Security Fixes, Mainly
This commit is contained in:
+6
-1
@@ -1,4 +1,9 @@
|
|||||||
<?php
|
<?php
|
||||||
|
|
||||||
|
/* Prevent XSS input */
|
||||||
|
$_GET = filter_input_array(INPUT_GET, FILTER_SANITIZE_STRING);
|
||||||
|
$_POST = filter_input_array(INPUT_POST, FILTER_SANITIZE_STRING);
|
||||||
|
|
||||||
$sys_timezone = "";
|
$sys_timezone = "";
|
||||||
// If we can get the timezome from the systems timezone file ust that
|
// If we can get the timezome from the systems timezone file ust that
|
||||||
if (file_exists('/etc/timezone')) {
|
if (file_exists('/etc/timezone')) {
|
||||||
@@ -99,4 +104,4 @@ echo "
|
|||||||
<iframe src=\"/views.php\"></iframe>
|
<iframe src=\"/views.php\"></iframe>
|
||||||
</div>";
|
</div>";
|
||||||
}
|
}
|
||||||
|
?>
|
||||||
|
|||||||
+7
-2
@@ -1,4 +1,9 @@
|
|||||||
<?php
|
<?php
|
||||||
|
|
||||||
|
/* Prevent XSS input */
|
||||||
|
$_GET = filter_input_array(INPUT_GET, FILTER_SANITIZE_STRING);
|
||||||
|
$_POST = filter_input_array(INPUT_POST, FILTER_SANITIZE_STRING);
|
||||||
|
|
||||||
$sys_timezone = "";
|
$sys_timezone = "";
|
||||||
// If we can get the timezome from the systems timezone file ust that
|
// If we can get the timezome from the systems timezone file ust that
|
||||||
if (file_exists('/etc/timezone')) {
|
if (file_exists('/etc/timezone')) {
|
||||||
@@ -73,7 +78,7 @@ body::-webkit-scrollbar {
|
|||||||
<button type="submit" name="view" value="Overview" form="views">Overview</button>
|
<button type="submit" name="view" value="Overview" form="views">Overview</button>
|
||||||
</form>
|
</form>
|
||||||
<form action="" method="GET" id="views">
|
<form action="" method="GET" id="views">
|
||||||
<button type="submit" name="view" value="Today's Detections" form="views">Today's Detections</button>
|
<button type="submit" name="view" value="Todays Detections" form="views">Today's Detections</button>
|
||||||
</form>
|
</form>
|
||||||
<form action="" method="GET" id="views">
|
<form action="" method="GET" id="views">
|
||||||
<button type="submit" name="view" value="Spectrogram" form="views">Spectrogram</button>
|
<button type="submit" name="view" value="Spectrogram" form="views">Spectrogram</button>
|
||||||
@@ -143,7 +148,7 @@ if(isset($_GET['view'])){
|
|||||||
if($_GET['view'] == "Spectrogram"){include('spectrogram.php');}
|
if($_GET['view'] == "Spectrogram"){include('spectrogram.php');}
|
||||||
if($_GET['view'] == "View Log"){echo "<body style=\"scroll:no;overflow-x:hidden;\"><iframe style=\"width:calc( 100% + 1em);\" src=\"/log\"></iframe></body>";}
|
if($_GET['view'] == "View Log"){echo "<body style=\"scroll:no;overflow-x:hidden;\"><iframe style=\"width:calc( 100% + 1em);\" src=\"/log\"></iframe></body>";}
|
||||||
if($_GET['view'] == "Overview"){include('overview.php');}
|
if($_GET['view'] == "Overview"){include('overview.php');}
|
||||||
if($_GET['view'] == "Today's Detections"){include('todays_detections.php');}
|
if($_GET['view'] == "Todays Detections"){include('todays_detections.php');}
|
||||||
if($_GET['view'] == "Kiosk"){$kiosk = true;include('todays_detections.php');}
|
if($_GET['view'] == "Kiosk"){$kiosk = true;include('todays_detections.php');}
|
||||||
if($_GET['view'] == "Species Stats"){include('stats.php');}
|
if($_GET['view'] == "Species Stats"){include('stats.php');}
|
||||||
if($_GET['view'] == "Weekly Report"){include('weekly_report.php');}
|
if($_GET['view'] == "Weekly Report"){include('weekly_report.php');}
|
||||||
|
|||||||
@@ -1,4 +1,9 @@
|
|||||||
<?php
|
<?php
|
||||||
|
|
||||||
|
/* Prevent XSS input */
|
||||||
|
$_GET = filter_input_array(INPUT_GET, FILTER_SANITIZE_STRING);
|
||||||
|
$_POST = filter_input_array(INPUT_POST, FILTER_SANITIZE_STRING);
|
||||||
|
|
||||||
error_reporting(E_ALL);
|
error_reporting(E_ALL);
|
||||||
ini_set('display_errors',1);
|
ini_set('display_errors',1);
|
||||||
ini_set('display_startup_errors',1);
|
ini_set('display_startup_errors',1);
|
||||||
|
|||||||
@@ -1,4 +1,9 @@
|
|||||||
<?php
|
<?php
|
||||||
|
|
||||||
|
/* Prevent XSS input */
|
||||||
|
$_GET = filter_input_array(INPUT_GET, FILTER_SANITIZE_STRING);
|
||||||
|
$_POST = filter_input_array(INPUT_POST, FILTER_SANITIZE_STRING);
|
||||||
|
|
||||||
error_reporting(E_ERROR);
|
error_reporting(E_ERROR);
|
||||||
ini_set('display_errors',1);
|
ini_set('display_errors',1);
|
||||||
|
|
||||||
|
|||||||
@@ -1,4 +1,9 @@
|
|||||||
<?php
|
<?php
|
||||||
|
|
||||||
|
/* Prevent XSS input */
|
||||||
|
$_GET = filter_input_array(INPUT_GET, FILTER_SANITIZE_STRING);
|
||||||
|
$_POST = filter_input_array(INPUT_POST, FILTER_SANITIZE_STRING);
|
||||||
|
|
||||||
ini_set('user_agent', 'PHP_Flickr/1.0');
|
ini_set('user_agent', 'PHP_Flickr/1.0');
|
||||||
error_reporting(0);
|
error_reporting(0);
|
||||||
ini_set('display_errors', 0);
|
ini_set('display_errors', 0);
|
||||||
|
|||||||
@@ -1,4 +1,9 @@
|
|||||||
<?php
|
<?php
|
||||||
|
|
||||||
|
/* Prevent XSS input */
|
||||||
|
$_GET = filter_input_array(INPUT_GET, FILTER_SANITIZE_STRING);
|
||||||
|
$_POST = filter_input_array(INPUT_POST, FILTER_SANITIZE_STRING);
|
||||||
|
|
||||||
ini_set('session.gc_maxlifetime', 7200);
|
ini_set('session.gc_maxlifetime', 7200);
|
||||||
ini_set('user_agent', 'PHP_Flickr/1.0');
|
ini_set('user_agent', 'PHP_Flickr/1.0');
|
||||||
session_set_cookie_params(7200);
|
session_set_cookie_params(7200);
|
||||||
|
|||||||
Reference in New Issue
Block a user