sanitize_tags-escape_string-in-inc.diff on Ticket #1129 – Attachment – BOINC

uotd.inc

     $user = lookup_user_id($profile->userid);
     echo uotd_thumbnail($profile, $user);
     echo user_links($user, true)."<br>";
     echo sub_sentence(output_transform(strip_tags($profile->response1)), ' ', 150, true);
+    echo sub_sentence(output_transform(sanitize_tags($profile->response1)), ' ', 150, true);
+}
 // return the last UOTD profile, or null
 …
             $x .= uotd_thumbnail($profile, $user);
             $x .= user_links($user);
             $x .= "&nbsp;&nbsp;".
                 sub_sentence(strip_tags(output_transform($profile->response1)), ' ',
+                sub_sentence(sanitize_tags(output_transform($profile->response1)), ' ',
 , true);
+        }
         else {

+}
 function pm_send($from_user, $to_user, $subject, $content, $send_email) {
     $sql_subject = boinc_real_escape_string(strip_tags($subject));
     $sql_content = boinc_real_escape_string($content);
+    $sql_subject = BoincDb::escape_string(sanitize_tags($subject));
+    $sql_content = BoincDb::escape_string($content);
     $mid = BoincPrivateMessage::insert("(userid, senderid, date, subject, content) VALUES ($to_user->id, $from_user->id, UNIX_TIMESTAMP(), '$sql_subject', '$sql_content')");
     if (!$mid) {
         error_page(tra("Couldn't create message"));

         if ($curpage > 0){
             $navbar = '<a href="forum_forum.php?id='.$forum->id.'&start='.(($curpage-1)*THREADS_PER_PAGE);
             if ($sort) $navbar.='&sort='.$sort;
             $navbar.= '"> &lt;-- Previous</a> ';
+            $navbar.= '"> &lt;-- ".tra("Previous")."</a> ';
+        }
         // Display a list of pages surrounding this one
 …
         if ($curpage+1 < $total){
             $navbar.= '<a href="forum_forum.php?id='.$forum->id.'&start='.(($curpage+1)*THREADS_PER_PAGE);
             if ($sort) $navbar.='&sort='.$sort;
             $navbar.= '"> Next --&gt;</a>';
+            $navbar.= '"> ".tra("Next")." --&gt;</a>';
+        }
+    }
 …
 //  Process a user-supplied title to remove HTML stuff
 //
 function cleanup_title($title) {
     $x = strip_tags(bb2html($title));
+    $x = sanitize_tags(bb2html($title));
     $x = trim($x);
     if (strlen($x)==0) return "(no title)";
     else return $x;
 …
 function create_thread($title, $content, $user, $forum, $signature, $export) {
     $title = trim($title);
     $title = strip_tags($title);
+    $title = sanitize_tags($title);
     $title = mysql_real_escape_string($title);
     $now = time();
     $status = 0;

     if (!is_valid_country($country)) return null;
     $email_addr = BoincDb::escape_string($email_addr);
     $name = strip_tags($name);
+    $name = sanitize_tags($name);
     $name = BoincDb::escape_string($name);
     $passwd_hash = BoincDb::escape_string($passwd_hash);
     $country = BoincDb::escape_string($country);
     $postal_code = strip_tags(BoincDb::escape_string($postal_code));
+    $postal_code = sanitize_tags(BoincDb::escape_string($postal_code));
     $uid = BoincUser::insert("(create_time, email_addr, name, authenticator, country, postal_code, total_credit, expavg_credit, expavg_time, project_prefs, teamid,  send_email, show_hosts, cross_project_id, passwd_hash) values($now, '$email_addr', '$name', '$authenticator', '$country', '$postal_code', 0, 0, unix_timestamp(), '$project_prefs', $teamid, 1, 1, '$cross_project_id', '$passwd_hash')");

 function make_team(
     $userid, $name, $url, $type, $name_html, $description, $country
 ) {
     $name = BoincDb::escape_string(strip_tags($name));
+    $name = BoincDb::escape_string(sanitize_tags($name));
     if (strlen($name) == 0) return null;
     $name_lc = strtolower($name);
     $url = BoincDb::escape_string(strip_tags($url));
+    $url = BoincDb::escape_string(sanitize_tags($url));
     if (strstr($url, "http://")) {
         $url = substr($url, 7);
+    }

+    }
     //$t = htmlspecialchars($t);
     echo "<item>
         <title><![CDATA[".strip_tags(bb2html($thread->title))."]]></title>
+        <title><![CDATA[".sanitize_tags(bb2html($thread->title))."]]></title>
         <link>$unique_url</link>
         <guid isPermaLink=\"true\">$unique_url</guid>
         <description><![CDATA[\n$t\n]]></description>

     if (strlen($profile->response1) != 0) {
         $temp = $profile->response1;
         $description = "(\"" . sub_sentence(strip_tags($temp), ' ', MAX_DESC_LENGTH, true) . "\")";
+        $description = "(\"" . sub_sentence(sanitize_tags($temp), ' ', MAX_DESC_LENGTH, true) . "\")";
+    }

 ) {
     global $caching, $cache_control_extra, $did_page_head;
         $did_page_head = true;
+    $did_page_head = true;
     $stylesheet = URL_BASE.STYLESHEET;
     $rssname = PROJECT . " RSS 2.0";
     $rsslink = URL_BASE."rss_main.php";
 …
     echo "<!DOCTYPE html PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\" \"http://www.w3.org/TR/html4/loose.dtd\">";
     if (!$title_plain) {
         echo "<html><head><title>".strip_tags($title)."</title>\n";
+        echo "<html><head><title>".sanitize_tags($title)."</title>\n";
     } else {
         echo "<html><head><title>".strip_tags($title_plain)."</title>\n";
+        echo "<html><head><title>".sanitize_tags($title_plain)."</title>\n";
+    }
     echo "<link rel=stylesheet type=\"text/css\" href=\"".URL_BASE."main.css\" media=\"all\" />
         <link rel=stylesheet type=\"text/css\" href=\"$stylesheet\">

+}
 function lookup_user_name($name) {
+    // TODO: is the following double escaped? Why?
     $name = BoincDb::escape_string($name);
     $users = BoincUser::enum("name='".boinc_real_escape_string($name)."'");
     if (sizeof($users)==1) {
 …
     return BoincApp::lookup_id($id);
+}
+// DEPRECATED: use BoincDb::escape_string where possible
+//
 // apply this to any user-supplied strings used in queries
 //
+//
 function boinc_real_escape_string($x) {
     if (version_compare(phpversion(),"4.3.0")>=0) {
         return BoincDb::escape_string($x);