From 8b1557bdb1adbaca4eadb53c5cb608a8258e4805 Mon Sep 17 00:00:00 2001
From: Josh North <josh.north@point808.com>
Date: Mon, 9 Aug 2021 12:08:40 -0400
Subject: [PATCH] Remediate other vulns

---
 css/index.php |  9 ++++++++-
 index.php     |  4 ++--
 login.php     | 10 +++++-----
 3 files changed, 15 insertions(+), 8 deletions(-)

diff --git a/css/index.php b/css/index.php
index 6858dd0..5aafc08 100644
--- a/css/index.php
+++ b/css/index.php
@@ -15,4 +15,11 @@
  * You should have received a copy of the GNU General Public License
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
-
+    ini_set('session.gc_maxlifetime', 24*60*60);                                // MIN SESSION
+    ini_set('session.gc_probability', 1);                                       // GC RATES
+    ini_set('session.gc_divisor', 100);                                         // TIMES
+    ini_set('session.use_cookies', '1');
+    ini_set('session.use_only_cookies', '1');
+    ini_set('session.cookie_secure', '0');
+    ini_set('session.cookie_httponly', '0');
+    ini_set('session.cookie_samesite', 'Lax');
diff --git a/index.php b/index.php
index 2f5f709..5ebcd63 100644
--- a/index.php
+++ b/index.php
@@ -63,10 +63,10 @@
     $session_user = $Users->getUserInfo($sessuserid, "1", "0"); }
     if (isset($session_user)) {                                                 // GET UID OR SET TO KIOSK
         $uid = $session_user["0"]["users_id"];} else { $uid = "2"; }
-    $app_disp_lang = filter_input(INPUT_COOKIE, 'app_disp_lang');               // SETUP LANGUAGE
+    $app_disp_lang = filter_input(INPUT_COOKIE, 'app_disp_lang', FILTER_SANITIZE_FULL_SPECIAL_CHARS);               // SETUP LANGUAGE
     if(!isset($app_disp_lang)) {
         $app_disp_lang=$StaticFunctions->getDefaultLanguage(); }
-    $siteidcookie = filter_input(INPUT_COOKIE, 'app_site');                     // SETUP SITE
+    $siteidcookie = filter_input(INPUT_COOKIE, 'app_site', FILTER_SANITIZE_FULL_SPECIAL_CHARS);                     // SETUP SITE
     foreach($SiteInfo->getSite("0", $uid, "0", "0") as $arr) {
         $lookup_array[$arr['sites_id']]=1; }
         if(isset($lookup_array[$siteidcookie])) {
diff --git a/login.php b/login.php
index 2a1ad21..3922329 100644
--- a/login.php
+++ b/login.php
@@ -64,10 +64,10 @@
     $session_user = $Users->getUserInfo($sessuserid, "1", "0"); }
     if (isset($session_user)) {                                                 // GET UID OR SET TO KIOSK
         $uid = $session_user["0"]["users_id"];} else { $uid = "2"; }
-    $app_disp_lang = filter_input(INPUT_COOKIE, 'app_disp_lang');               // SETUP LANGUAGE
+    $app_disp_lang = filter_input(INPUT_COOKIE, 'app_disp_lang', FILTER_SANITIZE_FULL_SPECIAL_CHARS);               // SETUP LANGUAGE
     if(!isset($app_disp_lang)) {
         $app_disp_lang=$StaticFunctions->getDefaultLanguage(); }
-    $siteidcookie = filter_input(INPUT_COOKIE, 'app_site');                     // SETUP SITE
+    $siteidcookie = filter_input(INPUT_COOKIE, 'app_site', FILTER_SANITIZE_FULL_SPECIAL_CHARS);                     // SETUP SITE
     foreach($SiteInfo->getSite("0", $uid, "0", "0") as $arr) {
         $lookup_array[$arr['sites_id']]=1; }
         if(isset($lookup_array[$siteidcookie])) {
@@ -84,7 +84,7 @@
       header("X-Frame-Options: SAMEORIGIN");
       header("X-Content-Type-Options: nosniff");
       //header("Content-Security-Policy: script-src 'self' 'unsafe-inline'; script-src-elem 'self'; script-src-attr 'self'; style-src 'self'; style-src-elem 'self'; style-src-attr 'self'; img-src 'self'; connect-src 'self'; frame-src 'self'; font-src 'self'; media-src 'self'; object-src 'self'; manifest-src 'self'; worker-src 'self'; prefetch-src 'self'; form-action 'self'; frame-ancestors 'self'; default-src 'self'", false);
-      if (!empty(filter_input(INPUT_GET, 'a', FILTER_SANITIZE_SPECIAL_CHARS))) {
+      if (!empty(filter_input(INPUT_GET, 'a', FILTER_SANITIZE_FULL_SPECIAL_CHARS))) {
         //echo '<pre>' . print_r($_POST, true) . '</pre>';
         echo 'Verification has been : ' . (Csrf::verifyToken('home') ? 'successful' : 'unsuccessful');
       }
@@ -97,8 +97,8 @@
 require_once("src/Misc/PasswordHash.php");
 $hasher = new PasswordHash(8, FALSE);
 // compare if posted
-if (!empty(filter_input(INPUT_POST, 'username', FILTER_SANITIZE_SPECIAL_CHARS))):
-    $user = $Users->loginUser(filter_input(INPUT_POST, 'username', FILTER_SANITIZE_SPECIAL_CHARS));
+if (!empty(filter_input(INPUT_POST, 'username', FILTER_SANITIZE_FULL_SPECIAL_CHARS))):
+    $user = $Users->loginUser(filter_input(INPUT_POST, 'username', FILTER_SANITIZE_FULL_SPECIAL_CHARS));
     if ($user && $user[0]["users_password"] == $hasher->CheckPassword(filter_input(INPUT_POST, 'password', FILTER_SANITIZE_FULL_SPECIAL_CHARS), $user[0]["users_password"])):
         session_regenerate_id();
         $_SESSION['user_id']   = $user[0]["users_id"];