fix: sanitization of username in session where used directly in queries

This commit is contained in:
Martin Ambrus
2017-10-17 13:18:26 +02:00
parent ac5d3538f8
commit ee467fe734
3 changed files with 17 additions and 14 deletions
+5 -4
View File
@@ -19,6 +19,7 @@
include("GameEngine/Village.php");
include("GameEngine/Data/cp.php");
$user_sanitized = $database->escape($_SESSION['username']);
$uArray = $database->getUserArray($_SESSION['username'],0);
$check_quest=$database->getUserField($_SESSION['username'],'quest','username');
@@ -71,7 +72,7 @@ if (isset($qact)){
$_SESSION['qst']= 3;
//Give Reward
if(!$session->plus){
mysqli_query($GLOBALS['link'],"UPDATE ".TB_PREFIX."users set plus = ('".mktime(date("H"),date("i"), date("s"),date("m") , date("d"), date("Y"))."')+86400 where `username`='".$_SESSION['username']."'") or die(mysqli_error($database->dblink));
mysqli_query($GLOBALS['link'],"UPDATE ".TB_PREFIX."users set plus = ('".mktime(date("H"),date("i"), date("s"),date("m") , date("d"), date("Y"))."')+86400 where `username`='".$user_sanitized."'") or die(mysqli_error($database->dblink));
} else {
$plus=$database->getUserField($_SESSION['username'],'plus','username');
$plus+=86400;
@@ -151,7 +152,7 @@ if (isset($qact)){
$_SESSION['qst']= 11;
//Give Reward
if(!$session->plus){
mysqli_query($GLOBALS['link'],"UPDATE ".TB_PREFIX."users set plus = ('".mktime(date("H"),date("i"), date("s"),date("m") , date("d"), date("Y"))."')+172800 where `username`='".$_SESSION['username']."'") or die(mysqli_error($database->dblink));
mysqli_query($GLOBALS['link'],"UPDATE ".TB_PREFIX."users set plus = ('".mktime(date("H"),date("i"), date("s"),date("m") , date("d"), date("Y"))."')+172800 where `username`='".$user_sanitized."'") or die(mysqli_error());
} else {
$plus=$database->getUserField($_SESSION['username'],'plus','username');
$plus+=172800;
@@ -338,7 +339,7 @@ if (isset($qact)){
$_SESSION['qst_time'] = time()+$skipp_time;
//Give Reward
if(!$session->plus){
mysqli_query($GLOBALS['link'],"UPDATE ".TB_PREFIX."users set plus = ('".mktime(date("H"),date("i"), date("s"),date("m") , date("d"), date("Y"))."')+86400 where `username`='".$_SESSION['username']."'") or die(mysqli_error($database->dblink));
mysqli_query($GLOBALS['link'],"UPDATE ".TB_PREFIX."users set plus = ('".mktime(date("H"),date("i"), date("s"),date("m") , date("d"), date("Y"))."')+86400 where `username`='".$user_sanitized."'") or die(mysqli_error());
} else {
$plus=$database->getUserField($_SESSION['username'],'plus','username');
$plus+=86400;
@@ -401,7 +402,7 @@ if (isset($qact)){
$_SESSION['qst']= 97;
//Give Reward 20 gold + 2 days plus
if(!$session->plus){
mysqli_query($GLOBALS['link'],"UPDATE ".TB_PREFIX."users set plus = ('".mktime(date("H"),date("i"), date("s"),date("m") , date("d"), date("Y"))."')+172800 where `username`='".$_SESSION['username']."'") or die(mysqli_error($database->dblink));
mysqli_query($GLOBALS['link'],"UPDATE ".TB_PREFIX."users set plus = ('".mktime(date("H"),date("i"), date("s"),date("m") , date("d"), date("Y"))."')+172800 where `username`='".$user_sanitized."'") or die(mysqli_error());
} else {
$plus=$database->getUserField($_SESSION['username'],'plus','username');
$plus+=172800;
+5 -4
View File
@@ -21,6 +21,7 @@ if (!isset($_SESSION)) {
include_once("GameEngine/Village.php");
include_once("GameEngine/Data/cp.php");
$user_sanitized = $database->escape($_SESSION['username']);
$uArray = $database->getUserArray($_SESSION['username'],0);
$check_quest=$uArray['quest'];
$_SESSION['qst_time'] = $uArray['quest_time'];
@@ -69,7 +70,7 @@ if (isset($qact)){
$_SESSION['qst']= 3;
//Give Reward
if(!$session->plus){
mysqli_query($GLOBALS['link'],"UPDATE ".TB_PREFIX."users set plus = ('".mktime(date("H"),date("i"), date("s"),date("m") , date("d"), date("Y"))."')+86400 where `username`='".$_SESSION['username']."'") or die(mysqli_error($database->dblink));
mysqli_query($GLOBALS['link'],"UPDATE ".TB_PREFIX."users set plus = ('".mktime(date("H"),date("i"), date("s"),date("m") , date("d"), date("Y"))."')+86400 where `username`='".$user_sanitized."'") or die(mysqli_error($database->dblink));
} else {
$plus=$database->getUserField($_SESSION['username'],'plus','username');
$plus+=86400;
@@ -154,7 +155,7 @@ if (isset($qact)){
$_SESSION['qst']= 11;
//Give Reward
if(!$session->plus){
mysqli_query($GLOBALS['link'],"UPDATE ".TB_PREFIX."users set plus = ('".mktime(date("H"),date("i"), date("s"),date("m") , date("d"), date("Y"))."')+172800 where `username`='".$_SESSION['username']."'") or die(mysqli_error($database->dblink));
mysqli_query($GLOBALS['link'],"UPDATE ".TB_PREFIX."users set plus = ('".mktime(date("H"),date("i"), date("s"),date("m") , date("d"), date("Y"))."')+172800 where `username`='".$user_sanitized."'") or die(mysqli_error($database->dblink));
} else {
$plus=$database->getUserField($_SESSION['username'],'plus','username');
$plus+=172800;
@@ -322,7 +323,7 @@ if (isset($qact)){
$_SESSION['qst_time'] = time()+$skipp_time;
//Give Reward
if(!$session->plus){
mysqli_query($GLOBALS['link'],"UPDATE ".TB_PREFIX."users set plus = ('".mktime(date("H"),date("i"), date("s"),date("m") , date("d"), date("Y"))."')+86400 where `username`='".$_SESSION['username']."'") or die(mysqli_error($database->dblink));
mysqli_query($GLOBALS['link'],"UPDATE ".TB_PREFIX."users set plus = ('".mktime(date("H"),date("i"), date("s"),date("m") , date("d"), date("Y"))."')+86400 where `username`='".$user_sanitized."'") or die(mysqli_error($database->dblink));
} else {
$plus=$database->getUserField($_SESSION['username'],'plus',1);
$plus+=86400;
@@ -385,7 +386,7 @@ if (isset($qact)){
$_SESSION['qst']= 97;
//Give Reward 20 gold + 2 days plus
if(!$session->plus){
mysqli_query($GLOBALS['link'],"UPDATE ".TB_PREFIX."users set plus = ('".mktime(date("H"),date("i"), date("s"),date("m") , date("d"), date("Y"))."')+172800 where `username`='".$_SESSION['username']."'") or die(mysqli_error($database->dblink));
mysqli_query($GLOBALS['link'],"UPDATE ".TB_PREFIX."users set plus = ('".mktime(date("H"),date("i"), date("s"),date("m") , date("d"), date("Y"))."')+172800 where `username`='".$user_sanitized."'") or die(mysqli_error($database->dblink));
} else {
$plus=$database->getUserField($_SESSION['username'],'plus',1);
$plus+=172800;