From 8e3bfca0c5737d29921118a9cc8604e9a6478c72 Mon Sep 17 00:00:00 2001 From: Alan Garcia Date: Wed, 22 Aug 2012 09:55:34 +0000 Subject: [PATCH] Clean d'appels de $_REQUEST --- bureau/admin/adm_dodefquotas.php | 2 +- bureau/class/m_mem.php | 14 ++++++++------ 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/bureau/admin/adm_dodefquotas.php b/bureau/admin/adm_dodefquotas.php index 1ac27857..9a1eaed9 100644 --- a/bureau/admin/adm_dodefquotas.php +++ b/bureau/admin/adm_dodefquotas.php @@ -72,7 +72,7 @@ if($action == "add") {

-

+

" />   " onclick="document.location='adm_defquotas.php';" /> diff --git a/bureau/class/m_mem.php b/bureau/class/m_mem.php index bb428bea..9f093ff2 100644 --- a/bureau/class/m_mem.php +++ b/bureau/class/m_mem.php @@ -120,9 +120,10 @@ class m_mem { /* Close sessions that are more than 2 days old. */ $db->query("DELETE FROM sessions WHERE DATE_ADD(ts,INTERVAL 2 DAY)query("insert into sessions (sid,ip,uid) values ('".$_REQUEST["session"]."',$ip,'$cuid');"); - setcookie("session",$_REQUEST["session"],0,"/"); + $sess=md5(uniqid(mt_rand())); + $_REQUEST["session"]=$sess; + $db->query("insert into sessions (sid,ip,uid) values ('$sess',$ip,'$cuid');"); + setcookie("session",$sess,0,"/"); $err->error=0; /* Fill in $local */ $db->query("SELECT * FROM local WHERE uid='$cuid';"); @@ -154,9 +155,10 @@ class m_mem { $this->user=$db->Record; $cuid=$db->f("uid"); $ip=getenv("REMOTE_ADDR"); - $_REQUEST["session"]=md5(uniqid(mt_rand())); - $db->query("insert into sessions (sid,ip,uid) values ('".$_REQUEST["session"]."','$ip','$cuid');"); - setcookie("session",$_REQUEST["session"],0,"/"); + $sess=md5(uniqid(mt_rand())); + $_REQUEST["session"]=$sess; + $db->query("insert into sessions (sid,ip,uid) values ('$sess','$ip','$cuid');"); + setcookie("session",$sess,0,"/"); $err->error=0; /* Fill in $local */ $db->query("SELECT * FROM local WHERE uid='$cuid';");