From 5d0ec593d2dddd1b1a9ce5b1a6da7d13527b2808 Mon Sep 17 00:00:00 2001 From: Jamin Blount Date: Sun, 5 Feb 2017 11:12:22 -0600 Subject: [PATCH] v1.1.11 ### 1.1.11 (3.26.2006) ### ### Thanks to r0xes & Adam. :) - Added recursive htmlspecialchars to the rest of the superglobal security in lib.php. - Fixed a bug that allowed blank passwords. - Updated copyright dates as necessary. --- help.php | 2 +- help_items.php | 2 +- help_levels.php | 2 +- help_monsters.php | 2 +- help_spells.php | 2 +- lib.php | 14 +++++++++++++- templates/admin.php | 2 +- templates/primary.php | 2 +- users.php | 1 + 9 files changed, 21 insertions(+), 8 deletions(-) diff --git a/help.php b/help.php index fe137a5..25d52fb 100644 --- a/help.php +++ b/help.php @@ -317,7 +317,7 @@ All original coding and graphics for the Dragon Knight game engine are &c [ Top ]

- +
Powered by Dragon Knight© 2003-2004 by renderse7enPowered by Dragon Knight© 2003-2006 by renderse7en
\ No newline at end of file diff --git a/help_items.php b/help_items.php index 5e999ae..1dac7eb 100644 --- a/help_items.php +++ b/help_items.php @@ -149,7 +149,7 @@ while ($itemsrow = mysql_fetch_array($itemsquery)) {
- +
Powered by Dragon Knight© 2003-2004 by renderse7enPowered by Dragon Knight© 2003-2006 by renderse7en
\ No newline at end of file diff --git a/help_levels.php b/help_levels.php index 36c0141..856ac36 100644 --- a/help_levels.php +++ b/help_levels.php @@ -135,7 +135,7 @@ while ($itemsrow = mysql_fetch_array($itemsquery)) { Experience points listed are total values up until that point. All other values are just the new amount that you gain for each level.

- +
Powered by Dragon Knight© 2003-2004 by renderse7enPowered by Dragon Knight© 2003-2006 by renderse7en
\ No newline at end of file diff --git a/help_monsters.php b/help_monsters.php index 27605c2..ac15f54 100644 --- a/help_monsters.php +++ b/help_monsters.php @@ -90,7 +90,7 @@ while ($itemsrow = mysql_fetch_array($itemsquery)) {
- +
Powered by Dragon Knight© 2003-2004 by renderse7enPowered by Dragon Knight© 2003-2006 by renderse7en
\ No newline at end of file diff --git a/help_spells.php b/help_spells.php index 3e31eef..42866a2 100644 --- a/help_spells.php +++ b/help_spells.php @@ -100,7 +100,7 @@ while ($itemsrow = mysql_fetch_array($itemsquery)) {
  • +Defense spells reduce the total damage you take from the monster by X percent until the end of each fight. - +
    Powered by Dragon Knight© 2003-2004 by renderse7enPowered by Dragon Knight© 2003-2006 by renderse7en
    \ No newline at end of file diff --git a/lib.php b/lib.php index 888d95b..32af9f5 100644 --- a/lib.php +++ b/lib.php @@ -2,7 +2,7 @@ $starttime = getmicrotime(); $numqueries = 0; -$version = "1.1.10b"; +$version = "1.1.11"; $build = ""; // Handling for servers with magic_quotes turned on. @@ -15,8 +15,11 @@ if (get_magic_quotes_gpc()) { } $_POST = array_map('addslashes_deep', $_POST); +$_POST = array_map('html_deep', $_POST); $_GET = array_map('addslashes_deep', $_GET); +$_GET = array_map('html_deep', $_GET); $_COOKIE = array_map('addslashes_deep', $_COOKIE); +$_COOKIE = array_map('html_deep', $_COOKIE); function stripslashes_deep($value) { @@ -36,6 +39,15 @@ function addslashes_deep($value) { } +function html_deep($value) { + + $value = is_array($value) ? + array_map('html_deep', $value) : + htmlspecialchars($value); + return $value; + +} + function opendb() { // Open database connection. include('config.php'); diff --git a/templates/admin.php b/templates/admin.php index 06764e4..d10fbb2 100644 --- a/templates/admin.php +++ b/templates/admin.php @@ -71,7 +71,7 @@ a:hover {
    - + THEVERYENDOFYOU; diff --git a/templates/primary.php b/templates/primary.php index 6b6b072..025c14c 100644 --- a/templates/primary.php +++ b/templates/primary.php @@ -82,7 +82,7 @@ winpops=window.open(popurl,"","width=520,height=520,scrollbars")
    Powered by Dragon Knight© 2003 by renderse7en{{totaltime}} Seconds, {{numqueries}} QueriesVersion {{version}} {{build}}Powered by Dragon Knight© 2003-2006 by renderse7en{{totaltime}} Seconds, {{numqueries}} QueriesVersion {{version}} {{build}}

    - +
    Powered by Dragon Knight© 2003-2004 by renderse7en{{totaltime}} Seconds, {{numqueries}} QueriesVersion {{version}} {{build}}Powered by Dragon Knight© 2003-2006 by renderse7en{{totaltime}} Seconds, {{numqueries}} QueriesVersion {{version}} {{build}}
    diff --git a/users.php b/users.php index 22b7357..4f2826b 100644 --- a/users.php +++ b/users.php @@ -44,6 +44,7 @@ function register() { // Register a new account. if (mysql_num_rows($emailquery) > 0) { $errors++; $errorlist .= "Email already taken - unique email address required.
    "; } // Process password. + if (trim($password1) == "") { $errors++; $errorlist .= "Password field is required.
    "; } if (preg_match("/[^A-z0-9_\-]/", $password1)==1) { $errors++; $errorlist .= "Password must be alphanumeric.
    "; } // Thanks to "Carlos Pires" from php.net! if ($password1 != $password2) { $errors++; $errorlist .= "Passwords don't match.
    "; } $password = md5($password1);