Security Fixes, Mainly

This commit is contained in:
lloydbayley
2023-05-22 23:55:11 +10:00
parent 6313cb1d91
commit ed9b7c8055
6 changed files with 33 additions and 3 deletions
+6 -1
View File
@@ -1,4 +1,9 @@
<?php
/* Prevent XSS input */
$_GET = filter_input_array(INPUT_GET, FILTER_SANITIZE_STRING);
$_POST = filter_input_array(INPUT_POST, FILTER_SANITIZE_STRING);
$sys_timezone = "";
// If we can get the timezome from the systems timezone file ust that
if (file_exists('/etc/timezone')) {
@@ -99,4 +104,4 @@ echo "
<iframe src=\"/views.php\"></iframe>
</div>";
}
?>
+7 -2
View File
@@ -1,4 +1,9 @@
<?php
/* Prevent XSS input */
$_GET = filter_input_array(INPUT_GET, FILTER_SANITIZE_STRING);
$_POST = filter_input_array(INPUT_POST, FILTER_SANITIZE_STRING);
$sys_timezone = "";
// If we can get the timezome from the systems timezone file ust that
if (file_exists('/etc/timezone')) {
@@ -73,7 +78,7 @@ body::-webkit-scrollbar {
<button type="submit" name="view" value="Overview" form="views">Overview</button>
</form>
<form action="" method="GET" id="views">
<button type="submit" name="view" value="Today's Detections" form="views">Today's Detections</button>
<button type="submit" name="view" value="Todays Detections" form="views">Today's Detections</button>
</form>
<form action="" method="GET" id="views">
<button type="submit" name="view" value="Spectrogram" form="views">Spectrogram</button>
@@ -143,7 +148,7 @@ if(isset($_GET['view'])){
if($_GET['view'] == "Spectrogram"){include('spectrogram.php');}
if($_GET['view'] == "View Log"){echo "<body style=\"scroll:no;overflow-x:hidden;\"><iframe style=\"width:calc( 100% + 1em);\" src=\"/log\"></iframe></body>";}
if($_GET['view'] == "Overview"){include('overview.php');}
if($_GET['view'] == "Today's Detections"){include('todays_detections.php');}
if($_GET['view'] == "Todays Detections"){include('todays_detections.php');}
if($_GET['view'] == "Kiosk"){$kiosk = true;include('todays_detections.php');}
if($_GET['view'] == "Species Stats"){include('stats.php');}
if($_GET['view'] == "Weekly Report"){include('weekly_report.php');}
+5
View File
@@ -1,4 +1,9 @@
<?php
/* Prevent XSS input */
$_GET = filter_input_array(INPUT_GET, FILTER_SANITIZE_STRING);
$_POST = filter_input_array(INPUT_POST, FILTER_SANITIZE_STRING);
error_reporting(E_ALL);
ini_set('display_errors',1);
ini_set('display_startup_errors',1);
+5
View File
@@ -1,4 +1,9 @@
<?php
/* Prevent XSS input */
$_GET = filter_input_array(INPUT_GET, FILTER_SANITIZE_STRING);
$_POST = filter_input_array(INPUT_POST, FILTER_SANITIZE_STRING);
error_reporting(E_ERROR);
ini_set('display_errors',1);
+5
View File
@@ -1,4 +1,9 @@
<?php
/* Prevent XSS input */
$_GET = filter_input_array(INPUT_GET, FILTER_SANITIZE_STRING);
$_POST = filter_input_array(INPUT_POST, FILTER_SANITIZE_STRING);
ini_set('user_agent', 'PHP_Flickr/1.0');
error_reporting(0);
ini_set('display_errors', 0);
+5
View File
@@ -1,4 +1,9 @@
<?php
/* Prevent XSS input */
$_GET = filter_input_array(INPUT_GET, FILTER_SANITIZE_STRING);
$_POST = filter_input_array(INPUT_POST, FILTER_SANITIZE_STRING);
ini_set('session.gc_maxlifetime', 7200);
ini_set('user_agent', 'PHP_Flickr/1.0');
session_set_cookie_params(7200);