зеркало из https://github.com/mozilla/gecko-dev.git
trim and remove html of all service input. Not part of any build.
This commit is contained in:
robert%accettura.com
Родитель
bd1eb9e46e
Коммит
fc374ed1e4
|
|
@ -293,4 +293,11 @@ function printheaders(){
|
|||
header('Pragma: no-cache');
|
||||
header('X-Powered-By: A Barrel of Monkey\'s ');
|
||||
}
|
||||
|
||||
function strip_all_tags($input){
|
||||
while($input != strip_tags($input)) {
|
||||
$input = strip_tags($input);
|
||||
}
|
||||
return $input;
|
||||
}
|
||||
?>
|
||||
|
|
@ -38,6 +38,7 @@
|
|||
|
||||
require_once('../config.inc.php');
|
||||
require_once('DB.php');
|
||||
require_once($config['app_path'].'/includes/iolib.inc.php');
|
||||
require_once($config['nusoap_path'].'/nusoap.php');
|
||||
|
||||
// Create the server instance
|
||||
|
|
@ -80,6 +81,22 @@ $server->register(
|
|||
function submitReport($rmoVers, $url, $problem_type, $description, $behind_login, $platform, $oscpu, $gecko, $product, $useragent, $buildconfig, $language, $email, $sysid) {
|
||||
global $config;
|
||||
|
||||
// Remove any HTML tags and whitespace
|
||||
$rmoVers = trim(strip_all_tags($rmoVers));
|
||||
$url = trim(strip_all_tags($url));
|
||||
$problem_type = trim(strip_all_tags($problem_type));
|
||||
$description = trim(strip_all_tags($description));
|
||||
$behind_login = trim(strip_all_tags($behind_login));
|
||||
$platform = trim(strip_all_tags($platform));
|
||||
$oscpu = trim(strip_all_tags($oscpu));
|
||||
$gecko = trim(strip_all_tags($gecko));
|
||||
$product = trim(strip_all_tags($product));
|
||||
$useragent = trim(strip_all_tags($useragent));
|
||||
$buildconfig = trim(strip_all_tags($buildconfig));
|
||||
$language = trim(strip_all_tags($language));
|
||||
$email = trim(strip_all_tags($email));
|
||||
$sysid = trim(strip_all_tags($sysid));
|
||||
|
||||
// check verison
|
||||
if ($rmoVers < $config['min_vers']){
|
||||
return new soap_fault('Client', '', 'Your product is out of date, please upgrade. See http://reporter-test.mozilla.org/install for details.', $rmoVers);
|
||||
|
|
@ -130,7 +147,6 @@ function submitReport($rmoVers, $url, $problem_type, $description, $behind_login
|
|||
$report_id = 'RMO'.str_replace(".", "", array_sum(explode(' ', microtime())));
|
||||
|
||||
// Initialize Database
|
||||
//PEAR::setErrorHandling(PEAR_ERROR_CALLBACK, 'handleErrorsSOAP');
|
||||
$db =& DB::connect($config['db_dsn']);
|
||||
|
||||
$sysIDQuery = $db->query("SELECT `sysid_id` FROM `sysid` WHERE `sysid_id` = '".$db->escapeSimple($sysid)."'");
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче