Point808/LobbySIO
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Vulnerability remediation

Browse Source
This commit is contained in:
Josh North
2021-05-28 15:31:54 -04:00
parent 2a8ee2d90f
commit 9043ccb0e2
18 changed files with 316 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
signin_display.php
View File

@@ -19,9 +19,11 @@
ini_set('session.gc_maxlifetime', 24*60*60); // MIN SESSION
ini_set('session.gc_probability', 1); // GC RATES
ini_set('session.gc_divisor', 100); // TIMES
ini_set("session. cookie_httponly", 1);
session_save_path('.tmp'); // TEMP
session_start(); // START
require_once __DIR__ . '/autoload.php'; // AUTOLOAD
use App\LobbySIO\Misc\Csrf; // ANTICSRF
$StaticFunctions = new \App\LobbySIO\Misc\StaticFunctions(); // DEFAULT CLASSES
$SiteInfo = new \App\LobbySIO\Database\SiteInfo();
$Users = new \App\LobbySIO\Database\Users();
@@ -47,15 +49,22 @@
require_once("inc/header.inc.php");
if ($StaticFunctions->getSessionStatus() == true) { // CHECK STATUS
header('Location: index.php'); // ELSE HOME
} else { ?>
} else {
header("X-Frame-Options: SAMEORIGIN");
header("Content-Security-Policy: frame-ancestors 'none'", false);
if (!empty($_GET['a'])) {
echo '<pre>' . print_r($_POST, true) . '</pre>';
echo 'Verification has been : ' . (Csrf::verifyToken('home') ? 'successful' : 'unsuccessful');
}
?>
<!-- START CONTENT -->
<?php if (!empty($_POST)) { // PROCESS POST
if (empty($_POST['carnum'])) { $carnum="";} else {$carnum=$_POST['carnum'];};
if (empty($_POST['ssanum'])) { $ssanum="";} else {$ssanum=$_POST['ssanum'];};
echo $VisitActions->newVisit($_POST['firstname'], $_POST['lastname'], $_POST['company'], $_POST['visit_type'], $StaticFunctions->getUTC(), $_POST['v_signature'], $_POST['siteid'], "1", $_POST['e_signature'], $_POST['escort'], $carnum, $ssanum);
if (empty(filter_input(INPUT_POST, 'carnum', FILTER_SANITIZE_STRING))) { $carnum="";} else {$carnum=filter_input(INPUT_POST, 'carnum', FILTER_SANITIZE_STRING);};
if (empty(filter_input(INPUT_POST, 'ssanum', FILTER_SANITIZE_STRING))) { $ssanum="";} else {$ssanum=filter_input(INPUT_POST, 'ssanum', FILTER_SANITIZE_STRING);};
echo $VisitActions->newVisit(filter_input(INPUT_POST, 'firstname', FILTER_SANITIZE_STRING), filter_input(INPUT_POST, 'lastname', FILTER_SANITIZE_STRING), filter_input(INPUT_POST, 'company', FILTER_SANITIZE_STRING), filter_input(INPUT_POST, 'visit_type', FILTER_SANITIZE_STRING), $StaticFunctions->getUTC(), filter_input(INPUT_POST, 'v_signature', FILTER_SANITIZE_STRING), filter_input(INPUT_POST, 'siteid', FILTER_SANITIZE_STRING), "1", filter_input(INPUT_POST, 'e_signature', FILTER_SANITIZE_STRING), filter_input(INPUT_POST, 'escort', FILTER_SANITIZE_STRING), $carnum, $ssanum);
?>
<div class="container">
<div class="row row-cols-1">
@@ -73,7 +82,7 @@
</thead>
<tbody>
<tr>
<td><?php echo $timenow; ?><br><?php echo $transLang[$VisitTypeInfo->getVisitTypeInfo($_POST['visit_type'])[0]["visittypes_name"]]; ?></td><td><?php echo $_POST['company']; ?></td><td><?php echo $_POST['lastname']; ?>, <?php echo $_POST['firstname']; ?><br><img src="<?php echo $_POST['v_signature']; ?>" width="200" height="50" /></td><td><?php if (!empty($_POST['escort'])): echo $_POST['escort']; endif; ?><br /><?php if (!empty($_POST['e_signature'])): ?><img src="<?php echo $_POST['e_signature']; ?>" width="200" height="50" /><?php endif; ?></td>
<td><?php echo $timenow; ?><br><?php echo $transLang[$VisitTypeInfo->getVisitTypeInfo(filter_input(INPUT_POST, 'visit_type', FILTER_SANITIZE_STRING))[0]["visittypes_name"]]; ?></td><td><?php echo filter_input(INPUT_POST, 'company', FILTER_SANITIZE_STRING); ?></td><td><?php echo filter_input(INPUT_POST, 'lastname', FILTER_SANITIZE_STRING); ?>, <?php echo filter_input(INPUT_POST, 'firstname', FILTER_SANITIZE_STRING); ?><br><img src="<?php echo filter_input(INPUT_POST, 'v_signature', FILTER_SANITIZE_STRING); ?>" width="200" height="50" /></td><td><?php if (!empty(filter_input(INPUT_POST, 'escort', FILTER_SANITIZE_STRING))): echo filter_input(INPUT_POST, 'escort', FILTER_SANITIZE_STRING); endif; ?><br /><?php if (!empty(filter_input(INPUT_POST, 'e_signature', FILTER_SANITIZE_STRING))): ?><img src="<?php echo filter_input(INPUT_POST, 'e_signature', FILTER_SANITIZE_STRING); ?>" width="200" height="50" /><?php endif; ?></td>
</tr>
</tbody>
</table>