// Call parent constructor
diff --git a/inc/classes/main/request/class_HttpRequest.php b/inc/classes/main/request/class_HttpRequest.php
index 1a64747..b12855f 100644
--- a/inc/classes/main/request/class_HttpRequest.php
+++ b/inc/classes/main/request/class_HttpRequest.php
@@ -1,6 +1,6 @@
 <?php
 /**
- * A concrete HTTP request class to make HTTP requests more abstract
+ * A concrete and secured HTTP request class to make HTTP requests more abstract
  *
  * @author		Roland Haeder <webmaster@ship-simu.org>
  * @version		0.0.0
@@ -109,8 +109,13 @@ class HttpRequest extends BaseFrameworkSystem implements Requestable {
 		// Initialize value
 		$value = null;
 
+		// Is the element set?
 		if ($this->isRequestElementSet($element)) {
-				$value = $this->requestData[$element];
+			// Get the bare value
+			$value = $this->requestData[$element];
+
+			// Secure it against attacks
+			$value = htmlentities(strip_tags($value), ENT_QUOTES);
 		} // END - if
 
 		// Return the element's value
diff --git a/inc/includes.php b/inc/includes.php
index a9af02b..709fb2a 100644
--- a/inc/includes.php
+++ b/inc/includes.php
@@ -52,7 +52,7 @@ if (!empty($_GET['app'])) {
 $application = htmlentities(strip_tags($application), ENT_QUOTES);
 
 // Secure it a little more with a reg.exp.
-$application = preg_replace('/([^a-z_-])+/i', "", $application);
+$application = preg_replace('/([^a-z0-9_-])+/i', "", $application);
 
 // Set the application name for later usage
 $cfg->setConfigEntry('app_name', $application);
-- 
2.39.5