Project

General

Profile

« Previous | Next » 

Revision 1407

Added by FrankH almost 14 years ago

  1. various Security fixes, thanks to secunia and others

View differences:

details.php
21 21 
	exit(0);
22 22 
}
23 23 

  		




  24
  
  
    
// Get entered values


  		




  
  24
  
    
// Get and sanitize entered values


  		




  25
  25
  
    
$display_name = $wb->add_slashes(strip_tags($wb->get_post('display_name')));


  		




  26
  
  
    
$language = $wb->get_post_escaped('language');


  		




  27
  
  
    
$timezone = $wb->get_post_escaped('timezone')*60*60;


  		




  28
  
  
    
$date_format = $wb->get_post_escaped('date_format');


  		




  29
  
  
    
$time_format = $wb->get_post_escaped('time_format');


  		




  
  26
  
    
$language = strtoupper($wb->get_post('language'));


  		




  
  27
  
    
$language = (preg_match('/^[A-Z]{2}$/', $language) ? $language : DEFAULT_LANGUAGE);


  		




  
  28
  
    
$timezone = (int) $wb->get_post_escaped('timezone')*60*60;


  		




  30
  29
  
    

  		




  
  30
  
    
// date_format must be a key from /interface/date_formats


  		




  
  31
  
    
$date_format = $wb->get_post('date_format');


  		




  
  32
  
    
$date_format_key  = str_replace(' ', '|', $date_format);


  		




  
  33
  
    
$user_time = true;


  		




  
  34
  
    
include( ADMIN_PATH.'/interface/date_formats.php' );


  		




  
  35
  
    
$date_format = (array_key_exists($date_format_key, $DATE_FORMATS) ? $date_format : 'system_default');


  		




  
  36
  
    
$date_format = ($date_format == 'system_default' ? '' : $date_format);


  		




  
  37
  
    
unset($DATE_FORMATS);


  		




  
  38
  
    

  		




  
  39
  
    
// time_format must be a key from /interface/time_formats	


  		




  
  40
  
    
$time_format = $wb->get_post('time_format');


  		




  
  41
  
    
$time_format_key  = str_replace(' ', '|', $time_format);


  		




  
  42
  
    
$user_time = true;


  		




  
  43
  
    
include( ADMIN_PATH.'/interface/time_formats.php' );


  		




  
  44
  
    
$time_format = (array_key_exists($time_format_key, $TIME_FORMATS) ? $time_format : 'system_default');


  		




  
  45
  
    
$time_format = ($time_format == 'system_default' ? '' : $time_format);


  		




  
  46
  
    
unset($TIME_FORMATS);


  		




  
  47
  
    

  		




  31
  48
  
    
if (!$wb->checkFTAN())


  		




  32
  49
  
    
{


  		




  33
  50
  
    
	$wb->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], WB_URL);


  		












Also available in:  Unified diff