Use header("Location: $url\n\n") instead of header("Location: $url")

Secure every SQL query with the quoteSmart methode. Completely rewrite singleSignOn.php, now the code is more easy to understand and more clean.
author: Christophe Nowicki <cnowicki@easter-eggs.com> 2004-09-10 15:17:36 +0000
committer: Christophe Nowicki <cnowicki@easter-eggs.com> 2004-09-10 15:17:36 +0000
commit: 0abfa7d0c8bac90e291cf7664a0302aa286f716d (patch)
tree: 29495885f98dc1080fc426ef08792dd0caf739a6 /php/Attic/examples/sample-sp
parent: 5be8519c1f44c4cbaecc659762bc5b23d36e2bfe (diff)
download: lasso-0abfa7d0c8bac90e291cf7664a0302aa286f716d.tar.gz
lasso-0abfa7d0c8bac90e291cf7664a0302aa286f716d.tar.xz
lasso-0abfa7d0c8bac90e291cf7664a0302aa286f716d.zip
6 files changed, 20 insertions, 17 deletions
diff --git a/php/Attic/examples/sample-sp/admin_user.php b/php/Attic/examples/sample-sp/admin_user.php
index 6893ad72..4c219432 100644
--- a/php/Attic/examples/sample-sp/admin_user.php
+++ b/php/Attic/examples/sample-sp/admin_user.php
@@ -33,7 +33,7 @@
 	  die($db->getMessage());
 
   if (!empty($_GET['dump'])) {
-  	$query = "SELECT identity_dump FROM users WHERE user_id='" . $_GET['dump'] . "'";
+  	$query = "SELECT identity_dump FROM users WHERE user_id='".$db->quoteSmart($_GET['dump']);
 	$res =& $db->query($query);
 	if (DB::isError($res)) 
 	  print $res->getMessage(). "\n";
@@ -64,21 +64,20 @@
 	exit;
 	}
 
-  if (!empty($_GET['del'])) {
+  if (!empty($_GET['del'])) 
+  {
 
-	$query = "DELETE FROM nameidentifiers WHERE user_id='" . $_GET['del'] . "'" ;
+	$query = "DELETE FROM nameidentifiers WHERE user_id=".$db->quoteSmart($_GET['del']);
    	$res =& $db->query($query);
 	if (DB::isError($res)) 
-	  print $res->getMessage(). "\n";
+	  die($res->getMessage());
 
-	$query = "DELETE FROM users WHERE user_id='" . $_GET['del'] . "'" ;
+	$query = "DELETE FROM users WHERE user_id='".$db->quoteSmart($_GET['del']);
    	$res =& $db->query($query);
 	if (DB::isError($res)) 
-	  print $res->getMessage(). "\n";
-
-	}
+	  die($res->getMessage());
+  }
 	
-
   $query = "SELECT * FROM users";
   $res =& $db->query($query);
   if (DB::isError($res)) 
diff --git a/php/Attic/examples/sample-sp/assertionConsumer.php b/php/Attic/examples/sample-sp/assertionConsumer.php
index 575356e0..fd0c9fe9 100644
--- a/php/Attic/examples/sample-sp/assertionConsumer.php
+++ b/php/Attic/examples/sample-sp/assertionConsumer.php
@@ -25,7 +25,6 @@
   $config = unserialize(file_get_contents('config.inc'));
   
   require_once 'DB.php';
-  
 
   if (!$_GET['SAMLart']) {
   	exit(1);
@@ -182,6 +181,6 @@
 
   header("Request-URI: $url");
   header("Content-Location: $url");
-  header("Location: $url");
+  header("Location: $url\n\n");
   exit();
 ?>
diff --git a/php/Attic/examples/sample-sp/index.php b/php/Attic/examples/sample-sp/index.php
index 99c39bb9..c7b2d39b 100644
--- a/php/Attic/examples/sample-sp/index.php
+++ b/php/Attic/examples/sample-sp/index.php
@@ -127,7 +127,7 @@ You can get more informations about <b>Lasso</b> at <br>
   if (DB::isError($res)) 
 	print $res->getMessage(). "\n";
 
-  list($user_id, $identity_dump, $first_name, $last_name, $created, $last_login) = $res->fetchRow();
+  list($user_id, $identity_dump, $first_name, $last_name, $last_login, $created) = $res->fetchRow();
 
   ?>
 <tr>
diff --git a/php/Attic/examples/sample-sp/login.php b/php/Attic/examples/sample-sp/login.php
index 199c52da..a78589af 100644
--- a/php/Attic/examples/sample-sp/login.php
+++ b/php/Attic/examples/sample-sp/login.php
@@ -48,6 +48,6 @@
 
   header("Request-URI: $url");
   header("Content-Location: $url");
-  header("Location: $url");
+  header("Location: $url\n\n");
   exit();
 ?>
diff --git a/php/Attic/examples/sample-sp/logout.php b/php/Attic/examples/sample-sp/logout.php
index 10a9ca81..fedae253 100644
--- a/php/Attic/examples/sample-sp/logout.php
+++ b/php/Attic/examples/sample-sp/logout.php
@@ -124,5 +124,6 @@
   
   header("Request-URI: $url");
   header("Content-Location: $url");
-  header("Location: $url");
+  header("Location: $url\n\n");
+  exit;
 ?>
diff --git a/php/Attic/examples/sample-sp/register.php b/php/Attic/examples/sample-sp/register.php
index 7e61d4f7..317c3460 100644
--- a/php/Attic/examples/sample-sp/register.php
+++ b/php/Attic/examples/sample-sp/register.php
@@ -43,7 +43,11 @@
 		if (DB::isError($db)) 
 		  die($db->getMessage());
 
-		$query = "UPDATE users SET first_name='" . $_POST['first_name'] . "',last_name='". $_POST['last_name'] ."' WHERE user_id='".$_SESSION["user_id"]."'";
+		// Update User info
+		$query = "UPDATE users SET first_name=" . $db->quoteSmart($_POST['first_name']);
+		$query .= ",last_name=" . $db->quoteSmart($_POST['last_name']);
+		$query .= " WHERE user_id='".$_SESSION["user_id"]."'";
+
 		$res =& $db->query($query);
 		if (DB::isError($res)) 
 		  print $res->getMessage(). "\n";
@@ -51,8 +55,8 @@
 		$url = "index.php";
 		header("Request-URI: $url");
 		header("Content-Location: $url");
-		header("Location: $url");
-		break;
+		header("Location: $url\n\n");
+		exit();
 	  default:
 ?>
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
author	Christophe Nowicki <cnowicki@easter-eggs.com>	2004-09-10 15:17:36 +0000
committer	Christophe Nowicki <cnowicki@easter-eggs.com>	2004-09-10 15:17:36 +0000
commit	0abfa7d0c8bac90e291cf7664a0302aa286f716d (patch)
tree	29495885f98dc1080fc426ef08792dd0caf739a6 /php/Attic/examples/sample-sp
parent	5be8519c1f44c4cbaecc659762bc5b23d36e2bfe (diff)
download	lasso-0abfa7d0c8bac90e291cf7664a0302aa286f716d.tar.gz lasso-0abfa7d0c8bac90e291cf7664a0302aa286f716d.tar.xz lasso-0abfa7d0c8bac90e291cf7664a0302aa286f716d.zip