#4778: Fixed injections for these files. There is one problem remain on edit_mark...

diff --git a/docs/mods/_core/glossary/tools/edit.php b/docs/mods/_core/glossary/tools/edit.php
index 14df3f2..9499699 100644 (file)
--- a/docs/mods/_core/glossary/tools/edit.php
+++ b/docs/mods/_core/glossary/tools/edit.php
@@ -50,6 +50,7 @@ if ($_POST['submit']) {
        if (!$msg->containsErrors()) {\r
                $_POST['word']  = $addslashes($_POST['word']);\r
                $_POST['definition']  = $addslashes($_POST['definition']);\r
+               $_POST['gid'] = intval($_POST['gid']);\r
 \r
                $sql = "UPDATE ".TABLE_PREFIX."glossary SET word='$_POST[word]', definition='$_POST[definition]', related_word_id=$_POST[related_term] WHERE word_id=$_POST[gid] AND course_id=$_SESSION[course_id]";\r
                \r
@@ -147,4 +148,4 @@ if ($_POST['submit']) {
 </div>\r
 </form>\r
 \r
-<?php require (AT_INCLUDE_PATH.'footer.inc.php'); ?>
\ No newline at end of file
+<?php require (AT_INCLUDE_PATH.'footer.inc.php'); ?>\r

diff --git a/docs/mods/_standard/gradebook/gradebook_add_tests.php b/docs/mods/_standard/gradebook/gradebook_add_tests.php
index fa9904d..9792a4b 100644 (file)
--- a/docs/mods/_standard/gradebook/gradebook_add_tests.php
+++ b/docs/mods/_standard/gradebook/gradebook_add_tests.php
@@ -46,6 +46,7 @@ function add_test($test_id, $title)
 \r
        if ($no_error)  // add into gradebook\r
        {\r
+           $_POST["selected_grade_scale_id"] = intval($_POST["selected_grade_scale_id"]);\r
                $sql_insert = "INSERT INTO ".TABLE_PREFIX."gradebook_tests (id, type, grade_scale_id)\r
                               VALUES (". $test_id. ", 'ATutor Test', ".$_POST["selected_grade_scale_id"].")";\r
                $result_insert = mysql_query($sql_insert, $db) or die(mysql_error());\r
@@ -55,6 +56,7 @@ function add_test($test_id, $title)
 function add_assignment($assignment_id)\r
 {\r
        global $db;\r
+       $_POST["selected_grade_scale_id"] = intval($_POST["selected_grade_scale_id"]);\r
        \r
        $sql_insert = "INSERT INTO ".TABLE_PREFIX."gradebook_tests (id, type, grade_scale_id)\r
                       VALUES (". $assignment_id. ", 'ATutor Assignment', ".$_POST["selected_grade_scale_id"].")";\r
@@ -139,6 +141,14 @@ else if (isset($_POST['addExternalTest']))
 \r
        if (!$msg->containsErrors()) \r
        {\r
+           $_POST["year_due"] = intval($_POST["year_due"]);\r
+           $_POST["month_due"] = intval($_POST["month_due"]);\r
+           $_POST["day_due"] = intval($_POST["day_due"]);\r
+           $_POST["hour_due"] = intval($_POST["hour_due"]);\r
+           $_POST["min_due"] = intval($_POST["min_due"]);\r
+           $_POST["title"] = $addslashes($_POST["title"]);\r
+           $_POST["selected_grade_scale_id"] = intval($_POST["selected_grade_scale_id"]);\r
+           \r
                if ($_POST["has_due_date"] == 'true')\r
                        $date_due = $_POST["year_due"]. '-' .str_pad ($_POST["month_due"], 2, "0", STR_PAD_LEFT). '-' .str_pad ($_POST["day_due"], 2, "0", STR_PAD_LEFT). ' '.str_pad ($_POST["hour_due"], 2, "0", STR_PAD_LEFT). ':' .str_pad ($_POST["min_due"], 2, "0", STR_PAD_LEFT) . ':00';\r
 \r
@@ -251,7 +261,7 @@ else
 \r
        <div class="row">\r
                <span class="required" title="<?php echo _AT('required_field'); ?>">*</span><label for="title"><?php echo _AT('title'); ?></label><br />\r
-               <input type="text" name="title" id="title" size="30" value="<?php echo $_POST['title']; ?>" />\r
+               <input type="text" name="title" id="title" size="30" value="<?php echo AT_print($_POST['title'], 'input.title'); ?>" />\r
        </div>\r
 \r
        <div class="row">\r

diff --git a/docs/mods/_standard/gradebook/gradebook_edit_tests.php b/docs/mods/_standard/gradebook/gradebook_edit_tests.php
index 5210f79..1f4b2f2 100644 (file)
--- a/docs/mods/_standard/gradebook/gradebook_edit_tests.php
+++ b/docs/mods/_standard/gradebook/gradebook_edit_tests.php
@@ -28,6 +28,14 @@ if (isset($_POST['cancel']))
 else if (isset($_POST['save'])) \r
 {\r
        $missing_fields = array();\r
+       $_POST["selected_grade_scale_id"] = intval($_POST["selected_grade_scale_id"]);\r
+       $_REQUEST["gradebook_test_id"] = intval($_REQUEST["gradebook_test_id"]);\r
+       $_GET['gradebook_test_id'] = intval($_GET['gradebook_test_id']);\r
+       $_POST["year_due"] = intval($_POST["year_due"]);\r
+       $_POST["month_due"] = intval($_POST["month_due"]);\r
+       $_POST["day_due"] = intval($_POST["day_due"]);\r
+       $_POST["hour_due"] = intval($_POST["hour_due"]);\r
+       $_POST["min_due"] = intval($_POST["min_due"]);\r
 \r
        if (isset($_POST['title']) && $_POST['title'] == '') {\r
                $missing_fields[] = _AT('title');\r