Sky/Dragon-Knight
Sky/Dragon-Knight
1
0
Fork 0
Code Issues Pull Requests Activity

v1.1.11

Browse Source 
### 1.1.11 (3.26.2006) ###
### Thanks to r0xes & Adam. :)
- Added recursive htmlspecialchars to the rest of the superglobal
security in lib.php.
- Fixed a bug that allowed blank passwords.
- Updated copyright dates as necessary.
This commit is contained in:
Jamin Blount 2017-02-05 11:12:22 -06:00
parent 00528a7396
commit 5d0ec593d2
9 changed files with 21 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
help.php
View File

@ -317,7 +317,7 @@ All original coding and graphics for the <i>Dragon Knight</i> game engine are &c
[ <a href="#top">Top</a> ] [ <a href="#top">Top</a> ]
<br /><br /> <br /><br />
<table class="copyright" width="100%"><tr> <table class="copyright" width="100%"><tr>
<td width="50%" align="center">Powered by <a href="http://dragon.se7enet.com/dev.php" target="_new">Dragon Knight</a></td><td width="50%" align="center">&copy; 2003-2004 by renderse7en</td> <td width="50%" align="center">Powered by <a href="http://dragon.se7enet.com/dev.php" target="_new">Dragon Knight</a></td><td width="50%" align="center">&copy; 2003-2006 by renderse7en</td>
</tr></table> </tr></table>
</body> </body>
</html> </html>

2
help_items.php
View File

@ -149,7 +149,7 @@ while ($itemsrow = mysql_fetch_array($itemsquery)) {
</table> </table>
<br /> <br />
<table class="copyright" width="100%"><tr> <table class="copyright" width="100%"><tr>
<td width="50%" align="center">Powered by <a href="http://dragon.se7enet.com/dev.php" target="_new">Dragon Knight</a></td><td width="50%" align="center">&copy; 2003-2004 by renderse7en</td> <td width="50%" align="center">Powered by <a href="http://dragon.se7enet.com/dev.php" target="_new">Dragon Knight</a></td><td width="50%" align="center">&copy; 2003-2006 by renderse7en</td>
</tr></table> </tr></table>
</body> </body>
</html> </html>

2
help_levels.php
View File

@ -135,7 +135,7 @@ while ($itemsrow = mysql_fetch_array($itemsquery)) {
Experience points listed are total values up until that point. All other values are just the new amount that you gain for each level. Experience points listed are total values up until that point. All other values are just the new amount that you gain for each level.
<br /><br /> <br /><br />
<table class="copyright" width="100%"><tr> <table class="copyright" width="100%"><tr>
<td width="50%" align="center">Powered by <a href="http://dragon.se7enet.com/dev.php" target="_new">Dragon Knight</a></td><td width="50%" align="center">&copy; 2003-2004 by renderse7en</td> <td width="50%" align="center">Powered by <a href="http://dragon.se7enet.com/dev.php" target="_new">Dragon Knight</a></td><td width="50%" align="center">&copy; 2003-2006 by renderse7en</td>
</tr></table> </tr></table>
</body> </body>
</html> </html>

2
help_monsters.php
View File

@ -90,7 +90,7 @@ while ($itemsrow = mysql_fetch_array($itemsquery)) {
</table> </table>
<br /> <br />
<table class="copyright" width="100%"><tr> <table class="copyright" width="100%"><tr>
<td width="50%" align="center">Powered by <a href="http://dragon.se7enet.com/dev.php" target="_new">Dragon Knight</a></td><td width="50%" align="center">&copy; 2003-2004 by renderse7en</td> <td width="50%" align="center">Powered by <a href="http://dragon.se7enet.com/dev.php" target="_new">Dragon Knight</a></td><td width="50%" align="center">&copy; 2003-2006 by renderse7en</td>
</tr></table> </tr></table>
</body> </body>
</html> </html>

2
help_spells.php
View File

@ -100,7 +100,7 @@ while ($itemsrow = mysql_fetch_array($itemsquery)) {
<li /><b>+Defense</b> spells reduce the total damage you take from the monster by X percent until the end of each fight. <li /><b>+Defense</b> spells reduce the total damage you take from the monster by X percent until the end of each fight.
</ul> </ul>
<table class="copyright" width="100%"><tr> <table class="copyright" width="100%"><tr>
<td width="50%" align="center">Powered by <a href="http://dragon.se7enet.com/dev.php" target="_new">Dragon Knight</a></td><td width="50%" align="center">&copy; 2003-2004 by renderse7en</td> <td width="50%" align="center">Powered by <a href="http://dragon.se7enet.com/dev.php" target="_new">Dragon Knight</a></td><td width="50%" align="center">&copy; 2003-2006 by renderse7en</td>
</tr></table> </tr></table>
</body> </body>
</html> </html>

14
lib.php
View File

@ -2,7 +2,7 @@
$starttime = getmicrotime(); $starttime = getmicrotime();
$numqueries = 0; $numqueries = 0;
$version = "1.1.10b"; $version = "1.1.11";
$build = ""; $build = "";
// Handling for servers with magic_quotes turned on. // Handling for servers with magic_quotes turned on.
@ -15,8 +15,11 @@ if (get_magic_quotes_gpc()) {
} }
$_POST = array_map('addslashes_deep', $_POST); $_POST = array_map('addslashes_deep', $_POST);
$_POST = array_map('html_deep', $_POST);
$_GET = array_map('addslashes_deep', $_GET); $_GET = array_map('addslashes_deep', $_GET);
$_GET = array_map('html_deep', $_GET);
$_COOKIE = array_map('addslashes_deep', $_COOKIE); $_COOKIE = array_map('addslashes_deep', $_COOKIE);
$_COOKIE = array_map('html_deep', $_COOKIE);
function stripslashes_deep($value) { function stripslashes_deep($value) {
@ -36,6 +39,15 @@ function addslashes_deep($value) {
} }
function html_deep($value) {
$value = is_array($value) ?
array_map('html_deep', $value) :
htmlspecialchars($value);
return $value;
}
function opendb() { // Open database connection. function opendb() { // Open database connection.
include('config.php'); include('config.php');

2
templates/admin.php
View File

@ -71,7 +71,7 @@ a:hover {
</td></tr></table> </td></tr></table>
<br /> <br />
<table class="copyright" width="90%"><tr> <table class="copyright" width="90%"><tr>
<td width="25%" align="center">Powered by <a href="http://dragon.se7enet.com/dev.php" target="_new">Dragon Knight</a></td><td width="25%" align="center">&copy; 2003 by renderse7en</td><td width="25%" align="center">{{totaltime}} Seconds, {{numqueries}} Queries</td><td width="25%" align="center">Version {{version}} {{build}}</td> <td width="25%" align="center">Powered by <a href="http://dragon.se7enet.com/dev.php" target="_new">Dragon Knight</a></td><td width="25%" align="center">&copy; 2003-2006 by renderse7en</td><td width="25%" align="center">{{totaltime}} Seconds, {{numqueries}} Queries</td><td width="25%" align="center">Version {{version}} {{build}}</td>
</center></body> </center></body>
</html> </html>
THEVERYENDOFYOU; THEVERYENDOFYOU;

2
templates/primary.php
View File

@ -82,7 +82,7 @@ winpops=window.open(popurl,"","width=520,height=520,scrollbars")
</tr> </tr>
</table><br /> </table><br />
<table class="copyright" width="90%"><tr> <table class="copyright" width="90%"><tr>
<td width="25%" align="center">Powered by <a href="http://dragon.se7enet.com/dev.php" target="_new">Dragon Knight</a></td><td width="25%" align="center">&copy; 2003-2004 by renderse7en</td><td width="25%" align="center">{{totaltime}} Seconds, {{numqueries}} Queries</td><td width="25%" align="center">Version {{version}} {{build}}</td> <td width="25%" align="center">Powered by <a href="http://dragon.se7enet.com/dev.php" target="_new">Dragon Knight</a></td><td width="25%" align="center">&copy; 2003-2006 by renderse7en</td><td width="25%" align="center">{{totaltime}} Seconds, {{numqueries}} Queries</td><td width="25%" align="center">Version {{version}} {{build}}</td>
</tr></table> </tr></table>
</center></body> </center></body>
</html> </html>

1
users.php
View File

@ -44,6 +44,7 @@ function register() { // Register a new account.
if (mysql_num_rows($emailquery) > 0) { $errors++; $errorlist .= "Email already taken - unique email address required.<br />"; } if (mysql_num_rows($emailquery) > 0) { $errors++; $errorlist .= "Email already taken - unique email address required.<br />"; }
// Process password. // Process password.
if (trim($password1) == "") { $errors++; $errorlist .= "Password field is required.<br />"; }
if (preg_match("/[^A-z0-9_\-]/", $password1)==1) { $errors++; $errorlist .= "Password must be alphanumeric.<br />"; } // Thanks to "Carlos Pires" from php.net! if (preg_match("/[^A-z0-9_\-]/", $password1)==1) { $errors++; $errorlist .= "Password must be alphanumeric.<br />"; } // Thanks to "Carlos Pires" from php.net!
if ($password1 != $password2) { $errors++; $errorlist .= "Passwords don't match.<br />"; } if ($password1 != $password2) { $errors++; $errorlist .= "Passwords don't match.<br />"; }
$password = md5($password1); $password = md5($password1);