Point808/LobbySIO
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Vulnerability remediation

Browse Source
This commit is contained in:
Josh North
2021-05-28 15:31:54 -04:00
parent 2a8ee2d90f
commit 9043ccb0e2
18 changed files with 316 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
signin_4.php
View File

@@ -19,9 +19,11 @@
ini_set('session.gc_maxlifetime', 24*60*60); // MIN SESSION
ini_set('session.gc_probability', 1); // GC RATES
ini_set('session.gc_divisor', 100); // TIMES
ini_set("session. cookie_httponly", 1);
session_save_path('.tmp'); // TEMP
session_start(); // START
require_once __DIR__ . '/autoload.php'; // AUTOLOAD
use App\LobbySIO\Misc\Csrf; // ANTICSRF
$StaticFunctions = new \App\LobbySIO\Misc\StaticFunctions(); // DEFAULT CLASSES
$SiteInfo = new \App\LobbySIO\Database\SiteInfo();
$Users = new \App\LobbySIO\Database\Users();
@@ -46,21 +48,28 @@
require_once("inc/header.inc.php");
if ($StaticFunctions->getSessionStatus() == true) { // CHECK STATUS
header('Location: index.php'); // ELSE HOME
} else { ?>
} else {
header("X-Frame-Options: SAMEORIGIN");
header("Content-Security-Policy: frame-ancestors 'none'", false);
if (!empty($_GET['a'])) {
echo '<pre>' . print_r($_POST, true) . '</pre>';
echo 'Verification has been : ' . (Csrf::verifyToken('home') ? 'successful' : 'unsuccessful');
}
?>
<!-- START CONTENT -->
<?php if (!empty($_POST)) { // PROCESS POST
if (empty($_POST['carnum'])) { $carnum="";} else {$carnum=$_POST['carnum'];};
if (empty($_POST['ssanum'])) { $ssanum="";} else {$ssanum=$_POST['ssanum'];};
if (empty($_POST['firstname'])) { $firstname="";} else {$firstname=$_POST['firstname'];};
if (empty($_POST['lastname'])) { $lastname="";} else {$lastname=$_POST['lastname'];};
if (empty($_POST['company'])) { $company="";} else {$company=$_POST['company'];};
if (empty($_POST['visit_type'])) { $visit_type="";} else {$visit_type=$_POST['visit_type'];};
if (empty($_POST['v_signature'])) { $v_signature="";} else {$v_signature=$_POST['v_signature'];};
if (empty($_POST['e_signature'])) { $e_signature="";} else {$e_signature=$_POST['e_signature'];};
if (empty($_POST['escort'])) { $escort="";} else {$escort=$_POST['escort'];};
if (empty(filter_input(INPUT_POST, 'carnum', FILTER_SANITIZE_STRING))) { $carnum="";} else {$carnum=filter_input(INPUT_POST, 'carnum', FILTER_SANITIZE_STRING);};
if (empty(filter_input(INPUT_POST, 'ssanum', FILTER_SANITIZE_STRING))) { $ssanum="";} else {$ssanum=filter_input(INPUT_POST, 'ssanum', FILTER_SANITIZE_STRING);};
if (empty(filter_input(INPUT_POST, 'firstname', FILTER_SANITIZE_STRING))) { $firstname="";} else {$firstname=filter_input(INPUT_POST, 'firstname', FILTER_SANITIZE_STRING);};
if (empty(filter_input(INPUT_POST, 'lastname', FILTER_SANITIZE_STRING))) { $lastname="";} else {$lastname=filter_input(INPUT_POST, 'lastname', FILTER_SANITIZE_STRING);};
if (empty(filter_input(INPUT_POST, 'company', FILTER_SANITIZE_STRING))) { $company="";} else {$company=filter_input(INPUT_POST, 'company', FILTER_SANITIZE_STRING);};
if (empty(filter_input(INPUT_POST, 'visit_type', FILTER_SANITIZE_STRING))) { $visit_type="";} else {$visit_type=filter_input(INPUT_POST, 'visit_type', FILTER_SANITIZE_STRING);};
if (empty(filter_input(INPUT_POST, 'v_signature', FILTER_SANITIZE_STRING))) { $v_signature="";} else {$v_signature=filter_input(INPUT_POST, 'v_signature', FILTER_SANITIZE_STRING);};
if (empty(filter_input(INPUT_POST, 'e_signature', FILTER_SANITIZE_STRING))) { $e_signature="";} else {$e_signature=filter_input(INPUT_POST, 'e_signature', FILTER_SANITIZE_STRING);};
if (empty(filter_input(INPUT_POST, 'escort', FILTER_SANITIZE_STRING))) { $escort="";} else {$escort=filter_input(INPUT_POST, 'escort', FILTER_SANITIZE_STRING);};
?>
<div class="container">
<div class="row row-cols-1">
@@ -69,6 +78,7 @@
</div>
</div>
<form name="form-signin" class="form-signin" action="signin_display.php" method="post">
<?php echo Csrf::getInputToken('home') ?>
<div class="row row-cols-1">
<div class="col">
<input type="hidden" name="siteid" id="siteid" value="<?php echo $siteid; ?>" />