From 0abfa7d0c8bac90e291cf7664a0302aa286f716d Mon Sep 17 00:00:00 2001 From: Christophe Nowicki Date: Fri, 10 Sep 2004 15:17:36 +0000 Subject: Use header("Location: $url\n\n") instead of header("Location: $url") Secure every SQL query with the quoteSmart methode. Completely rewrite singleSignOn.php, now the code is more easy to understand and more clean. --- php/Attic/examples/sample-idp/admin_user.php | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) (limited to 'php/Attic/examples/sample-idp/admin_user.php') diff --git a/php/Attic/examples/sample-idp/admin_user.php b/php/Attic/examples/sample-idp/admin_user.php index b797580d..56b1f7e4 100644 --- a/php/Attic/examples/sample-idp/admin_user.php +++ b/php/Attic/examples/sample-idp/admin_user.php @@ -36,8 +36,8 @@ // Show XML dump if (!empty($_GET['dump']) && !empty($_GET['type'])) { - $query = "SELECT " . ($_GET['type'] == 'user' ? 'user' : 'session') . - $query .= "_dump FROM users WHERE user_id='" . $_GET['dump'] . "'"; + $query = "SELECT " . ($_GET['type'] == 'identity' ? 'identity' : 'session') . + $query .= "_dump FROM users WHERE user_id=".$db->quoteSmart($_GET['dump']); $res =& $db->query($query); if (DB::isError($res)) die($res->getMessage()); @@ -67,15 +67,15 @@ if (!empty($_GET['del'])) { - $query = "DELETE FROM nameidentifiers WHERE user_id='" . $_GET['del'] . "'" ; + $query = "DELETE FROM nameidentifiers WHERE user_id=".$db->quoteSmart($_GET['del']); $res =& $db->query($query); if (DB::isError($res)) - print $res->getMessage(). "\n"; + die($res->getMessage()); - $query = "DELETE FROM users WHERE user_id='" . $_GET['del'] . "'" ; + $query = "DELETE FROM users WHERE user_id=".$db->quoteSmart($_GET['del']); $res =& $db->query($query); if (DB::isError($res)) - print $res->getMessage(). "\n"; + die($res->getMessage()); } @@ -193,8 +193,8 @@ view"; + case "identity_dump": + echo "view"; break; case "session_dump": echo "view"; -- cgit