From 0abfa7d0c8bac90e291cf7664a0302aa286f716d Mon Sep 17 00:00:00 2001
From: Christophe Nowicki <cnowicki@easter-eggs.com>
Date: Fri, 10 Sep 2004 15:17:36 +0000
Subject: Use header("Location: $url\n\n") instead of  header("Location: $url")
 Secure every SQL query with the quoteSmart methode. Completely rewrite
 singleSignOn.php, now the code is more easy to understand and more clean.

---
 php/Attic/examples/sample-sp/admin_user.php | 17 ++++++++---------
 1 file changed, 8 insertions(+), 9 deletions(-)

(limited to 'php/Attic/examples/sample-sp/admin_user.php')

diff --git a/php/Attic/examples/sample-sp/admin_user.php b/php/Attic/examples/sample-sp/admin_user.php
index 6893ad72..4c219432 100644
--- a/php/Attic/examples/sample-sp/admin_user.php
+++ b/php/Attic/examples/sample-sp/admin_user.php
@@ -33,7 +33,7 @@
 	  die($db->getMessage());
 
   if (!empty($_GET['dump'])) {
-  	$query = "SELECT identity_dump FROM users WHERE user_id='" . $_GET['dump'] . "'";
+  	$query = "SELECT identity_dump FROM users WHERE user_id='".$db->quoteSmart($_GET['dump']);
 	$res =& $db->query($query);
 	if (DB::isError($res)) 
 	  print $res->getMessage(). "\n";
@@ -64,21 +64,20 @@
 	exit;
 	}
 
-  if (!empty($_GET['del'])) {
+  if (!empty($_GET['del'])) 
+  {
 
-	$query = "DELETE FROM nameidentifiers WHERE user_id='" . $_GET['del'] . "'" ;
+	$query = "DELETE FROM nameidentifiers WHERE user_id=".$db->quoteSmart($_GET['del']);
    	$res =& $db->query($query);
 	if (DB::isError($res)) 
-	  print $res->getMessage(). "\n";
+	  die($res->getMessage());
 
-	$query = "DELETE FROM users WHERE user_id='" . $_GET['del'] . "'" ;
+	$query = "DELETE FROM users WHERE user_id='".$db->quoteSmart($_GET['del']);
    	$res =& $db->query($query);
 	if (DB::isError($res)) 
-	  print $res->getMessage(). "\n";
-
-	}
+	  die($res->getMessage());
+  }
 	
-
   $query = "SELECT * FROM users";
   $res =& $db->query($query);
   if (DB::isError($res)) 
-- 
cgit