if (isset($_GET["dist"]) && isset($_GET["arch"]))
{
- $dist = basename($_GET["dist"]);
- $arch = basename($_GET["arch"]);
+ $dist = $_GET["dist"];
+ $dist = basename(htmlspecialchars($dist, ENT_QUOTES, 'UTF-8'));
+ $arch = $_GET["arch"];
+ $arch = basename(htmlspecialchars($arch, ENT_QUOTES, 'UTF-8'));
}
if (isset($_POST["dist"])) $dist = basename($_POST["dist"]);
if (isset($_POST["arch"])) $arch = basename($_POST["arch"]);
if (isset($_GET["name"])) {
- $name_url = urlencode($_GET["name"]);
- $name = basename($_GET["name"]);
+ $name_url = urlencode($_GET["name"]);
+ $name = $_GET["name"];
+ $name = $dist = basename(htmlspecialchars($name, ENT_QUOTES, 'UTF-8'));
}
if (isset($_GET["ok"]))$ok=(int)$_GET["ok"];
else $ok="";
else $ns="";
if (isset($_GET["cnt"]))$cnt=(int)$_GET["cnt"];
else $cnt = 50;
-if (isset($_GET["action"]))$action=$_GET["action"];
-else $action="";
+if (isset($_GET["action"])) {
+ $action = $_GET["action"];
+ $action = htmlspecialchars($action, ENT_QUOTES, 'UTF-8');
+} else
+ $action="";
if (isset($_GET["off"]))$off=(int)$_GET["off"];
else $off = 0;
-if (isset($_GET["id"]))$id=$_GET["id"];
+if (isset($_GET["id"])) {
+ $id = $_GET["id"];
+ $id = htmlspecialchars($id, ENT_QUOTES, 'UTF-8');
+}
-if (isset($_POST["str"]))$str=$_POST["str"];
-if (isset($_POST["action"]))$action=$_POST["action"];
+if (isset($_POST["str"])) {
+ $str = $_POST["str"];
+ $str = htmlspecialchars($str, ENT_QUOTES, 'UTF-8');
+}
+if (isset($_POST["action"])) {
+ $action = $_POST["action"];
+ $action = htmlspecialchars($action, ENT_QUOTES, 'UTF-8');
+}
if (isset($arch) && $arch == "src")
$arch = "SRPMS";
global $big_url, $ns;
global $off, $cnt, $root_directory, $url;
- $big_url = "$url?dist=$dist&arch=$arch&ok=$ok&ns=$ns&cnt=$cnt";
+ $query_data = array(
+ 'dist' => $dist,
+ 'arch' => $arch,
+ 'ok' => $ok,
+ 'ns' => $ns,
+ 'cnt' => $cnt);
+ $big_url = $url . '?' . http_build_query($query_data);
if ($ok == 1) {
echo "<h1>"._("Listing of")." $dist/$arch/OK "
if ($ns == 0) $order = "mtime DESC";
else $order = "name";
- $query = "SELECT log_id, dist, arch, ok, name, mtime, size, id FROM logs WHERE "
- . "dist = '$dist' AND arch = '$arch' AND ok = $ok ORDER BY $order LIMIT $cnt OFFSET $off";
+ $query = "SELECT log_id, dist, arch, ok, name, mtime, size, id FROM logs WHERE
+ dist = :dist AND arch = :arch AND ok = :ok ORDER BY $order LIMIT :limitnr OFFSET :offset ";
try {
$dbh = new PDO("$database");
+ $dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
+ $dbh->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC);
} catch (PDOException $e) {
mydie("new PDO: " . $e->getMessage());
}
$now = time();
$i = $off;
- foreach ($dbh->query("$query") as $row) {
- $name = $row["name"];
- $id = $row["id"];
- $dist = $row["dist"];
- $arch = $row["arch"];
+ $stmt = $dbh->prepare($query);
+ $stmt->bindParam(':dist', $dist, PDO::PARAM_STR);
+ $stmt->bindParam(':arch', $arch, PDO::PARAM_STR);
+ $stmt->bindParam(':ok', $ok, PDO::PARAM_INT);
+ $stmt->bindParam(':limitnr', $cnt, PDO::PARAM_INT);
+ $stmt->bindParam(':offset', $off, PDO::PARAM_INT);
+ $stmt->execute([$dist, $arch, $ok, $cnt, $off]);
+ while ($row = $stmt->fetch()) {
+ $name = $row["name"];
+ $id = $row["id"];
+ $dist = $row["dist"];
+ $arch = $row["arch"];
$f = $name;
- $name_url = urlencode($name);
+ $name_url = urlencode($name);
$t = $now - $row["mtime"];
$s = $row["size"];
$h = $row["log_id"];
$t = round($t);
$t = $t . " " . ngettext("minute","minutes",$t);
}
- $u = "$url?dist=$dist&arch=$arch&ok=$ok&name=$name_url&id=$id";
+ $url_data = array(
+ 'dist' => $dist,
+ 'arch' => $arch,
+ 'ok' => $ok,
+ 'name' => $name_url,
+ 'id' => $id);
+ $u = $url . '?' . http_build_query($url_data);
echo "<tr><td bgcolor=\"#CCCCCC\" align=\"right\">".($i+1).".</td>".
- "<td bgcolor=\"#CCCCCC\"><a href=\"$u\">$f</a> ".
+ "<td bgcolor=\"#CCCCCC\"><a href=\"$u\">".htmlspecialchars($f, ENT_QUOTES, 'UTF-8')."</a> ".
"[<a href=\"$u&action=text\">"._("text")."</a> | ".
"<a href=\"$u&action=tail\">"._("tail")."</a>]".
"</td><td bgcolor=\"#CCCCCC\" align=\"right\">".
projects / projects / buildlogs.git / commitdiff