Author: jfthomps
Date: Thu Mar 15 14:38:23 2012
New Revision: 1301008

URL: http://svn.apache.org/viewvc?rev=1301008&view=rev
Log:
modified userLookup - added code to appropriately handle single quotes in 
$userid

Modified:
    incubator/vcl/trunk/web/.ht-inc/privileges.php

Modified: incubator/vcl/trunk/web/.ht-inc/privileges.php
URL: 
http://svn.apache.org/viewvc/incubator/vcl/trunk/web/.ht-inc/privileges.php?rev=1301008&r1=1301007&r2=1301008&view=diff
==============================================================================
--- incubator/vcl/trunk/web/.ht-inc/privileges.php (original)
+++ incubator/vcl/trunk/web/.ht-inc/privileges.php Thu Mar 15 14:38:23 2012
@@ -1142,6 +1142,8 @@ function AJsubmitRenameNode() {
 function userLookup() {
        global $user;
        $userid = processInputVar("userid", ARG_STRING);
+       if(get_magic_quotes_gpc())
+               $userid = stripslashes($userid);
        $affilid = processInputVar('affiliationid', ARG_NUMERIC, 
$user['affiliationid']);
        $force = processInputVar('force', ARG_NUMERIC, 0);
        print "<div align=center>\n";
@@ -1173,6 +1175,7 @@ function userLookup() {
        print "<INPUT type=hidden name=continuation value=\"$cont\">\n";
        print "</FORM><br>\n";
        if(! empty($userid)) {
+               $esc_userid = mysql_real_escape_string($userid);
                if(preg_match('/,/', $userid)) {
                        $mode = 'name';
                        $force = 0;
@@ -1187,9 +1190,11 @@ function userLookup() {
                if($mode == 'userid') {
                        $query = "SELECT id "
                               . "FROM user "
-                              . "WHERE unityid = '$userid' AND "
+                              . "WHERE unityid = '$esc_userid' AND "
                               .       "affiliationid = $affilid";
-                       $userid = "$userid@" . getAffiliationName($affilid);
+                       $affilname = getAffiliationName($affilid);
+                       $userid = "$userid@$affilname";
+                       $esc_userid = "$esc_userid@$affilname";
                }
                else {
                        $tmp = explode(',', $userid);
@@ -1222,17 +1227,18 @@ function userLookup() {
                elseif($mode == 'name') {
                        $row = mysql_fetch_assoc($qh);
                        $userid = $row['unityid'];
+                       $esc_userid = $row['unityid'];
                }
 
-               $userdata = getUserInfo($userid);
-               $userdata["groups"] = getUsersGroups($userdata["id"], 1, 1);
+               $userdata = getUserInfo($esc_userid);
                if(is_null($userdata)) {
-                       $userdata = getUserInfo($userid, 1);
+                       $userdata = getUserInfo($esc_userid, 1);
                        if(is_null($userdata)) {
                                print "<font color=red>$userid not found in any 
known systems</font><br>\n";
                                return;
                        }
                }
+               $userdata["groups"] = getUsersGroups($userdata["id"], 1, 1);
                print "<TABLE>\n";
                if(! empty($userdata['unityid'])) {
                        print "  <TR>\n";


Reply via email to