These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | /*************************************************************************** |
||
3 | * For license information see doc/license.txt * |
||
4 | * |
||
5 | * Delete duplicate log pictures (produced e.g. by Ocprop) |
||
6 | ***************************************************************************/ |
||
7 | |||
8 | checkJob(new PictureCleanup()); |
||
9 | |||
10 | class PictureCleanup |
||
11 | { |
||
12 | public $name = 'picture_cleanup'; |
||
13 | public $interval = 86400; |
||
14 | |||
15 | public function run() |
||
16 | { |
||
17 | $rsDuplicatePic = sql( |
||
18 | 'SELECT `object_id`, `title` |
||
19 | FROM `pictures` |
||
20 | WHERE `object_type`=1 |
||
21 | GROUP BY `object_id`, `title` |
||
22 | HAVING COUNT(*) > 1' |
||
23 | ); |
||
24 | |||
25 | while ($rDuplicatePic = sql_fetch_assoc($rsDuplicatePic)) { |
||
26 | $rsInstances = sql( |
||
27 | "SELECT `pictures`.`id` `picid`, `cache_logs`.`cache_id` `cache_id` |
||
28 | FROM `pictures` |
||
29 | LEFT JOIN `cache_logs` ON `cache_logs`.`id` = `pictures`.`object_id` |
||
30 | WHERE `pictures`.`object_type`=1 AND `pictures`.`object_id`='&1' AND `pictures`.`title`='&2' |
||
31 | ORDER BY `pictures`.`date_created`", |
||
32 | $rDuplicatePic['object_id'], |
||
33 | $rDuplicatePic['title'] |
||
34 | ); |
||
35 | |||
36 | $instances = sql_fetch_assoc_table($rsInstances); |
||
37 | foreach ($instances as &$instance) { |
||
38 | $instance['pic'] = new picture($instance['picid']); |
||
39 | $instance['filesize'] = @filesize($instance['pic']->getFilename()); |
||
40 | } |
||
41 | $countInstances = count($instances); |
||
42 | for ($n = 1; $n < $countInstances; ++ $n) { |
||
43 | if ($instances[$n]['filesize'] !== false) { |
||
44 | // ensure that pic is stored locally |
||
45 | for ($nn = $n - 1; $nn >= 0; -- $nn) { |
||
46 | if ($instances[$nn]['filesize'] === $instances[$n]['filesize'] |
||
47 | && file_get_contents($instances[$nn]['pic']->getFilename()) |
||
48 | === file_get_contents($instances[$n]['pic']->getFilename()) |
||
49 | ) { |
||
50 | $picture = $instances[$n]['pic']; |
||
51 | echo |
||
52 | 'deleting duplicate picture ' |
||
0 ignored issues
–
show
|
|||
53 | . $picture->getPictureId() . ' ("' . $picture->getTitle() . '")' |
||
54 | . ' from log ' . $rDuplicatePic['object_id'] |
||
55 | . ' of cache ' . $instances[$n]['cache_id'] . "\n"; |
||
56 | $picture->delete(false); |
||
57 | $instances[$n]['filesize'] = false; |
||
58 | break; |
||
59 | } |
||
60 | } |
||
61 | } |
||
62 | } |
||
63 | } |
||
64 | |||
65 | sql_free_result($rsDuplicatePic); |
||
66 | } |
||
67 | } |
||
68 |
'deleting duplicate pict...s[$n]['cache_id'] . ' '
can contain request data and is used in output context(s) leading to a potential security vulnerability.16 paths for user data to reach this point
$_REQUEST,
and$_REQUEST['newlist_name']
is passed through trim(), and$newListName
is assigned in htdocs/addtolist.php on line 26$_REQUEST,
and$_REQUEST['newlist_name']
is passed through trim(), and$newListName
is assignedin htdocs/addtolist.php on line 26
$newListName
is passed to cachelist::setNameAndVisibility()in htdocs/addtolist.php on line 38
$name
is passed through trim(), and$name
is assignedin htdocs/lib2/logic/cachelist.class.php on line 97
$name
is passed through trim(), andtrim($name)
is passed to rowEditor::setValue()in htdocs/lib2/logic/cachelist.class.php on line 117
$sFormatedValue
is assignedin htdocs/lib2/rowEditor.class.php on line 521
in htdocs/lib2/rowEditor.class.php on line 531
in htdocs/lib2/rowEditor.class.php on line 475
in htdocs/lib2/logic/picture.class.php on line 595
in htdocs/lib2/logic/picture.class.php on line 138
in htdocs/util2/cron/modules/picture_cleanup.class.php on line 53
$_REQUEST,
and$_REQUEST['statpic_style']
is passed to statpic::setStyle() in htdocs/change_statpic.php on line 33$_REQUEST,
and$_REQUEST['statpic_style']
is passed to statpic::setStyle()in htdocs/change_statpic.php on line 33
$value
is passed to rowEditor::setValue()in htdocs/lib2/logic/statpic.class.php on line 31
$sFormatedValue
is assignedin htdocs/lib2/rowEditor.class.php on line 521
in htdocs/lib2/rowEditor.class.php on line 531
in htdocs/lib2/rowEditor.class.php on line 475
in htdocs/lib2/logic/picture.class.php on line 595
in htdocs/lib2/logic/picture.class.php on line 138
in htdocs/util2/cron/modules/picture_cleanup.class.php on line 53
$_REQUEST,
and$_REQUEST['statpic_text']
is passed to statpic::setText() in htdocs/change_statpic.php on line 26$_REQUEST,
and$_REQUEST['statpic_text']
is passed to statpic::setText()in htdocs/change_statpic.php on line 26
$value
is passed to rowEditor::setValue()in htdocs/lib2/logic/statpic.class.php on line 47
$sFormatedValue
is assignedin htdocs/lib2/rowEditor.class.php on line 521
in htdocs/lib2/rowEditor.class.php on line 531
in htdocs/lib2/rowEditor.class.php on line 475
in htdocs/lib2/logic/picture.class.php on line 595
in htdocs/lib2/logic/picture.class.php on line 138
in htdocs/util2/cron/modules/picture_cleanup.class.php on line 53
$_REQUEST,
and$list_password
is assigned in htdocs/mylists.php on line 20$_REQUEST,
and$list_password
is assignedin htdocs/mylists.php on line 20
$list_password
is passed to cachelist::setPassword()in htdocs/mylists.php on line 58
$pw
is passed to rowEditor::setValue()in htdocs/lib2/logic/cachelist.class.php on line 151
$sFormatedValue
is assignedin htdocs/lib2/rowEditor.class.php on line 521
in htdocs/lib2/rowEditor.class.php on line 531
in htdocs/lib2/rowEditor.class.php on line 475
in htdocs/lib2/logic/picture.class.php on line 595
in htdocs/lib2/logic/picture.class.php on line 138
in htdocs/util2/cron/modules/picture_cleanup.class.php on line 53
$_REQUEST,
and$title
is assigned in htdocs/picture.php on line 82$_REQUEST,
and$title
is assignedin htdocs/picture.php on line 82
$title
is passed to picture::setTitle()in htdocs/picture.php on line 87
$value
is passed to rowEditor::setValue()in htdocs/lib2/logic/picture.class.php on line 236
$sFormatedValue
is assignedin htdocs/lib2/rowEditor.class.php on line 521
in htdocs/lib2/rowEditor.class.php on line 531
in htdocs/lib2/rowEditor.class.php on line 475
in htdocs/lib2/logic/picture.class.php on line 595
in htdocs/lib2/logic/picture.class.php on line 138
in htdocs/util2/cron/modules/picture_cleanup.class.php on line 53
$_REQUEST,
and$title
is assigned in htdocs/picture.php on line 169$_REQUEST,
and$title
is assignedin htdocs/picture.php on line 169
$title
is passed to picture::setTitle()in htdocs/picture.php on line 173
$value
is passed to rowEditor::setValue()in htdocs/lib2/logic/picture.class.php on line 236
$sFormatedValue
is assignedin htdocs/lib2/rowEditor.class.php on line 521
in htdocs/lib2/rowEditor.class.php on line 531
in htdocs/lib2/rowEditor.class.php on line 475
in htdocs/lib2/logic/picture.class.php on line 595
in htdocs/lib2/logic/picture.class.php on line 138
in htdocs/util2/cron/modules/picture_cleanup.class.php on line 53
$_REQUEST,
and$_REQUEST['firstName']
is passed through trim(), andtrim($_REQUEST['firstName'])
is passed to user::setFirstName() in htdocs/myprofile.php on line 60$_REQUEST,
and$_REQUEST['firstName']
is passed through trim(), andtrim($_REQUEST['firstName'])
is passed to user::setFirstName()in htdocs/myprofile.php on line 60
$value
is passed to rowEditor::setValue()in htdocs/lib2/logic/user.class.php on line 230
$sFormatedValue
is assignedin htdocs/lib2/rowEditor.class.php on line 521
in htdocs/lib2/rowEditor.class.php on line 531
in htdocs/lib2/rowEditor.class.php on line 475
in htdocs/lib2/logic/picture.class.php on line 595
in htdocs/lib2/logic/picture.class.php on line 138
in htdocs/util2/cron/modules/picture_cleanup.class.php on line 53
$_POST,
and$first_name
is assigned in htdocs/register.php on line 17$_POST,
and$first_name
is assignedin htdocs/register.php on line 17
$first_name
is passed to user::setFirstName()in htdocs/register.php on line 40
$value
is passed to rowEditor::setValue()in htdocs/lib2/logic/user.class.php on line 230
$sFormatedValue
is assignedin htdocs/lib2/rowEditor.class.php on line 521
in htdocs/lib2/rowEditor.class.php on line 531
in htdocs/lib2/rowEditor.class.php on line 475
in htdocs/lib2/logic/picture.class.php on line 595
in htdocs/lib2/logic/picture.class.php on line 138
in htdocs/util2/cron/modules/picture_cleanup.class.php on line 53
$_REQUEST,
and$_REQUEST['lastName']
is passed through trim(), andtrim($_REQUEST['lastName'])
is passed to user::setLastName() in htdocs/myprofile.php on line 68$_REQUEST,
and$_REQUEST['lastName']
is passed through trim(), andtrim($_REQUEST['lastName'])
is passed to user::setLastName()in htdocs/myprofile.php on line 68
$value
is passed to rowEditor::setValue()in htdocs/lib2/logic/user.class.php on line 250
$sFormatedValue
is assignedin htdocs/lib2/rowEditor.class.php on line 521
in htdocs/lib2/rowEditor.class.php on line 531
in htdocs/lib2/rowEditor.class.php on line 475
in htdocs/lib2/logic/picture.class.php on line 595
in htdocs/lib2/logic/picture.class.php on line 138
in htdocs/util2/cron/modules/picture_cleanup.class.php on line 53
$_POST,
and$last_name
is assigned in htdocs/register.php on line 16$_POST,
and$last_name
is assignedin htdocs/register.php on line 16
$last_name
is passed to user::setLastName()in htdocs/register.php on line 44
$value
is passed to rowEditor::setValue()in htdocs/lib2/logic/user.class.php on line 250
$sFormatedValue
is assignedin htdocs/lib2/rowEditor.class.php on line 521
in htdocs/lib2/rowEditor.class.php on line 531
in htdocs/lib2/rowEditor.class.php on line 475
in htdocs/lib2/logic/picture.class.php on line 595
in htdocs/lib2/logic/picture.class.php on line 138
in htdocs/util2/cron/modules/picture_cleanup.class.php on line 53
$_POST,
and$email
is assigned in htdocs/register.php on line 20$_POST,
and$email
is assignedin htdocs/register.php on line 20
$email
is passed to user::setEMail()in htdocs/register.php on line 30
$value
is passed to rowEditor::setValue()in htdocs/lib2/logic/user.class.php on line 180
$sFormatedValue
is assignedin htdocs/lib2/rowEditor.class.php on line 521
in htdocs/lib2/rowEditor.class.php on line 531
in htdocs/lib2/rowEditor.class.php on line 475
in htdocs/lib2/logic/picture.class.php on line 595
in htdocs/lib2/logic/picture.class.php on line 138
in htdocs/util2/cron/modules/picture_cleanup.class.php on line 53
$_REQUEST,
and$_REQUEST['username']
is passed through trim(), andtrim($_REQUEST['username'])
is passed to user::setUsername() in htdocs/myprofile.php on line 52$_REQUEST,
and$_REQUEST['username']
is passed through trim(), andtrim($_REQUEST['username'])
is passed to user::setUsername()in htdocs/myprofile.php on line 52
$value
is passed to rowEditor::setValue()in htdocs/lib2/logic/user.class.php on line 161
$sFormatedValue
is assignedin htdocs/lib2/rowEditor.class.php on line 521
in htdocs/lib2/rowEditor.class.php on line 531
in htdocs/lib2/rowEditor.class.php on line 475
in htdocs/lib2/logic/picture.class.php on line 595
in htdocs/lib2/logic/picture.class.php on line 138
in htdocs/util2/cron/modules/picture_cleanup.class.php on line 53
$_POST,
and$username
is assigned in htdocs/register.php on line 15$_POST,
and$username
is assignedin htdocs/register.php on line 15
$username
is passed to user::setUsername()in htdocs/register.php on line 35
$value
is passed to rowEditor::setValue()in htdocs/lib2/logic/user.class.php on line 161
$sFormatedValue
is assignedin htdocs/lib2/rowEditor.class.php on line 521
in htdocs/lib2/rowEditor.class.php on line 531
in htdocs/lib2/rowEditor.class.php on line 475
in htdocs/lib2/logic/picture.class.php on line 595
in htdocs/lib2/logic/picture.class.php on line 138
in htdocs/util2/cron/modules/picture_cleanup.class.php on line 53
$_FILES,
and$_FILES['file']['name']
is passed to picture::setFilenames() in htdocs/picture.php on line 124$_FILES,
and$_FILES['file']['name']
is passed to picture::setFilenames()in htdocs/picture.php on line 124
$sFilename
is passed through substr(), andsubstr($sFilename, strrpos($sFilename, '.') + 1)
is passed through mb_strtolower(), and$sExtension
is assignedin htdocs/lib2/logic/picture.class.php on line 123
$opt['logic']['pictures']['url'] . $sUUID . '.' . $sExtension
is passed to picture::setUrl()in htdocs/lib2/logic/picture.class.php on line 128
$value
is passed to rowEditor::setValue()in htdocs/lib2/logic/picture.class.php on line 201
$sFormatedValue
is assignedin htdocs/lib2/rowEditor.class.php on line 521
in htdocs/lib2/rowEditor.class.php on line 531
in htdocs/lib2/rowEditor.class.php on line 475
in htdocs/lib2/logic/picture.class.php on line 595
in htdocs/lib2/logic/picture.class.php on line 138
in htdocs/util2/cron/modules/picture_cleanup.class.php on line 53
$_FILES,
and$_FILES['file']['name']
is escaped by pathinfo() for file context(s), and$fname
is assigned in htdocs/picture.php on line 117$_FILES,
and$_FILES['file']['name']
is escaped by pathinfo() for file context(s), and$fname
is assignedin htdocs/picture.php on line 117
$fname
is passed through mb_strtolower(), andmb_strtolower($fname) . '.jpg'
is passed to picture::setFilenames()in htdocs/picture.php on line 130
$sFilename
is passed through substr(), andsubstr($sFilename, strrpos($sFilename, '.') + 1)
is passed through mb_strtolower(), and$sExtension
is assignedin htdocs/lib2/logic/picture.class.php on line 123
$opt['logic']['pictures']['url'] . $sUUID . '.' . $sExtension
is passed to picture::setUrl()in htdocs/lib2/logic/picture.class.php on line 128
$value
is passed to rowEditor::setValue()in htdocs/lib2/logic/picture.class.php on line 201
$sFormatedValue
is assignedin htdocs/lib2/rowEditor.class.php on line 521
in htdocs/lib2/rowEditor.class.php on line 531
in htdocs/lib2/rowEditor.class.php on line 475
in htdocs/lib2/logic/picture.class.php on line 595
in htdocs/lib2/logic/picture.class.php on line 138
in htdocs/util2/cron/modules/picture_cleanup.class.php on line 53
$_REQUEST,
and$_REQUEST['list_name']
is passed through trim(), and$list_name
is assigned in htdocs/mylists.php on line 18$_REQUEST,
and$_REQUEST['list_name']
is passed through trim(), and$list_name
is assignedin htdocs/mylists.php on line 18
$list_name
is passed to cachelist::setNameAndVisibility()in htdocs/mylists.php on line 53
$name
is passed through trim(), and$name
is assignedin htdocs/lib2/logic/cachelist.class.php on line 97
$name
is passed through trim(), andtrim($name)
is passed to rowEditor::setValue()in htdocs/lib2/logic/cachelist.class.php on line 117
$sFormatedValue
is assignedin htdocs/lib2/rowEditor.class.php on line 521
in htdocs/lib2/rowEditor.class.php on line 531
in htdocs/lib2/rowEditor.class.php on line 475
in htdocs/lib2/logic/picture.class.php on line 595
in htdocs/lib2/logic/picture.class.php on line 138
in htdocs/util2/cron/modules/picture_cleanup.class.php on line 53
Preventing Cross-Site-Scripting Attacks
Cross-Site-Scripting allows an attacker to inject malicious code into your website - in particular Javascript code, and have that code executed with the privileges of a visiting user. This can be used to obtain data, or perform actions on behalf of that visiting user.
In order to prevent this, make sure to escape all user-provided data:
General Strategies to prevent injection
In general, it is advisable to prevent any user-data to reach this point. This can be done by white-listing certain values:
For numeric data, we recommend to explicitly cast the data: