Issues in removelog.php - Fixed Issues - Inspection of "Merge pull request #488 from nlubisch/feature/221-..." - OpencachingDeutschland/oc-server3 - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — development ( 171f18...98bd13 )

by Thomas

created 2017-05-14 10:20 UTC

htdocs/removelog.php (1 issue)

Labels

Security 1

Severity

Critical 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/***************************************************************************
 * for license information see doc/license.txt
 *
 *  remove a cache log
 *
 *  GET/POST-Parameter: logid
 *
 ***************************************************************************/

use Oc\GeoCache\Recommendation;
use Oc\GeoCache\StatisticPicture;

require_once __DIR__ . '/lib/consts.inc.php';
$opt['gui'] = GUI_HTML;
require_once __DIR__ . '/lib/common.inc.php';
require_once $stylepath . '/lib/icons.inc.php';
require_once __DIR__ . '/lib2/edithelper.inc.php';
require_once __DIR__ . '/lib2/logic/logtypes.inc.php';

//Preprocessing
if ($error == false) {
    //cacheid
    $log_id = 0;
    if (isset($_REQUEST['logid'])) {
        $log_id = $_REQUEST['logid'];
    }

    if ($usr === false) {
        $tplname = 'login';

        tpl_set_var('username', '');
        tpl_set_var('target', htmlspecialchars('removelog.php?logid=' . urlencode($log_id), ENT_COMPAT, 'UTF-8'));
        tpl_set_var('message', $login_required);
        tpl_set_var('message_start', '');
        tpl_set_var('message_end', '');
        tpl_set_var('helplink', helppagelink('login'));
    } else {
        $log_rs = sql(
            "SELECT `cache_logs`.`node` AS `node`,
                    `cache_logs`.`uuid` AS `uuid`,
                    `cache_logs`.`cache_id` AS `cache_id`,
                    `caches`.`user_id` AS `cache_owner_id`,
                    `caches`.`name` AS `cache_name`,
                    `cache_logs`.`text` AS `log_text`,
                    `cache_logs`.`text_html`,
                    `cache_logs`.`type` AS `log_type`,
                    `cache_logs`.`oc_team_comment` AS `oc_team_comment`,
                    `cache_logs`.`user_id` AS `log_user_id`,
                    `cache_logs`.`date` AS `log_date`,
                    `log_types`.`icon_small` AS `icon_small`,
                    `user`.`username` AS `log_username`,
                    IFNULL(`user`.`language`,'&2') AS `log_user_language`,
                    `user`.`domain` AS `log_user_domain`,
                    `caches`.`wp_oc`,
                    `cache_status`.`allow_user_view`
             FROM `cache_logs`, `caches`, `user`, `cache_status`, `log_types`
             WHERE `cache_logs`.`id`='&1'
               AND `cache_logs`.`user_id`=`user`.`user_id`
               AND `caches`.`cache_id`=`cache_logs`.`cache_id`
               AND `caches`.`status`=`cache_status`.`id`
               AND `log_types`.`id`=`cache_logs`.`type`",
            $log_id,
            $opt['template']['default']['locale']
        );

        //log exists?
        if (mysql_num_rows($log_rs) == 1) {
            $log_record = sql_fetch_array($log_rs);
            mysql_free_result($log_rs);

            require $stylepath . '/removelog.inc.php';

            if ($log_record['node'] != $oc_nodeid) {
                tpl_errorMsg('removelog', $error_wrong_node);
                exit;
            }

            if ($log_record['allow_user_view'] != 1 &&
                $log_record['cache_owner_id'] != $usr['userid'] &&
                !($usr['admin'] && ADMIN_USER)
            ) {
                exit;
            }

            // deleted allowed by cache-owner or log-owner
            if (($log_record['log_user_id'] == $usr['userid']) || ($log_record['cache_owner_id'] == $usr['userid'])) {
                $commit = isset($_REQUEST['commit']) ? $_REQUEST['commit'] : 0;

                $ownlog = ($log_record['log_user_id'] == $usr['userid']);
                if ($ownlog) {
                    // we are the log-owner
                    $tplname = 'removelog_logowner';
                } else {
                    // we are the cache-owner
                    $tplname = 'removelog_cacheowner';

                    if ($commit == 1) {
                        //send email to logger
                        $removed_log_subject = removed_log_subject($log_record['log_user_language']);
                        $removed_message_title = removed_message_title($log_record['log_user_language']);
                        $email_content = fetch_email_template(
                            'removed_log',
                            $log_record['log_user_language'],
                            $log_record['log_user_domain']
                        );

                        $message = isset($_POST['logowner_message']) ? $_POST['logowner_message'] : '';
                        if ($message != '') {
                            //message to logger
                            $message = $removed_message_title . "\n" . $message . "\n" . $removed_message_end;
                        }

                        $logtext = html2plaintext(
                            $log_record['log_text'],
                            $log_record['text_html'] == 0,
                            EMAIL_LINEWRAP
                        );

                        //get cache owner name
                        $cache_owner_rs = sql(
                            "SELECT `username` FROM `user` WHERE `user_id`='&1'",
                            $log_record['cache_owner_id']
                        );
                        $cache_owner_record = sql_fetch_array($cache_owner_rs);
                        mysql_free_result($cache_owner_rs);

                        //get email address of logowner
                        $log_user_rs = sql(
                            "SELECT `email`, `username` FROM `user` WHERE `user_id`='&1'",
                            $log_record['log_user_id']
                        );
                        $log_user_record = sql_fetch_array($log_user_rs);
                        mysql_free_result($log_user_rs);

                        // insert log data
                        $email_content = mb_ereg_replace('%log_owner%', $log_user_record['username'], $email_content);
                        $email_content = mb_ereg_replace(
                            '%cache_owner%',
                            $cache_owner_record['username'],
                            $email_content
                        );
                        $email_content = mb_ereg_replace(
                            '%cache_owner_id%',
                            $log_record['cache_owner_id'],
                            $email_content
                        );
                        $email_content = mb_ereg_replace(
                            '%cache_name%',
                            $log_record['cache_name'],
                            $email_content
                        );
                        $email_content = mb_ereg_replace(
                            '%cache_wp%',
                            $log_record['wp_oc'],
                            $email_content
                        );
                        $email_content = mb_ereg_replace(
                            '%log_date%',
                            date($opt['locale'][$locale]['format']['phpdate'], strtotime($log_record['log_date'])),
                            $email_content
                        );
                        $email_content = mb_ereg_replace(
                            '%log_type%',
                            get_logtype_name($log_record['log_type'], $log_record['log_user_language']),
                            $email_content
                        );
                        $email_content = mb_ereg_replace('%log_text%', $logtext, $email_content);
                        $email_content = mb_ereg_replace('%comment%', $message, $email_content);
if ( ! in_array($value, array('this-is-allowed', 'and-this-too'), true)) {
    throw new \InvalidArgumentException('This input is not allowed.');
}

                        //send email
                        mb_send_mail($log_user_record['email'], $removed_log_subject, $email_content, $emailheaders);
                    }
                }

                if ($commit == 1) {
                    // remove log pictures
                    // see also picture.class.php: delete()

                    $rs = sql(
                        "SELECT `id`, `url` FROM `pictures` WHERE `object_type`=1 AND `object_id`='&1'",
                        $log_id
                    );

                    while ($r = sql_fetch_assoc($rs)) {
                        if (!$ownlog) {
                            sql('SET @archive_picop=TRUE');
                        } else {
                            sql('SET @archive_picop=FALSE');
                        }

                        sql("DELETE FROM `pictures` WHERE `id`='&1'", $r['id']);
                        $archived = (sqlValue("SELECT `id` FROM `pictures_modified` WHERE `id`=" . $r['id'], 0) > 0);
                        $fna = mb_split('\\/', $r['url']);
                        $filename = end($fna);
                        $path = $opt['logic']['pictures']['dir'];
                        if (mb_substr($path, - 1, 1) != '/') {
                            $path .= '/';
                        }

                        if ($archived) {
                            @rename($path . $filename, $path . "deleted/" . $filename);
                        } else {
                            @unlink($path . $filename);
                        }

                        $path = $opt['logic']['pictures']['thumb_dir'];
                        if (mb_substr($path, - 1, 1) != '/') {
                            $path .= '/';
                        }
                        $path .= mb_strtoupper(mb_substr($filename, 0, 1)) . '/' .
                            mb_strtoupper(mb_substr($filename, 1, 1)) . '/';
                        @unlink($path . $filename); // Thumb

                        /* lib2 code would be ...
                        $rs = sql("SELECT `id` FROM `pictures` WHERE `object_type`=1 AND `object_id`='&1'", $log_id);
                        while ($r = sql_fetch_assoc($rs))
                        {
                            $pic = new picture($rs['id']);
                            $pic->delete();
                        }
                        sql_free_result($rs);
                        */
                    }
                    sql_free_result($rs);

                    // evtl. discard cache recommendation
                    Recommendation::discardRecommendation($log_id);

                    // move to archive, even if own log (uuids are used for OKAPI replication)
                    sql(
                        "INSERT IGNORE INTO `cache_logs_archived`
                         SELECT *, '0' AS `deletion_date`, '&2' AS `deleted_by`, 0 AS `restored_by`
                         FROM `cache_logs`
                         WHERE `cache_logs`.`id`='&1' LIMIT 1",
                        $log_id,
                        $usr['userid']
                    );

                    // remove log entry
                    sql("DELETE FROM `cache_logs` WHERE `cache_logs`.`id`='&1' LIMIT 1", $log_id);

                    // now tell OKAPI about the deletion;
                    // this will trigger an okapi_syncbase update, if OKAPI is installed:
                    sql("UPDATE `cache_logs_archived` SET `deletion_date`=NOW() WHERE `id`='&1'", $log_id);

                    // do not use slave server for the next time ...
                    db_slave_exclude();

                    StatisticPicture::deleteStatisticPicture($log_record['log_user_id']);

                    //cache anzeigen
                    tpl_redirect('viewcache.php?cacheid=' . urlencode($log_record['cache_id']));
                    exit;
                }

                // quickfix: this is coded in res_logentry_logitem.tpl (after smarty migration)
                switch ($log_record['log_type']) {
                    case 1:
                        $sLogTypeText = t('%1 found the Geocache', $log_record['log_username']);
                        break;
                    case 2:
                        $sLogTypeText = t("%1 didn't find the Geoacache", $log_record['log_username']);
                        break;
                    case 3:
                        $sLogTypeText = t('%1 wrote a note', $log_record['log_username']);
                        break;
                    case 7:
                        $sLogTypeText = t('%1 has visited the event', $log_record['log_username']);
                        break;
                    case 8:
                        $sLogTypeText = t('%1 wants to visit the event', $log_record['log_username']);
                        break;
                    default:
                        $sLogTypeText = $log_record['log_username'];
                        break;
                }

                tpl_set_var('cachename', htmlspecialchars($log_record['cache_name'], ENT_COMPAT, 'UTF-8'));
                tpl_set_var('cacheid', htmlspecialchars($log_record['cache_id'], ENT_COMPAT, 'UTF-8'));
                tpl_set_var('logid_urlencode', htmlspecialchars(urlencode($log_id), ENT_COMPAT, 'UTF-8'));
                tpl_set_var('logid', htmlspecialchars($log_id, ENT_COMPAT, 'UTF-8'));

                $teamimg = "";
                if ($log_record['oc_team_comment']) {
                    $teamimg = '<img src="resource2/ocstyle/images/oclogo/oc-team-comment.png" title="' .
                        t('OC team comment') . '" /> ';
                }
                tpl_set_var('logimage', $teamimg . icon_log_type($log_record['icon_small'], ""));

                tpl_set_var(
                    'date',
                    htmlspecialchars(strftime($dateformat, strtotime($log_record['log_date'])), ENT_COMPAT, 'UTF-8')
                );
                tpl_set_var(
                    'time',
                    substr($log_record['log_date'], 11) == '00:00:00' ? '' : ', ' .
                        substr(
                            $log_record['log_date'],
                            11,
                            5
                        )
                );
                tpl_set_var('userid', htmlspecialchars($log_record['log_user_id'] + 0, ENT_COMPAT, 'UTF-8'));
                tpl_set_var('username', htmlspecialchars($log_record['log_username'], ENT_COMPAT, 'UTF-8'));
                tpl_set_var('typetext', htmlspecialchars($sLogTypeText, ENT_COMPAT, 'UTF-8'));
                tpl_set_var('logtext', $log_record['log_text']);
                tpl_set_var('log_user_name', htmlspecialchars($log_record['log_username'], ENT_COMPAT, 'UTF-8'));
            }
        }
    }
}

//make the template and send it out
tpl_BuildTemplate();


Push — development ( 171f18...98bd13 )

htdocs/removelog.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

1 path for user data to reach this point

General Strategies to prevent injection

1			<?php
2			/***************************************************************************
3			* for license information see doc/license.txt
4			*
5			* remove a cache log
6			*
7			* GET/POST-Parameter: logid
8			*
9			***************************************************************************/
10
11			use Oc\GeoCache\Recommendation;
12			use Oc\GeoCache\StatisticPicture;
13
14			require_once __DIR__ . '/lib/consts.inc.php';
15			$opt['gui'] = GUI_HTML;
16			require_once __DIR__ . '/lib/common.inc.php';
17			require_once $stylepath . '/lib/icons.inc.php';
18			require_once __DIR__ . '/lib2/edithelper.inc.php';
19			require_once __DIR__ . '/lib2/logic/logtypes.inc.php';
20
21			//Preprocessing
22			if ($error == false) {
23			//cacheid
24			$log_id = 0;
25			if (isset($_REQUEST['logid'])) {
26			$log_id = $_REQUEST['logid'];
27			}
28
29			if ($usr === false) {
30			$tplname = 'login';
31
32			tpl_set_var('username', '');
33			tpl_set_var('target', htmlspecialchars('removelog.php?logid=' . urlencode($log_id), ENT_COMPAT, 'UTF-8'));
34			tpl_set_var('message', $login_required);
35			tpl_set_var('message_start', '');
36			tpl_set_var('message_end', '');
37			tpl_set_var('helplink', helppagelink('login'));
38			} else {
39			$log_rs = sql(
40			"SELECT `cache_logs`.`node` AS `node`,
41			`cache_logs`.`uuid` AS `uuid`,
42			`cache_logs`.`cache_id` AS `cache_id`,
43			`caches`.`user_id` AS `cache_owner_id`,
44			`caches`.`name` AS `cache_name`,
45			`cache_logs`.`text` AS `log_text`,
46			`cache_logs`.`text_html`,
47			`cache_logs`.`type` AS `log_type`,
48			`cache_logs`.`oc_team_comment` AS `oc_team_comment`,
49			`cache_logs`.`user_id` AS `log_user_id`,
50			`cache_logs`.`date` AS `log_date`,
51			`log_types`.`icon_small` AS `icon_small`,
52			`user`.`username` AS `log_username`,
53			IFNULL(`user`.`language`,'&2') AS `log_user_language`,
54			`user`.`domain` AS `log_user_domain`,
55			`caches`.`wp_oc`,
56			`cache_status`.`allow_user_view`
57			FROM `cache_logs`, `caches`, `user`, `cache_status`, `log_types`
58			WHERE `cache_logs`.`id`='&1'
59			AND `cache_logs`.`user_id`=`user`.`user_id`
60			AND `caches`.`cache_id`=`cache_logs`.`cache_id`
61			AND `caches`.`status`=`cache_status`.`id`
62			AND `log_types`.`id`=`cache_logs`.`type`",
63			$log_id,
64			$opt['template']['default']['locale']
65			);
66
67			//log exists?
68			if (mysql_num_rows($log_rs) == 1) {
69			$log_record = sql_fetch_array($log_rs);
70			mysql_free_result($log_rs);
71
72			require $stylepath . '/removelog.inc.php';
73
74			if ($log_record['node'] != $oc_nodeid) {
75			tpl_errorMsg('removelog', $error_wrong_node);
76			exit;
77			}
78
79			if ($log_record['allow_user_view'] != 1 &&
80			$log_record['cache_owner_id'] != $usr['userid'] &&
81			!($usr['admin'] && ADMIN_USER)
82			) {
83			exit;
84			}
85
86			// deleted allowed by cache-owner or log-owner
87			if (($log_record['log_user_id'] == $usr['userid']) \|\| ($log_record['cache_owner_id'] == $usr['userid'])) {
88			$commit = isset($_REQUEST['commit']) ? $_REQUEST['commit'] : 0;
89
90			$ownlog = ($log_record['log_user_id'] == $usr['userid']);
91			if ($ownlog) {
92			// we are the log-owner
93			$tplname = 'removelog_logowner';
94			} else {
95			// we are the cache-owner
96			$tplname = 'removelog_cacheowner';
97
98			if ($commit == 1) {
99			//send email to logger
100			$removed_log_subject = removed_log_subject($log_record['log_user_language']);
101			$removed_message_title = removed_message_title($log_record['log_user_language']);
102			$email_content = fetch_email_template(
103			'removed_log',
104			$log_record['log_user_language'],
105			$log_record['log_user_domain']
106			);
107
108			$message = isset($_POST['logowner_message']) ? $_POST['logowner_message'] : '';
109			if ($message != '') {
110			//message to logger
111			$message = $removed_message_title . "\n" . $message . "\n" . $removed_message_end;
112			}
113
114			$logtext = html2plaintext(
115			$log_record['log_text'],
116			$log_record['text_html'] == 0,
117			EMAIL_LINEWRAP
118			);
119
120			//get cache owner name
121			$cache_owner_rs = sql(
122			"SELECT `username` FROM `user` WHERE `user_id`='&1'",
123			$log_record['cache_owner_id']
124			);
125			$cache_owner_record = sql_fetch_array($cache_owner_rs);
126			mysql_free_result($cache_owner_rs);
127
128			//get email address of logowner
129			$log_user_rs = sql(
130			"SELECT `email`, `username` FROM `user` WHERE `user_id`='&1'",
131			$log_record['log_user_id']
132			);
133			$log_user_record = sql_fetch_array($log_user_rs);
134			mysql_free_result($log_user_rs);
135
136			// insert log data
137			$email_content = mb_ereg_replace('%log_owner%', $log_user_record['username'], $email_content);
138			$email_content = mb_ereg_replace(
139			'%cache_owner%',
140			$cache_owner_record['username'],
141			$email_content
142			);
143			$email_content = mb_ereg_replace(
144			'%cache_owner_id%',
145			$log_record['cache_owner_id'],
146			$email_content
147			);
148			$email_content = mb_ereg_replace(
149			'%cache_name%',
150			$log_record['cache_name'],
151			$email_content
152			);
153			$email_content = mb_ereg_replace(
154			'%cache_wp%',
155			$log_record['wp_oc'],
156			$email_content
157			);
158			$email_content = mb_ereg_replace(
159			'%log_date%',
160			date($opt['locale'][$locale]['format']['phpdate'], strtotime($log_record['log_date'])),
161			$email_content
162			);
163			$email_content = mb_ereg_replace(
164			'%log_type%',
165			get_logtype_name($log_record['log_type'], $log_record['log_user_language']),
166			$email_content
167			);
168			$email_content = mb_ereg_replace('%log_text%', $logtext, $email_content);
169			$email_content = mb_ereg_replace('%comment%', $message, $email_content);
			0 ignored issues – show Security Code Execution introduced 2016-07-05 21:12 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$message` can contain request data and is used in code execution context(s) leading to a potential security vulnerability. 1 path for user data to reach this point Read from `$_POST,` and `$message` is assigned in htdocs/removelog.php on line 108 General Strategies to prevent injection In general, it is advisable to prevent any user-data to reach this point. This can be done by white-listing certain values: if ( ! in_array($value, array('this-is-allowed', 'and-this-too'), true)) { throw new \InvalidArgumentException('This input is not allowed.'); } For numeric data, we recommend to explicitly cast the data: $sanitized = (integer) $tainted; Loading history...
170
171			//send email
172			mb_send_mail($log_user_record['email'], $removed_log_subject, $email_content, $emailheaders);
173			}
174			}
175
176			if ($commit == 1) {
177			// remove log pictures
178			// see also picture.class.php: delete()
179
180			$rs = sql(
181			"SELECT `id`, `url` FROM `pictures` WHERE `object_type`=1 AND `object_id`='&1'",
182			$log_id
183			);
184
185			while ($r = sql_fetch_assoc($rs)) {
186			if (!$ownlog) {
187			sql('SET @archive_picop=TRUE');
188			} else {
189			sql('SET @archive_picop=FALSE');
190			}
191
192			sql("DELETE FROM `pictures` WHERE `id`='&1'", $r['id']);
193			$archived = (sqlValue("SELECT `id` FROM `pictures_modified` WHERE `id`=" . $r['id'], 0) > 0);
194			$fna = mb_split('\\/', $r['url']);
195			$filename = end($fna);
196			$path = $opt['logic']['pictures']['dir'];
197			if (mb_substr($path, - 1, 1) != '/') {
198			$path .= '/';
199			}
200
201			if ($archived) {
202			@rename($path . $filename, $path . "deleted/" . $filename);
203			} else {
204			@unlink($path . $filename);
205			}
206
207			$path = $opt['logic']['pictures']['thumb_dir'];
208			if (mb_substr($path, - 1, 1) != '/') {
209			$path .= '/';
210			}
211			$path .= mb_strtoupper(mb_substr($filename, 0, 1)) . '/' .
212			mb_strtoupper(mb_substr($filename, 1, 1)) . '/';
213			@unlink($path . $filename); // Thumb
214
215			/* lib2 code would be ...
216			$rs = sql("SELECT `id` FROM `pictures` WHERE `object_type`=1 AND `object_id`='&1'", $log_id);
217			while ($r = sql_fetch_assoc($rs))
218			{
219			$pic = new picture($rs['id']);
220			$pic->delete();
221			}
222			sql_free_result($rs);
223			*/
224			}
225			sql_free_result($rs);
226
227			// evtl. discard cache recommendation
228			Recommendation::discardRecommendation($log_id);
229
230			// move to archive, even if own log (uuids are used for OKAPI replication)
231			sql(
232			"INSERT IGNORE INTO `cache_logs_archived`
233			SELECT *, '0' AS `deletion_date`, '&2' AS `deleted_by`, 0 AS `restored_by`
234			FROM `cache_logs`
235			WHERE `cache_logs`.`id`='&1' LIMIT 1",
236			$log_id,
237			$usr['userid']
238			);
239
240			// remove log entry
241			sql("DELETE FROM `cache_logs` WHERE `cache_logs`.`id`='&1' LIMIT 1", $log_id);
242
243			// now tell OKAPI about the deletion;
244			// this will trigger an okapi_syncbase update, if OKAPI is installed:
245			sql("UPDATE `cache_logs_archived` SET `deletion_date`=NOW() WHERE `id`='&1'", $log_id);
246
247			// do not use slave server for the next time ...
248			db_slave_exclude();
249
250			StatisticPicture::deleteStatisticPicture($log_record['log_user_id']);
251
252			//cache anzeigen
253			tpl_redirect('viewcache.php?cacheid=' . urlencode($log_record['cache_id']));
254			exit;
255			}
256
257			// quickfix: this is coded in res_logentry_logitem.tpl (after smarty migration)
258			switch ($log_record['log_type']) {
259			case 1:
260			$sLogTypeText = t('%1 found the Geocache', $log_record['log_username']);
261			break;
262			case 2:
263			$sLogTypeText = t("%1 didn't find the Geoacache", $log_record['log_username']);
264			break;
265			case 3:
266			$sLogTypeText = t('%1 wrote a note', $log_record['log_username']);
267			break;
268			case 7:
269			$sLogTypeText = t('%1 has visited the event', $log_record['log_username']);
270			break;
271			case 8:
272			$sLogTypeText = t('%1 wants to visit the event', $log_record['log_username']);
273			break;
274			default:
275			$sLogTypeText = $log_record['log_username'];
276			break;
277			}
278
279			tpl_set_var('cachename', htmlspecialchars($log_record['cache_name'], ENT_COMPAT, 'UTF-8'));
280			tpl_set_var('cacheid', htmlspecialchars($log_record['cache_id'], ENT_COMPAT, 'UTF-8'));
281			tpl_set_var('logid_urlencode', htmlspecialchars(urlencode($log_id), ENT_COMPAT, 'UTF-8'));
282			tpl_set_var('logid', htmlspecialchars($log_id, ENT_COMPAT, 'UTF-8'));
283
284			$teamimg = "";
285			if ($log_record['oc_team_comment']) {
286			$teamimg = '<img src="resource2/ocstyle/images/oclogo/oc-team-comment.png" title="' .
287			t('OC team comment') . '" /> ';
288			}
289			tpl_set_var('logimage', $teamimg . icon_log_type($log_record['icon_small'], ""));
290
291			tpl_set_var(
292			'date',
293			htmlspecialchars(strftime($dateformat, strtotime($log_record['log_date'])), ENT_COMPAT, 'UTF-8')
294			);
295			tpl_set_var(
296			'time',
297			substr($log_record['log_date'], 11) == '00:00:00' ? '' : ', ' .
298			substr(
299			$log_record['log_date'],
300			11,
301			5
302			)
303			);
304			tpl_set_var('userid', htmlspecialchars($log_record['log_user_id'] + 0, ENT_COMPAT, 'UTF-8'));
305			tpl_set_var('username', htmlspecialchars($log_record['log_username'], ENT_COMPAT, 'UTF-8'));
306			tpl_set_var('typetext', htmlspecialchars($sLogTypeText, ENT_COMPAT, 'UTF-8'));
307			tpl_set_var('logtext', $log_record['log_text']);
308			tpl_set_var('log_user_name', htmlspecialchars($log_record['log_username'], ENT_COMPAT, 'UTF-8'));
309			}
310			}
311			}
312			}
313
314			//make the template and send it out
315			tpl_BuildTemplate();
316

OpencachingDeutschland / oc-server3

Push — development ( 171f18...98bd13 )

htdocs/removelog.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

1 path for user data to reach this point

General Strategies to prevent injection

Duplication Side-by-Side

Filter issues like