Security fixes

This commit is contained in:
nemunaire 2016-07-17 10:22:51 +02:00
parent 89122cc4a4
commit dc2a338847
5 changed files with 9 additions and 8 deletions

View File

@ -124,6 +124,7 @@ class Question
public function validated()
{
$this->validated = true;
$this->reported = 0;
//Return to normal ID
$this->getNormalId();

View File

@ -24,13 +24,13 @@ else
if ($question->get_writer() != null)
{?><strong>Proposée par :</strong> <a href="mailto:<?php echo $question->get_writer()->getEmail(); ?>"><?php echo $question->get_writer()->getUsername(); ?></a><br><br><?php } ?>
<strong>Cours concerné :</strong> <?php echo $question->getCourse()->getName(); ?><br><br>
<strong>Question posée :</strong> <?php echo $question->getQuestion(); ?><br><br>
<strong>Question posée :</strong> <?php echo nl2br(htmlentities($question->getQuestion(), ENT_COMPAT, "UTF-8")); ?><br><br>
<strong>Réponses valides exhaustives :</strong>
</p>
<?php
echo "<ul>";
foreach($question->getAnswer() as $a)
echo "<li>".$a."</li>";
echo "<li>".htmlentities($a, ENT_COMPAT, "UTF-8")."</li>";
echo "</ul>";
?>
<p>
@ -64,7 +64,7 @@ foreach($cs as $c)
<p id="questionPart">
<label id="q" for="question">Quelle est votre question ? </label><br>
<textarea id="question" name="question" rows="3" cols="70"><?php echo nl2br(htmlentities(utf8_decode($question->getQuestion()))); ?></textarea>
<textarea id="question" name="question" rows="3" cols="70"><?php echo htmlentities($question->getQuestion(), ENT_COMPAT, "UTF-8"); ?></textarea>
</p>
<p id="answerList">
<label for="answer">Quelle est la réponse ?</label><br>

View File

@ -26,7 +26,7 @@ else
<article id="menu">.:
<form method="get" action="?" style="float: right;">
<?php if (isset($_GET["valid"])) echo '<input type="hidden" name="valid">'; ?>
<label for="filter">Filter par code de cours :</label> <input type="text" id="filter" name="filter" value="<?php echo $filter; ?>"> <input type="submit" value="Filtrer">
<label for="filter">Filtrer par code de cours :</label> <input type="text" id="filter" name="filter" value="<?php echo $filter; ?>"> <input type="submit" value="Filtrer">
</form>
<a href="?">Liste des questions non-validées</a> ::
<a href="?<?php if (isset($_GET["valid"])) echo "valid&amp;"; ?>report">Liste des questions rapportées</a> ::
@ -77,7 +77,7 @@ foreach($file->get_questions() as $q)
?>
<tr>
<td><acronym title="<?php echo $q->getCourse()->getName(); ?>"><?php echo $q->getCourse()->getCode(); ?></acronym></td>
<td><?php echo $q->getQuestion(); ?></td>
<td><?php echo htmlentities($q->getQuestion(), ENT_COMPAT, "UTF-8"); ?></td>
<td><?php if ($q->get_writer() != null) echo $q->get_writer()->getUsername(); ?></td>
<td><?php echo strftime("%d/%m/%y %H:%M", $q->getAddedTime()); ?></td>
<td><?php if ($q->get_validator() != null) echo $q->get_validator()->getUsername(); ?>

0
questions.php Executable file → Normal file
View File

View File

@ -21,13 +21,13 @@ else
?>
<p>
<strong>Cours concerné :</strong> <?php echo $question->getCourse()->getName(); ?><br><br>
<strong>Question posée :</strong> <?php echo $question->getQuestion(); ?><br><br>
<strong>Question posée :</strong> <?php echo htmlentities($question->getQuestion(), ENT_COMPAT, "UTF-8"); ?><br><br>
<strong>Réponses valides exhaustives :</strong>
</p>
<?php
echo "<ul>";
foreach($question->getAnswer() as $a)
echo "<li>".$a."</li>";
echo "<li>".htmlentities($a, ENT_COMPAT, "UTF-8")."</li>";
echo "</ul>";
if ($question->isValidation())
{
@ -37,7 +37,7 @@ if ($question->isValidation())
action="thanksRefused.php">
<label for="comment">Précisez les raisons de votre refus</label>
<input name="comment" type="textarea"
rows="5" cols="50" />
rows="5" cols="50">
<input type="hidden" name="id" value="<?php echo $question->getId() ?>">
<input type="submit" value="Refuser la question">