long time ago. Bug noted by Nick Bright
* In user_finger only set LD_LIBRARY_PATH once, not each time we call snmpfinger
* Add support for usrhiper in snmpfinger. Patch from Nick Bright
+* urlencode() all occurrences of the $login variable when used in url's. Bug noted by Dag Landau
Ver 1.75:
* A LOT of security related fixes. Now dialupadmin should hopefully be secure enough to
be accessed by normal users (not administrators).
if ($info == '')
$info = '-';
$info = $sql_attrs[$val][func]($info);
- if ($val == 'username')
- $info = "<a href=\"user_admin.php3?login=$info\" title=\"Edit user $info\">$info<a/>";
+ if ($val == 'username'){
+ $Info = urlencode($info);
+ $info = "<a href=\"user_admin.php3?login=$Info\" title=\"Edit user $info\">$info<a/>";
+ }
echo <<<EOM
<td>$info</td>
EOM;
$num++;
$id = $row[id];
$user = "$row[username]";
+ $User = urlencode($user);
$date = "$row[date]";
$reason = "$row[reason]";
$admin = "$row[admin]";
echo <<<EOM
<tr align=center>
<td>$num</td>
- <td><a href="user_admin.php3?login=$user" title="Edit user $user">$user</a></td>
+ <td><a href="user_admin.php3?login=$User" title="Edit user $user">$user</a></td>
<td>$date</td>
<td>$admin</td>
<td>$reason</td>
foreach ($found_users as $user){
if ($user == '')
$user = '-';
+ $User = urlencode($user);
$num++;
$msg .= <<<EOM
<tr align=center>
<td>$num</td>
- <td><a href="user_admin.php3?login=$user" title="Edit user $user">$user</a></td>
+ <td><a href="user_admin.php3?login=$User" title="Edit user $user">$user</a></td>
</tr>
EOM;
}
if (isset($existing_groups)){
foreach ($existing_groups as $group => $num_members){
$num++;
+ $Group = urlencode($group);
echo <<<EOM
<tr align=center>
<td>$num</td>
- <td><a href="group_admin.php3?login=$group" title="Edit group $group">$group</a></td>
+ <td><a href="group_admin.php3?login=$Group" title="Edit group $group">$group</a></td>
<td>$num_members</td>
</tr>
EOM;
$user = $finger_info[$j][$k][user];
if ($user == '')
$user = ' ';
+ $User = urlencode($user);
$time = $finger_info[$j][$k][session_time];
$ip = $finger_info[$j][$k][ip];
$cid = $finger_info[$j][$k][callerid];
$inf = $user_info[$user];
echo <<<EOM
<tr align=center>
- <td>$k</td><td><a href="user_admin.php3?login=$user" title="Edit User $user">$user</a></td>
+ <td>$k</td><td><a href="user_admin.php3?login=$User" title="Edit User $user">$user</a></td>
EOM;
if ($acct_attrs['uf'][4] != '') echo "<td>$ip</td>\n";
if ($acct_attrs['uf'][9] != '') echo "<td>$cid</td>\n";
$acct_login = $row[username];
if ($acct_login == '')
$acct_login = '-';
- else
- $acct_login = "<a href=\"user_admin.php3?login=$acct_login\" title=\"Edit user $acct_login\">$acct_login</a>";
+ else{
+ $Acct_login = urlencode($acct_login);
+ $acct_login = "<a href=\"user_admin.php3?login=$Acct_login\" title=\"Edit user $acct_login\">$acct_login</a>";
+ }
$acct_time = $row[conntotduration];
$acct_time = time2str($acct_time);
$acct_conn_num = $row[connnum];
<?php
+$Login = urlencode($login);
print <<<EOM
<tr valign=top>
<td align=center bgcolor="black" width=100>
-<a href="group_admin.php3?login=$login" title="Administer Group"><font color="white"><b>ADMIN</b></font></a></td>
+<a href="group_admin.php3?login=$Login" title="Administer Group"><font color="white"><b>ADMIN</b></font></a></td>
<td align=center bgcolor="black" width=100>
-<a href="user_edit.php3?login=$login&user_type=group" title="Edit Group Dialup Settings"><font color="white"><b>EDIT</b></font></a></td>
+<a href="user_edit.php3?login=$Login&user_type=group" title="Edit Group Dialup Settings"><font color="white"><b>EDIT</b></font></a></td>
<td align=center bgcolor="black" width=100>
-<a href="user_delete.php3?login=$login&user_type=group" title="Delete Group"><font color="white"><b>DELETE</b></font></a></td>
+<a href="user_delete.php3?login=$Login&user_type=group" title="Delete Group"><font color="white"><b>DELETE</b></font></a></td>
</tr>
EOM;
?>
<?php
+$Login = urlencode($login);
print <<<EOM
<tr valign=top>
<td align=center bgcolor="black" width=100>
-<a href="user_admin.php3?login=$login" title="Show User Information"><font color="white"><b>SHOW</b></font></a></td>
+<a href="user_admin.php3?login=$Login" title="Show User Information"><font color="white"><b>SHOW</b></font></a></td>
<td align=center bgcolor="black" width=100>
-<a href="user_edit.php3?login=$login" title="Change User Dialup Settings"><font color="white"><b>EDIT</b></font></a></td>
+<a href="user_edit.php3?login=$Login" title="Change User Dialup Settings"><font color="white"><b>EDIT</b></font></a></td>
<td align=center bgcolor="black" width=200 colspan=2>
-<a href="user_info.php3?login=$login" title="Change User Personal Information"><font color="white"><b>USER INFO</b></font></a></td>
+<a href="user_info.php3?login=$Login" title="Change User Personal Information"><font color="white"><b>USER INFO</b></font></a></td>
</tr>
<tr valign=top>
<td align=center bgcolor="black" width=100>
-<a href="user_accounting.php3?login=$login" title="Show User Accounting Information"><font color="white"><b>ACCOUNTING</b></font></a></td>
+<a href="user_accounting.php3?login=$Login" title="Show User Accounting Information"><font color="white"><b>ACCOUNTING</b></font></a></td>
<td align=center bgcolor="black" width=100>
-<a href="badusers.php3?login=$login" title="Show User Unauthorized Actions"><font color="white"><b>BADUSERS</b></font></a></td>
+<a href="badusers.php3?login=$Login" title="Show User Unauthorized Actions"><font color="white"><b>BADUSERS</b></font></a></td>
<td align=center bgcolor="black" width=100>
-<a href="user_delete.php3?login=$login" title="Delete User"><font color="white"><b>DELETE</b></font></a></td>
+<a href="user_delete.php3?login=$Login" title="Delete User"><font color="white"><b>DELETE</b></font></a></td>
<td align=center bgcolor="black" width=100>
-<a href="user_test.php3?login=$login" title="Test User"><font color="white"><b>TEST</b></font></a></td>
+<a href="user_test.php3?login=$Login" title="Test User"><font color="white"><b>TEST</b></font></a></td>
</tr>
<tr valign=top>
<td align=center width=100></td>
<td align=center bgcolor="black" width=200 colspan=2>
-<a href="clear_opensessions.php3?login=$login" title="Clear Open User Sessions"><font color="white"><b>OPEN SESSIONS</b></font></a></td>
+<a href="clear_opensessions.php3?login=$Login" title="Clear Open User Sessions"><font color="white"><b>OPEN SESSIONS</b></font></a></td>
<td align=center width=100></td>
</tr>
EOM;