diff --git a/.vs/slnx.sqlite b/.vs/slnx.sqlite
new file mode 100644
index 00000000..b4d33896
Binary files /dev/null and b/.vs/slnx.sqlite differ
diff --git a/Ajax.php b/Ajax.php
index cd2a7ebc..aac9063b 100644
--- a/Ajax.php
+++ b/Ajax.php
@@ -27,8 +27,10 @@
#
#***************************************************************************************
-include("functions/ParamLibFnc.php");
+session_start();
+isset($_SESSION['login']) or die('Access denied!');
+include "functions/ParamLibFnc.php";
echo '';
echo '';
echo '';
@@ -164,7 +166,6 @@
// For Eligibility
'eligibility/Student.php'
);
- // echo "
";print_r($_REQUEST);echo "
";
if ($count_student_RET[1]['NUM'] > 1) {
$title_set = 'y';
@@ -258,7 +259,8 @@
if (Preferences('SEARCH') != 'Y' && substr(clean_param($modname, PARAM_NOTAGS), 0, 6) != 'users/')
$_REQUEST['search_modfunc'] = 'list';
- include('modules/' . $modname);
+ if (preg_match('/\.\./', $modname) !== 1)
+ include 'modules/' . $modname;
}
else {
if (User('USERNAME')) {
diff --git a/Ajax_url_encode.php b/Ajax_url_encode.php
index 6f770f48..1ce60445 100644
--- a/Ajax_url_encode.php
+++ b/Ajax_url_encode.php
@@ -1,7 +1,36 @@
.
+#
+#***************************************************************************************
+
require_once 'functions/UrlFnc.php';
$encoded_url = encode_url($_REQUEST['link_url']);
-echo $encoded_url;
-?>
+echo htmlentities($encoded_url);
+
+?>
\ No newline at end of file
diff --git a/ForExport.php b/ForExport.php
index 1ef831cc..4192048c 100644
--- a/ForExport.php
+++ b/ForExport.php
@@ -25,10 +25,13 @@
# along with this program. If not, see .
#
#***************************************************************************************
-include("functions/ParamLibFnc.php");
+
+session_start();
+isset($_SESSION['login']) or die('Access denied!');
+include "functions/ParamLibFnc.php";
//include("functions/UrlFnc.php");
-include('RedirectRootInc.php');
-// include('functions/SqlSecurityFnc.php');
+include 'RedirectRootInc.php';
+
//$url=validateQueryString(curPageURL());
//if($url===FALSE)
// {
@@ -123,7 +126,9 @@
{
if(Preferences('SEARCH')!='Y')
$_REQUEST['search_modfunc'] = 'list';
- include('modules/'.$modname);
+
+ if (preg_match('/\.\./', $modname) !== 1)
+ include 'modules/' . $modname;
}
else
{
diff --git a/ForWindow.php b/ForWindow.php
index ee7cb87a..0006e1d4 100644
--- a/ForWindow.php
+++ b/ForWindow.php
@@ -26,16 +26,23 @@
# along with this program. If not, see .
#
#***************************************************************************************
+session_start();
+isset($_SESSION['login']) or die('Access denied!');
+include "functions/ParamLibFnc.php";
-include("functions/ParamLibFnc.php");
$url = validateQueryString(curPageURL());
if ($url === FALSE) {
header('Location: index.php');
}
-include('RedirectRootInc.php');
+
+include 'RedirectRootInc.php';
+
error_reporting(E_ERROR);
+
$start_time = time();
+
include 'Warehouse.php';
+
array_rwalk($_REQUEST, 'strip_tags');
$css = getCSS();
@@ -109,7 +116,9 @@
if ($allowed) {
if (Preferences('SEARCH') != 'Y')
$_REQUEST['search_modfunc'] = 'list';
- include('modules/' . $modname);
+
+ if (preg_match('/\.\./', $modname) !== 1)
+ include 'modules/' . $modname;
}
else {
if (User('USERNAME')) {
diff --git a/Modules.php b/Modules.php
index b39e28db..d6b1f8c6 100644
--- a/Modules.php
+++ b/Modules.php
@@ -26,10 +26,14 @@
# along with this program. If not, see .
#
#***************************************************************************************
+
error_reporting(0);
+session_start();
+isset($_SESSION['login']) or die('Access denied!');
+
+include 'RedirectRootInc.php';
+include "functions/ParamLibFnc.php";
-include('RedirectRootInc.php');
-include("functions/ParamLibFnc.php");
$url = validateQueryString(curPageURL());
if ($url === FALSE) {
header('Location: index.php');
@@ -1046,7 +1050,9 @@
if (Preferences('SEARCH') != 'Y' && substr(clean_param($modname, PARAM_NOTAGS), 0, 6) != 'users/')
$_REQUEST['search_modfunc'] = 'list';
- include('modules/' . $modname);
+
+ if (preg_match('/\.\./', $modname) !== 1)
+ include 'modules/' . $modname;
}
else {
if (User('USERNAME')) {
diff --git a/functions/HackingLogFnc.php b/functions/HackingLogFnc.php
index 57199b0d..316e0018 100644
--- a/functions/HackingLogFnc.php
+++ b/functions/HackingLogFnc.php
@@ -25,7 +25,8 @@
# along with this program. If not, see .
#
#***************************************************************************************
-
+session_start();
+isset($_SESSION['login']) or die('Access denied!');
function HackingLog()
{
echo ""._youReNotAllowedToUseThisProgram."! "._thisAttemptedViolationHasBeenLoggedAndYourIpAddressWasCaptured.".";
diff --git a/install/Ins4.php b/install/Ins4.php
index 36b0791f..536267b2 100644
--- a/install/Ins4.php
+++ b/install/Ins4.php
@@ -25,27 +25,35 @@
# along with this program. If not, see .
#
#***************************************************************************************
+
error_reporting(0);
session_start();
+
$_SESSION['admin_name'] = $_POST['auname'];
$_SESSION['admin_pwd'] = md5($_POST['apassword']);
-
-require_once("../functions/PragRepFnc.php");
+require_once "../functions/PragRepFnc.php";
//mysql_select_db($_SESSION['db']);
$dbconn = new mysqli($_SESSION['server'],$_SESSION['username'],$_SESSION['password'],$_SESSION['db'],$_SESSION['port']);
if($dbconn->connect_errno!=0)
- {
- echo "" . $dbconn->error . "
\n";
- exit;
- }
-$sql="update staff set first_name='$_POST[fname]',last_name='$_POST[lname]',middle_name='$_POST[mname]', profile_id=0 where staff_id=1 ";
+{
+ echo "" . $dbconn->error . "
\n";
+ exit;
+}
+
+$_POST['fname'] = strip_tags(urldecode($_POST['fname']));
+$_POST['lname'] = strip_tags(urldecode($_POST['lname']));
+$_POST['mname'] = strip_tags(urldecode($_POST['mname']));
+
+$sql = "UPDATE staff SET first_name = '" . $_POST['fname'] . "', last_name = '" . $_POST['lname'] . "', middle_name = '" . $_POST['mname'] . "', profile_id = 0 WHERE staff_id = 1";
$result = $dbconn->query($sql);
-$sql="update login_authentication set username='".$_SESSION['admin_name']."', password='".$_SESSION['admin_pwd']."' WHERE user_id=1 AND profile_id=0";
+
+$sql = "UPDATE login_authentication SET username='".$_SESSION['admin_name']."', password='".$_SESSION['admin_pwd']."' WHERE user_id=1 AND profile_id=0";
$dbconn->query($sql);
+
$dbconn->close();
//mysqli_close($dbconn);
-
header('Location: Step5.php');
-?>
+
+?>
\ No newline at end of file
diff --git a/install/Step5.php b/install/Step5.php
index ae58f7eb..d279da95 100644
--- a/install/Step5.php
+++ b/install/Step5.php
@@ -116,11 +116,13 @@
if ($fh == TRUE) {
- $THIS_server = sqlSecurityFilterIns($_SESSION['server']);
- $THIS_username = sqlSecurityFilterIns($_SESSION['username']);
- $THIS_password = sqlSecurityFilterIns($_SESSION['password']);
- $THIS_db = sqlSecurityFilterIns($_SESSION['db']);
- $THIS_port = sqlSecurityFilterIns($_SESSION['port']);
+ include '../functions/SqlSecurityFnc.php';
+
+ $THIS_server = sqlSecurityFilter($_SESSION['server'], 'no');
+ $THIS_username = sqlSecurityFilter($_SESSION['username'], 'no');
+ $THIS_password = sqlSecurityFilter($_SESSION['password'], 'no');
+ $THIS_db = sqlSecurityFilter($_SESSION['db'], 'no');
+ $THIS_port = sqlSecurityFilter($_SESSION['port'], 'no');
$string .= "<" . "?php \n";
$string .= "$" . "DatabaseType = 'mysqli'; \n";
@@ -229,106 +231,8 @@